11241100x8000000000000000256348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ddcff5e5d95a202023-02-08 09:41:11.234root 11241100x8000000000000000256347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04d1ca3660591b2023-02-08 09:41:11.234root 11241100x8000000000000000256346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830a43c072bae8f12023-02-08 09:41:11.234root 11241100x8000000000000000256345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4546bbb826d2bb322023-02-08 09:41:11.234root 11241100x8000000000000000256344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5ab73f28f6d0532023-02-08 09:41:11.234root 11241100x8000000000000000256343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e78369ebadcf12023-02-08 09:41:11.234root 11241100x8000000000000000256342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747ff9ee6ec655e42023-02-08 09:41:11.234root 11241100x8000000000000000256341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed2404e059403432023-02-08 09:41:11.234root 11241100x8000000000000000256364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f93423602a00e212023-02-08 09:41:11.235root 11241100x8000000000000000256363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c27892b7bac55e2023-02-08 09:41:11.235root 11241100x8000000000000000256362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d6519de6d703f2023-02-08 09:41:11.235root 11241100x8000000000000000256361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecddd9ff5c8a3ea2023-02-08 09:41:11.235root 11241100x8000000000000000256360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2426792784b5b22023-02-08 09:41:11.235root 11241100x8000000000000000256359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629011b907887d942023-02-08 09:41:11.235root 11241100x8000000000000000256358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a9c840f09a7062023-02-08 09:41:11.235root 11241100x8000000000000000256357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e7405d1c9087e42023-02-08 09:41:11.235root 11241100x8000000000000000256356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6873dbbf691053af2023-02-08 09:41:11.235root 11241100x8000000000000000256355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6b58c34dc0c16c2023-02-08 09:41:11.235root 11241100x8000000000000000256354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63b1e73186ee13d2023-02-08 09:41:11.235root 11241100x8000000000000000256353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc40a1a4972bc4f2023-02-08 09:41:11.235root 11241100x8000000000000000256352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f42c51c50a3cec02023-02-08 09:41:11.235root 11241100x8000000000000000256351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8276b550679bc92023-02-08 09:41:11.235root 11241100x8000000000000000256350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c7e9a4536aced92023-02-08 09:41:11.235root 11241100x8000000000000000256349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5c29d7ba55cc32023-02-08 09:41:11.235root 11241100x8000000000000000256379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc5856ceda5ffc02023-02-08 09:41:11.236root 11241100x8000000000000000256378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5438d66a9aa9ab852023-02-08 09:41:11.236root 11241100x8000000000000000256377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b7416b55d6db42023-02-08 09:41:11.236root 11241100x8000000000000000256376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b4db82caf8b172023-02-08 09:41:11.236root 11241100x8000000000000000256375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e79ddc7fb31ed2023-02-08 09:41:11.236root 11241100x8000000000000000256374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ee2dff11f6617b2023-02-08 09:41:11.236root 11241100x8000000000000000256373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580e0eed2230d3e42023-02-08 09:41:11.236root 11241100x8000000000000000256372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68212144e931c6c72023-02-08 09:41:11.236root 11241100x8000000000000000256371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38901729099aad92023-02-08 09:41:11.236root 11241100x8000000000000000256370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b9dc8e1a6dd2b32023-02-08 09:41:11.236root 11241100x8000000000000000256369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8da10cfc3551142023-02-08 09:41:11.236root 11241100x8000000000000000256368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b010b0a3f3063632023-02-08 09:41:11.236root 11241100x8000000000000000256367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79a406ca77015f22023-02-08 09:41:11.236root 11241100x8000000000000000256366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a35650ce751da2023-02-08 09:41:11.236root 11241100x8000000000000000256365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79926a05b8ff7b652023-02-08 09:41:11.236root 11241100x8000000000000000256387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cf7e0bf0382352023-02-08 09:41:11.237root 11241100x8000000000000000256386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c82b7ea7a812502023-02-08 09:41:11.237root 11241100x8000000000000000256385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf935f4dfe3ef3eb2023-02-08 09:41:11.237root 11241100x8000000000000000256384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a74c1d9b1169432023-02-08 09:41:11.237root 11241100x8000000000000000256383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c92118ebc32fe22023-02-08 09:41:11.237root 11241100x8000000000000000256382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415c8591d48814b2023-02-08 09:41:11.237root 11241100x8000000000000000256381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd24d729dfc3fa2023-02-08 09:41:11.237root 11241100x8000000000000000256380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bf2dace1b606602023-02-08 09:41:11.237root 11241100x8000000000000000256392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7a9189afaa83052023-02-08 09:41:11.734root 11241100x8000000000000000256391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c607cead39147f2023-02-08 09:41:11.734root 11241100x8000000000000000256390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef20a63ad65f0a3f2023-02-08 09:41:11.734root 11241100x8000000000000000256389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa378386c35b90322023-02-08 09:41:11.734root 11241100x8000000000000000256388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90c343e23d9d282023-02-08 09:41:11.734root 11241100x8000000000000000256408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab7af42222c7422023-02-08 09:41:11.735root 11241100x8000000000000000256407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186eb1057ce0d1e62023-02-08 09:41:11.735root 11241100x8000000000000000256406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a83fa6fd5a85772023-02-08 09:41:11.735root 11241100x8000000000000000256405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67600e973e5b75462023-02-08 09:41:11.735root 11241100x8000000000000000256404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2e249a729561c2023-02-08 09:41:11.735root 11241100x8000000000000000256403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad414e4c1da1c122023-02-08 09:41:11.735root 11241100x8000000000000000256402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd3cbbafcf409c2023-02-08 09:41:11.735root 11241100x8000000000000000256401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4261db08ce82a4a52023-02-08 09:41:11.735root 11241100x8000000000000000256400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1a305f5916e06b2023-02-08 09:41:11.735root 11241100x8000000000000000256399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2f17065605267a2023-02-08 09:41:11.735root 11241100x8000000000000000256398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3b947a2fc77632023-02-08 09:41:11.735root 11241100x8000000000000000256397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f76f5ee81116f32023-02-08 09:41:11.735root 11241100x8000000000000000256396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcbc2cbd528cbbe2023-02-08 09:41:11.735root 11241100x8000000000000000256395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c046d55e0953ae32023-02-08 09:41:11.735root 11241100x8000000000000000256394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06b7c8910ce1c0b2023-02-08 09:41:11.735root 11241100x8000000000000000256393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb2427434a12532023-02-08 09:41:11.735root 11241100x8000000000000000256423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91aa945b3973ef2023-02-08 09:41:11.736root 11241100x8000000000000000256422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd71d92e6e5b3102023-02-08 09:41:11.736root 11241100x8000000000000000256421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f58cdab667e49432023-02-08 09:41:11.736root 11241100x8000000000000000256420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a158d73f836e5d1d2023-02-08 09:41:11.736root 11241100x8000000000000000256419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f794399d584fab0e2023-02-08 09:41:11.736root 11241100x8000000000000000256418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04032e2f91217b922023-02-08 09:41:11.736root 11241100x8000000000000000256417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28f6f9b47764c912023-02-08 09:41:11.736root 11241100x8000000000000000256416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d3623375f6ef62023-02-08 09:41:11.736root 11241100x8000000000000000256415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ed9c5d8fc5efff2023-02-08 09:41:11.736root 11241100x8000000000000000256414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c917315a4f10c2023-02-08 09:41:11.736root 11241100x8000000000000000256413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38cdbb61d19de32023-02-08 09:41:11.736root 11241100x8000000000000000256412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb6f4bb1d7bcaa2023-02-08 09:41:11.736root 11241100x8000000000000000256411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ff7dc7f142f3e72023-02-08 09:41:11.736root 11241100x8000000000000000256410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e49f568082167bb2023-02-08 09:41:11.736root 11241100x8000000000000000256409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1beeee2a14705c12023-02-08 09:41:11.736root 11241100x8000000000000000256435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6ddae1ac4e9ee12023-02-08 09:41:11.737root 11241100x8000000000000000256434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea52ad5b26cacbfa2023-02-08 09:41:11.737root 11241100x8000000000000000256433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4be3e2d7716012023-02-08 09:41:11.737root 11241100x8000000000000000256432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e47eafef78f05562023-02-08 09:41:11.737root 11241100x8000000000000000256431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62601a1966ae19532023-02-08 09:41:11.737root 11241100x8000000000000000256430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4bfc3dbc4a9e02023-02-08 09:41:11.737root 11241100x8000000000000000256429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477d92e189accd382023-02-08 09:41:11.737root 11241100x8000000000000000256428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c7afcca68db8db2023-02-08 09:41:11.737root 11241100x8000000000000000256427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1ca48d85b0beff2023-02-08 09:41:11.737root 11241100x8000000000000000256426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd36357188e99d2023-02-08 09:41:11.737root 11241100x8000000000000000256425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d65f6c8ba1cddc2023-02-08 09:41:11.737root 11241100x8000000000000000256424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b5b9770205d4242023-02-08 09:41:11.737root 11241100x8000000000000000256437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417a110f6a5fdd652023-02-08 09:41:11.740root 11241100x8000000000000000256436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc754b0ca0f33622023-02-08 09:41:11.740root 11241100x8000000000000000256443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff8a4f7b1ee03b2023-02-08 09:41:12.234root 11241100x8000000000000000256442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758ca1cc4ef525822023-02-08 09:41:12.234root 11241100x8000000000000000256441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f960707434a8f38b2023-02-08 09:41:12.234root 11241100x8000000000000000256440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888458f0d5aaa8a42023-02-08 09:41:12.234root 11241100x8000000000000000256439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144b9e6464adaa532023-02-08 09:41:12.234root 11241100x8000000000000000256438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd2725182cdda882023-02-08 09:41:12.234root 11241100x8000000000000000256448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66765a0fe351d4c42023-02-08 09:41:12.235root 11241100x8000000000000000256447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a875cf16e66bc82023-02-08 09:41:12.235root 11241100x8000000000000000256446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6786459c84dbc5fd2023-02-08 09:41:12.235root 11241100x8000000000000000256445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73d5f64f8744f4e2023-02-08 09:41:12.235root 11241100x8000000000000000256444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae24400523443d122023-02-08 09:41:12.235root 11241100x8000000000000000256456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6499f218ebfd3c822023-02-08 09:41:12.236root 11241100x8000000000000000256455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7ccf2af5df57e2023-02-08 09:41:12.236root 11241100x8000000000000000256454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8dc654a2cbf60b2023-02-08 09:41:12.236root 11241100x8000000000000000256453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9fe1222121ceb72023-02-08 09:41:12.236root 11241100x8000000000000000256452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff91d60c6980e42023-02-08 09:41:12.236root 11241100x8000000000000000256451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dbd226c5fa6a5b2023-02-08 09:41:12.236root 11241100x8000000000000000256450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62f621fc02c6912023-02-08 09:41:12.236root 11241100x8000000000000000256449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bece1b5524ff18a2023-02-08 09:41:12.236root 11241100x8000000000000000256464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd3491e8fa6ef32023-02-08 09:41:12.237root 11241100x8000000000000000256463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5d4cf88af8a0e2023-02-08 09:41:12.237root 11241100x8000000000000000256462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca0c77e508640522023-02-08 09:41:12.237root 11241100x8000000000000000256461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee53ca1b70b55f2023-02-08 09:41:12.237root 11241100x8000000000000000256460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822bdb3afdab93ca2023-02-08 09:41:12.237root 11241100x8000000000000000256459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06394c3dc4995f92023-02-08 09:41:12.237root 11241100x8000000000000000256458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f49067fcbe465b82023-02-08 09:41:12.237root 11241100x8000000000000000256457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779772ec03bf51ec2023-02-08 09:41:12.237root 11241100x8000000000000000256472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1358b62bf7812142023-02-08 09:41:12.238root 11241100x8000000000000000256471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2516436ba8dcc7be2023-02-08 09:41:12.238root 11241100x8000000000000000256470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78016480592168422023-02-08 09:41:12.238root 11241100x8000000000000000256469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef45bd9ea93e76f2023-02-08 09:41:12.238root 11241100x8000000000000000256468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812fe179e4c006262023-02-08 09:41:12.238root 11241100x8000000000000000256467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e42f01d12a6d352023-02-08 09:41:12.238root 11241100x8000000000000000256466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3153a6705ac4c34c2023-02-08 09:41:12.238root 11241100x8000000000000000256465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565571656a304a0c2023-02-08 09:41:12.238root 11241100x8000000000000000256476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee7f668b3bff552023-02-08 09:41:12.239root 11241100x8000000000000000256475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf64c1a5a98cc32023-02-08 09:41:12.239root 11241100x8000000000000000256474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d22838501c6c6b72023-02-08 09:41:12.239root 11241100x8000000000000000256473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a2352d426f1d642023-02-08 09:41:12.239root 11241100x8000000000000000256486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc694d20ce8f3ca62023-02-08 09:41:12.240root 11241100x8000000000000000256485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d464098d3a975c7a2023-02-08 09:41:12.240root 11241100x8000000000000000256484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf1adc0a5395652023-02-08 09:41:12.240root 11241100x8000000000000000256483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235cc36c02344cec2023-02-08 09:41:12.240root 11241100x8000000000000000256482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2995e439b6b28b2023-02-08 09:41:12.240root 11241100x8000000000000000256481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf42aabbc146022023-02-08 09:41:12.240root 11241100x8000000000000000256480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e5ce87ca504faa2023-02-08 09:41:12.240root 11241100x8000000000000000256479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d82f8745981ba22023-02-08 09:41:12.240root 11241100x8000000000000000256478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5afac1bc2f51b22023-02-08 09:41:12.240root 11241100x8000000000000000256477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ce1d99e11ccd9f2023-02-08 09:41:12.240root 11241100x8000000000000000256490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311a51f39e199c772023-02-08 09:41:12.241root 11241100x8000000000000000256489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f69118c3332a12023-02-08 09:41:12.241root 11241100x8000000000000000256488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bed33537018b4e2023-02-08 09:41:12.241root 11241100x8000000000000000256487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6537e71ca2daf5c82023-02-08 09:41:12.241root 11241100x8000000000000000256493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46ab7169aacbbeb2023-02-08 09:41:12.734root 11241100x8000000000000000256492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abb5a0da43117f32023-02-08 09:41:12.734root 11241100x8000000000000000256491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6be269d6abc42732023-02-08 09:41:12.734root 11241100x8000000000000000256505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd90bb5bdb1227992023-02-08 09:41:12.735root 11241100x8000000000000000256504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e97549de877d5652023-02-08 09:41:12.735root 11241100x8000000000000000256503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f1ca25e808110b2023-02-08 09:41:12.735root 11241100x8000000000000000256502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1b58c424148b372023-02-08 09:41:12.735root 11241100x8000000000000000256501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872f38a2f114e822023-02-08 09:41:12.735root 11241100x8000000000000000256500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1c55f08743d952023-02-08 09:41:12.735root 11241100x8000000000000000256499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ce4e24f39c70c02023-02-08 09:41:12.735root 11241100x8000000000000000256498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9849d50a99148a2023-02-08 09:41:12.735root 11241100x8000000000000000256497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b22553ca9eda42023-02-08 09:41:12.735root 11241100x8000000000000000256496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eddd7111ae75d12023-02-08 09:41:12.735root 11241100x8000000000000000256495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f119a581c875bc2023-02-08 09:41:12.735root 11241100x8000000000000000256494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7760e4e05af44a2023-02-08 09:41:12.735root 11241100x8000000000000000256514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa013289c041de302023-02-08 09:41:12.736root 11241100x8000000000000000256513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369fc3e764ef0702023-02-08 09:41:12.736root 11241100x8000000000000000256512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a771cd3cf9ad92023-02-08 09:41:12.736root 11241100x8000000000000000256511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c2f91ca63a37a2023-02-08 09:41:12.736root 11241100x8000000000000000256510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985d4b9900f800bb2023-02-08 09:41:12.736root 11241100x8000000000000000256509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e328bde293ea3a802023-02-08 09:41:12.736root 11241100x8000000000000000256508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e980cf57eec9c42023-02-08 09:41:12.736root 11241100x8000000000000000256507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a0850493e04a582023-02-08 09:41:12.736root 11241100x8000000000000000256506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c8b0bf9f762fbe2023-02-08 09:41:12.736root 11241100x8000000000000000256523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe8bb73ac7bd0472023-02-08 09:41:12.737root 11241100x8000000000000000256522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01d551a2c81f8f2023-02-08 09:41:12.737root 11241100x8000000000000000256521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c93c9d3e4905aa72023-02-08 09:41:12.737root 11241100x8000000000000000256520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429e5e5fce239da2023-02-08 09:41:12.737root 11241100x8000000000000000256519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b089d40bb644662023-02-08 09:41:12.737root 11241100x8000000000000000256518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7957b9de1a3bff892023-02-08 09:41:12.737root 11241100x8000000000000000256517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2699a5fe6fec77972023-02-08 09:41:12.737root 11241100x8000000000000000256516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b94e73a29f21692023-02-08 09:41:12.737root 11241100x8000000000000000256515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8402d357a0b8d172023-02-08 09:41:12.737root 11241100x8000000000000000256536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dcf293a007ae112023-02-08 09:41:12.738root 11241100x8000000000000000256535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f5a18d619dd6a2023-02-08 09:41:12.738root 11241100x8000000000000000256534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde3310da5236b802023-02-08 09:41:12.738root 11241100x8000000000000000256533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1addac677229baaa2023-02-08 09:41:12.738root 11241100x8000000000000000256532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9773fb8f5c0be82023-02-08 09:41:12.738root 11241100x8000000000000000256531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24619af9ca1af9cd2023-02-08 09:41:12.738root 11241100x8000000000000000256530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7ad9d7b97b8692023-02-08 09:41:12.738root 11241100x8000000000000000256529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355a8c92d78d965e2023-02-08 09:41:12.738root 11241100x8000000000000000256528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e30a6e07f129b2023-02-08 09:41:12.738root 11241100x8000000000000000256527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68dc84ed2c2e9132023-02-08 09:41:12.738root 11241100x8000000000000000256526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595a0df5c0941ee2023-02-08 09:41:12.738root 11241100x8000000000000000256525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c17cb664cb90212023-02-08 09:41:12.738root 11241100x8000000000000000256524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f31ad75f748eaa32023-02-08 09:41:12.738root 11241100x8000000000000000256537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0cec9f963deef02023-02-08 09:41:12.739root 11241100x8000000000000000256542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef95c0963137d1d2023-02-08 09:41:12.740root 11241100x8000000000000000256541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeab70454e52f2bd2023-02-08 09:41:12.740root 11241100x8000000000000000256540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a0361575331da32023-02-08 09:41:12.740root 11241100x8000000000000000256539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e9d7a743296bfa2023-02-08 09:41:12.740root 11241100x8000000000000000256538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f0887e9c2aff542023-02-08 09:41:12.740root 11241100x8000000000000000256546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec5b5893351b4d2023-02-08 09:41:12.741root 11241100x8000000000000000256545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53edb5b5c7b32d8e2023-02-08 09:41:12.741root 11241100x8000000000000000256544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c02034c466606482023-02-08 09:41:12.741root 11241100x8000000000000000256543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484b04e1848a066b2023-02-08 09:41:12.741root 354300x8000000000000000256547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.110{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45760-false10.0.1.12-8000- 11241100x8000000000000000256552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ea5b534bd306e2023-02-08 09:41:13.111root 11241100x8000000000000000256551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e9b06a6cd036ef2023-02-08 09:41:13.111root 11241100x8000000000000000256550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d1d49a7a54fc12023-02-08 09:41:13.111root 11241100x8000000000000000256549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade1d58f064ccde2023-02-08 09:41:13.111root 11241100x8000000000000000256548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.111{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca78bcd42ece30eb2023-02-08 09:41:13.111root 11241100x8000000000000000256563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf21d0694e05ac02023-02-08 09:41:13.112root 11241100x8000000000000000256562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f95c445cce6e4c2023-02-08 09:41:13.112root 11241100x8000000000000000256561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253ad5b7d478f0d2023-02-08 09:41:13.112root 11241100x8000000000000000256560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d467b5a112c118452023-02-08 09:41:13.112root 11241100x8000000000000000256559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57e2829492d06f2023-02-08 09:41:13.112root 11241100x8000000000000000256558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d6c2a93a42eaa2023-02-08 09:41:13.112root 11241100x8000000000000000256557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d2b6a355e84ef42023-02-08 09:41:13.112root 11241100x8000000000000000256556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa2b0b57e1549e32023-02-08 09:41:13.112root 11241100x8000000000000000256555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70489c9521d804a2023-02-08 09:41:13.112root 11241100x8000000000000000256554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b13a9a1934be82023-02-08 09:41:13.112root 11241100x8000000000000000256553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.112{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d72c54e7f73a912023-02-08 09:41:13.112root 11241100x8000000000000000256571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b3ae844879ecbf2023-02-08 09:41:13.113root 11241100x8000000000000000256570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490fac488ab04e812023-02-08 09:41:13.113root 11241100x8000000000000000256569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ba6a04e1c59692023-02-08 09:41:13.113root 11241100x8000000000000000256568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d093c5c08b466a772023-02-08 09:41:13.113root 11241100x8000000000000000256567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1675e7f13b01552023-02-08 09:41:13.113root 11241100x8000000000000000256566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba5362aaf7220462023-02-08 09:41:13.113root 11241100x8000000000000000256565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6472bd3d527ebb282023-02-08 09:41:13.113root 11241100x8000000000000000256564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.113{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460f19fbc757d1ba2023-02-08 09:41:13.113root 11241100x8000000000000000256574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ad2491c9aa18fa2023-02-08 09:41:13.114root 11241100x8000000000000000256573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eea1da0007eb172023-02-08 09:41:13.114root 11241100x8000000000000000256572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.114{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09908d0f0a3e7af72023-02-08 09:41:13.114root 11241100x8000000000000000256579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6567fa3c123d6542023-02-08 09:41:13.115root 11241100x8000000000000000256578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29878cfecab9b032023-02-08 09:41:13.115root 11241100x8000000000000000256577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0ce6d7a4b39db2023-02-08 09:41:13.115root 11241100x8000000000000000256576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b848349f042792023-02-08 09:41:13.115root 11241100x8000000000000000256575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.115{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce521b307f789f762023-02-08 09:41:13.115root 11241100x8000000000000000256587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc28c1f3ba9b7902023-02-08 09:41:13.116root 11241100x8000000000000000256586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775e7a669a1068872023-02-08 09:41:13.116root 11241100x8000000000000000256585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e51d6cd66d13f72023-02-08 09:41:13.116root 11241100x8000000000000000256584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae99ccf5eeedba842023-02-08 09:41:13.116root 11241100x8000000000000000256583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd1bd128e60382b2023-02-08 09:41:13.116root 11241100x8000000000000000256582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705d5c3029f607a62023-02-08 09:41:13.116root 11241100x8000000000000000256581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87e5a35659872c2023-02-08 09:41:13.116root 11241100x8000000000000000256580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.116{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f0f04bad6ada142023-02-08 09:41:13.116root 11241100x8000000000000000256594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956fc4a45f40a592023-02-08 09:41:13.117root 11241100x8000000000000000256593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe412973757c68672023-02-08 09:41:13.117root 11241100x8000000000000000256592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80534f06e884b3d02023-02-08 09:41:13.117root 11241100x8000000000000000256591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c7d87ebbcb2b82023-02-08 09:41:13.117root 11241100x8000000000000000256590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37d6fe9bd5f33d62023-02-08 09:41:13.117root 11241100x8000000000000000256589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b1047060a9ef372023-02-08 09:41:13.117root 11241100x8000000000000000256588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.117{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f78872558c43d2023-02-08 09:41:13.117root 11241100x8000000000000000256604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf83b70522eb83fe2023-02-08 09:41:13.118root 11241100x8000000000000000256603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b37e63536e4c0832023-02-08 09:41:13.118root 11241100x8000000000000000256602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d785f3a2ecc34f92023-02-08 09:41:13.118root 11241100x8000000000000000256601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0870d410ccba51fd2023-02-08 09:41:13.118root 11241100x8000000000000000256600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e2099f980157d2023-02-08 09:41:13.118root 11241100x8000000000000000256599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c3567f4cd38a612023-02-08 09:41:13.118root 11241100x8000000000000000256598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583a2594006a4a62023-02-08 09:41:13.118root 11241100x8000000000000000256597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ac6fc6d610dcf12023-02-08 09:41:13.118root 11241100x8000000000000000256596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba36fd4b63f1d2ab2023-02-08 09:41:13.118root 11241100x8000000000000000256595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.118{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94688880f7e8952023-02-08 09:41:13.118root 11241100x8000000000000000256609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37dd3b192e643162023-02-08 09:41:13.119root 11241100x8000000000000000256608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f58991160b48ecd2023-02-08 09:41:13.119root 11241100x8000000000000000256607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e4e999b49e0d7d2023-02-08 09:41:13.119root 11241100x8000000000000000256606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990dcfcfb14431d82023-02-08 09:41:13.119root 11241100x8000000000000000256605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.119{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f743d57ad0503092023-02-08 09:41:13.119root 11241100x8000000000000000256615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96e227372d16f072023-02-08 09:41:13.120root 11241100x8000000000000000256614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eb29fc3542ba82023-02-08 09:41:13.120root 11241100x8000000000000000256613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a56bc26cb7430d32023-02-08 09:41:13.120root 11241100x8000000000000000256612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0480c86e43de8db2023-02-08 09:41:13.120root 11241100x8000000000000000256611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07604e4349757e72023-02-08 09:41:13.120root 11241100x8000000000000000256610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.120{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1c34bf5a826fe22023-02-08 09:41:13.120root 11241100x8000000000000000256617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865101d672568e4b2023-02-08 09:41:13.121root 11241100x8000000000000000256616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68111f883890aec42023-02-08 09:41:13.121root 11241100x8000000000000000256622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ab5b6cc6b861c22023-02-08 09:41:13.122root 11241100x8000000000000000256621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5818756b8ca0ce952023-02-08 09:41:13.122root 11241100x8000000000000000256620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145544ece67e04662023-02-08 09:41:13.122root 11241100x8000000000000000256619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbb8d47281a45262023-02-08 09:41:13.122root 11241100x8000000000000000256618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b254fffd22362412023-02-08 09:41:13.122root 11241100x8000000000000000256626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8ff93573d61032023-02-08 09:41:13.485root 11241100x8000000000000000256625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2147b7cf700c83b2023-02-08 09:41:13.485root 11241100x8000000000000000256624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318aa1684f3666c2023-02-08 09:41:13.485root 11241100x8000000000000000256623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5463e38dc2d4892023-02-08 09:41:13.485root 11241100x8000000000000000256638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b4277fd5f1db02023-02-08 09:41:13.486root 11241100x8000000000000000256637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a91f13006a1ec42023-02-08 09:41:13.486root 11241100x8000000000000000256636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853f2b46274337672023-02-08 09:41:13.486root 11241100x8000000000000000256635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0990bb04b04f1eb42023-02-08 09:41:13.486root 11241100x8000000000000000256634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063cf56b497fca142023-02-08 09:41:13.486root 11241100x8000000000000000256633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed5f8a465c9f502023-02-08 09:41:13.486root 11241100x8000000000000000256632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179bacc97e7367b32023-02-08 09:41:13.486root 11241100x8000000000000000256631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e8ea8f2f146c42023-02-08 09:41:13.486root 11241100x8000000000000000256630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56a41bb2db6a012023-02-08 09:41:13.486root 11241100x8000000000000000256629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42114290095ce88a2023-02-08 09:41:13.486root 11241100x8000000000000000256628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62bfebc8d88f4072023-02-08 09:41:13.486root 11241100x8000000000000000256627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c7999f650877c82023-02-08 09:41:13.486root 11241100x8000000000000000256640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32727c9dab2812023-02-08 09:41:13.487root 11241100x8000000000000000256639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdd0299b921a2ba2023-02-08 09:41:13.487root 11241100x8000000000000000256649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a2916d2a2633e72023-02-08 09:41:13.488root 11241100x8000000000000000256648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa0182f62fbfc52023-02-08 09:41:13.488root 11241100x8000000000000000256647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d1843ea2b3ca02023-02-08 09:41:13.488root 11241100x8000000000000000256646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ea7c8cd7fb5eeb2023-02-08 09:41:13.488root 11241100x8000000000000000256645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1b6787880c4ec2023-02-08 09:41:13.488root 11241100x8000000000000000256644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772beafc4c8296d22023-02-08 09:41:13.488root 11241100x8000000000000000256643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ffe0ac360ece02023-02-08 09:41:13.488root 11241100x8000000000000000256642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05094f1f171d16aa2023-02-08 09:41:13.488root 11241100x8000000000000000256641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0e19c24c21b5b2023-02-08 09:41:13.488root 11241100x8000000000000000256652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d672794cc4e62c792023-02-08 09:41:13.489root 11241100x8000000000000000256651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088dba22bc2433072023-02-08 09:41:13.489root 11241100x8000000000000000256650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e061289019f01f802023-02-08 09:41:13.489root 11241100x8000000000000000256659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978326ff4c93ed542023-02-08 09:41:13.496root 11241100x8000000000000000256658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23485a47fce4f22023-02-08 09:41:13.496root 11241100x8000000000000000256657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f464fb93ceb5e172023-02-08 09:41:13.496root 11241100x8000000000000000256656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780285a2deb9834d2023-02-08 09:41:13.496root 11241100x8000000000000000256655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaecceec195b9d12023-02-08 09:41:13.496root 11241100x8000000000000000256654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61978aa8a99015b82023-02-08 09:41:13.496root 11241100x8000000000000000256653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc6b03f5ec850092023-02-08 09:41:13.496root 11241100x8000000000000000256667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c4a7b90778df52023-02-08 09:41:13.497root 11241100x8000000000000000256666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b885ff83717da4332023-02-08 09:41:13.497root 11241100x8000000000000000256665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f026dcf29fb2a3aa2023-02-08 09:41:13.497root 11241100x8000000000000000256664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c29ef8eb78057d2023-02-08 09:41:13.497root 11241100x8000000000000000256663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32c35462fc44cb22023-02-08 09:41:13.497root 11241100x8000000000000000256662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9989113bd21051e2023-02-08 09:41:13.497root 11241100x8000000000000000256661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32437ad162bbc03b2023-02-08 09:41:13.497root 11241100x8000000000000000256660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84d7c8e4b80a87c2023-02-08 09:41:13.497root 11241100x8000000000000000256677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1943745523c9e422023-02-08 09:41:13.985root 11241100x8000000000000000256676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200be8c0e91bd3342023-02-08 09:41:13.985root 11241100x8000000000000000256675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52440fea57ae50192023-02-08 09:41:13.985root 11241100x8000000000000000256674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d87519b80453fe2023-02-08 09:41:13.985root 11241100x8000000000000000256673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f9f9d6919de842023-02-08 09:41:13.985root 11241100x8000000000000000256672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0ccfbd451f8162023-02-08 09:41:13.985root 11241100x8000000000000000256671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd9db4917d145f2023-02-08 09:41:13.985root 11241100x8000000000000000256670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d522e03ada477492023-02-08 09:41:13.985root 11241100x8000000000000000256669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2353bcc8abb4cbd2023-02-08 09:41:13.985root 11241100x8000000000000000256668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd758442d7f5eec82023-02-08 09:41:13.985root 11241100x8000000000000000256686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929cea2c33015c02023-02-08 09:41:13.986root 11241100x8000000000000000256685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc345009a4e3a1822023-02-08 09:41:13.986root 11241100x8000000000000000256684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a751a5e59023730b2023-02-08 09:41:13.986root 11241100x8000000000000000256683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d48f8b0c3cc9b52023-02-08 09:41:13.986root 11241100x8000000000000000256682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436bb4be20f8f4a2023-02-08 09:41:13.986root 11241100x8000000000000000256681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a607fa5dd328132023-02-08 09:41:13.986root 11241100x8000000000000000256680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca8822906476652023-02-08 09:41:13.986root 11241100x8000000000000000256679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee959355050b2cdb2023-02-08 09:41:13.986root 11241100x8000000000000000256678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c93c3f27c7bb4802023-02-08 09:41:13.986root 11241100x8000000000000000256696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d298b571ee7850c22023-02-08 09:41:13.987root 11241100x8000000000000000256695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198e964245497d22023-02-08 09:41:13.987root 11241100x8000000000000000256694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d8c9a84a842d42023-02-08 09:41:13.987root 11241100x8000000000000000256693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3885b2329044cf2023-02-08 09:41:13.987root 11241100x8000000000000000256692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cf0d347ffd24122023-02-08 09:41:13.987root 11241100x8000000000000000256691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b093eff3dea9ad2023-02-08 09:41:13.987root 11241100x8000000000000000256690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5af7747fff0f3e2023-02-08 09:41:13.987root 11241100x8000000000000000256689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f589da7acf190212023-02-08 09:41:13.987root 11241100x8000000000000000256688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a88aa8311bff3612023-02-08 09:41:13.987root 11241100x8000000000000000256687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881bd3e0df195d742023-02-08 09:41:13.987root 11241100x8000000000000000256706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75502ffc7d4e67da2023-02-08 09:41:13.988root 11241100x8000000000000000256705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828bb91d405127b22023-02-08 09:41:13.988root 11241100x8000000000000000256704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b004d2c1865ac312023-02-08 09:41:13.988root 11241100x8000000000000000256703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398dffc254ad5f802023-02-08 09:41:13.988root 11241100x8000000000000000256702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcbe7b39cdec97c2023-02-08 09:41:13.988root 11241100x8000000000000000256701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab26f5000b3865c2023-02-08 09:41:13.988root 11241100x8000000000000000256700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c01a949453b7aa2023-02-08 09:41:13.988root 11241100x8000000000000000256699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845a220c3007d632023-02-08 09:41:13.988root 11241100x8000000000000000256698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89cdb49baad1732023-02-08 09:41:13.988root 11241100x8000000000000000256697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2f416660682382023-02-08 09:41:13.988root 11241100x8000000000000000256710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2643495dc691ccb2023-02-08 09:41:13.989root 11241100x8000000000000000256709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad484504e687ca422023-02-08 09:41:13.989root 11241100x8000000000000000256708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d58b9fb0d021ca2023-02-08 09:41:13.989root 11241100x8000000000000000256707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8053394c4a87b5a42023-02-08 09:41:13.989root 11241100x8000000000000000256713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa7faf60df1f6a2023-02-08 09:41:13.990root 11241100x8000000000000000256712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4117cc95cc00d9fb2023-02-08 09:41:13.990root 11241100x8000000000000000256711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:13.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b08648ceb54682023-02-08 09:41:13.990root 11241100x8000000000000000256720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b373012ef0120b02023-02-08 09:41:14.484root 11241100x8000000000000000256719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d011fcc31c0aa412023-02-08 09:41:14.484root 11241100x8000000000000000256718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc59b96d59fb30992023-02-08 09:41:14.484root 11241100x8000000000000000256717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f08e1ef50e922262023-02-08 09:41:14.484root 11241100x8000000000000000256716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a59f187992e7a422023-02-08 09:41:14.484root 11241100x8000000000000000256715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8339090248550b0e2023-02-08 09:41:14.484root 11241100x8000000000000000256714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cc8aa69f47d0ba2023-02-08 09:41:14.484root 11241100x8000000000000000256728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb912f4ef9947bb2023-02-08 09:41:14.485root 11241100x8000000000000000256727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a507b1341a50a3a02023-02-08 09:41:14.485root 11241100x8000000000000000256726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed034b1151da972023-02-08 09:41:14.485root 11241100x8000000000000000256725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c03dada5a8d982023-02-08 09:41:14.485root 11241100x8000000000000000256724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6613eeef1d4288f12023-02-08 09:41:14.485root 11241100x8000000000000000256723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c65586047eadf2023-02-08 09:41:14.485root 11241100x8000000000000000256722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02db88e678f126a2023-02-08 09:41:14.485root 11241100x8000000000000000256721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3b39fcdf07cc902023-02-08 09:41:14.485root 11241100x8000000000000000256737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0268ae5b9ed3d4d52023-02-08 09:41:14.486root 11241100x8000000000000000256736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912996632af2cbc2023-02-08 09:41:14.486root 11241100x8000000000000000256735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c87188f665f1ad2023-02-08 09:41:14.486root 11241100x8000000000000000256734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec74a58467bc07f2023-02-08 09:41:14.486root 11241100x8000000000000000256733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5274d11e4cb282023-02-08 09:41:14.486root 11241100x8000000000000000256732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bc99844d8be952023-02-08 09:41:14.486root 11241100x8000000000000000256731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cd0269aee469752023-02-08 09:41:14.486root 11241100x8000000000000000256730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786b7139d7c2b072023-02-08 09:41:14.486root 11241100x8000000000000000256729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404f2de63b5ad9752023-02-08 09:41:14.486root 11241100x8000000000000000256747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84afccfdbcdd4fef2023-02-08 09:41:14.487root 11241100x8000000000000000256746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcfca03e91bc8492023-02-08 09:41:14.487root 11241100x8000000000000000256745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799372bbc1216b3b2023-02-08 09:41:14.487root 11241100x8000000000000000256744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8729aeaecceae7b2023-02-08 09:41:14.487root 11241100x8000000000000000256743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7139d47c7000b2023-02-08 09:41:14.487root 11241100x8000000000000000256742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627f96e76d74f502023-02-08 09:41:14.487root 11241100x8000000000000000256741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfe217a5e66bad52023-02-08 09:41:14.487root 11241100x8000000000000000256740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33705f1c355633d82023-02-08 09:41:14.487root 11241100x8000000000000000256739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b661632c58b81b52023-02-08 09:41:14.487root 11241100x8000000000000000256738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b441b46c48dc2702023-02-08 09:41:14.487root 11241100x8000000000000000256759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a0a5e6ac913c2d2023-02-08 09:41:14.488root 11241100x8000000000000000256758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a85c7fa39469d02023-02-08 09:41:14.488root 11241100x8000000000000000256757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc82ef9c0beccb22023-02-08 09:41:14.488root 11241100x8000000000000000256756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25198f281b3143bd2023-02-08 09:41:14.488root 11241100x8000000000000000256755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae49cb196eb3a4f2023-02-08 09:41:14.488root 11241100x8000000000000000256754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e78ab938096feaa2023-02-08 09:41:14.488root 11241100x8000000000000000256753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243a53f2d2f9672d2023-02-08 09:41:14.488root 11241100x8000000000000000256752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc599f19a3e49b742023-02-08 09:41:14.488root 11241100x8000000000000000256751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb8157cf701331d2023-02-08 09:41:14.488root 11241100x8000000000000000256750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1811f6d9d99422982023-02-08 09:41:14.488root 11241100x8000000000000000256749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267a9825bea1bfcb2023-02-08 09:41:14.488root 11241100x8000000000000000256748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03647db8bebfb4f92023-02-08 09:41:14.488root 11241100x8000000000000000256766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fe31df5650f9352023-02-08 09:41:14.489root 11241100x8000000000000000256765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74dc49bf11e3912023-02-08 09:41:14.489root 11241100x8000000000000000256764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cae7f663c28c472023-02-08 09:41:14.489root 11241100x8000000000000000256763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b681c32db8f162023-02-08 09:41:14.489root 11241100x8000000000000000256762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679403530631913b2023-02-08 09:41:14.489root 11241100x8000000000000000256761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59776dfe5b35cc8a2023-02-08 09:41:14.489root 11241100x8000000000000000256760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099f70b1425b6242023-02-08 09:41:14.489root 11241100x8000000000000000256774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541196e41f09d8c72023-02-08 09:41:14.984root 11241100x8000000000000000256773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff16433f4f187802023-02-08 09:41:14.984root 11241100x8000000000000000256772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90a2a3d2b4c2a22023-02-08 09:41:14.984root 11241100x8000000000000000256771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4940cc18915eb2023-02-08 09:41:14.984root 11241100x8000000000000000256770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683d75ee489c9e262023-02-08 09:41:14.984root 11241100x8000000000000000256769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579f6cdcf6d388e12023-02-08 09:41:14.984root 11241100x8000000000000000256768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d460db22c2f4296a2023-02-08 09:41:14.984root 11241100x8000000000000000256767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c5dc4fcf656452023-02-08 09:41:14.984root 11241100x8000000000000000256784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2df6e45e8dc7202023-02-08 09:41:14.985root 11241100x8000000000000000256783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdceaf1c330094a62023-02-08 09:41:14.985root 11241100x8000000000000000256782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e47790f4a1604a2023-02-08 09:41:14.985root 11241100x8000000000000000256781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6354aac6dd857f42023-02-08 09:41:14.985root 11241100x8000000000000000256780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8d0d17b9ee7d952023-02-08 09:41:14.985root 11241100x8000000000000000256779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7b5524ef2a7c22023-02-08 09:41:14.985root 11241100x8000000000000000256778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a7d463892af55c2023-02-08 09:41:14.985root 11241100x8000000000000000256777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e499ec2795883b092023-02-08 09:41:14.985root 11241100x8000000000000000256776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a56e529c2277d2023-02-08 09:41:14.985root 11241100x8000000000000000256775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7df98e369ddb21e2023-02-08 09:41:14.985root 11241100x8000000000000000256795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1540d2768ff1090b2023-02-08 09:41:14.986root 11241100x8000000000000000256794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adea3218f53007452023-02-08 09:41:14.986root 11241100x8000000000000000256793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0c60556e204d22023-02-08 09:41:14.986root 11241100x8000000000000000256792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d9f59a3648e6d2023-02-08 09:41:14.986root 11241100x8000000000000000256791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157cf9e732b02f172023-02-08 09:41:14.986root 11241100x8000000000000000256790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305fbfe75e46484e2023-02-08 09:41:14.986root 11241100x8000000000000000256789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3357048366171c2e2023-02-08 09:41:14.986root 11241100x8000000000000000256788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62102b1a98658f942023-02-08 09:41:14.986root 11241100x8000000000000000256787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cefb4a6ebb7b48f2023-02-08 09:41:14.986root 11241100x8000000000000000256786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f2c57a9147bd12023-02-08 09:41:14.986root 11241100x8000000000000000256785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321942242d4ad7b2023-02-08 09:41:14.986root 11241100x8000000000000000256804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17de5741fac76e302023-02-08 09:41:14.987root 11241100x8000000000000000256803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daa0a571d8ddccd2023-02-08 09:41:14.987root 11241100x8000000000000000256802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb367aae46f3d902023-02-08 09:41:14.987root 11241100x8000000000000000256801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc39907b1365ce72023-02-08 09:41:14.987root 11241100x8000000000000000256800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3a97a5b2137de42023-02-08 09:41:14.987root 11241100x8000000000000000256799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751b6904a0fd93ef2023-02-08 09:41:14.987root 11241100x8000000000000000256798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44f571f2f541d6c2023-02-08 09:41:14.987root 11241100x8000000000000000256797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504c3756bcf878c42023-02-08 09:41:14.987root 11241100x8000000000000000256796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa6972b14a620702023-02-08 09:41:14.987root 11241100x8000000000000000256814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6928c4f1dcbb4df2023-02-08 09:41:14.988root 11241100x8000000000000000256813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e210c5d0e84572023-02-08 09:41:14.988root 11241100x8000000000000000256812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db74094bb4cfbb2023-02-08 09:41:14.988root 11241100x8000000000000000256811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998110ea05465e7d2023-02-08 09:41:14.988root 11241100x8000000000000000256810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085152755f6d4ab92023-02-08 09:41:14.988root 11241100x8000000000000000256809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb17846fae500932023-02-08 09:41:14.988root 11241100x8000000000000000256808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c148fa1da535322023-02-08 09:41:14.988root 11241100x8000000000000000256807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1018265102ada0d2023-02-08 09:41:14.988root 11241100x8000000000000000256806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787692ce4c990f0d2023-02-08 09:41:14.988root 11241100x8000000000000000256805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc207a26800fa12023-02-08 09:41:14.988root 11241100x8000000000000000256818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5512b1b6475802023-02-08 09:41:14.989root 11241100x8000000000000000256817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8e8d8e0898e95d2023-02-08 09:41:14.989root 11241100x8000000000000000256816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27e0d51a2121c9f2023-02-08 09:41:14.989root 11241100x8000000000000000256815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d905dc52d629672023-02-08 09:41:14.989root 11241100x8000000000000000256825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651731ce3ca8d1f02023-02-08 09:41:15.484root 11241100x8000000000000000256824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dac9bb78a6c4af2023-02-08 09:41:15.484root 11241100x8000000000000000256823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183032413bdd93702023-02-08 09:41:15.484root 11241100x8000000000000000256822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d4c4794f2e78a2023-02-08 09:41:15.484root 11241100x8000000000000000256821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ccde65b454cfe2023-02-08 09:41:15.484root 11241100x8000000000000000256820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad80d9cbb1414fbc2023-02-08 09:41:15.484root 11241100x8000000000000000256819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5a8149857cc2242023-02-08 09:41:15.484root 11241100x8000000000000000256832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9307def9d186ac3b2023-02-08 09:41:15.485root 11241100x8000000000000000256831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f5c52573eca8dd2023-02-08 09:41:15.485root 11241100x8000000000000000256830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d93af56d4c3702023-02-08 09:41:15.485root 11241100x8000000000000000256829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93a8f87e9d158982023-02-08 09:41:15.485root 11241100x8000000000000000256828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6134465dae8842023-02-08 09:41:15.485root 11241100x8000000000000000256827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d89c09a990fed32023-02-08 09:41:15.485root 11241100x8000000000000000256826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef6a447c5d39ac62023-02-08 09:41:15.485root 11241100x8000000000000000256841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f37213dae1fc12023-02-08 09:41:15.486root 11241100x8000000000000000256840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9290d831d949a9b32023-02-08 09:41:15.486root 11241100x8000000000000000256839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a83e23b6cd44272023-02-08 09:41:15.486root 11241100x8000000000000000256838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f117af963771f42023-02-08 09:41:15.486root 11241100x8000000000000000256837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fedfb815a165262023-02-08 09:41:15.486root 11241100x8000000000000000256836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02830b6b6603232023-02-08 09:41:15.486root 11241100x8000000000000000256835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28471c69460a57712023-02-08 09:41:15.486root 11241100x8000000000000000256834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656d5567af372f222023-02-08 09:41:15.486root 11241100x8000000000000000256833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d90356615e6e38c2023-02-08 09:41:15.486root 11241100x8000000000000000256849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d22a52f0472c62023-02-08 09:41:15.487root 11241100x8000000000000000256848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e31cddf467cfa902023-02-08 09:41:15.487root 11241100x8000000000000000256847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df837d937df2ba372023-02-08 09:41:15.487root 11241100x8000000000000000256846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c953dba743fd312023-02-08 09:41:15.487root 11241100x8000000000000000256845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dedf6f16f7a93422023-02-08 09:41:15.487root 11241100x8000000000000000256844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0278728b79c5d9d32023-02-08 09:41:15.487root 11241100x8000000000000000256843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeef354447a70e82023-02-08 09:41:15.487root 11241100x8000000000000000256842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf77c699a5950e2023-02-08 09:41:15.487root 11241100x8000000000000000256855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7209174dc339b4bc2023-02-08 09:41:15.488root 11241100x8000000000000000256854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a422fcac13b528c2023-02-08 09:41:15.488root 11241100x8000000000000000256853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94d22901609ba622023-02-08 09:41:15.488root 11241100x8000000000000000256852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25569d43f70da2892023-02-08 09:41:15.488root 11241100x8000000000000000256851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d51a7f948d53a12023-02-08 09:41:15.488root 11241100x8000000000000000256850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e5d3a8bb8bffa92023-02-08 09:41:15.488root 11241100x8000000000000000256863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2d5cb8d2c76c82023-02-08 09:41:15.489root 11241100x8000000000000000256862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eeac2ef6a427e52023-02-08 09:41:15.489root 11241100x8000000000000000256861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebfe319ac53e7a52023-02-08 09:41:15.489root 11241100x8000000000000000256860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12bf9716ebc5d8b2023-02-08 09:41:15.489root 11241100x8000000000000000256859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a771b9cc4e670eb12023-02-08 09:41:15.489root 11241100x8000000000000000256858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c68559898bf6822023-02-08 09:41:15.489root 11241100x8000000000000000256857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a348450d6e32eaf22023-02-08 09:41:15.489root 11241100x8000000000000000256856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e6029551ef2b852023-02-08 09:41:15.489root 11241100x8000000000000000256872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288793ecc4468cfc2023-02-08 09:41:15.490root 11241100x8000000000000000256871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983da354d172cef12023-02-08 09:41:15.490root 11241100x8000000000000000256870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47279d09a6ce60da2023-02-08 09:41:15.490root 11241100x8000000000000000256869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc71ea9de259d1062023-02-08 09:41:15.490root 11241100x8000000000000000256868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b224eec5b13c02023-02-08 09:41:15.490root 11241100x8000000000000000256867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea067c59907933e2023-02-08 09:41:15.490root 11241100x8000000000000000256866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e46741d5b011d22023-02-08 09:41:15.490root 11241100x8000000000000000256865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c05f40c6763a22023-02-08 09:41:15.490root 11241100x8000000000000000256864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ef69e9cb847ad82023-02-08 09:41:15.490root 11241100x8000000000000000256879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f030b7c5c61da442023-02-08 09:41:15.491root 11241100x8000000000000000256878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ed36a6248da4e2023-02-08 09:41:15.491root 11241100x8000000000000000256877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997c8cbb025de9502023-02-08 09:41:15.491root 11241100x8000000000000000256876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6956eb1da6995fe92023-02-08 09:41:15.491root 11241100x8000000000000000256875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f439483225f5a72023-02-08 09:41:15.491root 11241100x8000000000000000256874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d773dfcd065f64dd2023-02-08 09:41:15.491root 11241100x8000000000000000256873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae7813a78b721822023-02-08 09:41:15.491root 11241100x8000000000000000256882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000c31a0730825ed2023-02-08 09:41:15.492root 11241100x8000000000000000256881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c13537a66477b632023-02-08 09:41:15.492root 11241100x8000000000000000256880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefbd38ad7ebd89e2023-02-08 09:41:15.492root 11241100x8000000000000000256888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a105ab4eeb83d46d2023-02-08 09:41:15.984root 11241100x8000000000000000256887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180afaf33c2e60622023-02-08 09:41:15.984root 11241100x8000000000000000256886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152cd06d48b07cb92023-02-08 09:41:15.984root 11241100x8000000000000000256885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0314ebdd26ca162023-02-08 09:41:15.984root 11241100x8000000000000000256884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4943f39d4ceb28c2023-02-08 09:41:15.984root 11241100x8000000000000000256883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6666ac943cd14b2023-02-08 09:41:15.984root 11241100x8000000000000000256896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8f547356f6a8062023-02-08 09:41:15.985root 11241100x8000000000000000256895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37c20b30952ea22023-02-08 09:41:15.985root 11241100x8000000000000000256894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3abc14da6e6c0842023-02-08 09:41:15.985root 11241100x8000000000000000256893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e12cd1318d0937d2023-02-08 09:41:15.985root 11241100x8000000000000000256892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f42149e98dbd592023-02-08 09:41:15.985root 11241100x8000000000000000256891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93863825e2f379fd2023-02-08 09:41:15.985root 11241100x8000000000000000256890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7fdd454d04f9ea2023-02-08 09:41:15.985root 11241100x8000000000000000256889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c414219ce1035e82023-02-08 09:41:15.985root 11241100x8000000000000000256906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e298587330dc72023-02-08 09:41:15.986root 11241100x8000000000000000256905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506ccf2669a0ef902023-02-08 09:41:15.986root 11241100x8000000000000000256904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728f71168a5415042023-02-08 09:41:15.986root 11241100x8000000000000000256903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17904fc4c0f47dba2023-02-08 09:41:15.986root 11241100x8000000000000000256902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffafc1713bd558662023-02-08 09:41:15.986root 11241100x8000000000000000256901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdf7142402589272023-02-08 09:41:15.986root 11241100x8000000000000000256900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8373ce36603084d12023-02-08 09:41:15.986root 11241100x8000000000000000256899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc0abb5c09e6ca42023-02-08 09:41:15.986root 11241100x8000000000000000256898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2808158609e5572023-02-08 09:41:15.986root 11241100x8000000000000000256897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c541cf53d9cbbe2023-02-08 09:41:15.986root 11241100x8000000000000000256909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd341b3e1422972023-02-08 09:41:15.987root 11241100x8000000000000000256908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6f06ef31046c972023-02-08 09:41:15.987root 11241100x8000000000000000256907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cbb0e062b88a642023-02-08 09:41:15.987root 11241100x8000000000000000256918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7c4c173c8bf54f2023-02-08 09:41:15.989root 11241100x8000000000000000256917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105bbb1f9811d3e12023-02-08 09:41:15.989root 11241100x8000000000000000256916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06746334f11b83ac2023-02-08 09:41:15.989root 11241100x8000000000000000256915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268d582f7bbdbd102023-02-08 09:41:15.989root 11241100x8000000000000000256914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c193f9c2ec04f9f82023-02-08 09:41:15.989root 11241100x8000000000000000256913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f2e0d0dbc6711f2023-02-08 09:41:15.989root 11241100x8000000000000000256912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac583fdf3268ac222023-02-08 09:41:15.989root 11241100x8000000000000000256911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6413fee9a5ff7cb32023-02-08 09:41:15.989root 11241100x8000000000000000256910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc9202b202e5bf2023-02-08 09:41:15.989root 11241100x8000000000000000256932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7886034171309b32023-02-08 09:41:15.990root 11241100x8000000000000000256931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82d3829018e1dcb2023-02-08 09:41:15.990root 11241100x8000000000000000256930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec27610528695682023-02-08 09:41:15.990root 11241100x8000000000000000256929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709b1cf642f69d642023-02-08 09:41:15.990root 11241100x8000000000000000256928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c087694e86ff612023-02-08 09:41:15.990root 11241100x8000000000000000256927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84050304f7779fd42023-02-08 09:41:15.990root 11241100x8000000000000000256926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b29879ad1da31d2023-02-08 09:41:15.990root 11241100x8000000000000000256925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853ebd86d451fcae2023-02-08 09:41:15.990root 11241100x8000000000000000256924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e2edcd158abf7e2023-02-08 09:41:15.990root 11241100x8000000000000000256923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9fd856fc2632f2023-02-08 09:41:15.990root 11241100x8000000000000000256922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d971d72949bd8c2d2023-02-08 09:41:15.990root 11241100x8000000000000000256921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57a5da0fcf0b932023-02-08 09:41:15.990root 11241100x8000000000000000256920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fb87ae078e23532023-02-08 09:41:15.990root 11241100x8000000000000000256919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671255922e1f7aca2023-02-08 09:41:15.990root 11241100x8000000000000000256935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d74f6d408e33a2023-02-08 09:41:15.992root 11241100x8000000000000000256934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d854f69b944d572023-02-08 09:41:15.992root 11241100x8000000000000000256933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6815369b9e01edd2023-02-08 09:41:15.992root 11241100x8000000000000000256942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dbb95d58be93e2023-02-08 09:41:15.993root 11241100x8000000000000000256941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c759c51c160098642023-02-08 09:41:15.993root 11241100x8000000000000000256940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9cbc6258bc5c62023-02-08 09:41:15.993root 11241100x8000000000000000256939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51df79a221548e8e2023-02-08 09:41:15.993root 11241100x8000000000000000256938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783e77d5f535bf92023-02-08 09:41:15.993root 11241100x8000000000000000256937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd0df88a5fc5dfa2023-02-08 09:41:15.993root 11241100x8000000000000000256936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56076b067c731c052023-02-08 09:41:15.993root 11241100x8000000000000000256946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ca24a8965bf6102023-02-08 09:41:15.994root 11241100x8000000000000000256945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540eff3ab41c275b2023-02-08 09:41:15.994root 11241100x8000000000000000256944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569f0a626db4b9b12023-02-08 09:41:15.994root 11241100x8000000000000000256943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0add72c63701662023-02-08 09:41:15.994root 11241100x8000000000000000256947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0351ea8398a2692023-02-08 09:41:15.998root 11241100x8000000000000000256948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:15.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0a4c04308614782023-02-08 09:41:15.999root 11241100x8000000000000000256949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ab9401d149a6d2023-02-08 09:41:16.000root 11241100x8000000000000000256952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d0f463a7fa4432023-02-08 09:41:16.001root 11241100x8000000000000000256951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab07b67a19df2f2023-02-08 09:41:16.001root 11241100x8000000000000000256950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa629d6082daac102023-02-08 09:41:16.001root 11241100x8000000000000000256953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4b3e2643e4b88a2023-02-08 09:41:16.002root 11241100x8000000000000000256954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34adf823ac587d842023-02-08 09:41:16.003root 11241100x8000000000000000256955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddae837e9fbc2ec42023-02-08 09:41:16.484root 11241100x8000000000000000256963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d301dac02c795b2023-02-08 09:41:16.485root 11241100x8000000000000000256962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa88cfbb118e77002023-02-08 09:41:16.485root 11241100x8000000000000000256961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30de5fe05ab1cf2023-02-08 09:41:16.485root 11241100x8000000000000000256960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dcc7339789a0b42023-02-08 09:41:16.485root 11241100x8000000000000000256959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf814d9166d2edf2023-02-08 09:41:16.485root 11241100x8000000000000000256958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8cc9a4f33a39722023-02-08 09:41:16.485root 11241100x8000000000000000256957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0208f22a19e45152023-02-08 09:41:16.485root 11241100x8000000000000000256956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd237d39b2e4f73b2023-02-08 09:41:16.485root 11241100x8000000000000000256970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07547bd6f5e76e792023-02-08 09:41:16.486root 11241100x8000000000000000256969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d96179570d3da52023-02-08 09:41:16.486root 11241100x8000000000000000256968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1affc3999096b982023-02-08 09:41:16.486root 11241100x8000000000000000256967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863bcfdd981eb3862023-02-08 09:41:16.486root 11241100x8000000000000000256966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f363e6206056982023-02-08 09:41:16.486root 11241100x8000000000000000256965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5b09500665c7a2023-02-08 09:41:16.486root 11241100x8000000000000000256964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b767ae9866f242023-02-08 09:41:16.486root 11241100x8000000000000000256980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f1314b195e54c2023-02-08 09:41:16.487root 11241100x8000000000000000256979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e58a440a6b6c6392023-02-08 09:41:16.487root 11241100x8000000000000000256978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9610f5f3ca0fe9c82023-02-08 09:41:16.487root 11241100x8000000000000000256977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba821b0a209ef0302023-02-08 09:41:16.487root 11241100x8000000000000000256976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b303632a8a7d562023-02-08 09:41:16.487root 11241100x8000000000000000256975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8e8cb64d979bd32023-02-08 09:41:16.487root 11241100x8000000000000000256974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b148a94a4789b02023-02-08 09:41:16.487root 11241100x8000000000000000256973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9fae947adeb592023-02-08 09:41:16.487root 11241100x8000000000000000256972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7872383911911c2023-02-08 09:41:16.487root 11241100x8000000000000000256971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d6c369d563878e2023-02-08 09:41:16.487root 11241100x8000000000000000256990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec6df835da56b902023-02-08 09:41:16.488root 11241100x8000000000000000256989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c172531fefade72023-02-08 09:41:16.488root 11241100x8000000000000000256988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc5b62157203ccb2023-02-08 09:41:16.488root 11241100x8000000000000000256987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc033cf8fc3591f2023-02-08 09:41:16.488root 11241100x8000000000000000256986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fd5f48ebda1b6c2023-02-08 09:41:16.488root 11241100x8000000000000000256985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bad53057f42292023-02-08 09:41:16.488root 11241100x8000000000000000256984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599af15d101363072023-02-08 09:41:16.488root 11241100x8000000000000000256983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83cc979f7e00392023-02-08 09:41:16.488root 11241100x8000000000000000256982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54219767feae3c822023-02-08 09:41:16.488root 11241100x8000000000000000256981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122c6f98d0f659b2023-02-08 09:41:16.488root 11241100x8000000000000000256999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5be85c99a45afd02023-02-08 09:41:16.489root 11241100x8000000000000000256998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7532e00c0a445f062023-02-08 09:41:16.489root 11241100x8000000000000000256997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aab25e39aeb6ed2023-02-08 09:41:16.489root 11241100x8000000000000000256996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000bde626948fb4d2023-02-08 09:41:16.489root 11241100x8000000000000000256995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ec360f0ff5aea2023-02-08 09:41:16.489root 11241100x8000000000000000256994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc0c4fcf102414e2023-02-08 09:41:16.489root 11241100x8000000000000000256993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bd6a5be4d18d512023-02-08 09:41:16.489root 11241100x8000000000000000256992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3927985bc568e502023-02-08 09:41:16.489root 11241100x8000000000000000256991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a945bbf31edc0e42023-02-08 09:41:16.489root 11241100x8000000000000000257000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b46869bfb7b052023-02-08 09:41:16.490root 11241100x8000000000000000257006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0a045cdc624b352023-02-08 09:41:16.984root 11241100x8000000000000000257005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b9a414f6c6780d2023-02-08 09:41:16.984root 11241100x8000000000000000257004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423ea162b1a2ce32023-02-08 09:41:16.984root 11241100x8000000000000000257003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dce2b37de498362023-02-08 09:41:16.984root 11241100x8000000000000000257002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dc5aa0215abe222023-02-08 09:41:16.984root 11241100x8000000000000000257001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a4e18ad011c82d2023-02-08 09:41:16.984root 11241100x8000000000000000257013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e51e680ad80952023-02-08 09:41:16.985root 11241100x8000000000000000257012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018de15cfc840c932023-02-08 09:41:16.985root 11241100x8000000000000000257011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6fb0b7c3a2249d2023-02-08 09:41:16.985root 11241100x8000000000000000257010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35149410208ddeef2023-02-08 09:41:16.985root 11241100x8000000000000000257009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b39a12088813442023-02-08 09:41:16.985root 11241100x8000000000000000257008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf435d8c17aad0732023-02-08 09:41:16.985root 11241100x8000000000000000257007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8988bedc139d4442023-02-08 09:41:16.985root 11241100x8000000000000000257025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95f2d4a0582c2a2023-02-08 09:41:16.986root 11241100x8000000000000000257024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdefa1b15a0b0fb2023-02-08 09:41:16.986root 11241100x8000000000000000257023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6083ee2fe3bfe4b12023-02-08 09:41:16.986root 11241100x8000000000000000257022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c086b8f865d37d632023-02-08 09:41:16.986root 11241100x8000000000000000257021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7ea88f8a4d4b12023-02-08 09:41:16.986root 11241100x8000000000000000257020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dab08b5383bb3da2023-02-08 09:41:16.986root 11241100x8000000000000000257019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd65dea57241312023-02-08 09:41:16.986root 11241100x8000000000000000257018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67241b0c451cb32e2023-02-08 09:41:16.986root 11241100x8000000000000000257017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4987689bd9053bc2023-02-08 09:41:16.986root 11241100x8000000000000000257016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d54a01487125c2023-02-08 09:41:16.986root 11241100x8000000000000000257015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9980acef918bc52023-02-08 09:41:16.986root 11241100x8000000000000000257014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c011a8032aca4d9d2023-02-08 09:41:16.986root 11241100x8000000000000000257038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b53b4617a6d12a2023-02-08 09:41:16.987root 11241100x8000000000000000257037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a89f35f37f3b342023-02-08 09:41:16.987root 11241100x8000000000000000257036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fbbcaf4962cce62023-02-08 09:41:16.987root 11241100x8000000000000000257035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468f1f92dcd38932023-02-08 09:41:16.987root 11241100x8000000000000000257034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7916470d4439132023-02-08 09:41:16.987root 11241100x8000000000000000257033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1541ddf02f069812023-02-08 09:41:16.987root 11241100x8000000000000000257032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11317788904c89342023-02-08 09:41:16.987root 11241100x8000000000000000257031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb10cd30ed9943662023-02-08 09:41:16.987root 11241100x8000000000000000257030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded0e481a4926b22023-02-08 09:41:16.987root 11241100x8000000000000000257029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f641132f774b922023-02-08 09:41:16.987root 11241100x8000000000000000257028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c4e0d9e95be9a42023-02-08 09:41:16.987root 11241100x8000000000000000257027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1a40b054e6fc922023-02-08 09:41:16.987root 11241100x8000000000000000257026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e4600303cbc8c2023-02-08 09:41:16.987root 11241100x8000000000000000257051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdf1028ad1c1d592023-02-08 09:41:16.988root 11241100x8000000000000000257050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c89198122b00a772023-02-08 09:41:16.988root 11241100x8000000000000000257049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b867dd360c7228cb2023-02-08 09:41:16.988root 11241100x8000000000000000257048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc50354ddbff083a2023-02-08 09:41:16.988root 11241100x8000000000000000257047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8bd8cd9eb57aa72023-02-08 09:41:16.988root 11241100x8000000000000000257046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd312228580f07c2023-02-08 09:41:16.988root 11241100x8000000000000000257045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c2cb3c9bf370462023-02-08 09:41:16.988root 11241100x8000000000000000257044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c15d54f68bc72e12023-02-08 09:41:16.988root 11241100x8000000000000000257043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b57aae020e70afb2023-02-08 09:41:16.988root 11241100x8000000000000000257042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9979a2839d2e9f2023-02-08 09:41:16.988root 11241100x8000000000000000257041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7824f496fa8025e2023-02-08 09:41:16.988root 11241100x8000000000000000257040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b07625750f1b6f32023-02-08 09:41:16.988root 11241100x8000000000000000257039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4eaaabc2d94d2712023-02-08 09:41:16.988root 11241100x8000000000000000257059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dfe51e20fd15262023-02-08 09:41:16.989root 11241100x8000000000000000257058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea047ddc6b6063b72023-02-08 09:41:16.989root 11241100x8000000000000000257057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508dfadc2e7db832023-02-08 09:41:16.989root 11241100x8000000000000000257056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091a52a41efd423d2023-02-08 09:41:16.989root 11241100x8000000000000000257055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d516cb4feccf182023-02-08 09:41:16.989root 11241100x8000000000000000257054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bb671553993a72023-02-08 09:41:16.989root 11241100x8000000000000000257053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec70d5860db9062023-02-08 09:41:16.989root 11241100x8000000000000000257052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a839932496c948082023-02-08 09:41:16.989root 11241100x8000000000000000257061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a2e56e66433912023-02-08 09:41:17.484root 11241100x8000000000000000257060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26487e31e4a586052023-02-08 09:41:17.484root 11241100x8000000000000000257069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed3c47b8397e762023-02-08 09:41:17.485root 11241100x8000000000000000257068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6da474cd594f02023-02-08 09:41:17.485root 11241100x8000000000000000257067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2c72a4bc59cf2d2023-02-08 09:41:17.485root 11241100x8000000000000000257066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce798b57ec9815c22023-02-08 09:41:17.485root 11241100x8000000000000000257065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88932ba60231686d2023-02-08 09:41:17.485root 11241100x8000000000000000257064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148e31c10d49c8c62023-02-08 09:41:17.485root 11241100x8000000000000000257063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324b4d6f371ce242023-02-08 09:41:17.485root 11241100x8000000000000000257062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254b81898234f2682023-02-08 09:41:17.485root 11241100x8000000000000000257080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0621033b6605562023-02-08 09:41:17.486root 11241100x8000000000000000257079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781a1e6a4bc76c9f2023-02-08 09:41:17.486root 11241100x8000000000000000257078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b92689e84809dfd2023-02-08 09:41:17.486root 11241100x8000000000000000257077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae92fa7f007d4c12023-02-08 09:41:17.486root 11241100x8000000000000000257076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b35d375bed3924b2023-02-08 09:41:17.486root 11241100x8000000000000000257075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044393217c6f6e5c2023-02-08 09:41:17.486root 11241100x8000000000000000257074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7079c5fac0791ad22023-02-08 09:41:17.486root 11241100x8000000000000000257073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4792d9b76e63f182023-02-08 09:41:17.486root 11241100x8000000000000000257072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c42622eef3ec8b2023-02-08 09:41:17.486root 11241100x8000000000000000257071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138892b36e357f622023-02-08 09:41:17.486root 11241100x8000000000000000257070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d0d33dd37e32ed2023-02-08 09:41:17.486root 11241100x8000000000000000257091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73beb3d38d401a0c2023-02-08 09:41:17.487root 11241100x8000000000000000257090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b493b7fc6da37c2023-02-08 09:41:17.487root 11241100x8000000000000000257089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af828680365afaf2023-02-08 09:41:17.487root 11241100x8000000000000000257088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b6b37ef24b5492023-02-08 09:41:17.487root 11241100x8000000000000000257087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed8326d11d00872023-02-08 09:41:17.487root 11241100x8000000000000000257086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b7df57066cffce2023-02-08 09:41:17.487root 11241100x8000000000000000257085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e6d48f0428edcd2023-02-08 09:41:17.487root 11241100x8000000000000000257084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0200ff8bacc7c9142023-02-08 09:41:17.487root 11241100x8000000000000000257083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071fab4cb255a4432023-02-08 09:41:17.487root 11241100x8000000000000000257082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623152a119448cb62023-02-08 09:41:17.487root 11241100x8000000000000000257081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7eccde81a6f1622023-02-08 09:41:17.487root 11241100x8000000000000000257103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8abe127150deec2023-02-08 09:41:17.488root 11241100x8000000000000000257102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5cf21f696a815d2023-02-08 09:41:17.488root 11241100x8000000000000000257101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2eb855b9eb5aa52023-02-08 09:41:17.488root 11241100x8000000000000000257100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe75ea88c7dd19f2023-02-08 09:41:17.488root 11241100x8000000000000000257099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56bdc030a1e5c752023-02-08 09:41:17.488root 11241100x8000000000000000257098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b9fdb375824c562023-02-08 09:41:17.488root 11241100x8000000000000000257097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b155b64a03cc88d12023-02-08 09:41:17.488root 11241100x8000000000000000257096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a162b20448dfc2023-02-08 09:41:17.488root 11241100x8000000000000000257095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32341a1acec9d88b2023-02-08 09:41:17.488root 11241100x8000000000000000257094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2880a6a93aa572023-02-08 09:41:17.488root 11241100x8000000000000000257093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cc850b5d946dda2023-02-08 09:41:17.488root 11241100x8000000000000000257092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd729cb4d52c82d72023-02-08 09:41:17.488root 11241100x8000000000000000257113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00233a29c4765c62023-02-08 09:41:17.489root 11241100x8000000000000000257112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aba7e8eeed6d882023-02-08 09:41:17.489root 11241100x8000000000000000257111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f095ab2154b5892023-02-08 09:41:17.489root 11241100x8000000000000000257110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f925f1ced87cff0c2023-02-08 09:41:17.489root 11241100x8000000000000000257109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d229e7f1c8877a92023-02-08 09:41:17.489root 11241100x8000000000000000257108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e2f794339383152023-02-08 09:41:17.489root 11241100x8000000000000000257107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0703f322f37321292023-02-08 09:41:17.489root 11241100x8000000000000000257106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c084e6f3236d72023-02-08 09:41:17.489root 11241100x8000000000000000257105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af6297b16633da2023-02-08 09:41:17.489root 11241100x8000000000000000257104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4bc86a778ef8902023-02-08 09:41:17.489root 11241100x8000000000000000257116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09326692003713ba2023-02-08 09:41:17.984root 11241100x8000000000000000257115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b684c5c047bb4f2023-02-08 09:41:17.984root 11241100x8000000000000000257114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884cbfffc2434492023-02-08 09:41:17.984root 11241100x8000000000000000257125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb63e76e2e8cb32023-02-08 09:41:17.985root 11241100x8000000000000000257124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7fbc27adbc037b2023-02-08 09:41:17.985root 11241100x8000000000000000257123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d8abead5682ac12023-02-08 09:41:17.985root 11241100x8000000000000000257122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0c61ce5af55f752023-02-08 09:41:17.985root 11241100x8000000000000000257121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27ccb8d130caac2023-02-08 09:41:17.985root 11241100x8000000000000000257120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e544ccda8c57a42023-02-08 09:41:17.985root 11241100x8000000000000000257119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334e9863e370a8522023-02-08 09:41:17.985root 11241100x8000000000000000257118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb1dc89b121acb42023-02-08 09:41:17.985root 11241100x8000000000000000257117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcb5308501a7402023-02-08 09:41:17.985root 11241100x8000000000000000257133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdb2778dac12c082023-02-08 09:41:17.986root 11241100x8000000000000000257132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e154d3e6c1540e2023-02-08 09:41:17.986root 11241100x8000000000000000257131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868def0b766fb112023-02-08 09:41:17.986root 11241100x8000000000000000257130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fba7651c488fe52023-02-08 09:41:17.986root 11241100x8000000000000000257129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49d29c310771dd02023-02-08 09:41:17.986root 11241100x8000000000000000257128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9dbc9d0dc08def2023-02-08 09:41:17.986root 11241100x8000000000000000257127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18ac21f5ab434652023-02-08 09:41:17.986root 11241100x8000000000000000257126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655fa45fb4e867532023-02-08 09:41:17.986root 11241100x8000000000000000257136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90db3687bef2ddd22023-02-08 09:41:17.987root 11241100x8000000000000000257135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ce40334302c6cb2023-02-08 09:41:17.987root 11241100x8000000000000000257134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2522e7ef362fe54d2023-02-08 09:41:17.987root 11241100x8000000000000000257142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de45e8d597ebf52023-02-08 09:41:17.988root 11241100x8000000000000000257141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c067219cfcc8d8632023-02-08 09:41:17.988root 11241100x8000000000000000257140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb661d4b2df4f812023-02-08 09:41:17.988root 11241100x8000000000000000257139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b0aa3fd1cd01c2023-02-08 09:41:17.988root 11241100x8000000000000000257138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496eb6286199e49c2023-02-08 09:41:17.988root 11241100x8000000000000000257137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901aea99b362bace2023-02-08 09:41:17.988root 11241100x8000000000000000257149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37cf273434b7eae2023-02-08 09:41:17.989root 11241100x8000000000000000257148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a390e0ef576f3b2023-02-08 09:41:17.989root 11241100x8000000000000000257147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3418a4991b8cc5122023-02-08 09:41:17.989root 11241100x8000000000000000257146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c778c35eb7e74c02023-02-08 09:41:17.989root 11241100x8000000000000000257145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba46b2a05db463862023-02-08 09:41:17.989root 11241100x8000000000000000257144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5504067bac61fa742023-02-08 09:41:17.989root 11241100x8000000000000000257143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a5264dffb72602023-02-08 09:41:17.989root 11241100x8000000000000000257157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d768fd16ace8832023-02-08 09:41:17.990root 11241100x8000000000000000257156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aadc570dc6b7362023-02-08 09:41:17.990root 11241100x8000000000000000257155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050b7b0f35372a6f2023-02-08 09:41:17.990root 11241100x8000000000000000257154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a2de06de009502023-02-08 09:41:17.990root 11241100x8000000000000000257153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc97ac1a990b7752023-02-08 09:41:17.990root 11241100x8000000000000000257152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacefd8d1c0ea69f2023-02-08 09:41:17.990root 11241100x8000000000000000257151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d97d714baf8dad82023-02-08 09:41:17.990root 11241100x8000000000000000257150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b01805e8c087f682023-02-08 09:41:17.990root 11241100x8000000000000000257160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7485303f392d1f8e2023-02-08 09:41:17.991root 11241100x8000000000000000257159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f94874eb58bea82023-02-08 09:41:17.991root 11241100x8000000000000000257158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:17.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279aa36cfe8ef8812023-02-08 09:41:17.991root 11241100x8000000000000000257170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a1d8dac820a662023-02-08 09:41:18.485root 11241100x8000000000000000257169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fff604bc237fc42023-02-08 09:41:18.485root 11241100x8000000000000000257168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edd249a0ae545cd2023-02-08 09:41:18.485root 11241100x8000000000000000257167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ab954191537d472023-02-08 09:41:18.485root 11241100x8000000000000000257166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320f20609ec490012023-02-08 09:41:18.485root 11241100x8000000000000000257165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c681c5d42c4912023-02-08 09:41:18.485root 11241100x8000000000000000257164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d574da2c6ef082023-02-08 09:41:18.485root 11241100x8000000000000000257163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3878c9f8f8152622023-02-08 09:41:18.485root 11241100x8000000000000000257162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299bf8223ff7d3512023-02-08 09:41:18.485root 11241100x8000000000000000257161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116c8e9d9238ce32023-02-08 09:41:18.485root 11241100x8000000000000000257185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b1a9ebfb6f2ba72023-02-08 09:41:18.486root 11241100x8000000000000000257184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a49892990e1215f2023-02-08 09:41:18.486root 11241100x8000000000000000257183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdd425f7e5854742023-02-08 09:41:18.486root 11241100x8000000000000000257182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e197b71382690202023-02-08 09:41:18.486root 11241100x8000000000000000257181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a17dff6cc18a092023-02-08 09:41:18.486root 11241100x8000000000000000257180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143978cb05c458952023-02-08 09:41:18.486root 11241100x8000000000000000257179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b953a694b0957b02023-02-08 09:41:18.486root 11241100x8000000000000000257178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa8bfa1c26e9e7a2023-02-08 09:41:18.486root 11241100x8000000000000000257177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c86f21c755c94162023-02-08 09:41:18.486root 11241100x8000000000000000257176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e8548486d48e32023-02-08 09:41:18.486root 11241100x8000000000000000257175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32aac6a3039ff4d92023-02-08 09:41:18.486root 11241100x8000000000000000257174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6623fdada2953362023-02-08 09:41:18.486root 11241100x8000000000000000257173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c57efe1034cbd12023-02-08 09:41:18.486root 11241100x8000000000000000257172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d29f6288eb1dca2023-02-08 09:41:18.486root 11241100x8000000000000000257171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f1b0836ff06ef2023-02-08 09:41:18.486root 11241100x8000000000000000257191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459d43aee3d70592023-02-08 09:41:18.487root 11241100x8000000000000000257190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4228978d83ea6792023-02-08 09:41:18.487root 11241100x8000000000000000257189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40529b744f0fff522023-02-08 09:41:18.487root 11241100x8000000000000000257188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a1d683aa30a2572023-02-08 09:41:18.487root 11241100x8000000000000000257187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fd58ce475dd8182023-02-08 09:41:18.487root 11241100x8000000000000000257186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c82d9806225eaf2023-02-08 09:41:18.487root 11241100x8000000000000000257205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3669e6951024a342023-02-08 09:41:18.488root 11241100x8000000000000000257204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377789c3730c2c9f2023-02-08 09:41:18.488root 11241100x8000000000000000257203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a6d8a96719cdc42023-02-08 09:41:18.488root 11241100x8000000000000000257202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88abf90822d2fa512023-02-08 09:41:18.488root 11241100x8000000000000000257201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8054bbb95fc01a2023-02-08 09:41:18.488root 11241100x8000000000000000257200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407415b3f4a06c852023-02-08 09:41:18.488root 11241100x8000000000000000257199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a71b9d65c80a582023-02-08 09:41:18.488root 11241100x8000000000000000257198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d320049e0d8c482023-02-08 09:41:18.488root 11241100x8000000000000000257197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece7040ca2b1b182023-02-08 09:41:18.488root 11241100x8000000000000000257196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194831021bcb019c2023-02-08 09:41:18.488root 11241100x8000000000000000257195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dbc13d0e4ee39e2023-02-08 09:41:18.488root 11241100x8000000000000000257194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08ab88cc701a7392023-02-08 09:41:18.488root 11241100x8000000000000000257193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f95caee450ea7c62023-02-08 09:41:18.488root 11241100x8000000000000000257192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2475f2a9de8525872023-02-08 09:41:18.488root 11241100x8000000000000000257206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9aedeafef85fb2023-02-08 09:41:18.489root 11241100x8000000000000000257213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2223070a02e798f2023-02-08 09:41:18.984root 11241100x8000000000000000257212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5532a00cb4061a2023-02-08 09:41:18.984root 11241100x8000000000000000257211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd4701e152424e12023-02-08 09:41:18.984root 11241100x8000000000000000257210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b55f1ded5a09d2023-02-08 09:41:18.984root 11241100x8000000000000000257209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc962a0e3f7b11082023-02-08 09:41:18.984root 11241100x8000000000000000257208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac463531b1c06dfa2023-02-08 09:41:18.984root 11241100x8000000000000000257207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193e99dbb50461b2023-02-08 09:41:18.984root 11241100x8000000000000000257221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fa6907dfdb3ca32023-02-08 09:41:18.985root 11241100x8000000000000000257220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924d047faf46d0be2023-02-08 09:41:18.985root 11241100x8000000000000000257219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce782af4d6e715262023-02-08 09:41:18.985root 11241100x8000000000000000257218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9a83edf40b65d2023-02-08 09:41:18.985root 11241100x8000000000000000257217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e0adf9e705a902023-02-08 09:41:18.985root 11241100x8000000000000000257216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2fcc4e4239c7252023-02-08 09:41:18.985root 11241100x8000000000000000257215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb4e2621f8867892023-02-08 09:41:18.985root 11241100x8000000000000000257214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99459779a516232c2023-02-08 09:41:18.985root 11241100x8000000000000000257230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420cc02c97aa1c52023-02-08 09:41:18.986root 11241100x8000000000000000257229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d08a5a7ac44502023-02-08 09:41:18.986root 11241100x8000000000000000257228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ff85ed065a08ab2023-02-08 09:41:18.986root 11241100x8000000000000000257227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0396d821b41ea52023-02-08 09:41:18.986root 11241100x8000000000000000257226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8fda37f4ade7322023-02-08 09:41:18.986root 11241100x8000000000000000257225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270ef3c460d7c7ee2023-02-08 09:41:18.986root 11241100x8000000000000000257224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598312a7207aa832023-02-08 09:41:18.986root 11241100x8000000000000000257223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b50481c20a7c822023-02-08 09:41:18.986root 11241100x8000000000000000257222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0255accbc960afcf2023-02-08 09:41:18.986root 11241100x8000000000000000257238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec493b667ace7f92023-02-08 09:41:18.987root 11241100x8000000000000000257237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74016941677961b92023-02-08 09:41:18.987root 11241100x8000000000000000257236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12538175532d0d0e2023-02-08 09:41:18.987root 11241100x8000000000000000257235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb6be9cf12eb112023-02-08 09:41:18.987root 11241100x8000000000000000257234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267792997f3c537f2023-02-08 09:41:18.987root 11241100x8000000000000000257233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cafed503be54e2023-02-08 09:41:18.987root 11241100x8000000000000000257232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c4b7f9e90b7b12023-02-08 09:41:18.987root 11241100x8000000000000000257231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57e22e7d5e3bc22023-02-08 09:41:18.987root 11241100x8000000000000000257249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c58f4aae2df5f142023-02-08 09:41:18.988root 11241100x8000000000000000257248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918fec9cf545ac2c2023-02-08 09:41:18.988root 11241100x8000000000000000257247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4935fc798b33f2023-02-08 09:41:18.988root 11241100x8000000000000000257246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc21c21af44befe2023-02-08 09:41:18.988root 11241100x8000000000000000257245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5394e863937d52023-02-08 09:41:18.988root 11241100x8000000000000000257244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776121a5b4875e0f2023-02-08 09:41:18.988root 11241100x8000000000000000257243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76705f2e1e6b48d72023-02-08 09:41:18.988root 11241100x8000000000000000257242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578c34a0d9b44652023-02-08 09:41:18.988root 11241100x8000000000000000257241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a69f4b314d4542023-02-08 09:41:18.988root 11241100x8000000000000000257240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ec9b46e5e90c312023-02-08 09:41:18.988root 11241100x8000000000000000257239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d8efacd8f88462023-02-08 09:41:18.988root 11241100x8000000000000000257261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826d61a6814481a2023-02-08 09:41:18.989root 11241100x8000000000000000257260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e310d629d19dccd2023-02-08 09:41:18.989root 11241100x8000000000000000257259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033749781b2e4c232023-02-08 09:41:18.989root 11241100x8000000000000000257258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e8a251ca82e26e2023-02-08 09:41:18.989root 11241100x8000000000000000257257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31af71b7575535c82023-02-08 09:41:18.989root 11241100x8000000000000000257256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d3461255c0c5b2023-02-08 09:41:18.989root 11241100x8000000000000000257255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eba422965ebbc322023-02-08 09:41:18.989root 11241100x8000000000000000257254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd92969e075a9f6f2023-02-08 09:41:18.989root 11241100x8000000000000000257253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c1dc0dfc7618a22023-02-08 09:41:18.989root 11241100x8000000000000000257252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e3d0e63a815c22023-02-08 09:41:18.989root 11241100x8000000000000000257251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca02f10d2005e82023-02-08 09:41:18.989root 11241100x8000000000000000257250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde9997c20a82712023-02-08 09:41:18.989root 11241100x8000000000000000257269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f94d72f34525192023-02-08 09:41:18.990root 11241100x8000000000000000257268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f09ffa381f36d92023-02-08 09:41:18.990root 11241100x8000000000000000257267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5fbeac9497474e2023-02-08 09:41:18.990root 11241100x8000000000000000257266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f4848f3c55a2a2023-02-08 09:41:18.990root 11241100x8000000000000000257265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090c329d3747a732023-02-08 09:41:18.990root 11241100x8000000000000000257264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a88d24d14ba9c9c2023-02-08 09:41:18.990root 11241100x8000000000000000257263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cabb1b217f4ce72023-02-08 09:41:18.990root 11241100x8000000000000000257262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192e11c6c20f2b172023-02-08 09:41:18.990root 11241100x8000000000000000257274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aedcdae54ead322023-02-08 09:41:18.991root 11241100x8000000000000000257273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04077bbd06e881982023-02-08 09:41:18.991root 11241100x8000000000000000257272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21591d7d9b46bdc82023-02-08 09:41:18.991root 11241100x8000000000000000257271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb391eabe27fd3f52023-02-08 09:41:18.991root 11241100x8000000000000000257270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f3680cc471b882023-02-08 09:41:18.991root 354300x8000000000000000257275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.085{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46948-false10.0.1.12-8000- 11241100x8000000000000000257282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0addaef273d3fa22023-02-08 09:41:19.484root 11241100x8000000000000000257281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f438a11a46b403e52023-02-08 09:41:19.484root 11241100x8000000000000000257280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddeb530eb75918e2023-02-08 09:41:19.484root 11241100x8000000000000000257279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c76dbd9a31838842023-02-08 09:41:19.484root 11241100x8000000000000000257278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24e56f8b300fc62023-02-08 09:41:19.484root 11241100x8000000000000000257277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b837a2663d89994b2023-02-08 09:41:19.484root 11241100x8000000000000000257276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce18087de8678842023-02-08 09:41:19.484root 11241100x8000000000000000257291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837caa0013b7ab3a2023-02-08 09:41:19.485root 11241100x8000000000000000257290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbc8feb79294bf02023-02-08 09:41:19.485root 11241100x8000000000000000257289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650fadc977e7bd62023-02-08 09:41:19.485root 11241100x8000000000000000257288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4228d72b5ba9a22023-02-08 09:41:19.485root 11241100x8000000000000000257287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53401400d683f502023-02-08 09:41:19.485root 11241100x8000000000000000257286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e1a1475a8690342023-02-08 09:41:19.485root 11241100x8000000000000000257285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8a5e28f527aa472023-02-08 09:41:19.485root 11241100x8000000000000000257284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dde63961bec2f72023-02-08 09:41:19.485root 11241100x8000000000000000257283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828fca8766316b302023-02-08 09:41:19.485root 11241100x8000000000000000257306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127bb082c21836b42023-02-08 09:41:19.486root 11241100x8000000000000000257305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363f5917baca74f2023-02-08 09:41:19.486root 11241100x8000000000000000257304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae7a3a37c9cd532023-02-08 09:41:19.486root 11241100x8000000000000000257303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6020886e2fa36932023-02-08 09:41:19.486root 11241100x8000000000000000257302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a57e0885d577652023-02-08 09:41:19.486root 11241100x8000000000000000257301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6241d413d161da62023-02-08 09:41:19.486root 11241100x8000000000000000257300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e3a6b40d8a027f2023-02-08 09:41:19.486root 11241100x8000000000000000257299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893d27e4f54e673b2023-02-08 09:41:19.486root 11241100x8000000000000000257298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182911a9723712dc2023-02-08 09:41:19.486root 11241100x8000000000000000257297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edac0b95319e4e3d2023-02-08 09:41:19.486root 11241100x8000000000000000257296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6d00f2d3ca35392023-02-08 09:41:19.486root 11241100x8000000000000000257295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1f531050d96332023-02-08 09:41:19.486root 11241100x8000000000000000257294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186beef7c0232be62023-02-08 09:41:19.486root 11241100x8000000000000000257293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75db007b167aabf82023-02-08 09:41:19.486root 11241100x8000000000000000257292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fa19627f1d7872023-02-08 09:41:19.486root 11241100x8000000000000000257320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0068b7c4575ff282023-02-08 09:41:19.487root 11241100x8000000000000000257319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c3153da55e00a2023-02-08 09:41:19.487root 11241100x8000000000000000257318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c0aca68c76c352023-02-08 09:41:19.487root 11241100x8000000000000000257317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea7dafc65e4f3a2023-02-08 09:41:19.487root 11241100x8000000000000000257316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8255fa13b5f11552023-02-08 09:41:19.487root 11241100x8000000000000000257315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90af550f8cb1c642023-02-08 09:41:19.487root 11241100x8000000000000000257314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8493d32037c1232023-02-08 09:41:19.487root 11241100x8000000000000000257313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c40ec5da493cded2023-02-08 09:41:19.487root 11241100x8000000000000000257312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b44af1a7dafc492023-02-08 09:41:19.487root 11241100x8000000000000000257311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726bf1802d861892023-02-08 09:41:19.487root 11241100x8000000000000000257310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3067fd9f950b012023-02-08 09:41:19.487root 11241100x8000000000000000257309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5353b8738696081d2023-02-08 09:41:19.487root 11241100x8000000000000000257308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0091ea8ee62102ab2023-02-08 09:41:19.487root 11241100x8000000000000000257307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b23af85a3f57fd2023-02-08 09:41:19.487root 11241100x8000000000000000257332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9d3a71aa250362023-02-08 09:41:19.488root 11241100x8000000000000000257331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989507e5c91701bd2023-02-08 09:41:19.488root 11241100x8000000000000000257330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173c2558aa5cf6f22023-02-08 09:41:19.488root 11241100x8000000000000000257329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d8045a59d49a42023-02-08 09:41:19.488root 11241100x8000000000000000257328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dff62f344f7a072023-02-08 09:41:19.488root 11241100x8000000000000000257327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64348d29182c1f2023-02-08 09:41:19.488root 11241100x8000000000000000257326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e273b14e0b1922023-02-08 09:41:19.488root 11241100x8000000000000000257325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e4e1aea4b1a592023-02-08 09:41:19.488root 11241100x8000000000000000257324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabf80c4207a1bb42023-02-08 09:41:19.488root 11241100x8000000000000000257323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e518c52223108d2023-02-08 09:41:19.488root 11241100x8000000000000000257322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2358c901200572023-02-08 09:41:19.488root 11241100x8000000000000000257321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84fdc55aae6d5e2023-02-08 09:41:19.488root 11241100x8000000000000000257334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7cd1b729b074e12023-02-08 09:41:19.489root 11241100x8000000000000000257333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d26f5b714c29c2023-02-08 09:41:19.489root 11241100x8000000000000000257345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc1ef5758f0c092023-02-08 09:41:19.984root 11241100x8000000000000000257344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac4d07ec2e9ddba2023-02-08 09:41:19.984root 11241100x8000000000000000257343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6374c6ef8af88d6d2023-02-08 09:41:19.984root 11241100x8000000000000000257342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255c1cdef69426552023-02-08 09:41:19.984root 11241100x8000000000000000257341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404fbfb9cab4deda2023-02-08 09:41:19.984root 11241100x8000000000000000257340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd18c17fd250d82023-02-08 09:41:19.984root 11241100x8000000000000000257339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247357291a0b8732023-02-08 09:41:19.984root 11241100x8000000000000000257338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8a2e92ea11f4c2023-02-08 09:41:19.984root 11241100x8000000000000000257337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038e493e565266b32023-02-08 09:41:19.984root 11241100x8000000000000000257336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9359d25a398f30552023-02-08 09:41:19.984root 11241100x8000000000000000257335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080368c070c39512023-02-08 09:41:19.984root 11241100x8000000000000000257355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ab2999abc8d102023-02-08 09:41:19.985root 11241100x8000000000000000257354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b165393591f9be002023-02-08 09:41:19.985root 11241100x8000000000000000257353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dddbc5eb395da22023-02-08 09:41:19.985root 11241100x8000000000000000257352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c955ae2225cb701b2023-02-08 09:41:19.985root 11241100x8000000000000000257351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3953d4d3ff4882023-02-08 09:41:19.985root 11241100x8000000000000000257350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eced8527f34aaa72023-02-08 09:41:19.985root 11241100x8000000000000000257349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497596a7c315068d2023-02-08 09:41:19.985root 11241100x8000000000000000257348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04fd680d6ec78712023-02-08 09:41:19.985root 11241100x8000000000000000257347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fa16da2f490d802023-02-08 09:41:19.985root 11241100x8000000000000000257346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0657e4056ffda22023-02-08 09:41:19.985root 11241100x8000000000000000257361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12bb33190adafad2023-02-08 09:41:19.986root 11241100x8000000000000000257360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e442803c21f59c92023-02-08 09:41:19.986root 11241100x8000000000000000257359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2b68e963457142023-02-08 09:41:19.986root 11241100x8000000000000000257358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783f0596ebf038a2023-02-08 09:41:19.986root 11241100x8000000000000000257357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed833738ae3281322023-02-08 09:41:19.986root 11241100x8000000000000000257356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df15620a3ba59352023-02-08 09:41:19.986root 11241100x8000000000000000257372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f23ef91b2f3a262023-02-08 09:41:19.987root 11241100x8000000000000000257371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847080573471d61a2023-02-08 09:41:19.987root 11241100x8000000000000000257370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459002db96ba66812023-02-08 09:41:19.987root 11241100x8000000000000000257369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8c373a487cc75a2023-02-08 09:41:19.987root 11241100x8000000000000000257368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e113a712bad8d5612023-02-08 09:41:19.987root 11241100x8000000000000000257367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba08bd9dca444fe2023-02-08 09:41:19.987root 11241100x8000000000000000257366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b75f79147e46402023-02-08 09:41:19.987root 11241100x8000000000000000257365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2ded9732070d52023-02-08 09:41:19.987root 11241100x8000000000000000257364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5315fab808f96d762023-02-08 09:41:19.987root 11241100x8000000000000000257363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8805de5e2b51c42023-02-08 09:41:19.987root 11241100x8000000000000000257362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358ccdbe748362d2023-02-08 09:41:19.987root 11241100x8000000000000000257381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8357aebd0477d9d2023-02-08 09:41:19.988root 11241100x8000000000000000257380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a80f83bb74f0c02023-02-08 09:41:19.988root 11241100x8000000000000000257379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb9c962e3a92b022023-02-08 09:41:19.988root 11241100x8000000000000000257378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f95472689327a62023-02-08 09:41:19.988root 11241100x8000000000000000257377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e78dc37cad704722023-02-08 09:41:19.988root 11241100x8000000000000000257376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132dd5f509d01b02023-02-08 09:41:19.988root 11241100x8000000000000000257375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa15b2d504ed47bf2023-02-08 09:41:19.988root 11241100x8000000000000000257374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec57840725661262023-02-08 09:41:19.988root 11241100x8000000000000000257373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bb836f28cec5f82023-02-08 09:41:19.988root 11241100x8000000000000000257389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae15485f1c9f67d62023-02-08 09:41:19.989root 11241100x8000000000000000257388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0694c981ddbcf6dd2023-02-08 09:41:19.989root 11241100x8000000000000000257387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1abd04918a0d912023-02-08 09:41:19.989root 11241100x8000000000000000257386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d5cc3f2bb43132023-02-08 09:41:19.989root 11241100x8000000000000000257385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243821565719d2ad2023-02-08 09:41:19.989root 11241100x8000000000000000257384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c2778128a98e8c2023-02-08 09:41:19.989root 11241100x8000000000000000257383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bf875e284e42fb2023-02-08 09:41:19.989root 11241100x8000000000000000257382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e188a87858fc72a2023-02-08 09:41:19.989root 11241100x8000000000000000257397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289539b298611fbb2023-02-08 09:41:19.990root 11241100x8000000000000000257396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9098e1b61cead3952023-02-08 09:41:19.990root 11241100x8000000000000000257395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998c568e01b9909d2023-02-08 09:41:19.990root 11241100x8000000000000000257394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a395ab8425a5a2023-02-08 09:41:19.990root 11241100x8000000000000000257393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40fe3608b0b119c2023-02-08 09:41:19.990root 11241100x8000000000000000257392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3605b9b813a4512023-02-08 09:41:19.990root 11241100x8000000000000000257391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0f80f75ef226402023-02-08 09:41:19.990root 11241100x8000000000000000257390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7d8ad27d5b4c72023-02-08 09:41:19.990root 11241100x8000000000000000257403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514dd314bd2732e82023-02-08 09:41:20.484root 11241100x8000000000000000257402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223bc4b6507f2add2023-02-08 09:41:20.484root 11241100x8000000000000000257401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e57cd5a3a1c3a92023-02-08 09:41:20.484root 11241100x8000000000000000257400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363c73a4093f5d02023-02-08 09:41:20.484root 11241100x8000000000000000257399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024bdd1d7af7a8b2023-02-08 09:41:20.484root 11241100x8000000000000000257398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3005d4b7a09b0a5a2023-02-08 09:41:20.484root 11241100x8000000000000000257410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45af5b4d87d6eeb2023-02-08 09:41:20.485root 11241100x8000000000000000257409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99c0444346e248d2023-02-08 09:41:20.485root 11241100x8000000000000000257408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9bb5e9ea2d0e32023-02-08 09:41:20.485root 11241100x8000000000000000257407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9254b02178f7ae422023-02-08 09:41:20.485root 11241100x8000000000000000257406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b4401721f137c12023-02-08 09:41:20.485root 11241100x8000000000000000257405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258e29b70f0f939c2023-02-08 09:41:20.485root 11241100x8000000000000000257404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3fed4ff7c029862023-02-08 09:41:20.485root 11241100x8000000000000000257419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a5a8b8f06f6c562023-02-08 09:41:20.486root 11241100x8000000000000000257418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b12566e8d10d8392023-02-08 09:41:20.486root 11241100x8000000000000000257417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f034475a629e7b012023-02-08 09:41:20.486root 11241100x8000000000000000257416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7cfaf17def551a2023-02-08 09:41:20.486root 11241100x8000000000000000257415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1678ba93bf14c5c42023-02-08 09:41:20.486root 11241100x8000000000000000257414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100cdee2b5537b02023-02-08 09:41:20.486root 11241100x8000000000000000257413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4515cdc42a32ccdf2023-02-08 09:41:20.486root 11241100x8000000000000000257412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59220682948d37ab2023-02-08 09:41:20.486root 11241100x8000000000000000257411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c498c08a3451592023-02-08 09:41:20.486root 11241100x8000000000000000257421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb536cdda2ea75a2023-02-08 09:41:20.487root 11241100x8000000000000000257420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d3242d36733f832023-02-08 09:41:20.487root 11241100x8000000000000000257425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083066b53efcbdda2023-02-08 09:41:20.488root 11241100x8000000000000000257424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46d67b9c0f263772023-02-08 09:41:20.488root 11241100x8000000000000000257423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05edce31a2c726692023-02-08 09:41:20.488root 11241100x8000000000000000257422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511e663f9d5d14ef2023-02-08 09:41:20.488root 11241100x8000000000000000257427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ec9c62a8d8cc42023-02-08 09:41:20.489root 11241100x8000000000000000257426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b198759467e22c2023-02-08 09:41:20.489root 11241100x8000000000000000257432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75931c9dbaf841082023-02-08 09:41:20.490root 11241100x8000000000000000257431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ec74397ad65c8b2023-02-08 09:41:20.490root 11241100x8000000000000000257430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ecb07d57f09b1e2023-02-08 09:41:20.490root 11241100x8000000000000000257429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7be0ff8a390c1f62023-02-08 09:41:20.490root 11241100x8000000000000000257428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeb5456ac99959e2023-02-08 09:41:20.490root 11241100x8000000000000000257434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11606697e1da1ea2023-02-08 09:41:20.491root 11241100x8000000000000000257433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abecd2b7fd1d9d52023-02-08 09:41:20.491root 11241100x8000000000000000257441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8060318ea043ef852023-02-08 09:41:20.492root 11241100x8000000000000000257440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1aa7e7276cd60d2023-02-08 09:41:20.492root 11241100x8000000000000000257439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be5aa09c3653cc62023-02-08 09:41:20.492root 11241100x8000000000000000257438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0e23a1141780c2023-02-08 09:41:20.492root 11241100x8000000000000000257437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425e9f012b37bb602023-02-08 09:41:20.492root 11241100x8000000000000000257436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e082662a050708662023-02-08 09:41:20.492root 11241100x8000000000000000257435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6c780e384635822023-02-08 09:41:20.492root 11241100x8000000000000000257449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fddb7635eeb8e52023-02-08 09:41:20.493root 11241100x8000000000000000257448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5a682e0ee3cf9f2023-02-08 09:41:20.493root 11241100x8000000000000000257447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fbcd8cd81e9e762023-02-08 09:41:20.493root 11241100x8000000000000000257446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a19ea715d239472023-02-08 09:41:20.493root 11241100x8000000000000000257445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf6b253a86dd372023-02-08 09:41:20.493root 11241100x8000000000000000257444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6610095f460272023-02-08 09:41:20.493root 11241100x8000000000000000257443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12dce60b357c0592023-02-08 09:41:20.493root 11241100x8000000000000000257442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835726f8d6776092023-02-08 09:41:20.493root 11241100x8000000000000000257453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089947661ac3793b2023-02-08 09:41:20.494root 11241100x8000000000000000257452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c996d8ca4775a2023-02-08 09:41:20.494root 11241100x8000000000000000257451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698518e00c28c0512023-02-08 09:41:20.494root 11241100x8000000000000000257450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65576bf06273294c2023-02-08 09:41:20.494root 11241100x8000000000000000257454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826e09b15630e6372023-02-08 09:41:20.984root 11241100x8000000000000000257462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc2100340285c232023-02-08 09:41:20.985root 11241100x8000000000000000257461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71797d5d29304312023-02-08 09:41:20.985root 11241100x8000000000000000257460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8459bd0621cc0d22023-02-08 09:41:20.985root 11241100x8000000000000000257459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd6444ce606fc82023-02-08 09:41:20.985root 11241100x8000000000000000257458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbee751ac119d252023-02-08 09:41:20.985root 11241100x8000000000000000257457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7887e851c862d2212023-02-08 09:41:20.985root 11241100x8000000000000000257456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d618ccd83b04aa2023-02-08 09:41:20.985root 11241100x8000000000000000257455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b106e57995799432023-02-08 09:41:20.985root 11241100x8000000000000000257469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48274615d9c045152023-02-08 09:41:20.986root 11241100x8000000000000000257468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86efe1f9b51f42132023-02-08 09:41:20.986root 11241100x8000000000000000257467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a2e1779963caa2023-02-08 09:41:20.986root 11241100x8000000000000000257466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00e3844692b9bf2023-02-08 09:41:20.986root 11241100x8000000000000000257465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2843056f1f1c5642023-02-08 09:41:20.986root 11241100x8000000000000000257464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788bb5a373c5315c2023-02-08 09:41:20.986root 11241100x8000000000000000257463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a32d329d09e5e02023-02-08 09:41:20.986root 11241100x8000000000000000257473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551d4e1d6f0580412023-02-08 09:41:20.987root 11241100x8000000000000000257472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5e3a8984fe66992023-02-08 09:41:20.987root 11241100x8000000000000000257471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb720dc09b3dae792023-02-08 09:41:20.987root 11241100x8000000000000000257470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f57df316752388d2023-02-08 09:41:20.987root 11241100x8000000000000000257477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32f56b98e29271d2023-02-08 09:41:20.988root 11241100x8000000000000000257476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db940331c515b3e32023-02-08 09:41:20.988root 11241100x8000000000000000257475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6befe60e373b49b42023-02-08 09:41:20.988root 11241100x8000000000000000257474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c9ced0f7a8fe42023-02-08 09:41:20.988root 11241100x8000000000000000257480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e2a5a39b6b2f812023-02-08 09:41:20.990root 11241100x8000000000000000257479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef1c9f19eed80a2023-02-08 09:41:20.990root 11241100x8000000000000000257478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd90e1cbb21d1dd12023-02-08 09:41:20.990root 11241100x8000000000000000257485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b4ff754f002632023-02-08 09:41:20.991root 11241100x8000000000000000257484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca09c6e6cf6f252023-02-08 09:41:20.991root 11241100x8000000000000000257483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dec06b4ed14e8b2023-02-08 09:41:20.991root 11241100x8000000000000000257482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fce1bbaab47d1f2023-02-08 09:41:20.991root 11241100x8000000000000000257481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4faf6790ca6658c2023-02-08 09:41:20.991root 11241100x8000000000000000257491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908276fc2616a7b32023-02-08 09:41:20.992root 11241100x8000000000000000257490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04160209980388372023-02-08 09:41:20.992root 11241100x8000000000000000257489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136154aab482fac02023-02-08 09:41:20.992root 11241100x8000000000000000257488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a7265352a985132023-02-08 09:41:20.992root 11241100x8000000000000000257487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc88e8036e8b3f32023-02-08 09:41:20.992root 11241100x8000000000000000257486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7fd97c96522d2b2023-02-08 09:41:20.992root 11241100x8000000000000000257493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8a09a0ca0b56862023-02-08 09:41:20.993root 11241100x8000000000000000257492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c42a146fd73642023-02-08 09:41:20.993root 11241100x8000000000000000257501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bdbec3efb703582023-02-08 09:41:20.994root 11241100x8000000000000000257500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce648bd5fcd0b6c72023-02-08 09:41:20.994root 11241100x8000000000000000257499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62967f52400b9a5b2023-02-08 09:41:20.994root 11241100x8000000000000000257498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb9171ad5a6871c2023-02-08 09:41:20.994root 11241100x8000000000000000257497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3042ee60e1a8982023-02-08 09:41:20.994root 11241100x8000000000000000257496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1077ec6a4b316fef2023-02-08 09:41:20.994root 11241100x8000000000000000257495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1199e6c48acd77742023-02-08 09:41:20.994root 11241100x8000000000000000257494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f2df4eb7887622023-02-08 09:41:20.994root 11241100x8000000000000000257505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e1e7ffd60d8042023-02-08 09:41:20.995root 11241100x8000000000000000257504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d3e2e0d86ca4c82023-02-08 09:41:20.995root 11241100x8000000000000000257503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17538e98fdbf09072023-02-08 09:41:20.995root 11241100x8000000000000000257502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:20.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe3ca38578d18352023-02-08 09:41:20.995root 11241100x8000000000000000257513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa996936f30a1d62023-02-08 09:41:21.485root 11241100x8000000000000000257512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de372f3120cc26bd2023-02-08 09:41:21.485root 11241100x8000000000000000257511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39b2a4771df74592023-02-08 09:41:21.485root 11241100x8000000000000000257510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c9a03ef57bbfab2023-02-08 09:41:21.485root 11241100x8000000000000000257509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f479db01772ddab2023-02-08 09:41:21.485root 11241100x8000000000000000257508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487bc207a126a8262023-02-08 09:41:21.485root 11241100x8000000000000000257507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6372525e91e538472023-02-08 09:41:21.485root 11241100x8000000000000000257506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6201938c047aa8b92023-02-08 09:41:21.485root 11241100x8000000000000000257521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507afd56b8318a5d2023-02-08 09:41:21.486root 11241100x8000000000000000257520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ba00665efcfec2023-02-08 09:41:21.486root 11241100x8000000000000000257519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ae70e396309b82023-02-08 09:41:21.486root 11241100x8000000000000000257518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fbf28d545fa4552023-02-08 09:41:21.486root 11241100x8000000000000000257517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1692e2f36fcaafb2023-02-08 09:41:21.486root 11241100x8000000000000000257516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a746d1ae67479022023-02-08 09:41:21.486root 11241100x8000000000000000257515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2626093c41635242023-02-08 09:41:21.486root 11241100x8000000000000000257514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c438f1bcdd4e062023-02-08 09:41:21.486root 11241100x8000000000000000257530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d48a5098421e52023-02-08 09:41:21.487root 11241100x8000000000000000257529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b35b6130e0afbc2023-02-08 09:41:21.487root 11241100x8000000000000000257528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308a7ac5a559c762023-02-08 09:41:21.487root 11241100x8000000000000000257527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b7b630e18bc352023-02-08 09:41:21.487root 11241100x8000000000000000257526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed3001b54b0c5c62023-02-08 09:41:21.487root 11241100x8000000000000000257525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407838a4e3c5ccda2023-02-08 09:41:21.487root 11241100x8000000000000000257524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac727842fe926312023-02-08 09:41:21.487root 11241100x8000000000000000257523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17ea1ce112d79fa2023-02-08 09:41:21.487root 11241100x8000000000000000257522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b67991d8778932023-02-08 09:41:21.487root 11241100x8000000000000000257536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e225b81a1beff972023-02-08 09:41:21.488root 11241100x8000000000000000257535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e46df16bfc9b2d82023-02-08 09:41:21.488root 11241100x8000000000000000257534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1342940827d25d52023-02-08 09:41:21.488root 11241100x8000000000000000257533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4cc150d2470eb12023-02-08 09:41:21.488root 11241100x8000000000000000257532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3449299846141d232023-02-08 09:41:21.488root 11241100x8000000000000000257531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508bc53c36c2db5f2023-02-08 09:41:21.488root 11241100x8000000000000000257543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b7e83c42985922023-02-08 09:41:21.489root 11241100x8000000000000000257542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c9568408585812023-02-08 09:41:21.489root 11241100x8000000000000000257541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c613785a81757df32023-02-08 09:41:21.489root 11241100x8000000000000000257540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c041f82d04ee69802023-02-08 09:41:21.489root 11241100x8000000000000000257539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22962c7d63742232023-02-08 09:41:21.489root 11241100x8000000000000000257538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65530bff703b2c2023-02-08 09:41:21.489root 11241100x8000000000000000257537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443f71b1306d6ed32023-02-08 09:41:21.489root 11241100x8000000000000000257550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf8f0cf43a908922023-02-08 09:41:21.490root 11241100x8000000000000000257549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dae1fec0a9a3e222023-02-08 09:41:21.490root 11241100x8000000000000000257548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d6d06291ae47992023-02-08 09:41:21.490root 11241100x8000000000000000257547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ef96d48162cc2d2023-02-08 09:41:21.490root 11241100x8000000000000000257546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c2cdd11e8070652023-02-08 09:41:21.490root 11241100x8000000000000000257545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d622bd7e828399082023-02-08 09:41:21.490root 11241100x8000000000000000257544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f6894817bc3cc2023-02-08 09:41:21.490root 11241100x8000000000000000257553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09e538133e37f52023-02-08 09:41:21.491root 11241100x8000000000000000257552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20f2cc6517f8c6b2023-02-08 09:41:21.491root 11241100x8000000000000000257551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de512afe5bb66c482023-02-08 09:41:21.491root 11241100x8000000000000000257554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb5ebb2fbfeaee82023-02-08 09:41:21.984root 11241100x8000000000000000257563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26ece668f662732023-02-08 09:41:21.985root 11241100x8000000000000000257562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3029d67886188ba62023-02-08 09:41:21.985root 11241100x8000000000000000257561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fdcb90b6c5ca712023-02-08 09:41:21.985root 11241100x8000000000000000257560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96dd9729f740afe2023-02-08 09:41:21.985root 11241100x8000000000000000257559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab813cafd436922023-02-08 09:41:21.985root 11241100x8000000000000000257558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf497ae1acde1b42023-02-08 09:41:21.985root 11241100x8000000000000000257557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97cfc2a87370bfe2023-02-08 09:41:21.985root 11241100x8000000000000000257556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5149e0774f75b7e2023-02-08 09:41:21.985root 11241100x8000000000000000257555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874eacfd5c2520922023-02-08 09:41:21.985root 11241100x8000000000000000257571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b619b06647a3852023-02-08 09:41:21.986root 11241100x8000000000000000257570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11db31dd8906ea12023-02-08 09:41:21.986root 11241100x8000000000000000257569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e97322f78d06caa2023-02-08 09:41:21.986root 11241100x8000000000000000257568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a3ae4a68d4edb32023-02-08 09:41:21.986root 11241100x8000000000000000257567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d4087caa94ea2b2023-02-08 09:41:21.986root 11241100x8000000000000000257566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34863c04bde75e922023-02-08 09:41:21.986root 11241100x8000000000000000257565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718214573767da1e2023-02-08 09:41:21.986root 11241100x8000000000000000257564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e2364c02cd73c32023-02-08 09:41:21.986root 11241100x8000000000000000257579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08963c7b914423be2023-02-08 09:41:21.987root 11241100x8000000000000000257578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20182d00a7ec432023-02-08 09:41:21.987root 11241100x8000000000000000257577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f6db5eb0eb57742023-02-08 09:41:21.987root 11241100x8000000000000000257576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e3ce3fe080344f2023-02-08 09:41:21.987root 11241100x8000000000000000257575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a7f7b54effe3c92023-02-08 09:41:21.987root 11241100x8000000000000000257574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aada1a4c0923df672023-02-08 09:41:21.987root 11241100x8000000000000000257573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33a9f8b097ca89c2023-02-08 09:41:21.987root 11241100x8000000000000000257572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e5e3a9930aa6402023-02-08 09:41:21.987root 11241100x8000000000000000257585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf05411cb89aead52023-02-08 09:41:21.988root 11241100x8000000000000000257584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a888f17368e1d52023-02-08 09:41:21.988root 11241100x8000000000000000257583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a535632f03a4f812023-02-08 09:41:21.988root 11241100x8000000000000000257582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76549dfacad0dc602023-02-08 09:41:21.988root 11241100x8000000000000000257581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7073c57b33e8ee02023-02-08 09:41:21.988root 11241100x8000000000000000257580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5301a5c3fc65ef682023-02-08 09:41:21.988root 11241100x8000000000000000257593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5590ae4a8fcae6502023-02-08 09:41:21.989root 11241100x8000000000000000257592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d907d992d19fa02023-02-08 09:41:21.989root 11241100x8000000000000000257591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e386994998b199382023-02-08 09:41:21.989root 11241100x8000000000000000257590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ad4cc483a067252023-02-08 09:41:21.989root 11241100x8000000000000000257589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b6fd697e4c8f02023-02-08 09:41:21.989root 11241100x8000000000000000257588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a4bbb07c97bc282023-02-08 09:41:21.989root 11241100x8000000000000000257587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac1efffdd523502023-02-08 09:41:21.989root 11241100x8000000000000000257586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb58b3b1f8983652023-02-08 09:41:21.989root 11241100x8000000000000000257606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81f28685f8eb4052023-02-08 09:41:21.990root 11241100x8000000000000000257605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a38ac538ebf9412023-02-08 09:41:21.990root 11241100x8000000000000000257604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef5739dc06eeae2023-02-08 09:41:21.990root 11241100x8000000000000000257603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f53a30b9281efa2023-02-08 09:41:21.990root 11241100x8000000000000000257602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fa10d39d744ce2023-02-08 09:41:21.990root 11241100x8000000000000000257601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c951e2313a37962023-02-08 09:41:21.990root 11241100x8000000000000000257600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a9bbc91f8b47302023-02-08 09:41:21.990root 11241100x8000000000000000257599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe8c9ccff51489c2023-02-08 09:41:21.990root 11241100x8000000000000000257598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d47c7fd2e121722023-02-08 09:41:21.990root 11241100x8000000000000000257597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7077437825742882023-02-08 09:41:21.990root 11241100x8000000000000000257596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3505a34d710fb32023-02-08 09:41:21.990root 11241100x8000000000000000257595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f6660728ccc6e52023-02-08 09:41:21.990root 11241100x8000000000000000257594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3ede7e6374e882023-02-08 09:41:21.990root 11241100x8000000000000000257609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d0baacb2a30c22023-02-08 09:41:21.991root 11241100x8000000000000000257608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681f0369f5af6052023-02-08 09:41:21.991root 11241100x8000000000000000257607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e55107fc8423012023-02-08 09:41:21.991root 11241100x8000000000000000257620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462d0ffa4acafbad2023-02-08 09:41:22.485root 11241100x8000000000000000257619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde4e44ebd895aa32023-02-08 09:41:22.485root 11241100x8000000000000000257618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da0ae7c9ee36d762023-02-08 09:41:22.485root 11241100x8000000000000000257617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591147986ecde8c12023-02-08 09:41:22.485root 11241100x8000000000000000257616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05a9d04de650f652023-02-08 09:41:22.485root 11241100x8000000000000000257615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86aed27c13b82d372023-02-08 09:41:22.485root 11241100x8000000000000000257614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b47e1a8c0fb1322023-02-08 09:41:22.485root 11241100x8000000000000000257613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12a00a09f6a8b92023-02-08 09:41:22.485root 11241100x8000000000000000257612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d581c7d13694e82023-02-08 09:41:22.485root 11241100x8000000000000000257611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ade691da80f0182023-02-08 09:41:22.485root 11241100x8000000000000000257610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d33cabb13103572023-02-08 09:41:22.485root 11241100x8000000000000000257634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8330558641b6a4192023-02-08 09:41:22.486root 11241100x8000000000000000257633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f40e51155d2cd82023-02-08 09:41:22.486root 11241100x8000000000000000257632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe95c37b3f789072023-02-08 09:41:22.486root 11241100x8000000000000000257631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd3c4f1bfa7fb752023-02-08 09:41:22.486root 11241100x8000000000000000257630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1acf70020109bc2023-02-08 09:41:22.486root 11241100x8000000000000000257629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0424fd9c12b1af2023-02-08 09:41:22.486root 11241100x8000000000000000257628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80a76a6d0a0a5382023-02-08 09:41:22.486root 11241100x8000000000000000257627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eebaa36e8deff62023-02-08 09:41:22.486root 11241100x8000000000000000257626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c37207a369787c2023-02-08 09:41:22.486root 11241100x8000000000000000257625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ff4d60326525392023-02-08 09:41:22.486root 11241100x8000000000000000257624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0029763539ef952023-02-08 09:41:22.486root 11241100x8000000000000000257623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804e7b24473f0fac2023-02-08 09:41:22.486root 11241100x8000000000000000257622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbde52b440f08ed72023-02-08 09:41:22.486root 11241100x8000000000000000257621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4086532f20b817d42023-02-08 09:41:22.486root 11241100x8000000000000000257649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28526424f6eb3a1b2023-02-08 09:41:22.487root 11241100x8000000000000000257648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe228471649f616f2023-02-08 09:41:22.487root 11241100x8000000000000000257647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a51816f2e94632023-02-08 09:41:22.487root 11241100x8000000000000000257646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d959183af8460c2023-02-08 09:41:22.487root 11241100x8000000000000000257645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc6ebb920c648bb2023-02-08 09:41:22.487root 11241100x8000000000000000257644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b444d5e20f43ea92023-02-08 09:41:22.487root 11241100x8000000000000000257643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca8314b15163e92023-02-08 09:41:22.487root 11241100x8000000000000000257642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60608a73fc2947e22023-02-08 09:41:22.487root 11241100x8000000000000000257641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def2c009439867712023-02-08 09:41:22.487root 11241100x8000000000000000257640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc906779381a2222023-02-08 09:41:22.487root 11241100x8000000000000000257639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e487224ad5837282023-02-08 09:41:22.487root 11241100x8000000000000000257638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6ae11b83bc2f42023-02-08 09:41:22.487root 11241100x8000000000000000257637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b51bab9995c42c2023-02-08 09:41:22.487root 11241100x8000000000000000257636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f179e6867658f2e2023-02-08 09:41:22.487root 11241100x8000000000000000257635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73be1dfb63c1f9f72023-02-08 09:41:22.487root 11241100x8000000000000000257655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16127381a5450b4b2023-02-08 09:41:22.488root 11241100x8000000000000000257654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f150ae23e01a9ff2023-02-08 09:41:22.488root 11241100x8000000000000000257653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348e2e714d674f0f2023-02-08 09:41:22.488root 11241100x8000000000000000257652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ded74a81f5bef2023-02-08 09:41:22.488root 11241100x8000000000000000257651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a73c8f238b541d2023-02-08 09:41:22.488root 11241100x8000000000000000257650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7009ea39f186acb42023-02-08 09:41:22.488root 11241100x8000000000000000257657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6577e5b08a4545d62023-02-08 09:41:22.985root 11241100x8000000000000000257656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dc67815c8099662023-02-08 09:41:22.985root 11241100x8000000000000000257668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1014bc5d0704962023-02-08 09:41:22.986root 11241100x8000000000000000257667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db26c4753f44752023-02-08 09:41:22.986root 11241100x8000000000000000257666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac9b3e346cdf3982023-02-08 09:41:22.986root 11241100x8000000000000000257665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4650863f798de5a22023-02-08 09:41:22.986root 11241100x8000000000000000257664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f5043ac39aff642023-02-08 09:41:22.986root 11241100x8000000000000000257663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8607ca2467aa4b712023-02-08 09:41:22.986root 11241100x8000000000000000257662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122eeb3340f38012023-02-08 09:41:22.986root 11241100x8000000000000000257661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f914e76102ec6d2c2023-02-08 09:41:22.986root 11241100x8000000000000000257660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cff9adaf3953192023-02-08 09:41:22.986root 11241100x8000000000000000257659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd0eeca446053d12023-02-08 09:41:22.986root 11241100x8000000000000000257658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d665ef464cfc6e642023-02-08 09:41:22.986root 11241100x8000000000000000257679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7837e89af6c929802023-02-08 09:41:22.987root 11241100x8000000000000000257678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca2ef78240b78a2023-02-08 09:41:22.987root 11241100x8000000000000000257677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3498e03ba955df42023-02-08 09:41:22.987root 11241100x8000000000000000257676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ad9263b357663c2023-02-08 09:41:22.987root 11241100x8000000000000000257675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321e2ced2c839692023-02-08 09:41:22.987root 11241100x8000000000000000257674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e171a94548eda2032023-02-08 09:41:22.987root 11241100x8000000000000000257673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783690d9b7775592023-02-08 09:41:22.987root 11241100x8000000000000000257672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1237fae2f768a4882023-02-08 09:41:22.987root 11241100x8000000000000000257671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8430b09bcbfddb632023-02-08 09:41:22.987root 11241100x8000000000000000257670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb89f9887e1cb422023-02-08 09:41:22.987root 11241100x8000000000000000257669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a84d4b97f213bad2023-02-08 09:41:22.987root 11241100x8000000000000000257681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd21fbfc8e557d82023-02-08 09:41:22.988root 11241100x8000000000000000257680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54b86a0db86de252023-02-08 09:41:22.988root 11241100x8000000000000000257686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22203771940630702023-02-08 09:41:22.990root 11241100x8000000000000000257685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e94539a3570de62023-02-08 09:41:22.990root 11241100x8000000000000000257684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056f5a081ebbcc572023-02-08 09:41:22.990root 11241100x8000000000000000257683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0c878bc98adf502023-02-08 09:41:22.990root 11241100x8000000000000000257682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9eb3c8263db34b2023-02-08 09:41:22.990root 11241100x8000000000000000257690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217056aa91e4d2b92023-02-08 09:41:22.991root 11241100x8000000000000000257689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8ef5d2414c95222023-02-08 09:41:22.991root 11241100x8000000000000000257688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6564d5384757912023-02-08 09:41:22.991root 11241100x8000000000000000257687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a11fc736f4de3672023-02-08 09:41:22.991root 11241100x8000000000000000257696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd3b9a82dcbb1902023-02-08 09:41:22.992root 11241100x8000000000000000257695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62ce785b1484b712023-02-08 09:41:22.992root 11241100x8000000000000000257694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0c34a38761ca982023-02-08 09:41:22.992root 11241100x8000000000000000257693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85e46f5716ae1302023-02-08 09:41:22.992root 11241100x8000000000000000257692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add29ad01aefc3342023-02-08 09:41:22.992root 11241100x8000000000000000257691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d93e55cd3ef96382023-02-08 09:41:22.992root 11241100x8000000000000000257707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5128005141a743c2023-02-08 09:41:22.993root 11241100x8000000000000000257706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e66a921336e8e32023-02-08 09:41:22.993root 11241100x8000000000000000257705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e532a70f9ad6022023-02-08 09:41:22.993root 11241100x8000000000000000257704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc83a7e07d1d8842023-02-08 09:41:22.993root 11241100x8000000000000000257703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15bdef333c0f3252023-02-08 09:41:22.993root 11241100x8000000000000000257702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3791d1aa4d0e87d2023-02-08 09:41:22.993root 11241100x8000000000000000257701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c36da203a28cb2023-02-08 09:41:22.993root 11241100x8000000000000000257700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7934f29de795c0d2023-02-08 09:41:22.993root 11241100x8000000000000000257699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a9000b0df7861f2023-02-08 09:41:22.993root 11241100x8000000000000000257698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4342561c0f7902023-02-08 09:41:22.993root 11241100x8000000000000000257697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83dc925c111139e2023-02-08 09:41:22.993root 11241100x8000000000000000257709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc06a1363a9939fa2023-02-08 09:41:22.994root 11241100x8000000000000000257708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5c643c4be90d762023-02-08 09:41:22.994root 11241100x8000000000000000257710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5950c0a53feba142023-02-08 09:41:23.485root 11241100x8000000000000000257715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0d5a84f5e083c82023-02-08 09:41:23.486root 11241100x8000000000000000257714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6e92920e9faa12023-02-08 09:41:23.486root 11241100x8000000000000000257713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be573bfe9e3689a92023-02-08 09:41:23.486root 11241100x8000000000000000257712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ea3a2bbe384e552023-02-08 09:41:23.486root 11241100x8000000000000000257711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638e53cbc89e056e2023-02-08 09:41:23.486root 11241100x8000000000000000257722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3002fa0bb8d81bd2023-02-08 09:41:23.487root 11241100x8000000000000000257721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5339ec945eb302052023-02-08 09:41:23.487root 11241100x8000000000000000257720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da07952f34373e2023-02-08 09:41:23.487root 11241100x8000000000000000257719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37d601e6fd5b692023-02-08 09:41:23.487root 11241100x8000000000000000257718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5b646b72c4329a2023-02-08 09:41:23.487root 11241100x8000000000000000257717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ab780866d844b2023-02-08 09:41:23.487root 11241100x8000000000000000257716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d96125062e6d12023-02-08 09:41:23.487root 11241100x8000000000000000257735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a062e9b19329a792023-02-08 09:41:23.488root 11241100x8000000000000000257734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d470c3582be2a41a2023-02-08 09:41:23.488root 11241100x8000000000000000257733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e5c9b47c552d7e2023-02-08 09:41:23.488root 11241100x8000000000000000257732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cf43756b206aaf2023-02-08 09:41:23.488root 11241100x8000000000000000257731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f901a4e6a21603f2023-02-08 09:41:23.488root 11241100x8000000000000000257730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb527d60b508dc6d2023-02-08 09:41:23.488root 11241100x8000000000000000257729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5043ed3f3e9432023-02-08 09:41:23.488root 11241100x8000000000000000257728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c37fe2b4e2b1942023-02-08 09:41:23.488root 11241100x8000000000000000257727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4800c96bbc3fa0d02023-02-08 09:41:23.488root 11241100x8000000000000000257726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a39c8bf4b177b732023-02-08 09:41:23.488root 11241100x8000000000000000257725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1494f8a90b7e432023-02-08 09:41:23.488root 11241100x8000000000000000257724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e96e667a13cc3a2023-02-08 09:41:23.488root 11241100x8000000000000000257723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753b9175aef0bded2023-02-08 09:41:23.488root 11241100x8000000000000000257751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e1653e1cfd8f12023-02-08 09:41:23.489root 11241100x8000000000000000257750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd77b62ec7a7c5d2023-02-08 09:41:23.489root 11241100x8000000000000000257749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1195a41ec76820852023-02-08 09:41:23.489root 11241100x8000000000000000257748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579075de6ea5a9c32023-02-08 09:41:23.489root 11241100x8000000000000000257747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0987af31ba453c2023-02-08 09:41:23.489root 11241100x8000000000000000257746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6db0fcaa9f53d42023-02-08 09:41:23.489root 11241100x8000000000000000257745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95271cfd31a09bb32023-02-08 09:41:23.489root 11241100x8000000000000000257744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bc60e36159b242023-02-08 09:41:23.489root 11241100x8000000000000000257743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de522a3070feafd02023-02-08 09:41:23.489root 11241100x8000000000000000257742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f531f611307fa02023-02-08 09:41:23.489root 11241100x8000000000000000257741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0357a3c6d4c862023-02-08 09:41:23.489root 11241100x8000000000000000257740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1182359dfc931ad2023-02-08 09:41:23.489root 11241100x8000000000000000257739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd93e80ceb0292aa2023-02-08 09:41:23.489root 11241100x8000000000000000257738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbe3d7f41a03fc2023-02-08 09:41:23.489root 11241100x8000000000000000257737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8dbcaf8ff9fde32023-02-08 09:41:23.489root 11241100x8000000000000000257736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18c33ffc56737082023-02-08 09:41:23.489root 11241100x8000000000000000257756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4311f136a6deaaa2023-02-08 09:41:23.490root 11241100x8000000000000000257755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94959861237619ea2023-02-08 09:41:23.490root 11241100x8000000000000000257754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2bb0a112057552023-02-08 09:41:23.490root 11241100x8000000000000000257753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905178e103b687692023-02-08 09:41:23.490root 11241100x8000000000000000257752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65aaa52986074282023-02-08 09:41:23.490root 11241100x8000000000000000257760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28152595c51a584a2023-02-08 09:41:23.984root 11241100x8000000000000000257759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4854978c9f83a2f2023-02-08 09:41:23.984root 11241100x8000000000000000257758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06024debbc6b462023-02-08 09:41:23.984root 11241100x8000000000000000257757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3faabc6ddfbee2023-02-08 09:41:23.984root 11241100x8000000000000000257763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6863958375aae2023-02-08 09:41:23.985root 11241100x8000000000000000257762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdf94be731b431a2023-02-08 09:41:23.985root 11241100x8000000000000000257761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8668856d73b5342023-02-08 09:41:23.985root 11241100x8000000000000000257767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a1dec78db24abc2023-02-08 09:41:23.986root 11241100x8000000000000000257766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69df8a30c3947872023-02-08 09:41:23.986root 11241100x8000000000000000257765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3613664af0b08b2023-02-08 09:41:23.986root 11241100x8000000000000000257764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe81aa29a23bc07d2023-02-08 09:41:23.986root 11241100x8000000000000000257770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b771f943869d0d482023-02-08 09:41:23.987root 11241100x8000000000000000257769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5ddba7ab202dec2023-02-08 09:41:23.987root 11241100x8000000000000000257768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47de60da7b5b3f112023-02-08 09:41:23.987root 11241100x8000000000000000257775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9f494c7674fe02023-02-08 09:41:23.988root 11241100x8000000000000000257774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574ffa7a2db48ffd2023-02-08 09:41:23.988root 11241100x8000000000000000257773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dcaf2ec484ecab2023-02-08 09:41:23.988root 11241100x8000000000000000257772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c92227572c036662023-02-08 09:41:23.988root 11241100x8000000000000000257771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d6e9de27eec4622023-02-08 09:41:23.988root 11241100x8000000000000000257781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e780340ff7ab64fd2023-02-08 09:41:23.989root 11241100x8000000000000000257780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766bc67d9385db2f2023-02-08 09:41:23.989root 11241100x8000000000000000257779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e20b1858224c8f2023-02-08 09:41:23.989root 11241100x8000000000000000257778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4771301d441f832023-02-08 09:41:23.989root 11241100x8000000000000000257777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25674eca5a4572a2023-02-08 09:41:23.989root 11241100x8000000000000000257776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5db515d592da2ac2023-02-08 09:41:23.989root 11241100x8000000000000000257789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e372b98e4a536a4a2023-02-08 09:41:23.990root 11241100x8000000000000000257788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042854c9296fb1762023-02-08 09:41:23.990root 11241100x8000000000000000257787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9e86bebcac914e2023-02-08 09:41:23.990root 11241100x8000000000000000257786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97fe1c683ae85f2023-02-08 09:41:23.990root 11241100x8000000000000000257785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f3b048af3b57192023-02-08 09:41:23.990root 11241100x8000000000000000257784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc4f7a3020013f52023-02-08 09:41:23.990root 11241100x8000000000000000257783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db874ae5a09c442023-02-08 09:41:23.990root 11241100x8000000000000000257782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26446159df565f7d2023-02-08 09:41:23.990root 11241100x8000000000000000257801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba10a2cd3c1085022023-02-08 09:41:23.993root 11241100x8000000000000000257800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c72cf52e37bd42e2023-02-08 09:41:23.993root 11241100x8000000000000000257799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40426379730263b82023-02-08 09:41:23.993root 11241100x8000000000000000257798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b4f557d85da2fb2023-02-08 09:41:23.993root 11241100x8000000000000000257797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8d7eee733dbb42023-02-08 09:41:23.993root 11241100x8000000000000000257796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1980cc8b835ecfd2023-02-08 09:41:23.993root 11241100x8000000000000000257795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0191267a2c7b30792023-02-08 09:41:23.993root 11241100x8000000000000000257794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fc1c8147bb5712023-02-08 09:41:23.993root 11241100x8000000000000000257793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1474927e59585dd2023-02-08 09:41:23.993root 11241100x8000000000000000257792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df93c8b586591ee2023-02-08 09:41:23.993root 11241100x8000000000000000257791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a40dfdcf4afdf2023-02-08 09:41:23.993root 11241100x8000000000000000257790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922a09bc2f9ebef2023-02-08 09:41:23.993root 11241100x8000000000000000257809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d821559cb2042392023-02-08 09:41:23.994root 11241100x8000000000000000257808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba648efbe863981b2023-02-08 09:41:23.994root 11241100x8000000000000000257807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de913057cb697d542023-02-08 09:41:23.994root 11241100x8000000000000000257806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a20621fdb742b992023-02-08 09:41:23.994root 11241100x8000000000000000257805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecde03391aefdcb2023-02-08 09:41:23.994root 11241100x8000000000000000257804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71179af4ff1a20c02023-02-08 09:41:23.994root 11241100x8000000000000000257803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf72714b63dcd25e2023-02-08 09:41:23.994root 11241100x8000000000000000257802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817a3e28fb8219d52023-02-08 09:41:23.994root 11241100x8000000000000000257814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f688a6b2c806f2023-02-08 09:41:23.995root 11241100x8000000000000000257813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cefa7bb3f6e64d2023-02-08 09:41:23.995root 11241100x8000000000000000257812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbb28ee9fa47f732023-02-08 09:41:23.995root 11241100x8000000000000000257811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9033451a4cc565b72023-02-08 09:41:23.995root 11241100x8000000000000000257810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:23.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc04931500e1612023-02-08 09:41:23.995root 354300x8000000000000000257815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.094{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46962-false10.0.1.12-8000- 11241100x8000000000000000257816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbddda8b6da506102023-02-08 09:41:24.485root 11241100x8000000000000000257822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5552f3d64023c6242023-02-08 09:41:24.486root 11241100x8000000000000000257821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bbaa5a5f0a4b42023-02-08 09:41:24.486root 11241100x8000000000000000257820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea848225fbfad2842023-02-08 09:41:24.486root 11241100x8000000000000000257819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fba764074d34c12023-02-08 09:41:24.486root 11241100x8000000000000000257818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51247dc12470e7182023-02-08 09:41:24.486root 11241100x8000000000000000257817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660b42757f6b89cc2023-02-08 09:41:24.486root 11241100x8000000000000000257834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244ec367433b30462023-02-08 09:41:24.487root 11241100x8000000000000000257833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23e472797ee8a832023-02-08 09:41:24.487root 11241100x8000000000000000257832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b222b3b2559e7be2023-02-08 09:41:24.487root 11241100x8000000000000000257831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736420bb749cf0792023-02-08 09:41:24.487root 11241100x8000000000000000257830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ff0fcd806f64ca2023-02-08 09:41:24.487root 11241100x8000000000000000257829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15569c0e1cc625392023-02-08 09:41:24.487root 11241100x8000000000000000257828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c624290cd3792662023-02-08 09:41:24.487root 11241100x8000000000000000257827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78c597d1d33749a2023-02-08 09:41:24.487root 11241100x8000000000000000257826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dad00f80c545db2023-02-08 09:41:24.487root 11241100x8000000000000000257825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21985c4252c8f1d22023-02-08 09:41:24.487root 11241100x8000000000000000257824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3055ca671e5282023-02-08 09:41:24.487root 11241100x8000000000000000257823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199dec1ce42f74452023-02-08 09:41:24.487root 11241100x8000000000000000257843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09090c870e788efc2023-02-08 09:41:24.488root 11241100x8000000000000000257842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4febf2d4f498b0ff2023-02-08 09:41:24.488root 11241100x8000000000000000257841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba146dd5b3905bc02023-02-08 09:41:24.488root 11241100x8000000000000000257840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dad1b19bf013f2023-02-08 09:41:24.488root 11241100x8000000000000000257839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdc9569e1cd69042023-02-08 09:41:24.488root 11241100x8000000000000000257838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7fabe8f6cc661d2023-02-08 09:41:24.488root 11241100x8000000000000000257837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b5ec5ccaef91f92023-02-08 09:41:24.488root 11241100x8000000000000000257836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75bccb7f620984f2023-02-08 09:41:24.488root 11241100x8000000000000000257835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfe1ac1ca07c41d2023-02-08 09:41:24.488root 11241100x8000000000000000257845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c160b760feab72023-02-08 09:41:24.489root 11241100x8000000000000000257844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be871f260799a9972023-02-08 09:41:24.489root 11241100x8000000000000000257853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1270b482dc55ca222023-02-08 09:41:24.490root 11241100x8000000000000000257852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5b15a84b391d282023-02-08 09:41:24.490root 11241100x8000000000000000257851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f4c3cc2c328f82023-02-08 09:41:24.490root 11241100x8000000000000000257850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757045f7b7980d92023-02-08 09:41:24.490root 11241100x8000000000000000257849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b653aa62180272023-02-08 09:41:24.490root 11241100x8000000000000000257848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7a6c75c3ab50f2023-02-08 09:41:24.490root 11241100x8000000000000000257847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96348fae497b7512023-02-08 09:41:24.490root 11241100x8000000000000000257846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed6ba1e1bbd64ef2023-02-08 09:41:24.490root 11241100x8000000000000000257862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e72204e7c776d52023-02-08 09:41:24.492root 11241100x8000000000000000257861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c9fb03cc0f08d72023-02-08 09:41:24.492root 11241100x8000000000000000257860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b2a310d5e46e432023-02-08 09:41:24.492root 11241100x8000000000000000257859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4ff30a5af49d72023-02-08 09:41:24.492root 11241100x8000000000000000257858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961acb6dabaa0592023-02-08 09:41:24.492root 11241100x8000000000000000257857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a4d815d823a4a2023-02-08 09:41:24.492root 11241100x8000000000000000257856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c68ef692c8235b62023-02-08 09:41:24.492root 11241100x8000000000000000257855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96313992d0234132023-02-08 09:41:24.492root 11241100x8000000000000000257854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde2841ffaa568a32023-02-08 09:41:24.492root 11241100x8000000000000000257863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc98cf03b994192023-02-08 09:41:24.493root 11241100x8000000000000000257864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7232f8f7b72ac312023-02-08 09:41:24.985root 11241100x8000000000000000257870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d3787552cb6b4f2023-02-08 09:41:24.986root 11241100x8000000000000000257869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f425108d380f9242023-02-08 09:41:24.986root 11241100x8000000000000000257868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3dfd3c28a453e92023-02-08 09:41:24.986root 11241100x8000000000000000257867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760fed4260402902023-02-08 09:41:24.986root 11241100x8000000000000000257866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1331d0054f0017d42023-02-08 09:41:24.986root 11241100x8000000000000000257865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b761097714fcc2cb2023-02-08 09:41:24.986root 11241100x8000000000000000257880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c36635b2f4bc22023-02-08 09:41:24.987root 11241100x8000000000000000257879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283cfa6d4abd73052023-02-08 09:41:24.987root 11241100x8000000000000000257878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd5d6dabf123c72023-02-08 09:41:24.987root 11241100x8000000000000000257877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9cfdfe35b525d82023-02-08 09:41:24.987root 11241100x8000000000000000257876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4354e22bff8a3462023-02-08 09:41:24.987root 11241100x8000000000000000257875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46e2cd640762aea2023-02-08 09:41:24.987root 11241100x8000000000000000257874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1e8464c8a11aa2023-02-08 09:41:24.987root 11241100x8000000000000000257873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce7b2da288fc7a2023-02-08 09:41:24.987root 11241100x8000000000000000257872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b653d338f9fbb22023-02-08 09:41:24.987root 11241100x8000000000000000257871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab97fe3b418e21c72023-02-08 09:41:24.987root 11241100x8000000000000000257888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6015519c230d082023-02-08 09:41:24.988root 11241100x8000000000000000257887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6094c9ae45cb3eff2023-02-08 09:41:24.988root 11241100x8000000000000000257886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dce37853967873c2023-02-08 09:41:24.988root 11241100x8000000000000000257885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395f6b724cb519882023-02-08 09:41:24.988root 11241100x8000000000000000257884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ffbb2b23f480ba2023-02-08 09:41:24.988root 11241100x8000000000000000257883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bc6ce1e3dc783b2023-02-08 09:41:24.988root 11241100x8000000000000000257882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0cd795f6045b882023-02-08 09:41:24.988root 11241100x8000000000000000257881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2033c8ef4e3bb8e22023-02-08 09:41:24.988root 11241100x8000000000000000257897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66546f734953e07e2023-02-08 09:41:24.989root 11241100x8000000000000000257896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38819397fa1ca72d2023-02-08 09:41:24.989root 11241100x8000000000000000257895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93eb1260553cf002023-02-08 09:41:24.989root 11241100x8000000000000000257894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d5f9937dbfbb572023-02-08 09:41:24.989root 11241100x8000000000000000257893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c23c5ffc1345c2023-02-08 09:41:24.989root 11241100x8000000000000000257892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e87e00184e99c02023-02-08 09:41:24.989root 11241100x8000000000000000257891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824c7c89bd6257db2023-02-08 09:41:24.989root 11241100x8000000000000000257890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdfaa0cedc48bf82023-02-08 09:41:24.989root 11241100x8000000000000000257889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22974660ea7efe702023-02-08 09:41:24.989root 11241100x8000000000000000257906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087da337c07500592023-02-08 09:41:24.990root 11241100x8000000000000000257905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebebbf7a85374cdb2023-02-08 09:41:24.990root 11241100x8000000000000000257904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8692c17e60556b122023-02-08 09:41:24.990root 11241100x8000000000000000257903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f8b7fe861eab7a2023-02-08 09:41:24.990root 11241100x8000000000000000257902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058e3a93e7fd3272023-02-08 09:41:24.990root 11241100x8000000000000000257901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8e0f88f9c0b1c12023-02-08 09:41:24.990root 11241100x8000000000000000257900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c6442dab6ee9b2023-02-08 09:41:24.990root 11241100x8000000000000000257899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c59eee21d6fc042023-02-08 09:41:24.990root 11241100x8000000000000000257898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aff75d694d05a6a2023-02-08 09:41:24.990root 11241100x8000000000000000257910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26611aed84c02bb62023-02-08 09:41:24.991root 11241100x8000000000000000257909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12b40f0486378132023-02-08 09:41:24.991root 11241100x8000000000000000257908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cae9f8ecf9dc752023-02-08 09:41:24.991root 11241100x8000000000000000257907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0f6ed77aed66ba2023-02-08 09:41:24.991root 11241100x8000000000000000257911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58203fb75cb076d12023-02-08 09:41:25.485root 11241100x8000000000000000257920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc43ac70616d692023-02-08 09:41:25.486root 11241100x8000000000000000257919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f753eed52b7fa2023-02-08 09:41:25.486root 11241100x8000000000000000257918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238fd68ab98342362023-02-08 09:41:25.486root 11241100x8000000000000000257917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf8191f3d8b87572023-02-08 09:41:25.486root 11241100x8000000000000000257916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835aaeac5785f49a2023-02-08 09:41:25.486root 11241100x8000000000000000257915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46438bdaa073a6652023-02-08 09:41:25.486root 11241100x8000000000000000257914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995b44d633ec57c2023-02-08 09:41:25.486root 11241100x8000000000000000257913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4c544a05d6cbd2023-02-08 09:41:25.486root 11241100x8000000000000000257912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9583ef9e838b71f2023-02-08 09:41:25.486root 11241100x8000000000000000257930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73189b76d03d66d82023-02-08 09:41:25.487root 11241100x8000000000000000257929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a73ff4bdc092632023-02-08 09:41:25.487root 11241100x8000000000000000257928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920fbe4df53b1e652023-02-08 09:41:25.487root 11241100x8000000000000000257927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664f66ed3ec373b42023-02-08 09:41:25.487root 11241100x8000000000000000257926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439e203c07fb54132023-02-08 09:41:25.487root 11241100x8000000000000000257925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35108cd7e9fb55f52023-02-08 09:41:25.487root 11241100x8000000000000000257924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19bfe1b2e8763232023-02-08 09:41:25.487root 11241100x8000000000000000257923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8dea3efcdfdf792023-02-08 09:41:25.487root 11241100x8000000000000000257922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff15d03de883fc742023-02-08 09:41:25.487root 11241100x8000000000000000257921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ace236cfd9f2942023-02-08 09:41:25.487root 11241100x8000000000000000257940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d873d134a286f52023-02-08 09:41:25.488root 11241100x8000000000000000257939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d29dc7023145012023-02-08 09:41:25.488root 11241100x8000000000000000257938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df6a318e52635af2023-02-08 09:41:25.488root 11241100x8000000000000000257937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd961b23392111752023-02-08 09:41:25.488root 11241100x8000000000000000257936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde5514b7e6a74e2023-02-08 09:41:25.488root 11241100x8000000000000000257935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77409ee6854991652023-02-08 09:41:25.488root 11241100x8000000000000000257934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12ebffe4e1b177a2023-02-08 09:41:25.488root 11241100x8000000000000000257933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a3c85291e7e4c2023-02-08 09:41:25.488root 11241100x8000000000000000257932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c100d774d2003f2023-02-08 09:41:25.488root 11241100x8000000000000000257931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c6c89e2c8760f2023-02-08 09:41:25.488root 11241100x8000000000000000257951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3fc694c557820b2023-02-08 09:41:25.489root 11241100x8000000000000000257950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5026fe6a0a9dd2712023-02-08 09:41:25.489root 11241100x8000000000000000257949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579b2cc085474212023-02-08 09:41:25.489root 11241100x8000000000000000257948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574bf72499728f6f2023-02-08 09:41:25.489root 11241100x8000000000000000257947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992243499bfae0e2023-02-08 09:41:25.489root 11241100x8000000000000000257946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee516ced842c09f2023-02-08 09:41:25.489root 11241100x8000000000000000257945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bece00d9490bc52023-02-08 09:41:25.489root 11241100x8000000000000000257944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d6849918668c12023-02-08 09:41:25.489root 11241100x8000000000000000257943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4991f8abf777f22023-02-08 09:41:25.489root 11241100x8000000000000000257942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56b997f3b5d1752023-02-08 09:41:25.489root 11241100x8000000000000000257941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7553103890221ba62023-02-08 09:41:25.489root 11241100x8000000000000000257957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c4f31d43f1d2432023-02-08 09:41:25.490root 11241100x8000000000000000257956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3e62c5211665cc2023-02-08 09:41:25.490root 11241100x8000000000000000257955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b7178482d619a62023-02-08 09:41:25.490root 11241100x8000000000000000257954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8490ef09f6d772d02023-02-08 09:41:25.490root 11241100x8000000000000000257953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bb72bd5aba0ba72023-02-08 09:41:25.490root 11241100x8000000000000000257952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533e67d41cbb65172023-02-08 09:41:25.490root 11241100x8000000000000000257960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abe655aa5de74112023-02-08 09:41:25.984root 11241100x8000000000000000257959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf90194af271bf332023-02-08 09:41:25.984root 11241100x8000000000000000257958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf9cc1e15643bd2023-02-08 09:41:25.984root 11241100x8000000000000000257975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a179bd9d6701c2023-02-08 09:41:25.985root 11241100x8000000000000000257974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cce190cbaaaeefc2023-02-08 09:41:25.985root 11241100x8000000000000000257973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e120a21d7b9982023-02-08 09:41:25.985root 11241100x8000000000000000257972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bea584532c9f332023-02-08 09:41:25.985root 11241100x8000000000000000257971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688eb930490f59352023-02-08 09:41:25.985root 11241100x8000000000000000257970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e01c17f87818182023-02-08 09:41:25.985root 11241100x8000000000000000257969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f1260dfa2c7cd82023-02-08 09:41:25.985root 11241100x8000000000000000257968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabaf3e0d39197af2023-02-08 09:41:25.985root 11241100x8000000000000000257967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010eae3b1b5ee6b2023-02-08 09:41:25.985root 11241100x8000000000000000257966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8935d01b6d943de2023-02-08 09:41:25.985root 11241100x8000000000000000257965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041f380a55ca86222023-02-08 09:41:25.985root 11241100x8000000000000000257964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a4c3276d7975e92023-02-08 09:41:25.985root 11241100x8000000000000000257963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56037225dcb3cf632023-02-08 09:41:25.985root 11241100x8000000000000000257962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d49e91484ff6b0d2023-02-08 09:41:25.985root 11241100x8000000000000000257961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629d8873fb1ad752023-02-08 09:41:25.985root 11241100x8000000000000000257991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fcf936f962779d2023-02-08 09:41:25.986root 11241100x8000000000000000257990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676f4a0da2dbd232023-02-08 09:41:25.986root 11241100x8000000000000000257989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea353c90403a997d2023-02-08 09:41:25.986root 11241100x8000000000000000257988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684eb12d8fe2d8a02023-02-08 09:41:25.986root 11241100x8000000000000000257987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d07a26875101c4b2023-02-08 09:41:25.986root 11241100x8000000000000000257986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf0e97f17faeea2023-02-08 09:41:25.986root 11241100x8000000000000000257985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc51a1cd9ac67862023-02-08 09:41:25.986root 11241100x8000000000000000257984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0156add2980d4412023-02-08 09:41:25.986root 11241100x8000000000000000257983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9300c10c54e53572023-02-08 09:41:25.986root 11241100x8000000000000000257982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef076fce2087b6d42023-02-08 09:41:25.986root 11241100x8000000000000000257981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfec9fcb16180802023-02-08 09:41:25.986root 11241100x8000000000000000257980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2420803c39a1f712023-02-08 09:41:25.986root 11241100x8000000000000000257979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bdb2fda888bcfc2023-02-08 09:41:25.986root 11241100x8000000000000000257978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ab1603aa0a31ae2023-02-08 09:41:25.986root 11241100x8000000000000000257977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b00229e0fc6f2982023-02-08 09:41:25.986root 11241100x8000000000000000257976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a849a3eab20022023-02-08 09:41:25.986root 11241100x8000000000000000258008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f38a3fac30d19e2023-02-08 09:41:25.987root 11241100x8000000000000000258007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc3358f21d17ab52023-02-08 09:41:25.987root 11241100x8000000000000000258006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05389b92097d69a2023-02-08 09:41:25.987root 11241100x8000000000000000258005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909d56c4898d13a2023-02-08 09:41:25.987root 11241100x8000000000000000258004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff067c86d76e2b02023-02-08 09:41:25.987root 11241100x8000000000000000258003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98950f4dca7d3a8b2023-02-08 09:41:25.987root 11241100x8000000000000000258002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00188ebf8f283842023-02-08 09:41:25.987root 11241100x8000000000000000258001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dffdc84e4761482023-02-08 09:41:25.987root 11241100x8000000000000000258000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d61a40d785e90e2023-02-08 09:41:25.987root 11241100x8000000000000000257999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2133f044668527132023-02-08 09:41:25.987root 11241100x8000000000000000257998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3994bd081705a2023-02-08 09:41:25.987root 11241100x8000000000000000257997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45c78078915aefa2023-02-08 09:41:25.987root 11241100x8000000000000000257996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635a638ba881ca792023-02-08 09:41:25.987root 11241100x8000000000000000257995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8295998fc2324e2023-02-08 09:41:25.987root 11241100x8000000000000000257994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf81f4f507ac81d2023-02-08 09:41:25.987root 11241100x8000000000000000257993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db90f3a3b09e4d52023-02-08 09:41:25.987root 11241100x8000000000000000257992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece4878f86aa94f2023-02-08 09:41:25.987root 11241100x8000000000000000258015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de242fc4e1f873942023-02-08 09:41:25.989root 11241100x8000000000000000258014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd210119426da22023-02-08 09:41:25.989root 11241100x8000000000000000258013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7039e0383dd725422023-02-08 09:41:25.989root 11241100x8000000000000000258012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc79ef3df993842023-02-08 09:41:25.989root 11241100x8000000000000000258011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a341a8ec03e206d2023-02-08 09:41:25.989root 11241100x8000000000000000258010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd3535a4f24ac362023-02-08 09:41:25.989root 11241100x8000000000000000258009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6535bc071ed439272023-02-08 09:41:25.989root 11241100x8000000000000000258026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5cbfce6dcd81e12023-02-08 09:41:25.990root 11241100x8000000000000000258025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada882d480a805232023-02-08 09:41:25.990root 11241100x8000000000000000258024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89608f0eaf84c3a22023-02-08 09:41:25.990root 11241100x8000000000000000258023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c6d4013b19a5032023-02-08 09:41:25.990root 11241100x8000000000000000258022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1612c602ce2cd83c2023-02-08 09:41:25.990root 11241100x8000000000000000258021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c7e4d52953c15a2023-02-08 09:41:25.990root 11241100x8000000000000000258020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc55e331d7c1d9e2023-02-08 09:41:25.990root 11241100x8000000000000000258019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e03545c2e49552023-02-08 09:41:25.990root 11241100x8000000000000000258018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f258c6e1da7556d2023-02-08 09:41:25.990root 11241100x8000000000000000258017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68004af929bd2f92023-02-08 09:41:25.990root 11241100x8000000000000000258016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22439e6495a9728f2023-02-08 09:41:25.990root 11241100x8000000000000000258040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654743922a08ed92023-02-08 09:41:25.991root 11241100x8000000000000000258039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ebbbdb6b3a0092023-02-08 09:41:25.991root 11241100x8000000000000000258038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c90fce91d58d5d2023-02-08 09:41:25.991root 11241100x8000000000000000258037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad3ae7c76892a12023-02-08 09:41:25.991root 11241100x8000000000000000258036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecd46f6b76ba5312023-02-08 09:41:25.991root 11241100x8000000000000000258035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9690abb0b8517d32023-02-08 09:41:25.991root 11241100x8000000000000000258034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd216d6a314ac802023-02-08 09:41:25.991root 11241100x8000000000000000258033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa69c6f8f6e94422023-02-08 09:41:25.991root 11241100x8000000000000000258032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c4c2cf051bb872023-02-08 09:41:25.991root 11241100x8000000000000000258031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dd66fef60e67ac2023-02-08 09:41:25.991root 11241100x8000000000000000258030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c6c858b107b962023-02-08 09:41:25.991root 11241100x8000000000000000258029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1197e27ddb0e10d32023-02-08 09:41:25.991root 11241100x8000000000000000258028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5fff2bdfc2b5ac2023-02-08 09:41:25.991root 11241100x8000000000000000258027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c2bc13795d1c102023-02-08 09:41:25.991root 11241100x8000000000000000258043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24f4b5dd8c0646a2023-02-08 09:41:25.994root 11241100x8000000000000000258042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaec9b631fffa5122023-02-08 09:41:25.994root 11241100x8000000000000000258041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7352ef921fd3192023-02-08 09:41:25.994root 11241100x8000000000000000258047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3003e72f98f332d62023-02-08 09:41:25.995root 11241100x8000000000000000258046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6634c63801900ab62023-02-08 09:41:25.995root 11241100x8000000000000000258045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67096721d07aaaea2023-02-08 09:41:25.995root 11241100x8000000000000000258044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69066b1db5b2d5752023-02-08 09:41:25.995root 11241100x8000000000000000258055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7dcb2a79d487f02023-02-08 09:41:25.996root 11241100x8000000000000000258054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a152704911babc2023-02-08 09:41:25.996root 11241100x8000000000000000258053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7765873198b5f3862023-02-08 09:41:25.996root 11241100x8000000000000000258052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88369c45c0ed3b62023-02-08 09:41:25.996root 11241100x8000000000000000258051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c21576cc0c800322023-02-08 09:41:25.996root 11241100x8000000000000000258050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33261e5e25a65ba62023-02-08 09:41:25.996root 11241100x8000000000000000258049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f69c63b2c10dfb2023-02-08 09:41:25.996root 11241100x8000000000000000258048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad83d1d2118dba92023-02-08 09:41:25.996root 11241100x8000000000000000258067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba26e2c446ec96f72023-02-08 09:41:25.997root 11241100x8000000000000000258066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4744e6be971f972023-02-08 09:41:25.997root 11241100x8000000000000000258065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3685e284267054a22023-02-08 09:41:25.997root 11241100x8000000000000000258064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6497556908ec5c2023-02-08 09:41:25.997root 11241100x8000000000000000258063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf8fa8f86256b9c2023-02-08 09:41:25.997root 11241100x8000000000000000258062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19471ef49d7e13a22023-02-08 09:41:25.997root 11241100x8000000000000000258061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94b7e0a76cfa3302023-02-08 09:41:25.997root 11241100x8000000000000000258060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9d211a61c81f22023-02-08 09:41:25.997root 11241100x8000000000000000258059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e43931d83244402023-02-08 09:41:25.997root 11241100x8000000000000000258058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ebc28b5a53b132023-02-08 09:41:25.997root 11241100x8000000000000000258057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe4d95c7422de002023-02-08 09:41:25.997root 11241100x8000000000000000258056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f6884c821d3cc2023-02-08 09:41:25.997root 11241100x8000000000000000258068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a503f095161a452023-02-08 09:41:26.485root 11241100x8000000000000000258076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a674951d7b038b6e2023-02-08 09:41:26.486root 11241100x8000000000000000258075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa829306b4d53002023-02-08 09:41:26.486root 11241100x8000000000000000258074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027a61aff66bc02d2023-02-08 09:41:26.486root 11241100x8000000000000000258073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63dcdd8de245b5a2023-02-08 09:41:26.486root 11241100x8000000000000000258072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad11fb969bc0e5d2023-02-08 09:41:26.486root 11241100x8000000000000000258071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf54aa8b90da7922023-02-08 09:41:26.486root 11241100x8000000000000000258070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a54e7d8ca382ab2023-02-08 09:41:26.486root 11241100x8000000000000000258069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47a9a38fa291942023-02-08 09:41:26.486root 11241100x8000000000000000258085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633ceb6d5fcb9a492023-02-08 09:41:26.487root 11241100x8000000000000000258084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea959468d666832023-02-08 09:41:26.487root 11241100x8000000000000000258083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1d505f1fce061e2023-02-08 09:41:26.487root 11241100x8000000000000000258082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f91ab5970c5ef2023-02-08 09:41:26.487root 11241100x8000000000000000258081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e78c09992effc42023-02-08 09:41:26.487root 11241100x8000000000000000258080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2190077b1dff0f2023-02-08 09:41:26.487root 11241100x8000000000000000258079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2865cc04dd9e192023-02-08 09:41:26.487root 11241100x8000000000000000258078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad895971d3a1f0472023-02-08 09:41:26.487root 11241100x8000000000000000258077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20118e035f7535582023-02-08 09:41:26.487root 11241100x8000000000000000258095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bd386f333d79782023-02-08 09:41:26.488root 11241100x8000000000000000258094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404ddadb9061cf0e2023-02-08 09:41:26.488root 11241100x8000000000000000258093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9a84988e438b602023-02-08 09:41:26.488root 11241100x8000000000000000258092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b545cf3a96d532023-02-08 09:41:26.488root 11241100x8000000000000000258091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f71e8a34f10d70a2023-02-08 09:41:26.488root 11241100x8000000000000000258090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3473fd79652a52023-02-08 09:41:26.488root 11241100x8000000000000000258089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7674e2f5fc11142023-02-08 09:41:26.488root 11241100x8000000000000000258088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788b16e8c93ddc5d2023-02-08 09:41:26.488root 11241100x8000000000000000258087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5030c1f74dfff8262023-02-08 09:41:26.488root 11241100x8000000000000000258086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d28c8545f561f22023-02-08 09:41:26.488root 11241100x8000000000000000258103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11e181b5169fa62023-02-08 09:41:26.489root 11241100x8000000000000000258102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890134f844276ef42023-02-08 09:41:26.489root 11241100x8000000000000000258101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2dc0187ebed76a2023-02-08 09:41:26.489root 11241100x8000000000000000258100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc5f176b61788b2023-02-08 09:41:26.489root 11241100x8000000000000000258099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defab7677767ed0c2023-02-08 09:41:26.489root 11241100x8000000000000000258098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49912b1e4b322d152023-02-08 09:41:26.489root 11241100x8000000000000000258097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff859de8585fd12023-02-08 09:41:26.489root 11241100x8000000000000000258096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff43a857292c731a2023-02-08 09:41:26.489root 11241100x8000000000000000258113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95837afe81b18a22023-02-08 09:41:26.490root 11241100x8000000000000000258112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac529ebb4e4eed32023-02-08 09:41:26.490root 11241100x8000000000000000258111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6667001306d7524a2023-02-08 09:41:26.490root 11241100x8000000000000000258110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb82149db4b26542023-02-08 09:41:26.490root 11241100x8000000000000000258109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e99c4bcf9c7e592023-02-08 09:41:26.490root 11241100x8000000000000000258108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a9b387a8f326572023-02-08 09:41:26.490root 11241100x8000000000000000258107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60397f245381af332023-02-08 09:41:26.490root 11241100x8000000000000000258106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143188d1b603e9e52023-02-08 09:41:26.490root 11241100x8000000000000000258105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592324a669702912023-02-08 09:41:26.490root 11241100x8000000000000000258104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b266cf5a8a86462023-02-08 09:41:26.490root 11241100x8000000000000000258118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a3ff20fe2e82cc2023-02-08 09:41:26.491root 11241100x8000000000000000258117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055ca2b63d87c4d2023-02-08 09:41:26.491root 11241100x8000000000000000258116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc40d41040a3179e2023-02-08 09:41:26.491root 11241100x8000000000000000258115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439298b77bc3d9d2023-02-08 09:41:26.491root 11241100x8000000000000000258114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43997b157b3d06152023-02-08 09:41:26.491root 11241100x8000000000000000258119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3561efa3f02642023-02-08 09:41:26.985root 11241100x8000000000000000258121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824e576ac9f6c3b2023-02-08 09:41:26.986root 11241100x8000000000000000258120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e12f746918cf52023-02-08 09:41:26.986root 11241100x8000000000000000258127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987f04d75df344ef2023-02-08 09:41:26.987root 11241100x8000000000000000258126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4372690df122ade92023-02-08 09:41:26.987root 11241100x8000000000000000258125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae180004b72bb7f2023-02-08 09:41:26.987root 11241100x8000000000000000258124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7048b3328bbe0f92023-02-08 09:41:26.987root 11241100x8000000000000000258123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d40415ba67faec2023-02-08 09:41:26.987root 11241100x8000000000000000258122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4346a40ad148d192023-02-08 09:41:26.987root 11241100x8000000000000000258141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689ccae0ee7bf9952023-02-08 09:41:26.988root 11241100x8000000000000000258140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adbf99af2c5edbb2023-02-08 09:41:26.988root 11241100x8000000000000000258139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec4e31ff1b256ee2023-02-08 09:41:26.988root 11241100x8000000000000000258138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0972a522bc564d2023-02-08 09:41:26.988root 11241100x8000000000000000258137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e94cfd66a65b22023-02-08 09:41:26.988root 11241100x8000000000000000258136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7245f3de6c1b9a2023-02-08 09:41:26.988root 11241100x8000000000000000258135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f5f707b804a182023-02-08 09:41:26.988root 11241100x8000000000000000258134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd80a6d4660b2a652023-02-08 09:41:26.988root 11241100x8000000000000000258133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345ac6c1035a1ad32023-02-08 09:41:26.988root 11241100x8000000000000000258132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03926a8ed583582023-02-08 09:41:26.988root 11241100x8000000000000000258131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f5c2816fb36352023-02-08 09:41:26.988root 11241100x8000000000000000258130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae49eaeb998adea2023-02-08 09:41:26.988root 11241100x8000000000000000258129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ce6536102cdd002023-02-08 09:41:26.988root 11241100x8000000000000000258128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6530d4877e1399e22023-02-08 09:41:26.988root 11241100x8000000000000000258155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f602f96cffd234c92023-02-08 09:41:26.989root 11241100x8000000000000000258154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45dd38a473d637e2023-02-08 09:41:26.989root 11241100x8000000000000000258153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258824764eaea28a2023-02-08 09:41:26.989root 11241100x8000000000000000258152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a8f837ea34050d2023-02-08 09:41:26.989root 11241100x8000000000000000258151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e6b53e5e5bfe602023-02-08 09:41:26.989root 11241100x8000000000000000258150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9949573a5e1eef0d2023-02-08 09:41:26.989root 11241100x8000000000000000258149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45c39a2194b8c2b2023-02-08 09:41:26.989root 11241100x8000000000000000258148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b046109f5cf42522023-02-08 09:41:26.989root 11241100x8000000000000000258147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acece4947b34d8232023-02-08 09:41:26.989root 11241100x8000000000000000258146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64039c829644de842023-02-08 09:41:26.989root 11241100x8000000000000000258145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135e485b0f136cb12023-02-08 09:41:26.989root 11241100x8000000000000000258144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7b9fb19f3a7b592023-02-08 09:41:26.989root 11241100x8000000000000000258143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92870220035e83cc2023-02-08 09:41:26.989root 11241100x8000000000000000258142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5f22e387d26f4c2023-02-08 09:41:26.989root 11241100x8000000000000000258161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c208023a5cd526e2023-02-08 09:41:26.990root 11241100x8000000000000000258160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdaf547b30f86592023-02-08 09:41:26.990root 11241100x8000000000000000258159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d93f03c2482b582023-02-08 09:41:26.990root 11241100x8000000000000000258158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98a22ad7ef477d12023-02-08 09:41:26.990root 11241100x8000000000000000258157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d75701161f775152023-02-08 09:41:26.990root 11241100x8000000000000000258156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14b32bae59331342023-02-08 09:41:26.990root 11241100x8000000000000000258164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b83ae6113b8362023-02-08 09:41:26.991root 11241100x8000000000000000258163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8aa79527b308fe2023-02-08 09:41:26.991root 11241100x8000000000000000258162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baf86192a07b3192023-02-08 09:41:26.991root 11241100x8000000000000000258165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4475da3a777a97702023-02-08 09:41:26.992root 11241100x8000000000000000258172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81a0355e8339c7a2023-02-08 09:41:27.485root 11241100x8000000000000000258171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c079f4d5dc68cd82023-02-08 09:41:27.485root 11241100x8000000000000000258170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d3a69783efef4b2023-02-08 09:41:27.485root 11241100x8000000000000000258169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4185e0320dfeca9c2023-02-08 09:41:27.485root 11241100x8000000000000000258168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5361d2bc53898c582023-02-08 09:41:27.485root 11241100x8000000000000000258167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b933c4db19227272023-02-08 09:41:27.485root 11241100x8000000000000000258166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68032685deeb41c2023-02-08 09:41:27.485root 11241100x8000000000000000258183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73683a8adc040f502023-02-08 09:41:27.486root 11241100x8000000000000000258182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd260b7696f5f4932023-02-08 09:41:27.486root 11241100x8000000000000000258181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74277e8e8d66d6b2023-02-08 09:41:27.486root 11241100x8000000000000000258180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b30380be06a8722023-02-08 09:41:27.486root 11241100x8000000000000000258179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcbdd1442d61212023-02-08 09:41:27.486root 11241100x8000000000000000258178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c90bbc9357915a62023-02-08 09:41:27.486root 11241100x8000000000000000258177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8db0fbdf6594092023-02-08 09:41:27.486root 11241100x8000000000000000258176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825bd122b8b2a9932023-02-08 09:41:27.486root 11241100x8000000000000000258175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2effb135f29af5192023-02-08 09:41:27.486root 11241100x8000000000000000258174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fd9575cab593fb2023-02-08 09:41:27.486root 11241100x8000000000000000258173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425b95162ce93fce2023-02-08 09:41:27.486root 11241100x8000000000000000258184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14f0316b9b1a1502023-02-08 09:41:27.487root 11241100x8000000000000000258195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c456d3889d6d582023-02-08 09:41:27.488root 11241100x8000000000000000258194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7af878a9129a142023-02-08 09:41:27.488root 11241100x8000000000000000258193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfeb34a1a2bfdf2023-02-08 09:41:27.488root 11241100x8000000000000000258192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5d812001909f022023-02-08 09:41:27.488root 11241100x8000000000000000258191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eabab2672400222023-02-08 09:41:27.488root 11241100x8000000000000000258190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70d41d9490eeaf02023-02-08 09:41:27.488root 11241100x8000000000000000258189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e974bebef0778682023-02-08 09:41:27.488root 11241100x8000000000000000258188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b91e1691dd23af52023-02-08 09:41:27.488root 11241100x8000000000000000258187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c13a70f0acd28a2023-02-08 09:41:27.488root 11241100x8000000000000000258186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e41769eb353bd032023-02-08 09:41:27.488root 11241100x8000000000000000258185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb125dfbeb358f642023-02-08 09:41:27.488root 11241100x8000000000000000258206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202be147d75984692023-02-08 09:41:27.490root 11241100x8000000000000000258205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb482f9f2d5181322023-02-08 09:41:27.490root 11241100x8000000000000000258204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860c53f0900814d82023-02-08 09:41:27.490root 11241100x8000000000000000258203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3d07a5379de6802023-02-08 09:41:27.490root 11241100x8000000000000000258202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc92342621b57da2023-02-08 09:41:27.490root 11241100x8000000000000000258201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819a52d7dc2cf672023-02-08 09:41:27.490root 11241100x8000000000000000258200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c06d4038c32f532023-02-08 09:41:27.490root 11241100x8000000000000000258199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915cb36a0f2f31f2023-02-08 09:41:27.490root 11241100x8000000000000000258198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53cc1185bdc5182023-02-08 09:41:27.490root 11241100x8000000000000000258197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeb48df7cc644742023-02-08 09:41:27.490root 11241100x8000000000000000258196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e71f055297ec1c2023-02-08 09:41:27.490root 11241100x8000000000000000258218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a73f4b3c3ee690e2023-02-08 09:41:27.493root 11241100x8000000000000000258217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9baaa5b128f86772023-02-08 09:41:27.493root 11241100x8000000000000000258216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b41dfe037074672023-02-08 09:41:27.493root 11241100x8000000000000000258215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e2ac4a7e94b68e2023-02-08 09:41:27.493root 11241100x8000000000000000258214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c31f998a70b2362023-02-08 09:41:27.493root 11241100x8000000000000000258213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3614cbc818414f3b2023-02-08 09:41:27.493root 11241100x8000000000000000258212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d78dd8fd6e9df2023-02-08 09:41:27.493root 11241100x8000000000000000258211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7c7e85717907dd2023-02-08 09:41:27.493root 11241100x8000000000000000258210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ca13d4323ba172023-02-08 09:41:27.493root 11241100x8000000000000000258209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebd77c3848158fb2023-02-08 09:41:27.493root 11241100x8000000000000000258208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ecd844130e393f2023-02-08 09:41:27.493root 11241100x8000000000000000258207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29ba2a19b827e9f2023-02-08 09:41:27.493root 11241100x8000000000000000258220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ca4ef742a3226f2023-02-08 09:41:27.495root 11241100x8000000000000000258219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33daeed7c6c34c82023-02-08 09:41:27.495root 11241100x8000000000000000258221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06f3e70882cfd5b2023-02-08 09:41:27.985root 11241100x8000000000000000258230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6851c270c8a124892023-02-08 09:41:27.986root 11241100x8000000000000000258229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aa42191b66e0b32023-02-08 09:41:27.986root 11241100x8000000000000000258228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eabc5589f317a9b2023-02-08 09:41:27.986root 11241100x8000000000000000258227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e29b188f41d8702023-02-08 09:41:27.986root 11241100x8000000000000000258226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0b1135ead86ead2023-02-08 09:41:27.986root 11241100x8000000000000000258225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f80b4d6339d1a882023-02-08 09:41:27.986root 11241100x8000000000000000258224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328027f95ed6894d2023-02-08 09:41:27.986root 11241100x8000000000000000258223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c64132216787392023-02-08 09:41:27.986root 11241100x8000000000000000258222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6184fe38f29fffe2023-02-08 09:41:27.986root 11241100x8000000000000000258240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcfa75b8f2c58302023-02-08 09:41:27.987root 11241100x8000000000000000258239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9514e8d4ab8ca42023-02-08 09:41:27.987root 11241100x8000000000000000258238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101e5f79f223f822023-02-08 09:41:27.987root 11241100x8000000000000000258237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dfcdfe34c53c6f2023-02-08 09:41:27.987root 11241100x8000000000000000258236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a129145d5ebe3cc22023-02-08 09:41:27.987root 11241100x8000000000000000258235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95680151d77560612023-02-08 09:41:27.987root 11241100x8000000000000000258234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7a555ac7c175002023-02-08 09:41:27.987root 11241100x8000000000000000258233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206c8653890f8f0a2023-02-08 09:41:27.987root 11241100x8000000000000000258232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d9271b572519662023-02-08 09:41:27.987root 11241100x8000000000000000258231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402c4b46f97159e52023-02-08 09:41:27.987root 11241100x8000000000000000258250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f82a3867ce076f2023-02-08 09:41:27.988root 11241100x8000000000000000258249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409fd388666b69232023-02-08 09:41:27.988root 11241100x8000000000000000258248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce433edb32f78cdb2023-02-08 09:41:27.988root 11241100x8000000000000000258247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89a68d2e1e357532023-02-08 09:41:27.988root 11241100x8000000000000000258246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d36d5484cd7442023-02-08 09:41:27.988root 11241100x8000000000000000258245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36afa072029e6a7f2023-02-08 09:41:27.988root 11241100x8000000000000000258244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd777e1c9e43dd2023-02-08 09:41:27.988root 11241100x8000000000000000258243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f979674d6d6cf5c72023-02-08 09:41:27.988root 11241100x8000000000000000258242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f031ca315d17d182023-02-08 09:41:27.988root 11241100x8000000000000000258241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc055add75da69972023-02-08 09:41:27.988root 11241100x8000000000000000258261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2973b79b42472b2023-02-08 09:41:27.989root 11241100x8000000000000000258260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1155751ff258c462023-02-08 09:41:27.989root 11241100x8000000000000000258259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbe183e70bc01272023-02-08 09:41:27.989root 11241100x8000000000000000258258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db93b3e6491183e12023-02-08 09:41:27.989root 11241100x8000000000000000258257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2813d13928048d72023-02-08 09:41:27.989root 11241100x8000000000000000258256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636cc9c7f5eb4b0c2023-02-08 09:41:27.989root 11241100x8000000000000000258255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23c376a63195cad2023-02-08 09:41:27.989root 11241100x8000000000000000258254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4089ec8c21d2382023-02-08 09:41:27.989root 11241100x8000000000000000258253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fb26d28de639dd2023-02-08 09:41:27.989root 11241100x8000000000000000258252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814f539d23f225f82023-02-08 09:41:27.989root 11241100x8000000000000000258251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898ed803c2e33b2d2023-02-08 09:41:27.989root 11241100x8000000000000000258267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9052f2dbc98e0dd32023-02-08 09:41:27.990root 11241100x8000000000000000258266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d600fe7a13902822023-02-08 09:41:27.990root 11241100x8000000000000000258265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf67a2765378ebc2023-02-08 09:41:27.990root 11241100x8000000000000000258264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcadae41d06b1092023-02-08 09:41:27.990root 11241100x8000000000000000258263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447380c15d9781f22023-02-08 09:41:27.990root 11241100x8000000000000000258262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6b46b9668e5aa2023-02-08 09:41:27.990root 11241100x8000000000000000258268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b510455a2bc6812023-02-08 09:41:28.485root 11241100x8000000000000000258275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e075ca964662f92023-02-08 09:41:28.486root 11241100x8000000000000000258274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b54ed835c452fd2023-02-08 09:41:28.486root 11241100x8000000000000000258273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b55896cbb58cf072023-02-08 09:41:28.486root 11241100x8000000000000000258272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df3af5935c4a7792023-02-08 09:41:28.486root 11241100x8000000000000000258271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f0025d0eb7ca002023-02-08 09:41:28.486root 11241100x8000000000000000258270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1c1bc88f9219092023-02-08 09:41:28.486root 11241100x8000000000000000258269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7704e5a6123fd93c2023-02-08 09:41:28.486root 11241100x8000000000000000258285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4f8353ba7e6acb2023-02-08 09:41:28.487root 11241100x8000000000000000258284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dd4b070bee79f72023-02-08 09:41:28.487root 11241100x8000000000000000258283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99261f990645e1952023-02-08 09:41:28.487root 11241100x8000000000000000258282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cef1d8117f9c452023-02-08 09:41:28.487root 11241100x8000000000000000258281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da2a210a99e7862023-02-08 09:41:28.487root 11241100x8000000000000000258280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4b9569910c8a132023-02-08 09:41:28.487root 11241100x8000000000000000258279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2393012df08b4d72023-02-08 09:41:28.487root 11241100x8000000000000000258278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae404e07c7b54522023-02-08 09:41:28.487root 11241100x8000000000000000258277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118e7f86810e7ee12023-02-08 09:41:28.487root 11241100x8000000000000000258276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b7bcb7503cf8072023-02-08 09:41:28.487root 11241100x8000000000000000258296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dbfc94867d20912023-02-08 09:41:28.488root 11241100x8000000000000000258295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100717a53e3f54f52023-02-08 09:41:28.488root 11241100x8000000000000000258294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd06211b719446bd2023-02-08 09:41:28.488root 11241100x8000000000000000258293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5681e182d8378b2023-02-08 09:41:28.488root 11241100x8000000000000000258292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22906c529b00fd952023-02-08 09:41:28.488root 11241100x8000000000000000258291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae063976d79009452023-02-08 09:41:28.488root 11241100x8000000000000000258290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febf2b140f49f4c92023-02-08 09:41:28.488root 11241100x8000000000000000258289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0185b1eac1adb12023-02-08 09:41:28.488root 11241100x8000000000000000258288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63154844bed8de212023-02-08 09:41:28.488root 11241100x8000000000000000258287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d91d3475530b11d2023-02-08 09:41:28.488root 11241100x8000000000000000258286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76135d7d68d909492023-02-08 09:41:28.488root 11241100x8000000000000000258306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be18cf67cd2d712023-02-08 09:41:28.489root 11241100x8000000000000000258305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301eacf4a0db91f02023-02-08 09:41:28.489root 11241100x8000000000000000258304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde5e906800527a2023-02-08 09:41:28.489root 11241100x8000000000000000258303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3f4ab8357dc03f2023-02-08 09:41:28.489root 11241100x8000000000000000258302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00203c51654113ae2023-02-08 09:41:28.489root 11241100x8000000000000000258301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c573864d0c69724a2023-02-08 09:41:28.489root 11241100x8000000000000000258300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab9c70c3a831ce2023-02-08 09:41:28.489root 11241100x8000000000000000258299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5ad178c690e3852023-02-08 09:41:28.489root 11241100x8000000000000000258298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061eacb2013fb2e82023-02-08 09:41:28.489root 11241100x8000000000000000258297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c86d2fa544e11642023-02-08 09:41:28.489root 11241100x8000000000000000258314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0ba4455075f3002023-02-08 09:41:28.490root 11241100x8000000000000000258313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa554ca98ee0e3ab2023-02-08 09:41:28.490root 11241100x8000000000000000258312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab29e01ccf45ad302023-02-08 09:41:28.490root 11241100x8000000000000000258311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8d4b7c0c3ad3982023-02-08 09:41:28.490root 11241100x8000000000000000258310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a45011c76200ed2023-02-08 09:41:28.490root 11241100x8000000000000000258309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79e54ee2419dee82023-02-08 09:41:28.490root 11241100x8000000000000000258308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d682a80c48cc486e2023-02-08 09:41:28.490root 11241100x8000000000000000258307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebdb66167829a072023-02-08 09:41:28.490root 11241100x8000000000000000258318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1dbf3e61e47bd12023-02-08 09:41:28.985root 11241100x8000000000000000258317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e5117b411fe662023-02-08 09:41:28.985root 11241100x8000000000000000258316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fae1822b6ec0852023-02-08 09:41:28.985root 11241100x8000000000000000258315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0810836703d46f2023-02-08 09:41:28.985root 11241100x8000000000000000258328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c512eff0a612be2023-02-08 09:41:28.986root 11241100x8000000000000000258327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62337e68e3aaf7f72023-02-08 09:41:28.986root 11241100x8000000000000000258326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612b6e3a9a80abf82023-02-08 09:41:28.986root 11241100x8000000000000000258325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eab4efeeb92e482023-02-08 09:41:28.986root 11241100x8000000000000000258324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf02373d43a09c22023-02-08 09:41:28.986root 11241100x8000000000000000258323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4601f7b64330fcd2023-02-08 09:41:28.986root 11241100x8000000000000000258322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67909ed3dcec92a2023-02-08 09:41:28.986root 11241100x8000000000000000258321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85235594f431bc432023-02-08 09:41:28.986root 11241100x8000000000000000258320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0521ae60946fed2023-02-08 09:41:28.986root 11241100x8000000000000000258319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ffa205e3afe3152023-02-08 09:41:28.986root 11241100x8000000000000000258338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4f3ca380d4672d2023-02-08 09:41:28.987root 11241100x8000000000000000258337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97af1daf374b5d72023-02-08 09:41:28.987root 11241100x8000000000000000258336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbd7373237c9ae32023-02-08 09:41:28.987root 11241100x8000000000000000258335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978aea98bc8051b2023-02-08 09:41:28.987root 11241100x8000000000000000258334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea795ce5481b14ef2023-02-08 09:41:28.987root 11241100x8000000000000000258333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a120ff3370c64cc2023-02-08 09:41:28.987root 11241100x8000000000000000258332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cef989b563b21d2023-02-08 09:41:28.987root 11241100x8000000000000000258331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb352b37a4dc779c2023-02-08 09:41:28.987root 11241100x8000000000000000258330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6468884ac64e58772023-02-08 09:41:28.987root 11241100x8000000000000000258329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0f8f4d9ccc072b2023-02-08 09:41:28.987root 11241100x8000000000000000258349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8820de94d6353b2023-02-08 09:41:28.988root 11241100x8000000000000000258348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f58737f5cd30a72023-02-08 09:41:28.988root 11241100x8000000000000000258347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8732e362c6eb2a8d2023-02-08 09:41:28.988root 11241100x8000000000000000258346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7254d876e79bef0e2023-02-08 09:41:28.988root 11241100x8000000000000000258345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2eb2cc78fe7759f2023-02-08 09:41:28.988root 11241100x8000000000000000258344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac73896efd3b88ca2023-02-08 09:41:28.988root 11241100x8000000000000000258343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4a7189f3f14472023-02-08 09:41:28.988root 11241100x8000000000000000258342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ce52da92761872023-02-08 09:41:28.988root 11241100x8000000000000000258341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0d67167703a352023-02-08 09:41:28.988root 11241100x8000000000000000258340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe49d27823d77d72023-02-08 09:41:28.988root 11241100x8000000000000000258339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8baa09e36d1b2b262023-02-08 09:41:28.988root 11241100x8000000000000000258360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81efc0c0a5a902ec2023-02-08 09:41:28.989root 11241100x8000000000000000258359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c82d53cd77709e2023-02-08 09:41:28.989root 11241100x8000000000000000258358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2788dd15d7a43cb72023-02-08 09:41:28.989root 11241100x8000000000000000258357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef20a5a9d2dc6e82023-02-08 09:41:28.989root 11241100x8000000000000000258356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab3002ca53597722023-02-08 09:41:28.989root 11241100x8000000000000000258355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06faebeb8bf5f9972023-02-08 09:41:28.989root 11241100x8000000000000000258354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60aefa0efbf15a82023-02-08 09:41:28.989root 11241100x8000000000000000258353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33883e4ed0929c512023-02-08 09:41:28.989root 11241100x8000000000000000258352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595f2b6ccfd14c72023-02-08 09:41:28.989root 11241100x8000000000000000258351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fc020e2ff8d9d22023-02-08 09:41:28.989root 11241100x8000000000000000258350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869c0802246b4aee2023-02-08 09:41:28.989root 11241100x8000000000000000258361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafa3409471399162023-02-08 09:41:28.990root 11241100x8000000000000000258363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8028c542c4f2362023-02-08 09:41:29.485root 11241100x8000000000000000258362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1633e230c897fe902023-02-08 09:41:29.485root 11241100x8000000000000000258379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9268980c0860c1e2023-02-08 09:41:29.486root 11241100x8000000000000000258378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2291f71101ec7bf72023-02-08 09:41:29.486root 11241100x8000000000000000258377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c901efe7caef8692023-02-08 09:41:29.486root 11241100x8000000000000000258376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0954b9d227de18dd2023-02-08 09:41:29.486root 11241100x8000000000000000258375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c558bd69515260d22023-02-08 09:41:29.486root 11241100x8000000000000000258374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8b380adfa7f09d2023-02-08 09:41:29.486root 11241100x8000000000000000258373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f427fa060bd8e42023-02-08 09:41:29.486root 11241100x8000000000000000258372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03af89f855941a2023-02-08 09:41:29.486root 11241100x8000000000000000258371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b17c156d5a1e1b02023-02-08 09:41:29.486root 11241100x8000000000000000258370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d108093736c71a2023-02-08 09:41:29.486root 11241100x8000000000000000258369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b89543c66548342023-02-08 09:41:29.486root 11241100x8000000000000000258368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aeeeed8bdcdfa82023-02-08 09:41:29.486root 11241100x8000000000000000258367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd696cd80c5f8ed2023-02-08 09:41:29.486root 11241100x8000000000000000258366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da955164aea7e152023-02-08 09:41:29.486root 11241100x8000000000000000258365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1766efb5624d9fcd2023-02-08 09:41:29.486root 11241100x8000000000000000258364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041e3478de87d9f2023-02-08 09:41:29.486root 11241100x8000000000000000258394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30564043405cde472023-02-08 09:41:29.487root 11241100x8000000000000000258393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8620cc0ee0bd49f2023-02-08 09:41:29.487root 11241100x8000000000000000258392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26031c82afdbf772023-02-08 09:41:29.487root 11241100x8000000000000000258391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b305acc1a6002c12023-02-08 09:41:29.487root 11241100x8000000000000000258390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76a35dfafdec492023-02-08 09:41:29.487root 11241100x8000000000000000258389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c534cc83c852ac2023-02-08 09:41:29.487root 11241100x8000000000000000258388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e33d17aa4ccad062023-02-08 09:41:29.487root 11241100x8000000000000000258387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755dcad5ec227e4d2023-02-08 09:41:29.487root 11241100x8000000000000000258386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae787173ed1fa26b2023-02-08 09:41:29.487root 11241100x8000000000000000258385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a73086ef6406c2023-02-08 09:41:29.487root 11241100x8000000000000000258384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96104e9c0f7eb70f2023-02-08 09:41:29.487root 11241100x8000000000000000258383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a233fda20d762c2023-02-08 09:41:29.487root 11241100x8000000000000000258382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580dc80406481ef02023-02-08 09:41:29.487root 11241100x8000000000000000258381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30893fb4f806be7c2023-02-08 09:41:29.487root 11241100x8000000000000000258380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8838d76a1e07ad452023-02-08 09:41:29.487root 354300x8000000000000000258443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.131{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55374-false10.0.1.12-8000- 11241100x8000000000000000258444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda338731be1e20b2023-02-08 09:41:35.484root 11241100x8000000000000000258445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56fb87b06d97e3c2023-02-08 09:41:35.984root 11241100x8000000000000000258447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7427406cd188d962023-02-08 09:41:36.365root 11241100x8000000000000000258446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:41:36.365root 11241100x8000000000000000258449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069937c41c6463b2023-02-08 09:41:36.734root 11241100x8000000000000000258448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58854f9af2e826012023-02-08 09:41:36.734root 11241100x8000000000000000258451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588f3f94a09b99572023-02-08 09:41:37.234root 11241100x8000000000000000258450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a542f19a1b75b2023-02-08 09:41:37.234root 11241100x8000000000000000258453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fd22918f4197bd2023-02-08 09:41:37.734root 11241100x8000000000000000258452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fee6e23572322f2023-02-08 09:41:37.734root 11241100x8000000000000000258455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5894df474ff45ba2023-02-08 09:41:38.234root 11241100x8000000000000000258454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11e52871d7e00d2023-02-08 09:41:38.234root 11241100x8000000000000000258457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c697b1777d9677a2023-02-08 09:41:38.734root 11241100x8000000000000000258456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb518ae04819b8b2023-02-08 09:41:38.734root 11241100x8000000000000000258459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55189194dc85fa952023-02-08 09:41:39.234root 11241100x8000000000000000258458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5606851ee539052023-02-08 09:41:39.234root 23542300x8000000000000000258460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.367{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000258463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a256d9132c9c82023-02-08 09:41:39.734root 11241100x8000000000000000258462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4a6809d707d0e2023-02-08 09:41:39.734root 11241100x8000000000000000258461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e61096ee784a82023-02-08 09:41:39.734root 11241100x8000000000000000258465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ac9b767ca64dfa2023-02-08 09:41:40.148root 354300x8000000000000000258464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.148{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48162-false10.0.1.12-8000- 11241100x8000000000000000258468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725032927a77e07d2023-02-08 09:41:40.149root 11241100x8000000000000000258467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5417569ee40ca9762023-02-08 09:41:40.149root 11241100x8000000000000000258466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.149{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1cbed15b8ca9522023-02-08 09:41:40.149root 11241100x8000000000000000258472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30150f7b7bff0942023-02-08 09:41:40.484root 11241100x8000000000000000258471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b076c6f0383f6792023-02-08 09:41:40.484root 11241100x8000000000000000258470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1079e5539410a92023-02-08 09:41:40.484root 11241100x8000000000000000258469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef3318809a3f282023-02-08 09:41:40.484root 11241100x8000000000000000258476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193595f7d2e5a602023-02-08 09:41:40.984root 11241100x8000000000000000258475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34090b7c6528ee3d2023-02-08 09:41:40.984root 11241100x8000000000000000258474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9da449a1dea6e192023-02-08 09:41:40.984root 11241100x8000000000000000258473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b91378f4b23d142023-02-08 09:41:40.984root 11241100x8000000000000000258480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f75b84a8d8a4f2023-02-08 09:41:41.484root 11241100x8000000000000000258479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d9345448c4aba2023-02-08 09:41:41.484root 11241100x8000000000000000258478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd46114238474d82023-02-08 09:41:41.484root 11241100x8000000000000000258477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb5a0c802eab7df2023-02-08 09:41:41.484root 11241100x8000000000000000258484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862a41ba32b29b72023-02-08 09:41:41.984root 11241100x8000000000000000258483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe19b08f3d15490d2023-02-08 09:41:41.984root 11241100x8000000000000000258482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233bb6ec30ad62d92023-02-08 09:41:41.984root 11241100x8000000000000000258481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4687a1d56bf1230e2023-02-08 09:41:41.984root 11241100x8000000000000000258488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a45241d5ef2d51b2023-02-08 09:41:42.484root 11241100x8000000000000000258487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166f592e45e4f5632023-02-08 09:41:42.484root 11241100x8000000000000000258486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae2f2e0586d0d22023-02-08 09:41:42.484root 11241100x8000000000000000258485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c697783fe1edd942023-02-08 09:41:42.484root 11241100x8000000000000000258492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea8bf750949decb2023-02-08 09:41:42.984root 11241100x8000000000000000258491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baed6da2f531d6692023-02-08 09:41:42.984root 11241100x8000000000000000258490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576137df9173e2c22023-02-08 09:41:42.984root 11241100x8000000000000000258489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc7be32dc34cd632023-02-08 09:41:42.984root 11241100x8000000000000000258496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c4434f4169b1872023-02-08 09:41:43.484root 11241100x8000000000000000258495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6e04bed1548fd2023-02-08 09:41:43.484root 11241100x8000000000000000258494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a298fe6a2f0cd49f2023-02-08 09:41:43.484root 11241100x8000000000000000258493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cb1256f20129e92023-02-08 09:41:43.484root 11241100x8000000000000000258500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1427adfea91534b52023-02-08 09:41:43.984root 11241100x8000000000000000258499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bb0f2c55617c12023-02-08 09:41:43.984root 11241100x8000000000000000258498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ad2e1ac26522512023-02-08 09:41:43.984root 11241100x8000000000000000258497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3860d46e87514412023-02-08 09:41:43.984root 11241100x8000000000000000258504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f3d79800d67cd2023-02-08 09:41:44.484root 11241100x8000000000000000258503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b925083841ae73a2023-02-08 09:41:44.484root 11241100x8000000000000000258502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76684b6b1a4d7c7f2023-02-08 09:41:44.484root 11241100x8000000000000000258501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c41e659c05259fd2023-02-08 09:41:44.484root 11241100x8000000000000000258508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bfcd94d2e288422023-02-08 09:41:44.984root 11241100x8000000000000000258507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf36cc6d81ab59a12023-02-08 09:41:44.984root 11241100x8000000000000000258506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45788998d9991b792023-02-08 09:41:44.984root 11241100x8000000000000000258505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee81852350c09422023-02-08 09:41:44.984root 354300x8000000000000000258509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.216{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48170-false10.0.1.12-8000- 11241100x8000000000000000258514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c47e13809def302023-02-08 09:41:45.484root 11241100x8000000000000000258513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf1a92cb1af6b3e2023-02-08 09:41:45.484root 11241100x8000000000000000258512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cdc7252126b8902023-02-08 09:41:45.484root 11241100x8000000000000000258511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605495e2ed5100fc2023-02-08 09:41:45.484root 11241100x8000000000000000258510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9608b3aa3ae41ad22023-02-08 09:41:45.484root 11241100x8000000000000000258515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a79f82de9d135112023-02-08 09:41:45.984root 11241100x8000000000000000258519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d15defc83053c62023-02-08 09:41:45.985root 11241100x8000000000000000258518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5649e3c5ffac6ad2023-02-08 09:41:45.985root 11241100x8000000000000000258517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d30f85ed4f5e22023-02-08 09:41:45.985root 11241100x8000000000000000258516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93556111cab516f52023-02-08 09:41:45.985root 11241100x8000000000000000258521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eeaa10445f9b3c22023-02-08 09:41:46.484root 11241100x8000000000000000258520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616dc024a908fafb2023-02-08 09:41:46.484root 11241100x8000000000000000258524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725196272d716e612023-02-08 09:41:46.485root 11241100x8000000000000000258523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8168f0580513302023-02-08 09:41:46.485root 11241100x8000000000000000258522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034a5d37223633e22023-02-08 09:41:46.485root 11241100x8000000000000000258525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf237c9f0bb989ab2023-02-08 09:41:46.984root 11241100x8000000000000000258529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e182c9925da65bf92023-02-08 09:41:46.985root 11241100x8000000000000000258528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90bb4389052794a2023-02-08 09:41:46.985root 11241100x8000000000000000258527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9ae64be4ef6e6d2023-02-08 09:41:46.985root 11241100x8000000000000000258526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bfe134116b6ff82023-02-08 09:41:46.985root 11241100x8000000000000000258534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651c866ff5ba1572023-02-08 09:41:47.484root 11241100x8000000000000000258533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600093179591cdf12023-02-08 09:41:47.484root 11241100x8000000000000000258532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d61981555154bf92023-02-08 09:41:47.484root 11241100x8000000000000000258531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeac105952613772023-02-08 09:41:47.484root 11241100x8000000000000000258530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e1cc2ff5dc8bc2023-02-08 09:41:47.484root 11241100x8000000000000000258539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1242df0345178dbd2023-02-08 09:41:47.984root 11241100x8000000000000000258538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e50bdc68808d96d2023-02-08 09:41:47.984root 11241100x8000000000000000258537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3844be4afb48ee082023-02-08 09:41:47.984root 11241100x8000000000000000258536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff823ec2ed15ff072023-02-08 09:41:47.984root 11241100x8000000000000000258535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3796b355f8ee2442023-02-08 09:41:47.984root 11241100x8000000000000000258544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3dfd46d8ee0e772023-02-08 09:41:48.484root 11241100x8000000000000000258543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014832eec0fb5dc22023-02-08 09:41:48.484root 11241100x8000000000000000258542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028f04e5b7d9230a2023-02-08 09:41:48.484root 11241100x8000000000000000258541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f860589c9a14b0302023-02-08 09:41:48.484root 11241100x8000000000000000258540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8f2d098a6e04c72023-02-08 09:41:48.484root 11241100x8000000000000000258549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f60d563a4cb5442023-02-08 09:41:48.984root 11241100x8000000000000000258548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5c99d5561e0ff2023-02-08 09:41:48.984root 11241100x8000000000000000258547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a03e568e9078e52023-02-08 09:41:48.984root 11241100x8000000000000000258546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e91f1ec56a85282023-02-08 09:41:48.984root 11241100x8000000000000000258545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471ae1eafd40d4e2023-02-08 09:41:48.984root 11241100x8000000000000000258554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ac1b0e1bd0c55c2023-02-08 09:41:49.484root 11241100x8000000000000000258553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28eb1c9add30b2e2023-02-08 09:41:49.484root 11241100x8000000000000000258552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad319a90c412e30d2023-02-08 09:41:49.484root 11241100x8000000000000000258551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b359ffef7659f512023-02-08 09:41:49.484root 11241100x8000000000000000258550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07539d09817b61d2023-02-08 09:41:49.484root 11241100x8000000000000000258559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f688aa99eaa3df2023-02-08 09:41:49.984root 11241100x8000000000000000258558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0f93161af7e85f2023-02-08 09:41:49.984root 11241100x8000000000000000258557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f42c61f5401f5a2023-02-08 09:41:49.984root 11241100x8000000000000000258556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a61c8a6030ad9a42023-02-08 09:41:49.984root 11241100x8000000000000000258555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a85748c69231e582023-02-08 09:41:49.984root 354300x8000000000000000258560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.223{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45102-false10.0.1.12-8000- 11241100x8000000000000000258566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5b8ab696392182023-02-08 09:41:50.484root 11241100x8000000000000000258565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1095a51fd0f720752023-02-08 09:41:50.484root 11241100x8000000000000000258564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfc6df7601d9472023-02-08 09:41:50.484root 11241100x8000000000000000258563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a031c751abd3b702023-02-08 09:41:50.484root 11241100x8000000000000000258562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7e23b7a42211c02023-02-08 09:41:50.484root 11241100x8000000000000000258561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99b76f0ba9b7912023-02-08 09:41:50.484root 11241100x8000000000000000258568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773dd25d90651d592023-02-08 09:41:50.984root 11241100x8000000000000000258567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64bdce2d1dd4e992023-02-08 09:41:50.984root 11241100x8000000000000000258570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b70b4b9c569d42023-02-08 09:41:50.985root 11241100x8000000000000000258569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95249b8253c44b792023-02-08 09:41:50.985root 11241100x8000000000000000258572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad0994c276620dc2023-02-08 09:41:50.986root 11241100x8000000000000000258571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc877a85defb7e2023-02-08 09:41:50.986root 11241100x8000000000000000258575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e076f07b8d23b7152023-02-08 09:41:51.484root 11241100x8000000000000000258574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2197b8a7ce0fdbbb2023-02-08 09:41:51.484root 11241100x8000000000000000258573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d058963ff09ece7d2023-02-08 09:41:51.484root 11241100x8000000000000000258578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20506e8c47b714992023-02-08 09:41:51.485root 11241100x8000000000000000258577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4a784e44846262023-02-08 09:41:51.485root 11241100x8000000000000000258576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b30ee8d9e2e59d2023-02-08 09:41:51.485root 11241100x8000000000000000258584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cd60c9cbd580e02023-02-08 09:41:51.984root 11241100x8000000000000000258583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a8efe533787b4c2023-02-08 09:41:51.984root 11241100x8000000000000000258582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afd464310d6ad232023-02-08 09:41:51.984root 11241100x8000000000000000258581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1871244af49ec12023-02-08 09:41:51.984root 11241100x8000000000000000258580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a7417dddc1f3e42023-02-08 09:41:51.984root 11241100x8000000000000000258579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03de41aff09b5f82023-02-08 09:41:51.984root 11241100x8000000000000000258590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0547b586f61e2862023-02-08 09:41:52.484root 11241100x8000000000000000258589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cc9f5744b889dd2023-02-08 09:41:52.484root 11241100x8000000000000000258588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748273aff43224272023-02-08 09:41:52.484root 11241100x8000000000000000258587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b626a82443c6102023-02-08 09:41:52.484root 11241100x8000000000000000258586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c3e05338ffabb2023-02-08 09:41:52.484root 11241100x8000000000000000258585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01103c9e87b40fe22023-02-08 09:41:52.484root 11241100x8000000000000000258596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364fe8db3e8982322023-02-08 09:41:52.984root 11241100x8000000000000000258595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c184a76e8dcdc8442023-02-08 09:41:52.984root 11241100x8000000000000000258594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79914724cc03b2012023-02-08 09:41:52.984root 11241100x8000000000000000258593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73d2415f7ee82d2023-02-08 09:41:52.984root 11241100x8000000000000000258592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452f5a60c0af9cf2023-02-08 09:41:52.984root 11241100x8000000000000000258591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb157136d034f32c2023-02-08 09:41:52.984root 11241100x8000000000000000258602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac3841997405fe2023-02-08 09:41:53.484root 11241100x8000000000000000258601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bff9e4d29fd6e7d2023-02-08 09:41:53.484root 11241100x8000000000000000258600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c7de7241412df72023-02-08 09:41:53.484root 11241100x8000000000000000258599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849edd5e33de66e42023-02-08 09:41:53.484root 11241100x8000000000000000258598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bbb05d78729a682023-02-08 09:41:53.484root 11241100x8000000000000000258597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb062658206f01ed2023-02-08 09:41:53.484root 11241100x8000000000000000258608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdb5b930d10363c2023-02-08 09:41:53.984root 11241100x8000000000000000258607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132b11f715a16fc02023-02-08 09:41:53.984root 11241100x8000000000000000258606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b048098c741563b2023-02-08 09:41:53.984root 11241100x8000000000000000258605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e095e04767b370d2023-02-08 09:41:53.984root 11241100x8000000000000000258604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec93ef1fda457de82023-02-08 09:41:53.984root 11241100x8000000000000000258603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b616a40c8a4987832023-02-08 09:41:53.984root 11241100x8000000000000000258614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8fe625fb650c082023-02-08 09:41:54.484root 11241100x8000000000000000258613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682cb517ecee01b62023-02-08 09:41:54.484root 11241100x8000000000000000258612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7363e68ebf33c8a02023-02-08 09:41:54.484root 11241100x8000000000000000258611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb468075f441f6502023-02-08 09:41:54.484root 11241100x8000000000000000258610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecceb55e7743c5f02023-02-08 09:41:54.484root 11241100x8000000000000000258609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2e94c28d840aae2023-02-08 09:41:54.484root 11241100x8000000000000000258620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c487fabbc88ae9f2023-02-08 09:41:54.984root 11241100x8000000000000000258619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee0545c359923c52023-02-08 09:41:54.984root 11241100x8000000000000000258618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdeae24ded3a1a62023-02-08 09:41:54.984root 11241100x8000000000000000258617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534776bd37fa0b42023-02-08 09:41:54.984root 11241100x8000000000000000258616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9d4645b73e3f312023-02-08 09:41:54.984root 11241100x8000000000000000258615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6309f68b04dc22023-02-08 09:41:54.984root 11241100x8000000000000000258626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ddab4ed5fccdf2023-02-08 09:41:55.484root 11241100x8000000000000000258625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e9c2760a76a232023-02-08 09:41:55.484root 11241100x8000000000000000258624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddfc3e8723619232023-02-08 09:41:55.484root 11241100x8000000000000000258623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a865aab704d29112023-02-08 09:41:55.484root 11241100x8000000000000000258622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b690a780a7f502023-02-08 09:41:55.484root 11241100x8000000000000000258621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91960cf320b05372023-02-08 09:41:55.484root 11241100x8000000000000000258632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849f86946a810852023-02-08 09:41:55.984root 11241100x8000000000000000258631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45898bc481fe65bb2023-02-08 09:41:55.984root 11241100x8000000000000000258630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39667537fb4fa682023-02-08 09:41:55.984root 11241100x8000000000000000258629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb577dbe22df89e2023-02-08 09:41:55.984root 11241100x8000000000000000258628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7128aa071f870492023-02-08 09:41:55.984root 11241100x8000000000000000258627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d584f595918b1382023-02-08 09:41:55.984root 354300x8000000000000000258633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.010{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45114-false10.0.1.12-8000- 11241100x8000000000000000258638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2139dd4b8df23e022023-02-08 09:41:56.484root 11241100x8000000000000000258637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f1ee08cbfac6cc2023-02-08 09:41:56.484root 11241100x8000000000000000258636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74362a912ce6e0582023-02-08 09:41:56.484root 11241100x8000000000000000258635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205f64dcc33aec72023-02-08 09:41:56.484root 11241100x8000000000000000258634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b82c9f27b098fe02023-02-08 09:41:56.484root 11241100x8000000000000000258640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370fe1148c34c78a2023-02-08 09:41:56.485root 11241100x8000000000000000258639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf9e7b9f9e12b112023-02-08 09:41:56.485root 11241100x8000000000000000258647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac113685ab9a68632023-02-08 09:41:56.984root 11241100x8000000000000000258646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3465749146e164292023-02-08 09:41:56.984root 11241100x8000000000000000258645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9ecca440a60492023-02-08 09:41:56.984root 11241100x8000000000000000258644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4929350e1cc34fa82023-02-08 09:41:56.984root 11241100x8000000000000000258643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de47fc6c38873872023-02-08 09:41:56.984root 11241100x8000000000000000258642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f250b07fbbae21662023-02-08 09:41:56.984root 11241100x8000000000000000258641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c03f230eabfe812023-02-08 09:41:56.984root 11241100x8000000000000000258648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4505a72322f602023-02-08 09:41:57.484root 11241100x8000000000000000258654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c7bbb385aba82a2023-02-08 09:41:57.485root 11241100x8000000000000000258653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e65d2856b4dc0a32023-02-08 09:41:57.485root 11241100x8000000000000000258652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2a9eded541e6412023-02-08 09:41:57.485root 11241100x8000000000000000258651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bce6784760cfa002023-02-08 09:41:57.485root 11241100x8000000000000000258650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb30c4d5de6d46b2023-02-08 09:41:57.485root 11241100x8000000000000000258649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a10fa4104131d52023-02-08 09:41:57.485root 11241100x8000000000000000258661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858fc0a2e586fcb2023-02-08 09:41:57.984root 11241100x8000000000000000258660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29018f8278fc80e52023-02-08 09:41:57.984root 11241100x8000000000000000258659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4195adc08097432023-02-08 09:41:57.984root 11241100x8000000000000000258658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7a4932d26bcfc72023-02-08 09:41:57.984root 11241100x8000000000000000258657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8aa68d481715aa2023-02-08 09:41:57.984root 11241100x8000000000000000258656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640ffa0ec68452112023-02-08 09:41:57.984root 11241100x8000000000000000258655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d06230283a58ee2023-02-08 09:41:57.984root 11241100x8000000000000000258668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6fb569b7e65f12023-02-08 09:41:58.484root 11241100x8000000000000000258667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f066c198a3ebe92023-02-08 09:41:58.484root 11241100x8000000000000000258666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5778568c94f67f2023-02-08 09:41:58.484root 11241100x8000000000000000258665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6020e59903604b72023-02-08 09:41:58.484root 11241100x8000000000000000258664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62ddd7c5ce0fe142023-02-08 09:41:58.484root 11241100x8000000000000000258663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe78cf3f411a67c2023-02-08 09:41:58.484root 11241100x8000000000000000258662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fb5219685ade5e2023-02-08 09:41:58.484root 11241100x8000000000000000258672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e37bf58c2d711672023-02-08 09:41:58.984root 11241100x8000000000000000258671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab791c91b3409642023-02-08 09:41:58.984root 11241100x8000000000000000258670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5b8e3d43210a6f2023-02-08 09:41:58.984root 11241100x8000000000000000258669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d5e1e09cc821f62023-02-08 09:41:58.984root 11241100x8000000000000000258675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784146d4775d6ea2023-02-08 09:41:58.985root 11241100x8000000000000000258674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03c153746a36ad2023-02-08 09:41:58.985root 11241100x8000000000000000258673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ddbe0a48f34df2023-02-08 09:41:58.985root 11241100x8000000000000000258682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfadb8b1f667dc02023-02-08 09:41:59.484root 11241100x8000000000000000258681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d08651fa5c66d2023-02-08 09:41:59.484root 11241100x8000000000000000258680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa758e4d1ef21bc2023-02-08 09:41:59.484root 11241100x8000000000000000258679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83168d82bd755de72023-02-08 09:41:59.484root 11241100x8000000000000000258678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5230a3288dec36f12023-02-08 09:41:59.484root 11241100x8000000000000000258677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff8820a0f2343a2023-02-08 09:41:59.484root 11241100x8000000000000000258676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfaf911e2a041aa2023-02-08 09:41:59.484root 154100x8000000000000000258683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.800{ec2a0601-6e67-63e3-68f4-f4d5ce550000}5803/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000258686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2399999dbdd519d2023-02-08 09:41:59.801root 11241100x8000000000000000258685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9fc1a932e8d15a2023-02-08 09:41:59.801root 11241100x8000000000000000258684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d5fceac43a4222023-02-08 09:41:59.801root 11241100x8000000000000000258691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d047b2d3a7e0fb2023-02-08 09:41:59.802root 11241100x8000000000000000258690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee454a7ebea204b02023-02-08 09:41:59.802root 11241100x8000000000000000258689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3a59014f323b12023-02-08 09:41:59.802root 11241100x8000000000000000258688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e668f0b991470112023-02-08 09:41:59.802root 11241100x8000000000000000258687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6363ff99e3e970802023-02-08 09:41:59.802root 534500x8000000000000000258692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:41:59.814{ec2a0601-6e67-63e3-68f4-f4d5ce550000}5803/bin/psroot 11241100x8000000000000000258699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8b07422e05d5c2023-02-08 09:42:00.234root 11241100x8000000000000000258698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9165086ff3c504402023-02-08 09:42:00.234root 11241100x8000000000000000258697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44296bc0556b8bc32023-02-08 09:42:00.234root 11241100x8000000000000000258696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1f7fd69166b0642023-02-08 09:42:00.234root 11241100x8000000000000000258695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae40fd8f951dcd242023-02-08 09:42:00.234root 11241100x8000000000000000258694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ae39e68f6618c2023-02-08 09:42:00.234root 11241100x8000000000000000258693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b47d0b3568c392023-02-08 09:42:00.234root 11241100x8000000000000000258701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4440ccf341c97d32023-02-08 09:42:00.235root 11241100x8000000000000000258700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc79b6d648b043b32023-02-08 09:42:00.235root 11241100x8000000000000000258710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0970196d342d33c82023-02-08 09:42:00.734root 11241100x8000000000000000258709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9f96c56b06992d2023-02-08 09:42:00.734root 11241100x8000000000000000258708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725408b57c7167952023-02-08 09:42:00.734root 11241100x8000000000000000258707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8911e70cf412c3f62023-02-08 09:42:00.734root 11241100x8000000000000000258706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fc7f596d8468b02023-02-08 09:42:00.734root 11241100x8000000000000000258705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab302ffc604c3e082023-02-08 09:42:00.734root 11241100x8000000000000000258704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbd619d09bc1d7e2023-02-08 09:42:00.734root 11241100x8000000000000000258703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a899dafbeb44f12023-02-08 09:42:00.734root 11241100x8000000000000000258702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:00.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501aa2583e43edc62023-02-08 09:42:00.734root 354300x8000000000000000258711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.067{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59356-false10.0.1.12-8000- 11241100x8000000000000000258714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b76b3493bc5bad72023-02-08 09:42:01.068root 11241100x8000000000000000258713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f14331a2a7101692023-02-08 09:42:01.068root 11241100x8000000000000000258712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abc91741a2970022023-02-08 09:42:01.068root 11241100x8000000000000000258718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af48121c07fb4cc52023-02-08 09:42:01.069root 11241100x8000000000000000258717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13311c85a9c06102023-02-08 09:42:01.069root 11241100x8000000000000000258716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2936c4929a4746982023-02-08 09:42:01.069root 11241100x8000000000000000258715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38012cbc08affc4e2023-02-08 09:42:01.069root 11241100x8000000000000000258721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20fbb112e7251952023-02-08 09:42:01.070root 11241100x8000000000000000258720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5dab178add4be02023-02-08 09:42:01.070root 11241100x8000000000000000258719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58269aba8a6c40372023-02-08 09:42:01.070root 11241100x8000000000000000258724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83049339a4455bec2023-02-08 09:42:01.484root 11241100x8000000000000000258723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88b8323814168962023-02-08 09:42:01.484root 11241100x8000000000000000258722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059e231700589b312023-02-08 09:42:01.484root 11241100x8000000000000000258729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a249b21fac227e2023-02-08 09:42:01.485root 11241100x8000000000000000258728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a2a89e0a5c2f9e2023-02-08 09:42:01.485root 11241100x8000000000000000258727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89aa252b91a51ef2023-02-08 09:42:01.485root 11241100x8000000000000000258726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fb1ec52a1960762023-02-08 09:42:01.485root 11241100x8000000000000000258725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d40d3edebe3cec32023-02-08 09:42:01.485root 11241100x8000000000000000258731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a7db514d2321602023-02-08 09:42:01.486root 11241100x8000000000000000258730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b850209a6d99d3612023-02-08 09:42:01.486root 11241100x8000000000000000258733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241e9de655017422023-02-08 09:42:01.984root 11241100x8000000000000000258732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f5bc6fd825a712023-02-08 09:42:01.984root 11241100x8000000000000000258739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db267f13e8643142023-02-08 09:42:01.985root 11241100x8000000000000000258738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cfd4cdcdcd43552023-02-08 09:42:01.985root 11241100x8000000000000000258737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8827b38b0da0012023-02-08 09:42:01.985root 11241100x8000000000000000258736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c170f55c4110a2c2023-02-08 09:42:01.985root 11241100x8000000000000000258735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5626e120b43893762023-02-08 09:42:01.985root 11241100x8000000000000000258734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35c93103f46d21d2023-02-08 09:42:01.985root 11241100x8000000000000000258741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b9d8c64abe6d72023-02-08 09:42:01.986root 11241100x8000000000000000258740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a9e570ccdb14f2023-02-08 09:42:01.986root 11241100x8000000000000000258746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a201027d76005e02023-02-08 09:42:02.484root 11241100x8000000000000000258745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6276c17b861b99c2023-02-08 09:42:02.484root 11241100x8000000000000000258744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a901ab233981522023-02-08 09:42:02.484root 11241100x8000000000000000258743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087913f2ab6f1f272023-02-08 09:42:02.484root 11241100x8000000000000000258742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64968319d2f64772023-02-08 09:42:02.484root 11241100x8000000000000000258751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f83cc6cf4e52db2023-02-08 09:42:02.485root 11241100x8000000000000000258750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d08b273df9420e2023-02-08 09:42:02.485root 11241100x8000000000000000258749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3babe831492657252023-02-08 09:42:02.485root 11241100x8000000000000000258748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914eabd40433b86c2023-02-08 09:42:02.485root 11241100x8000000000000000258747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f9c3950d7abe462023-02-08 09:42:02.485root 11241100x8000000000000000258760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213902cfe52b1f332023-02-08 09:42:02.984root 11241100x8000000000000000258759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7586d3f4d49a9e2e2023-02-08 09:42:02.984root 11241100x8000000000000000258758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955748794028bc8d2023-02-08 09:42:02.984root 11241100x8000000000000000258757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f212354b4bdd92023-02-08 09:42:02.984root 11241100x8000000000000000258756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d764173f28d8a1b2023-02-08 09:42:02.984root 11241100x8000000000000000258755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42572321a3dadc8c2023-02-08 09:42:02.984root 11241100x8000000000000000258754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2bdc5505501c02023-02-08 09:42:02.984root 11241100x8000000000000000258753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69275827c132b5572023-02-08 09:42:02.984root 11241100x8000000000000000258752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e51085beb36eb02023-02-08 09:42:02.984root 11241100x8000000000000000258761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1256a16c98531f2023-02-08 09:42:02.985root 11241100x8000000000000000258768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fe3bcf436b253e2023-02-08 09:42:03.484root 11241100x8000000000000000258767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25c4d9804ed33a12023-02-08 09:42:03.484root 11241100x8000000000000000258766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daf06ed2381c5df2023-02-08 09:42:03.484root 11241100x8000000000000000258765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f934f3775b872ae52023-02-08 09:42:03.484root 11241100x8000000000000000258764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b8a13bca4dc432023-02-08 09:42:03.484root 11241100x8000000000000000258763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e37027ca6a7192023-02-08 09:42:03.484root 11241100x8000000000000000258762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b08a9f576eb3f062023-02-08 09:42:03.484root 11241100x8000000000000000258771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74f7d88e1d100012023-02-08 09:42:03.485root 11241100x8000000000000000258770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34dec51774b2b5c2023-02-08 09:42:03.485root 11241100x8000000000000000258769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9458e0e0ee2f3fac2023-02-08 09:42:03.485root 11241100x8000000000000000258774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1672934f2ab2072023-02-08 09:42:03.984root 11241100x8000000000000000258773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e05e66c55848a2023-02-08 09:42:03.984root 11241100x8000000000000000258772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f038a350bf7cd02023-02-08 09:42:03.984root 11241100x8000000000000000258780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694cea979d44c1dd2023-02-08 09:42:03.985root 11241100x8000000000000000258779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f010282b1794c4b2023-02-08 09:42:03.985root 11241100x8000000000000000258778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc3e3341f38da0a2023-02-08 09:42:03.985root 11241100x8000000000000000258777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac962e036b44457f2023-02-08 09:42:03.985root 11241100x8000000000000000258776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b03cdd687fc37482023-02-08 09:42:03.985root 11241100x8000000000000000258775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15ceab8480c52f2023-02-08 09:42:03.985root 11241100x8000000000000000258781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bc2a37f17c64982023-02-08 09:42:03.986root 11241100x8000000000000000258787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee1ff471a4cb6442023-02-08 09:42:04.484root 11241100x8000000000000000258786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eee3f9c86ac7f6a2023-02-08 09:42:04.484root 11241100x8000000000000000258785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c985350ca7938f2023-02-08 09:42:04.484root 11241100x8000000000000000258784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526cc1a7381747992023-02-08 09:42:04.484root 11241100x8000000000000000258783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e24cd30a2725f7e2023-02-08 09:42:04.484root 11241100x8000000000000000258782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43dbdbcb78da7062023-02-08 09:42:04.484root 11241100x8000000000000000258791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348de94ee709d9b2023-02-08 09:42:04.485root 11241100x8000000000000000258790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7dd12e0967e892023-02-08 09:42:04.485root 11241100x8000000000000000258789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6d10721d83cc322023-02-08 09:42:04.485root 11241100x8000000000000000258788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e699e5e29710e1f02023-02-08 09:42:04.485root 11241100x8000000000000000258797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06bc531e01c6502023-02-08 09:42:04.984root 11241100x8000000000000000258796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab074d5e3e284e1b2023-02-08 09:42:04.984root 11241100x8000000000000000258795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b18b17a97a33612023-02-08 09:42:04.984root 11241100x8000000000000000258794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccd5a7a8063f902023-02-08 09:42:04.984root 11241100x8000000000000000258793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0296c486927c7bde2023-02-08 09:42:04.984root 11241100x8000000000000000258792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f098a0e9329309ed2023-02-08 09:42:04.984root 11241100x8000000000000000258801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73648858d283fd62023-02-08 09:42:04.985root 11241100x8000000000000000258800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e456ac4cb3b526342023-02-08 09:42:04.985root 11241100x8000000000000000258799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ed18fe99d3a1892023-02-08 09:42:04.985root 11241100x8000000000000000258798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b101b6a497c39cb02023-02-08 09:42:04.985root 11241100x8000000000000000258808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e914a2fed8b8882023-02-08 09:42:05.484root 11241100x8000000000000000258807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0417f2a84f27ccee2023-02-08 09:42:05.484root 11241100x8000000000000000258806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d9b645e0d95a72023-02-08 09:42:05.484root 11241100x8000000000000000258805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b007a121541ed3a92023-02-08 09:42:05.484root 11241100x8000000000000000258804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f3de520b8abe92023-02-08 09:42:05.484root 11241100x8000000000000000258803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f5ee362edefb4c2023-02-08 09:42:05.484root 11241100x8000000000000000258802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f49e95701969b52023-02-08 09:42:05.484root 11241100x8000000000000000258811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b736afc77d330742023-02-08 09:42:05.485root 11241100x8000000000000000258810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986179433be29842023-02-08 09:42:05.485root 11241100x8000000000000000258809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2156dc2c848a46ed2023-02-08 09:42:05.485root 11241100x8000000000000000258817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91307b5e4939612b2023-02-08 09:42:05.984root 11241100x8000000000000000258816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fb305cb6e0a4852023-02-08 09:42:05.984root 11241100x8000000000000000258815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b441a86e2c3c952023-02-08 09:42:05.984root 11241100x8000000000000000258814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09d7311acd26fdd2023-02-08 09:42:05.984root 11241100x8000000000000000258813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf287b435b3130b2023-02-08 09:42:05.984root 11241100x8000000000000000258812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1b4cfd0036be2e2023-02-08 09:42:05.984root 11241100x8000000000000000258821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb96d2834361812023-02-08 09:42:05.985root 11241100x8000000000000000258820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d64c05ac2bd8022023-02-08 09:42:05.985root 11241100x8000000000000000258819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d329d85dfca2abbd2023-02-08 09:42:05.985root 11241100x8000000000000000258818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ab412a38824ab2023-02-08 09:42:05.985root 354300x8000000000000000258822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.071{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59362-false10.0.1.12-8000- 11241100x8000000000000000258823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:42:06.364root 11241100x8000000000000000258833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab17207af28a837d2023-02-08 09:42:06.365root 11241100x8000000000000000258832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15f0867e4e0ea202023-02-08 09:42:06.365root 11241100x8000000000000000258831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65296ec80a3d85832023-02-08 09:42:06.365root 11241100x8000000000000000258830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adab418ed01e960a2023-02-08 09:42:06.365root 11241100x8000000000000000258829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0618f11689c7a372023-02-08 09:42:06.365root 11241100x8000000000000000258828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8ae2c334f5ef262023-02-08 09:42:06.365root 11241100x8000000000000000258827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80931413b47b0b042023-02-08 09:42:06.365root 11241100x8000000000000000258826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13518472a1dcef52023-02-08 09:42:06.365root 11241100x8000000000000000258825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28521233caf0d2922023-02-08 09:42:06.365root 11241100x8000000000000000258824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d001f77bd2772bc12023-02-08 09:42:06.365root 11241100x8000000000000000258835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb824cfd2ef2fd8e2023-02-08 09:42:06.366root 11241100x8000000000000000258834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bac9a7dc5e578a2023-02-08 09:42:06.366root 354300x8000000000000000258836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.704{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-44570-false10.0.1.12-8089- 11241100x8000000000000000258844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b3e25bbb1e8d42023-02-08 09:42:06.706root 11241100x8000000000000000258843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc644bfa527be3d2023-02-08 09:42:06.706root 11241100x8000000000000000258842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d773ad21b876582023-02-08 09:42:06.706root 11241100x8000000000000000258841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703ef79bf93b7d42023-02-08 09:42:06.706root 11241100x8000000000000000258840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc2a20664064b432023-02-08 09:42:06.706root 11241100x8000000000000000258839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaabcad395217e62023-02-08 09:42:06.706root 11241100x8000000000000000258838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a0698cb13f03ea2023-02-08 09:42:06.706root 11241100x8000000000000000258837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5489338118b2b5cc2023-02-08 09:42:06.706root 11241100x8000000000000000258849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9171f785aeb2ff62023-02-08 09:42:06.707root 11241100x8000000000000000258848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462b0a983427e8842023-02-08 09:42:06.707root 11241100x8000000000000000258847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee372bbc370ed8492023-02-08 09:42:06.707root 11241100x8000000000000000258846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bc099fa6277b9f2023-02-08 09:42:06.707root 11241100x8000000000000000258845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fc3763a1beb0002023-02-08 09:42:06.707root 11241100x8000000000000000258855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647fd83f3d8deac2023-02-08 09:42:06.984root 11241100x8000000000000000258854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f885724dcfef7f2023-02-08 09:42:06.984root 11241100x8000000000000000258853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907cb54357e14cac2023-02-08 09:42:06.984root 11241100x8000000000000000258852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ff28b33aef36fe2023-02-08 09:42:06.984root 11241100x8000000000000000258851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b60d1f84ebdb352023-02-08 09:42:06.984root 11241100x8000000000000000258850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb5952e7da49622023-02-08 09:42:06.984root 11241100x8000000000000000258862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd914f73b65afdc92023-02-08 09:42:06.985root 11241100x8000000000000000258861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c0d017d4c017b2023-02-08 09:42:06.985root 11241100x8000000000000000258860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a600f3be173c30c42023-02-08 09:42:06.985root 11241100x8000000000000000258859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b7afd70b671742023-02-08 09:42:06.985root 11241100x8000000000000000258858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bf0f8eba5dd80e2023-02-08 09:42:06.985root 11241100x8000000000000000258857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65d9381fba1d7aa2023-02-08 09:42:06.985root 11241100x8000000000000000258856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75896aa5bc5a6c72023-02-08 09:42:06.985root 11241100x8000000000000000258865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641881bbcdc07eb2023-02-08 09:42:07.484root 11241100x8000000000000000258864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e64235d04002662023-02-08 09:42:07.484root 11241100x8000000000000000258863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076dd9401c08ee5e2023-02-08 09:42:07.484root 11241100x8000000000000000258870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69e5a6d7a037e22023-02-08 09:42:07.485root 11241100x8000000000000000258869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6493d8c8caee95b42023-02-08 09:42:07.485root 11241100x8000000000000000258868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4a7e211ded93312023-02-08 09:42:07.485root 11241100x8000000000000000258867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455239c7bd6627472023-02-08 09:42:07.485root 11241100x8000000000000000258866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080dcfb0ff3d651a2023-02-08 09:42:07.485root 11241100x8000000000000000258875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fb59625997e172023-02-08 09:42:07.486root 11241100x8000000000000000258874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b8c6839f9a2312023-02-08 09:42:07.486root 11241100x8000000000000000258873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c16d0e067a70a622023-02-08 09:42:07.486root 11241100x8000000000000000258872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f838824b8ae98202023-02-08 09:42:07.486root 11241100x8000000000000000258871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a1cffae2ec3ac92023-02-08 09:42:07.486root 11241100x8000000000000000258876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813570cb8e1144912023-02-08 09:42:07.984root 11241100x8000000000000000258885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b75b12edca0db9b2023-02-08 09:42:07.985root 11241100x8000000000000000258884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4691d5fd8ca09882023-02-08 09:42:07.985root 11241100x8000000000000000258883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f96c72381d57f2023-02-08 09:42:07.985root 11241100x8000000000000000258882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a1c04f995656882023-02-08 09:42:07.985root 11241100x8000000000000000258881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a207fb1f0517a09a2023-02-08 09:42:07.985root 11241100x8000000000000000258880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6258becba3814c2023-02-08 09:42:07.985root 11241100x8000000000000000258879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18397080eae16ef92023-02-08 09:42:07.985root 11241100x8000000000000000258878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241845d0baf33e62023-02-08 09:42:07.985root 11241100x8000000000000000258877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b0fe6b858eb9792023-02-08 09:42:07.985root 11241100x8000000000000000258888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2146b5f82b3d682023-02-08 09:42:07.986root 11241100x8000000000000000258887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4150ed45bfd97f2023-02-08 09:42:07.986root 11241100x8000000000000000258886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78a1ef150c252f2023-02-08 09:42:07.986root 11241100x8000000000000000258895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b61b5aacfe54e662023-02-08 09:42:08.484root 11241100x8000000000000000258894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1d9510f1b5a9d2023-02-08 09:42:08.484root 11241100x8000000000000000258893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2dc172f82112f02023-02-08 09:42:08.484root 11241100x8000000000000000258892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e74777a6e75c4f72023-02-08 09:42:08.484root 11241100x8000000000000000258891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27df07cefc64da42023-02-08 09:42:08.484root 11241100x8000000000000000258890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17812287f85e55e2023-02-08 09:42:08.484root 11241100x8000000000000000258889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b10b85e2eb230522023-02-08 09:42:08.484root 11241100x8000000000000000258901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ba9a85011240f22023-02-08 09:42:08.485root 11241100x8000000000000000258900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43588b95a6d9f7092023-02-08 09:42:08.485root 11241100x8000000000000000258899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5523a6da4069502023-02-08 09:42:08.485root 11241100x8000000000000000258898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5bf093fa07c9d82023-02-08 09:42:08.485root 11241100x8000000000000000258897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bce88f55f829bb2023-02-08 09:42:08.485root 11241100x8000000000000000258896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23550dd5a30f49d2023-02-08 09:42:08.485root 11241100x8000000000000000258908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c94d0dccc69aca2023-02-08 09:42:08.984root 11241100x8000000000000000258907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda334379d60bdd02023-02-08 09:42:08.984root 11241100x8000000000000000258906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cedfce0bf3baf162023-02-08 09:42:08.984root 11241100x8000000000000000258905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f2d7d1e7509612023-02-08 09:42:08.984root 11241100x8000000000000000258904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aae3db51471da32023-02-08 09:42:08.984root 11241100x8000000000000000258903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e3b80f67b1daf2023-02-08 09:42:08.984root 11241100x8000000000000000258902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aabd479c87482302023-02-08 09:42:08.984root 11241100x8000000000000000258914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969d51532af121172023-02-08 09:42:08.985root 11241100x8000000000000000258913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a04f586f73dc482023-02-08 09:42:08.985root 11241100x8000000000000000258912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94a8a65ff330462023-02-08 09:42:08.985root 11241100x8000000000000000258911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c50ef10500bb2e2023-02-08 09:42:08.985root 11241100x8000000000000000258910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83215c2a5fc3722023-02-08 09:42:08.985root 11241100x8000000000000000258909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d1a971392b72d2023-02-08 09:42:08.985root 23542300x8000000000000000258915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000258919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12380c743de271ca2023-02-08 09:42:09.366root 11241100x8000000000000000258918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6268a5794c6dcdc72023-02-08 09:42:09.366root 11241100x8000000000000000258917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af509ac6e2f9e7762023-02-08 09:42:09.366root 11241100x8000000000000000258916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcb239df0593ea52023-02-08 09:42:09.366root 11241100x8000000000000000258925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d897bc28ed76db852023-02-08 09:42:09.367root 11241100x8000000000000000258924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34780367849759322023-02-08 09:42:09.367root 11241100x8000000000000000258923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9968a420c9ecb12023-02-08 09:42:09.367root 11241100x8000000000000000258922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddeb12623d85d002023-02-08 09:42:09.367root 11241100x8000000000000000258921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b393b32de315d6c2023-02-08 09:42:09.367root 11241100x8000000000000000258920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c7bda9f4fa9c0a2023-02-08 09:42:09.367root 11241100x8000000000000000258930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fce93d832b7ca02023-02-08 09:42:09.368root 11241100x8000000000000000258929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c205cc9a292f9b652023-02-08 09:42:09.368root 11241100x8000000000000000258928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145dfacc60a0e8252023-02-08 09:42:09.368root 11241100x8000000000000000258927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ea5edcfaf13ab2023-02-08 09:42:09.368root 11241100x8000000000000000258926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd25164aa9550bba2023-02-08 09:42:09.368root 11241100x8000000000000000258933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab55052aea3543e2023-02-08 09:42:09.734root 11241100x8000000000000000258932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4a648ce10434462023-02-08 09:42:09.734root 11241100x8000000000000000258931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fd05da705dc9672023-02-08 09:42:09.734root 11241100x8000000000000000258936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c34f9bb937e8fde2023-02-08 09:42:09.735root 11241100x8000000000000000258935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1091f623973c7b402023-02-08 09:42:09.735root 11241100x8000000000000000258934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56e10758f0386552023-02-08 09:42:09.735root 11241100x8000000000000000258941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59abdcce46fa71122023-02-08 09:42:09.736root 11241100x8000000000000000258940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2195a267c7e1256a2023-02-08 09:42:09.736root 11241100x8000000000000000258939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11a655cbaf6dd352023-02-08 09:42:09.736root 11241100x8000000000000000258938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35004df8739124392023-02-08 09:42:09.736root 11241100x8000000000000000258937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b507ddc0e94af22023-02-08 09:42:09.736root 11241100x8000000000000000258944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899b490af1977552023-02-08 09:42:09.737root 11241100x8000000000000000258943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86303eabd7ba4bf2023-02-08 09:42:09.737root 11241100x8000000000000000258942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002a881173b299282023-02-08 09:42:09.737root 11241100x8000000000000000258949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f55001f421407932023-02-08 09:42:10.234root 11241100x8000000000000000258948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c9f96e9c2bdc612023-02-08 09:42:10.234root 11241100x8000000000000000258947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7540808cf05ee8f92023-02-08 09:42:10.234root 11241100x8000000000000000258946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41758fbada37ec2e2023-02-08 09:42:10.234root 11241100x8000000000000000258945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c11ccb408d31732023-02-08 09:42:10.234root 11241100x8000000000000000258958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c89c897fb01e22023-02-08 09:42:10.235root 11241100x8000000000000000258957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b490393b5c4b86be2023-02-08 09:42:10.235root 11241100x8000000000000000258956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0299dc10b864f91f2023-02-08 09:42:10.235root 11241100x8000000000000000258955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb06beee4a38d962023-02-08 09:42:10.235root 11241100x8000000000000000258954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5df0a09ec4099c22023-02-08 09:42:10.235root 11241100x8000000000000000258953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140dd554a6569242023-02-08 09:42:10.235root 11241100x8000000000000000258952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35362042dd61f4922023-02-08 09:42:10.235root 11241100x8000000000000000258951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b7c5da686be4a2023-02-08 09:42:10.235root 11241100x8000000000000000258950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f910000084a7712023-02-08 09:42:10.235root 11241100x8000000000000000258959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69795930148c7fb2023-02-08 09:42:10.734root 11241100x8000000000000000258963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f122af15df547f92023-02-08 09:42:10.735root 11241100x8000000000000000258962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7507208ac58f3f172023-02-08 09:42:10.735root 11241100x8000000000000000258961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453c3aa980868ace2023-02-08 09:42:10.735root 11241100x8000000000000000258960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908f23349d9ecdaa2023-02-08 09:42:10.735root 11241100x8000000000000000258972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42c237ffe945e22023-02-08 09:42:10.736root 11241100x8000000000000000258971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4729ff6b9787132023-02-08 09:42:10.736root 11241100x8000000000000000258970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f7f3644989759e2023-02-08 09:42:10.736root 11241100x8000000000000000258969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b49583db3c4e02023-02-08 09:42:10.736root 11241100x8000000000000000258968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28194241d8a2818b2023-02-08 09:42:10.736root 11241100x8000000000000000258967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf7047b3560be392023-02-08 09:42:10.736root 11241100x8000000000000000258966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74257f905fe7c162023-02-08 09:42:10.736root 11241100x8000000000000000258965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b444db8a8480ac02023-02-08 09:42:10.736root 11241100x8000000000000000258964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb69734c4bcaa8f2023-02-08 09:42:10.736root 354300x8000000000000000258973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.171{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39902-false10.0.1.12-8000- 11241100x8000000000000000258977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307f28cc560764a2023-02-08 09:42:11.172root 11241100x8000000000000000258976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fdcb6eeeadf8132023-02-08 09:42:11.172root 11241100x8000000000000000258975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62d7570d73ae05d2023-02-08 09:42:11.172root 11241100x8000000000000000258974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461a6f245156c2652023-02-08 09:42:11.172root 11241100x8000000000000000258986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6575aecb9caf18df2023-02-08 09:42:11.173root 11241100x8000000000000000258985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c02e0f42acc622023-02-08 09:42:11.173root 11241100x8000000000000000258984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588eb960942cb2782023-02-08 09:42:11.173root 11241100x8000000000000000258983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84dcfce904e57e02023-02-08 09:42:11.173root 11241100x8000000000000000258982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e286896f70e9df2023-02-08 09:42:11.173root 11241100x8000000000000000258981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfb9861a113def52023-02-08 09:42:11.173root 11241100x8000000000000000258980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef663723395beb62023-02-08 09:42:11.173root 11241100x8000000000000000258979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d889ca1a25b3e0df2023-02-08 09:42:11.173root 11241100x8000000000000000258978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13ab4a6ccea75982023-02-08 09:42:11.173root 11241100x8000000000000000258995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75301601a646143c2023-02-08 09:42:11.174root 11241100x8000000000000000258994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9de0f56d51365012023-02-08 09:42:11.174root 11241100x8000000000000000258993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407d6e6b6d5d4c902023-02-08 09:42:11.174root 11241100x8000000000000000258992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f89c154c757a42023-02-08 09:42:11.174root 11241100x8000000000000000258991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4787b9c9b1d4700f2023-02-08 09:42:11.174root 11241100x8000000000000000258990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3550aa5d2f1cf53f2023-02-08 09:42:11.174root 11241100x8000000000000000258989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5844a59ffb078fc32023-02-08 09:42:11.174root 11241100x8000000000000000258988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1f1b66bd0d2ae52023-02-08 09:42:11.174root 11241100x8000000000000000258987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.174{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda2bfd1092baaa2023-02-08 09:42:11.174root 11241100x8000000000000000259001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53b9bc2355e09962023-02-08 09:42:11.175root 11241100x8000000000000000259000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44886d40e88af0642023-02-08 09:42:11.175root 11241100x8000000000000000258999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e8703c6e3a07892023-02-08 09:42:11.175root 11241100x8000000000000000258998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7add7fb164479822023-02-08 09:42:11.175root 11241100x8000000000000000258997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9112475d82c6b2023-02-08 09:42:11.175root 11241100x8000000000000000258996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.175{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa152ac24f027fa52023-02-08 09:42:11.175root 11241100x8000000000000000259003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.176{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e2ac133d7244e52023-02-08 09:42:11.176root 11241100x8000000000000000259002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.176{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0bdabe4c5883182023-02-08 09:42:11.176root 11241100x8000000000000000259012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c0ea771b9ee3662023-02-08 09:42:11.484root 11241100x8000000000000000259011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45675dbd7faca77b2023-02-08 09:42:11.484root 11241100x8000000000000000259010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead30c61136892842023-02-08 09:42:11.484root 11241100x8000000000000000259009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f3019b4ecef7722023-02-08 09:42:11.484root 11241100x8000000000000000259008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ab4ddec3558c42023-02-08 09:42:11.484root 11241100x8000000000000000259007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e58866d52349ad62023-02-08 09:42:11.484root 11241100x8000000000000000259006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85005823b3926b962023-02-08 09:42:11.484root 11241100x8000000000000000259005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d9809f84f29dd62023-02-08 09:42:11.484root 11241100x8000000000000000259004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465c0357ce0bea552023-02-08 09:42:11.484root 11241100x8000000000000000259018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1977a8f2ad2c082023-02-08 09:42:11.485root 11241100x8000000000000000259017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac8cd2b8cbe26b2023-02-08 09:42:11.485root 11241100x8000000000000000259016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fc4093bc6f57da2023-02-08 09:42:11.485root 11241100x8000000000000000259015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6248f92ebfa97a22023-02-08 09:42:11.485root 11241100x8000000000000000259014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae155893e00a0132023-02-08 09:42:11.485root 11241100x8000000000000000259013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2356fe00b017202023-02-08 09:42:11.485root 11241100x8000000000000000259027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec783025b76f2ba2023-02-08 09:42:11.984root 11241100x8000000000000000259026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632cb4aa1dc437bb2023-02-08 09:42:11.984root 11241100x8000000000000000259025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4d6784b57c50c62023-02-08 09:42:11.984root 11241100x8000000000000000259024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4dc700911239662023-02-08 09:42:11.984root 11241100x8000000000000000259023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66bc409aee6c5c02023-02-08 09:42:11.984root 11241100x8000000000000000259022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f54e0af381f0d9a2023-02-08 09:42:11.984root 11241100x8000000000000000259021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297960aab2606c052023-02-08 09:42:11.984root 11241100x8000000000000000259020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1059c28317087292023-02-08 09:42:11.984root 11241100x8000000000000000259019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264365b7c277846a2023-02-08 09:42:11.984root 11241100x8000000000000000259033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0295e5a2d1baa2023-02-08 09:42:11.985root 11241100x8000000000000000259032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7687976c1950512023-02-08 09:42:11.985root 11241100x8000000000000000259031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e99f9c1f5e30b1b2023-02-08 09:42:11.985root 11241100x8000000000000000259030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7321ecd169cf4ce32023-02-08 09:42:11.985root 11241100x8000000000000000259029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512ecfb8fc7e41a12023-02-08 09:42:11.985root 11241100x8000000000000000259028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7fdead49d733c92023-02-08 09:42:11.985root 11241100x8000000000000000259044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9764faa02fefad32023-02-08 09:42:12.484root 11241100x8000000000000000259043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fe10f574ea02702023-02-08 09:42:12.484root 11241100x8000000000000000259042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295e542152b551e2023-02-08 09:42:12.484root 11241100x8000000000000000259041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6450b6d6cfdb172023-02-08 09:42:12.484root 11241100x8000000000000000259040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e1a047bb6ebd8e2023-02-08 09:42:12.484root 11241100x8000000000000000259039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe527a94cef9726d2023-02-08 09:42:12.484root 11241100x8000000000000000259038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d898a0cb5f26442023-02-08 09:42:12.484root 11241100x8000000000000000259037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9251d100897b272023-02-08 09:42:12.484root 11241100x8000000000000000259036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43618df41c59bb362023-02-08 09:42:12.484root 11241100x8000000000000000259035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8b025dda2bd962023-02-08 09:42:12.484root 11241100x8000000000000000259034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dcb0b4e60f357b2023-02-08 09:42:12.484root 11241100x8000000000000000259048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34fb5622e3450632023-02-08 09:42:12.485root 11241100x8000000000000000259047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e694943c5243bd522023-02-08 09:42:12.485root 11241100x8000000000000000259046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bef337f3f4f3afd2023-02-08 09:42:12.485root 11241100x8000000000000000259045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ea06da72f8a832023-02-08 09:42:12.485root 11241100x8000000000000000259053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ef998907c9691b2023-02-08 09:42:12.984root 11241100x8000000000000000259052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da929cf48fc86922023-02-08 09:42:12.984root 11241100x8000000000000000259051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf392e8d394c25e2023-02-08 09:42:12.984root 11241100x8000000000000000259050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3486364257dcc8a22023-02-08 09:42:12.984root 11241100x8000000000000000259049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a75e8194efd682023-02-08 09:42:12.984root 11241100x8000000000000000259063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faabe34268e6f8e02023-02-08 09:42:12.985root 11241100x8000000000000000259062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a198bdda4591952023-02-08 09:42:12.985root 11241100x8000000000000000259061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e919ff738adc612023-02-08 09:42:12.985root 11241100x8000000000000000259060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f53752eac8024a2023-02-08 09:42:12.985root 11241100x8000000000000000259059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afad0bfb8ec8ff972023-02-08 09:42:12.985root 11241100x8000000000000000259058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ad09960c8dc1562023-02-08 09:42:12.985root 11241100x8000000000000000259057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b19224ce14afd22023-02-08 09:42:12.985root 11241100x8000000000000000259056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72998f08d241c952023-02-08 09:42:12.985root 11241100x8000000000000000259055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e901623aefb2afff2023-02-08 09:42:12.985root 11241100x8000000000000000259054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e938f84cec0aff712023-02-08 09:42:12.985root 11241100x8000000000000000259067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c795575366fa2e022023-02-08 09:42:13.484root 11241100x8000000000000000259066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc04be3564be03b2023-02-08 09:42:13.484root 11241100x8000000000000000259065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5c363629c909842023-02-08 09:42:13.484root 11241100x8000000000000000259064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a3016d98d8d892023-02-08 09:42:13.484root 11241100x8000000000000000259075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0f1bba959e3f32023-02-08 09:42:13.485root 11241100x8000000000000000259074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86eac2b6accdb782023-02-08 09:42:13.485root 11241100x8000000000000000259073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3c28109a0381972023-02-08 09:42:13.485root 11241100x8000000000000000259072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c347f1bb5875b0d2023-02-08 09:42:13.485root 11241100x8000000000000000259071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56891f11aa912d732023-02-08 09:42:13.485root 11241100x8000000000000000259070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f650e8ae07fc4c2023-02-08 09:42:13.485root 11241100x8000000000000000259069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dda3ef897386742023-02-08 09:42:13.485root 11241100x8000000000000000259068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41daf1d1a7ee5cbf2023-02-08 09:42:13.485root 11241100x8000000000000000259078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0952c07781e678f22023-02-08 09:42:13.486root 11241100x8000000000000000259077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102c1f8b33bb6bcc2023-02-08 09:42:13.486root 11241100x8000000000000000259076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60780cdc81d2c0722023-02-08 09:42:13.486root 11241100x8000000000000000259079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9410990f049b3f982023-02-08 09:42:13.984root 11241100x8000000000000000259086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86eaf3392bcec7282023-02-08 09:42:13.985root 11241100x8000000000000000259085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3982e9c2bf05e72023-02-08 09:42:13.985root 11241100x8000000000000000259084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f31040442d188f2023-02-08 09:42:13.985root 11241100x8000000000000000259083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf88e2ec6e543902023-02-08 09:42:13.985root 11241100x8000000000000000259082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba913e06ab76c212023-02-08 09:42:13.985root 11241100x8000000000000000259081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3739c2e190bb1152023-02-08 09:42:13.985root 11241100x8000000000000000259080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06bd076f60b56f42023-02-08 09:42:13.985root 11241100x8000000000000000259093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3135517465d43792023-02-08 09:42:13.986root 11241100x8000000000000000259092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cc628f9a183cd82023-02-08 09:42:13.986root 11241100x8000000000000000259091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6b9d5f0a8d8e172023-02-08 09:42:13.986root 11241100x8000000000000000259090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e5844fcc2efffe2023-02-08 09:42:13.986root 11241100x8000000000000000259089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121610d80978ce202023-02-08 09:42:13.986root 11241100x8000000000000000259088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4a146b910f2c362023-02-08 09:42:13.986root 11241100x8000000000000000259087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9672fe2eaac442023-02-08 09:42:13.986root 11241100x8000000000000000259096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b3bce5d12b0a72023-02-08 09:42:14.484root 11241100x8000000000000000259095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc13f23eeaf78472023-02-08 09:42:14.484root 11241100x8000000000000000259094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9656d43e757147c92023-02-08 09:42:14.484root 11241100x8000000000000000259099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1332c6fb31e9a5552023-02-08 09:42:14.485root 11241100x8000000000000000259098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95314c90a3f5fea2023-02-08 09:42:14.485root 11241100x8000000000000000259097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff57326d7b80f772023-02-08 09:42:14.485root 11241100x8000000000000000259103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9115957f3bfdca2023-02-08 09:42:14.487root 11241100x8000000000000000259102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61048528acecab5e2023-02-08 09:42:14.487root 11241100x8000000000000000259101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8806d327720fe4d72023-02-08 09:42:14.487root 11241100x8000000000000000259100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8359290a0c6ef21d2023-02-08 09:42:14.487root 11241100x8000000000000000259107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b577d9ddd0f743d82023-02-08 09:42:14.488root 11241100x8000000000000000259106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63172b220bf23ea2023-02-08 09:42:14.488root 11241100x8000000000000000259105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7ef84a55c669ba2023-02-08 09:42:14.488root 11241100x8000000000000000259104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c8d89001ba80a2023-02-08 09:42:14.488root 11241100x8000000000000000259108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e979799f892917ad2023-02-08 09:42:14.489root 11241100x8000000000000000259112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf95c3ec172f792023-02-08 09:42:14.984root 11241100x8000000000000000259111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bb21e81d598b62023-02-08 09:42:14.984root 11241100x8000000000000000259110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636388e183a415762023-02-08 09:42:14.984root 11241100x8000000000000000259109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a15c45d5db6d82023-02-08 09:42:14.984root 11241100x8000000000000000259118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c7de88bae8d3bb2023-02-08 09:42:14.985root 11241100x8000000000000000259117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ccbeef74a2a28a2023-02-08 09:42:14.985root 11241100x8000000000000000259116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59463b86cab689402023-02-08 09:42:14.985root 11241100x8000000000000000259115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d475a54701aac5d2023-02-08 09:42:14.985root 11241100x8000000000000000259114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ac950d3c424bc12023-02-08 09:42:14.985root 11241100x8000000000000000259113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae8c0284a57e1fa2023-02-08 09:42:14.985root 11241100x8000000000000000259121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2be46cd76a11c72023-02-08 09:42:14.986root 11241100x8000000000000000259120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d07047d68465d2023-02-08 09:42:14.986root 11241100x8000000000000000259119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b3783f8e90544f2023-02-08 09:42:14.986root 11241100x8000000000000000259123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb8734847e591572023-02-08 09:42:14.987root 11241100x8000000000000000259122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ea4b30529146472023-02-08 09:42:14.987root 11241100x8000000000000000259126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e49c20e3f841f2023-02-08 09:42:15.484root 11241100x8000000000000000259125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2439bbc53b1b742023-02-08 09:42:15.484root 11241100x8000000000000000259124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8034fb5bee28ad4f2023-02-08 09:42:15.484root 11241100x8000000000000000259134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3164bddc3371c92023-02-08 09:42:15.485root 11241100x8000000000000000259133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa01d5fd08b0aff72023-02-08 09:42:15.485root 11241100x8000000000000000259132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397c58949de61722023-02-08 09:42:15.485root 11241100x8000000000000000259131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d23ec6e8e9bc6d2023-02-08 09:42:15.485root 11241100x8000000000000000259130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839854f6fd1efce42023-02-08 09:42:15.485root 11241100x8000000000000000259129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7a83a9412713832023-02-08 09:42:15.485root 11241100x8000000000000000259128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59cf09f8a1237782023-02-08 09:42:15.485root 11241100x8000000000000000259127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbac8603eec34e0e2023-02-08 09:42:15.485root 11241100x8000000000000000259138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dc2b0fb72dd2e52023-02-08 09:42:15.486root 11241100x8000000000000000259137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a94fc04de4658c2023-02-08 09:42:15.486root 11241100x8000000000000000259136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf43e0b35478fa2023-02-08 09:42:15.486root 11241100x8000000000000000259135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdeef2992520f9e2023-02-08 09:42:15.486root 11241100x8000000000000000259147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bbcab6389e74792023-02-08 09:42:15.984root 11241100x8000000000000000259146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984408fe2d156ae72023-02-08 09:42:15.984root 11241100x8000000000000000259145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b6d40f9fd3e4d82023-02-08 09:42:15.984root 11241100x8000000000000000259144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a897ff6340830c2023-02-08 09:42:15.984root 11241100x8000000000000000259143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baa62cd59037bb22023-02-08 09:42:15.984root 11241100x8000000000000000259142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66d1ae48128780d2023-02-08 09:42:15.984root 11241100x8000000000000000259141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7eb31ad7fb02c82023-02-08 09:42:15.984root 11241100x8000000000000000259140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63133d4d7eb936b72023-02-08 09:42:15.984root 11241100x8000000000000000259139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5686221ca97279e12023-02-08 09:42:15.984root 11241100x8000000000000000259153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120f41c55ae4514d2023-02-08 09:42:15.985root 11241100x8000000000000000259152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298eaf709b0e8032023-02-08 09:42:15.985root 11241100x8000000000000000259151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac89495e871ea94e2023-02-08 09:42:15.985root 11241100x8000000000000000259150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311671a38b408ca2023-02-08 09:42:15.985root 11241100x8000000000000000259149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ce5b1758f3c5a2023-02-08 09:42:15.985root 11241100x8000000000000000259148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68235b15e563c65f2023-02-08 09:42:15.985root 354300x8000000000000000259154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.214{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39912-false10.0.1.12-8000- 11241100x8000000000000000259157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0af78f9444a6b682023-02-08 09:42:16.484root 11241100x8000000000000000259156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9396eaeab8278e2023-02-08 09:42:16.484root 11241100x8000000000000000259155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f775c2c61a7262023-02-08 09:42:16.484root 11241100x8000000000000000259167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d924eafa46936eb2023-02-08 09:42:16.485root 11241100x8000000000000000259166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8caf7446f5ddc332023-02-08 09:42:16.485root 11241100x8000000000000000259165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6635c49d63fec52023-02-08 09:42:16.485root 11241100x8000000000000000259164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158a9376d2a280f42023-02-08 09:42:16.485root 11241100x8000000000000000259163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5fe870dd9027662023-02-08 09:42:16.485root 11241100x8000000000000000259162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d873ebc8e3be73132023-02-08 09:42:16.485root 11241100x8000000000000000259161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bcb7db27f9d852023-02-08 09:42:16.485root 11241100x8000000000000000259160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83848e31d7dfc29e2023-02-08 09:42:16.485root 11241100x8000000000000000259159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ad4ed26fc435d82023-02-08 09:42:16.485root 11241100x8000000000000000259158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52324eb0a2803b3b2023-02-08 09:42:16.485root 11241100x8000000000000000259170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73523617847c4aad2023-02-08 09:42:16.486root 11241100x8000000000000000259169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10f13aeafee4a7c2023-02-08 09:42:16.486root 11241100x8000000000000000259168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb687b338c147d92023-02-08 09:42:16.486root 11241100x8000000000000000259174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f09b378bc418f2023-02-08 09:42:16.984root 11241100x8000000000000000259173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d0ad020d82b8f82023-02-08 09:42:16.984root 11241100x8000000000000000259172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbeb8483a9f2f0a2023-02-08 09:42:16.984root 11241100x8000000000000000259171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69cffbdd326534c2023-02-08 09:42:16.984root 11241100x8000000000000000259181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229e8e4332568e92023-02-08 09:42:16.985root 11241100x8000000000000000259180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e5753d902865f82023-02-08 09:42:16.985root 11241100x8000000000000000259179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970a5efdf1a4f0b22023-02-08 09:42:16.985root 11241100x8000000000000000259178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2dfa97b73629542023-02-08 09:42:16.985root 11241100x8000000000000000259177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680daf9ca26575632023-02-08 09:42:16.985root 11241100x8000000000000000259176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75902866b8fbd86a2023-02-08 09:42:16.985root 11241100x8000000000000000259175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf85cb9cc416d6df2023-02-08 09:42:16.985root 11241100x8000000000000000259186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7a16d59c962742023-02-08 09:42:16.986root 11241100x8000000000000000259185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da865b8d0700b0e82023-02-08 09:42:16.986root 11241100x8000000000000000259184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77d53793197f9ce2023-02-08 09:42:16.986root 11241100x8000000000000000259183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7444144ebe02258d2023-02-08 09:42:16.986root 11241100x8000000000000000259182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7bbaf363fe48772023-02-08 09:42:16.986root 11241100x8000000000000000259190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1560cb0e1eea0882023-02-08 09:42:17.484root 11241100x8000000000000000259189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eb89e669ad2c492023-02-08 09:42:17.484root 11241100x8000000000000000259188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617ee6a22a9344cd2023-02-08 09:42:17.484root 11241100x8000000000000000259187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd14b830834b98c82023-02-08 09:42:17.484root 11241100x8000000000000000259197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ab683d144a7cbf2023-02-08 09:42:17.485root 11241100x8000000000000000259196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267de1ec377553d22023-02-08 09:42:17.485root 11241100x8000000000000000259195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb400db68a66ace2023-02-08 09:42:17.485root 11241100x8000000000000000259194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba05abefd6922992023-02-08 09:42:17.485root 11241100x8000000000000000259193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297b5532790dd702023-02-08 09:42:17.485root 11241100x8000000000000000259192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190778ce4022ef392023-02-08 09:42:17.485root 11241100x8000000000000000259191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf7fdf94bf094cf2023-02-08 09:42:17.485root 11241100x8000000000000000259200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c13a766436668a2023-02-08 09:42:17.486root 11241100x8000000000000000259199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312df3d7427436e62023-02-08 09:42:17.486root 11241100x8000000000000000259198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d78b3317f18e8142023-02-08 09:42:17.486root 11241100x8000000000000000259202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b89f804650c912023-02-08 09:42:17.487root 11241100x8000000000000000259201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d7b7c479a3619f2023-02-08 09:42:17.487root 11241100x8000000000000000259204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5304666d9c5397bc2023-02-08 09:42:17.984root 11241100x8000000000000000259203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c5d05c5779918c2023-02-08 09:42:17.984root 11241100x8000000000000000259210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7c044b32c8d5f2023-02-08 09:42:17.985root 11241100x8000000000000000259209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0203b8cab8991582023-02-08 09:42:17.985root 11241100x8000000000000000259208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6646e1d0fc1ca8d82023-02-08 09:42:17.985root 11241100x8000000000000000259207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49113018771c3d2023-02-08 09:42:17.985root 11241100x8000000000000000259206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b39526b8b78214a2023-02-08 09:42:17.985root 11241100x8000000000000000259205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cef289de12bf8692023-02-08 09:42:17.985root 11241100x8000000000000000259218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdea8ca110834392023-02-08 09:42:17.986root 11241100x8000000000000000259217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1862b195a874db372023-02-08 09:42:17.986root 11241100x8000000000000000259216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62368e79bcc809e12023-02-08 09:42:17.986root 11241100x8000000000000000259215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ae8b31694f85e2023-02-08 09:42:17.986root 11241100x8000000000000000259214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb0472ca6d817112023-02-08 09:42:17.986root 11241100x8000000000000000259213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df738cec178d26a2023-02-08 09:42:17.986root 11241100x8000000000000000259212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e813be43f23c66db2023-02-08 09:42:17.986root 11241100x8000000000000000259211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eb09b8c7b863fc2023-02-08 09:42:17.986root 11241100x8000000000000000259225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551e716b89cb7ec2023-02-08 09:42:18.484root 11241100x8000000000000000259224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8477c36bd9ac3fe82023-02-08 09:42:18.484root 11241100x8000000000000000259223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca8c730992c63442023-02-08 09:42:18.484root 11241100x8000000000000000259222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8352fcc1e7300c42023-02-08 09:42:18.484root 11241100x8000000000000000259221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad4efa734b897bb2023-02-08 09:42:18.484root 11241100x8000000000000000259220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9e6ee329f6e2b02023-02-08 09:42:18.484root 11241100x8000000000000000259219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389a994c700d67372023-02-08 09:42:18.484root 11241100x8000000000000000259231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22f72bfed10239b2023-02-08 09:42:18.485root 11241100x8000000000000000259230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5fafabcbab1992023-02-08 09:42:18.485root 11241100x8000000000000000259229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3e91048f08eebd2023-02-08 09:42:18.485root 11241100x8000000000000000259228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d677a1f77861a2023-02-08 09:42:18.485root 11241100x8000000000000000259227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0fe9711e87f4582023-02-08 09:42:18.485root 11241100x8000000000000000259226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b312e113d3916ed2023-02-08 09:42:18.485root 11241100x8000000000000000259234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301bf108fe210cb92023-02-08 09:42:18.486root 11241100x8000000000000000259233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ff5f6fa3cc331d2023-02-08 09:42:18.486root 11241100x8000000000000000259232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e12d705736578f72023-02-08 09:42:18.486root 11241100x8000000000000000259238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022e4405dc98f6102023-02-08 09:42:18.984root 11241100x8000000000000000259237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220239862efc984d2023-02-08 09:42:18.984root 11241100x8000000000000000259236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd1ff2dd82a83d12023-02-08 09:42:18.984root 11241100x8000000000000000259235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5215b713e1b2f2023-02-08 09:42:18.984root 11241100x8000000000000000259246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d459386a4d957a42023-02-08 09:42:18.985root 11241100x8000000000000000259245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfad01ac75ef8fb02023-02-08 09:42:18.985root 11241100x8000000000000000259244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900265fd4b12cfc22023-02-08 09:42:18.985root 11241100x8000000000000000259243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592faa640d1b0a122023-02-08 09:42:18.985root 11241100x8000000000000000259242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaddd78055aa2fb2023-02-08 09:42:18.985root 11241100x8000000000000000259241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416a68bb4ec04432023-02-08 09:42:18.985root 11241100x8000000000000000259240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2b3789d080d1d2023-02-08 09:42:18.985root 11241100x8000000000000000259239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610c4f198818ead62023-02-08 09:42:18.985root 11241100x8000000000000000259250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddbf0d92fbb038e2023-02-08 09:42:18.986root 11241100x8000000000000000259249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e310bb1462d8b92023-02-08 09:42:18.986root 11241100x8000000000000000259248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca19a2aa7076302023-02-08 09:42:18.986root 11241100x8000000000000000259247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc423c6ae6744e2023-02-08 09:42:18.986root 11241100x8000000000000000259253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6f05db564750932023-02-08 09:42:19.484root 11241100x8000000000000000259252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2719a9cf36586ce2023-02-08 09:42:19.484root 11241100x8000000000000000259251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a47700b011d4bf2023-02-08 09:42:19.484root 11241100x8000000000000000259260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1ae4a7ddc38a272023-02-08 09:42:19.485root 11241100x8000000000000000259259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900517820fff59a22023-02-08 09:42:19.485root 11241100x8000000000000000259258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a8c65a5fd569a72023-02-08 09:42:19.485root 11241100x8000000000000000259257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73391c394ffddd932023-02-08 09:42:19.485root 11241100x8000000000000000259256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9804a4eaa9cb10082023-02-08 09:42:19.485root 11241100x8000000000000000259255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebf380e6bbfc3ca2023-02-08 09:42:19.485root 11241100x8000000000000000259254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d102d21d124ac02023-02-08 09:42:19.485root 11241100x8000000000000000259266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dde7451b7b459cd2023-02-08 09:42:19.486root 11241100x8000000000000000259265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ca72912bcf42042023-02-08 09:42:19.486root 11241100x8000000000000000259264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0040d47d3c9cd2023-02-08 09:42:19.486root 11241100x8000000000000000259263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a588dba5291064ab2023-02-08 09:42:19.486root 11241100x8000000000000000259262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f43cdbe3074b82023-02-08 09:42:19.486root 11241100x8000000000000000259261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb398d60b6498a2023-02-08 09:42:19.486root 11241100x8000000000000000259267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17de4b41ee724992023-02-08 09:42:19.984root 11241100x8000000000000000259272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95fdb2cc02386612023-02-08 09:42:19.985root 11241100x8000000000000000259271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d6140e67363fe02023-02-08 09:42:19.985root 11241100x8000000000000000259270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82a84cbe955e2e2023-02-08 09:42:19.985root 11241100x8000000000000000259269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe58e664f585a92023-02-08 09:42:19.985root 11241100x8000000000000000259268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f9c66b12a174782023-02-08 09:42:19.985root 11241100x8000000000000000259277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839c433243649bf72023-02-08 09:42:19.986root 11241100x8000000000000000259276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7d2554c578c3e2023-02-08 09:42:19.986root 11241100x8000000000000000259275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96b50af53bd10582023-02-08 09:42:19.986root 11241100x8000000000000000259274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189f9f6559e21fa62023-02-08 09:42:19.986root 11241100x8000000000000000259273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16fc20545d71b5a2023-02-08 09:42:19.986root 11241100x8000000000000000259282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a508fa7ada959772023-02-08 09:42:19.987root 11241100x8000000000000000259281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7826c06046266a2023-02-08 09:42:19.987root 11241100x8000000000000000259280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adad83cf36a673fd2023-02-08 09:42:19.987root 11241100x8000000000000000259279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b413ad8e42ccb40f2023-02-08 09:42:19.987root 11241100x8000000000000000259278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3429d98d72c37ac2023-02-08 09:42:19.987root 11241100x8000000000000000259288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361180064f54a1bd2023-02-08 09:42:20.484root 11241100x8000000000000000259287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8c63e6a6566a892023-02-08 09:42:20.484root 11241100x8000000000000000259286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0b111895f3c1142023-02-08 09:42:20.484root 11241100x8000000000000000259285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931815eba3de44152023-02-08 09:42:20.484root 11241100x8000000000000000259284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d7199ad82a3072023-02-08 09:42:20.484root 11241100x8000000000000000259283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d806f49cbcbf8d2023-02-08 09:42:20.484root 11241100x8000000000000000259297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544f73c639758ee62023-02-08 09:42:20.485root 11241100x8000000000000000259296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6db8d5c56329242023-02-08 09:42:20.485root 11241100x8000000000000000259295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31b3cc5c6bd3c02023-02-08 09:42:20.485root 11241100x8000000000000000259294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc35e3f88c0b2fcb2023-02-08 09:42:20.485root 11241100x8000000000000000259293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4e475abf670c12023-02-08 09:42:20.485root 11241100x8000000000000000259292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6085ed3510470d2023-02-08 09:42:20.485root 11241100x8000000000000000259291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d137e2eccab444d22023-02-08 09:42:20.485root 11241100x8000000000000000259290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88f524d9785da42023-02-08 09:42:20.485root 11241100x8000000000000000259289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471d980114636e82023-02-08 09:42:20.485root 11241100x8000000000000000259298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74f320fcc7e8922023-02-08 09:42:20.486root 11241100x8000000000000000259299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7a2325b3c6de912023-02-08 09:42:20.984root 11241100x8000000000000000259303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0ee7fd4b5c077a2023-02-08 09:42:20.985root 11241100x8000000000000000259302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805996d94178093a2023-02-08 09:42:20.985root 11241100x8000000000000000259301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771bd2a6bd2b8d62023-02-08 09:42:20.985root 11241100x8000000000000000259300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa626d95738a8682023-02-08 09:42:20.985root 11241100x8000000000000000259309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc80310f1057f7c2023-02-08 09:42:20.986root 11241100x8000000000000000259308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf241cfb397a7b42023-02-08 09:42:20.986root 11241100x8000000000000000259307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b63600cf29c1e92023-02-08 09:42:20.986root 11241100x8000000000000000259306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f8b7a2f8799d7c2023-02-08 09:42:20.986root 11241100x8000000000000000259305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4722cb84edfb1b32023-02-08 09:42:20.986root 11241100x8000000000000000259304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00ca21cd2c483de2023-02-08 09:42:20.986root 11241100x8000000000000000259314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35ea5f1448b6222023-02-08 09:42:20.987root 11241100x8000000000000000259313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412a01d663727052023-02-08 09:42:20.987root 11241100x8000000000000000259312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45941c642d9161722023-02-08 09:42:20.987root 11241100x8000000000000000259311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0947e201037e752023-02-08 09:42:20.987root 11241100x8000000000000000259310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec2c669eefa1622023-02-08 09:42:20.987root 11241100x8000000000000000259322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c354dc63a34574f42023-02-08 09:42:21.484root 11241100x8000000000000000259321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fcb79bdbb4971d2023-02-08 09:42:21.484root 11241100x8000000000000000259320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f126d852a1857cb82023-02-08 09:42:21.484root 11241100x8000000000000000259319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ad2b5e4173ce62023-02-08 09:42:21.484root 11241100x8000000000000000259318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f75ef58b7523a42023-02-08 09:42:21.484root 11241100x8000000000000000259317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200354f8d8f1cef02023-02-08 09:42:21.484root 11241100x8000000000000000259316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61d545d3a58500a2023-02-08 09:42:21.484root 11241100x8000000000000000259315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f2540018928052023-02-08 09:42:21.484root 11241100x8000000000000000259327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa8cdc279a967aa2023-02-08 09:42:21.485root 11241100x8000000000000000259326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5e82990eff0dd92023-02-08 09:42:21.485root 11241100x8000000000000000259325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02134c63652149c12023-02-08 09:42:21.485root 11241100x8000000000000000259324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2004db4c5403a95c2023-02-08 09:42:21.485root 11241100x8000000000000000259323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67710784a30b56a92023-02-08 09:42:21.485root 11241100x8000000000000000259330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85da3ad16fafed2d2023-02-08 09:42:21.486root 11241100x8000000000000000259329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b701c9a1af710b8d2023-02-08 09:42:21.486root 11241100x8000000000000000259328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f364f269449562023-02-08 09:42:21.486root 11241100x8000000000000000259333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2cf7f464171a0d2023-02-08 09:42:21.984root 11241100x8000000000000000259332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3fb61786b49a72023-02-08 09:42:21.984root 11241100x8000000000000000259331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b8c9281451b3d2023-02-08 09:42:21.984root 11241100x8000000000000000259342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eee24432293b4232023-02-08 09:42:21.985root 11241100x8000000000000000259341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e196e97a98c83e82023-02-08 09:42:21.985root 11241100x8000000000000000259340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9de3003b09c622023-02-08 09:42:21.985root 11241100x8000000000000000259339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c34fcc8841381f2023-02-08 09:42:21.985root 11241100x8000000000000000259338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95a39e8ab2c5eb82023-02-08 09:42:21.985root 11241100x8000000000000000259337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8c11848a9a073f2023-02-08 09:42:21.985root 11241100x8000000000000000259336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada31d28bfbf19022023-02-08 09:42:21.985root 11241100x8000000000000000259335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc085817a5a6e72023-02-08 09:42:21.985root 11241100x8000000000000000259334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb81f8f957add8802023-02-08 09:42:21.985root 11241100x8000000000000000259346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749381757e51ab712023-02-08 09:42:21.986root 11241100x8000000000000000259345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5699f0cb49fabd432023-02-08 09:42:21.986root 11241100x8000000000000000259344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908daf4d001b4a762023-02-08 09:42:21.986root 11241100x8000000000000000259343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf603bc5a2761ee2023-02-08 09:42:21.986root 354300x8000000000000000259347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.006{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55592-false10.0.1.12-8000- 11241100x8000000000000000259354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0603a87951fdfbad2023-02-08 09:42:22.484root 11241100x8000000000000000259353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3c2968b283f94d2023-02-08 09:42:22.484root 11241100x8000000000000000259352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc92a27860c539882023-02-08 09:42:22.484root 11241100x8000000000000000259351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ef358ca94f9622023-02-08 09:42:22.484root 11241100x8000000000000000259350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f5e437303fd232023-02-08 09:42:22.484root 11241100x8000000000000000259349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c432dadba789f74f2023-02-08 09:42:22.484root 11241100x8000000000000000259348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb9ca4bd0567802023-02-08 09:42:22.484root 11241100x8000000000000000259364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31696e8f2ddfd1e92023-02-08 09:42:22.485root 11241100x8000000000000000259363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e1d4a8aeb1f312023-02-08 09:42:22.485root 11241100x8000000000000000259362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9238a4aa987202023-02-08 09:42:22.485root 11241100x8000000000000000259361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed12335b89acb2e2023-02-08 09:42:22.485root 11241100x8000000000000000259360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a4f762252dfc622023-02-08 09:42:22.485root 11241100x8000000000000000259359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2df5d5cd380ddad2023-02-08 09:42:22.485root 11241100x8000000000000000259358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4702559ba0290d2023-02-08 09:42:22.485root 11241100x8000000000000000259357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510e96e311a31cf2023-02-08 09:42:22.485root 11241100x8000000000000000259356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ff7d37ee524e312023-02-08 09:42:22.485root 11241100x8000000000000000259355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acf0d282e41349d2023-02-08 09:42:22.485root 11241100x8000000000000000259367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466633e9cea91e82023-02-08 09:42:22.984root 11241100x8000000000000000259366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b0c50b1d8bfbf2023-02-08 09:42:22.984root 11241100x8000000000000000259365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629102f4cc7712202023-02-08 09:42:22.984root 11241100x8000000000000000259381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d0e85f0d9a2f102023-02-08 09:42:22.985root 11241100x8000000000000000259380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ba81b186b85ae92023-02-08 09:42:22.985root 11241100x8000000000000000259379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731014fcaf38bc62023-02-08 09:42:22.985root 11241100x8000000000000000259378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0617071b8cd7382023-02-08 09:42:22.985root 11241100x8000000000000000259377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eefa917763f2212023-02-08 09:42:22.985root 11241100x8000000000000000259376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd0588968593792023-02-08 09:42:22.985root 11241100x8000000000000000259375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ad5c86f26bd1fb2023-02-08 09:42:22.985root 11241100x8000000000000000259374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d4cba2632509ea2023-02-08 09:42:22.985root 11241100x8000000000000000259373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3351f5dd390e9c0c2023-02-08 09:42:22.985root 11241100x8000000000000000259372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3808650b4bfb502023-02-08 09:42:22.985root 11241100x8000000000000000259371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed652bd05fd8bc7d2023-02-08 09:42:22.985root 11241100x8000000000000000259370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c86b7bed068c2f2023-02-08 09:42:22.985root 11241100x8000000000000000259369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b85ba0d0fda17f2023-02-08 09:42:22.985root 11241100x8000000000000000259368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f31f9222e445c2023-02-08 09:42:22.985root 11241100x8000000000000000259384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea121af79dcfe71d2023-02-08 09:42:23.484root 11241100x8000000000000000259383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cfcbf06084e6f02023-02-08 09:42:23.484root 11241100x8000000000000000259382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38e841ce185e86b2023-02-08 09:42:23.484root 11241100x8000000000000000259394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd86e84ea1ff1b82023-02-08 09:42:23.485root 11241100x8000000000000000259393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c40a2063b224fa62023-02-08 09:42:23.485root 11241100x8000000000000000259392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3669dd5ead5bb2023-02-08 09:42:23.485root 11241100x8000000000000000259391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b957f84b5fd552023-02-08 09:42:23.485root 11241100x8000000000000000259390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95e993947c10f22023-02-08 09:42:23.485root 11241100x8000000000000000259389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe936f68759564c12023-02-08 09:42:23.485root 11241100x8000000000000000259388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aca6ac5ab935e72023-02-08 09:42:23.485root 11241100x8000000000000000259387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213471921c85e62e2023-02-08 09:42:23.485root 11241100x8000000000000000259386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c494dcd1f61ed92023-02-08 09:42:23.485root 11241100x8000000000000000259385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a72979e297ece4d2023-02-08 09:42:23.485root 11241100x8000000000000000259398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1709842370d1a7892023-02-08 09:42:23.486root 11241100x8000000000000000259397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716a95040ced0b8b2023-02-08 09:42:23.486root 11241100x8000000000000000259396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e90034c9fe71c42023-02-08 09:42:23.486root 11241100x8000000000000000259395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ede9f0833ad7622023-02-08 09:42:23.486root 11241100x8000000000000000259402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0182b742ebab8d2d2023-02-08 09:42:23.984root 11241100x8000000000000000259401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c242306f1322062023-02-08 09:42:23.984root 11241100x8000000000000000259400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94ecf02f51a1542023-02-08 09:42:23.984root 11241100x8000000000000000259399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ef4adca14f514a2023-02-08 09:42:23.984root 11241100x8000000000000000259413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa12b73f81ee6e5c2023-02-08 09:42:23.985root 11241100x8000000000000000259412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad72e01733109a552023-02-08 09:42:23.985root 11241100x8000000000000000259411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a563d8e89d459b352023-02-08 09:42:23.985root 11241100x8000000000000000259410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef33781a38594e562023-02-08 09:42:23.985root 11241100x8000000000000000259409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba293cf54f2530442023-02-08 09:42:23.985root 11241100x8000000000000000259408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f01cd787738ac92023-02-08 09:42:23.985root 11241100x8000000000000000259407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad86682567aad542023-02-08 09:42:23.985root 11241100x8000000000000000259406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93674abc361676f42023-02-08 09:42:23.985root 11241100x8000000000000000259405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36076a44034580df2023-02-08 09:42:23.985root 11241100x8000000000000000259404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341d2faa6141b3b2023-02-08 09:42:23.985root 11241100x8000000000000000259403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6e308544e516a82023-02-08 09:42:23.985root 11241100x8000000000000000259415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e951fdfcff41f5c12023-02-08 09:42:23.986root 11241100x8000000000000000259414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86588b3dfb62812023-02-08 09:42:23.986root 11241100x8000000000000000259419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0783aa1e3011182023-02-08 09:42:24.484root 11241100x8000000000000000259418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d9e81913e5dc32023-02-08 09:42:24.484root 11241100x8000000000000000259417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb118a55c5519462023-02-08 09:42:24.484root 11241100x8000000000000000259416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d458fc17bacc272023-02-08 09:42:24.484root 11241100x8000000000000000259430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6567765bcbaed92023-02-08 09:42:24.485root 11241100x8000000000000000259429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92362bbe6def2d482023-02-08 09:42:24.485root 11241100x8000000000000000259428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407fc35a8c27fc22023-02-08 09:42:24.485root 11241100x8000000000000000259427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d165619c43d405322023-02-08 09:42:24.485root 11241100x8000000000000000259426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c9304b821133fd2023-02-08 09:42:24.485root 11241100x8000000000000000259425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c5a4d6d126f3672023-02-08 09:42:24.485root 11241100x8000000000000000259424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22eccfe3984eaaf32023-02-08 09:42:24.485root 11241100x8000000000000000259423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a774303dfd65b422023-02-08 09:42:24.485root 11241100x8000000000000000259422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac129713315bfe12023-02-08 09:42:24.485root 11241100x8000000000000000259421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc16a1fe9633ae262023-02-08 09:42:24.485root 11241100x8000000000000000259420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e54da420a249b6c2023-02-08 09:42:24.485root 11241100x8000000000000000259432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa59c3c09ad76c62023-02-08 09:42:24.486root 11241100x8000000000000000259431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f039dcb074eec81b2023-02-08 09:42:24.486root 11241100x8000000000000000259438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702b94b8e45d988b2023-02-08 09:42:24.984root 11241100x8000000000000000259437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a95fbb29a80fa2023-02-08 09:42:24.984root 11241100x8000000000000000259436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593ada0af9d325a22023-02-08 09:42:24.984root 11241100x8000000000000000259435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9651fe574a833e2023-02-08 09:42:24.984root 11241100x8000000000000000259434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a34d1e915a6c892023-02-08 09:42:24.984root 11241100x8000000000000000259433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fa0fb5b78ec92e2023-02-08 09:42:24.984root 11241100x8000000000000000259449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6089e35c5dd3f102023-02-08 09:42:24.985root 11241100x8000000000000000259448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6cd5fd2d86631d2023-02-08 09:42:24.985root 11241100x8000000000000000259447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6cbeb2e7b8f1422023-02-08 09:42:24.985root 11241100x8000000000000000259446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fd6d01ecb1732b2023-02-08 09:42:24.985root 11241100x8000000000000000259445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52800556a4ca11b72023-02-08 09:42:24.985root 11241100x8000000000000000259444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda5308a8988aada2023-02-08 09:42:24.985root 11241100x8000000000000000259443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3b297754690d22023-02-08 09:42:24.985root 11241100x8000000000000000259442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bef9da2a95a40c2023-02-08 09:42:24.985root 11241100x8000000000000000259441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710ea17d2f142e72023-02-08 09:42:24.985root 11241100x8000000000000000259440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06d34d26852dae2023-02-08 09:42:24.985root 11241100x8000000000000000259439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277e43d17993c1e2023-02-08 09:42:24.985root 11241100x8000000000000000259457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b110d8278ae126b2023-02-08 09:42:25.484root 11241100x8000000000000000259456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359d1f6c270bd84a2023-02-08 09:42:25.484root 11241100x8000000000000000259455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a07c2e34d3ed572023-02-08 09:42:25.484root 11241100x8000000000000000259454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39c536d00979f262023-02-08 09:42:25.484root 11241100x8000000000000000259453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505c4e61e4cc8e92023-02-08 09:42:25.484root 11241100x8000000000000000259452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f42d509d86ebef2023-02-08 09:42:25.484root 11241100x8000000000000000259451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1e524849ba249d2023-02-08 09:42:25.484root 11241100x8000000000000000259450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d3c03adb3567612023-02-08 09:42:25.484root 11241100x8000000000000000259466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a432921b332d9be2023-02-08 09:42:25.485root 11241100x8000000000000000259465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220ccfca36d3a7bd2023-02-08 09:42:25.485root 11241100x8000000000000000259464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36fcf0cf9bd3b6a2023-02-08 09:42:25.485root 11241100x8000000000000000259463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0321cbcda7c493832023-02-08 09:42:25.485root 11241100x8000000000000000259462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc92cedeec3f4f72023-02-08 09:42:25.485root 11241100x8000000000000000259461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f3bc4be7b80fe2023-02-08 09:42:25.485root 11241100x8000000000000000259460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcf170f9beaef8e2023-02-08 09:42:25.485root 11241100x8000000000000000259459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76eda7c726c90d2023-02-08 09:42:25.485root 11241100x8000000000000000259458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7215e68b201f6f82023-02-08 09:42:25.485root 11241100x8000000000000000259467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e486d71be362d3032023-02-08 09:42:25.984root 11241100x8000000000000000259473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db05fc5801f4c6d42023-02-08 09:42:25.985root 11241100x8000000000000000259472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526fc1bc2bca5a912023-02-08 09:42:25.985root 11241100x8000000000000000259471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423ca42c1a23a032023-02-08 09:42:25.985root 11241100x8000000000000000259470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7ac8da1c0c747c2023-02-08 09:42:25.985root 11241100x8000000000000000259469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98362a25bc11f5d52023-02-08 09:42:25.985root 11241100x8000000000000000259468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d2411b65c8ed2d2023-02-08 09:42:25.985root 11241100x8000000000000000259480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c879b5e9cb7d76fd2023-02-08 09:42:25.987root 11241100x8000000000000000259479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e50d53d70bdb52023-02-08 09:42:25.987root 11241100x8000000000000000259478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7062538cf6c82af12023-02-08 09:42:25.987root 11241100x8000000000000000259477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14fd760fe6b8c6a2023-02-08 09:42:25.987root 11241100x8000000000000000259476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6107294296a97c312023-02-08 09:42:25.987root 11241100x8000000000000000259475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58ce5bf7e9bc5b62023-02-08 09:42:25.987root 11241100x8000000000000000259474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0827b89f03de48122023-02-08 09:42:25.987root 11241100x8000000000000000259485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636b0460e4d9f9a72023-02-08 09:42:25.988root 11241100x8000000000000000259484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7f95fdec296ae62023-02-08 09:42:25.988root 11241100x8000000000000000259483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dde505f517dcb42023-02-08 09:42:25.988root 11241100x8000000000000000259482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6eebfdeeb063d2023-02-08 09:42:25.988root 11241100x8000000000000000259481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b0a71c22235972023-02-08 09:42:25.988root 11241100x8000000000000000259491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb51cb47afd2b842023-02-08 09:42:26.484root 11241100x8000000000000000259490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fda8363548b98172023-02-08 09:42:26.484root 11241100x8000000000000000259489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76052c22b571922023-02-08 09:42:26.484root 11241100x8000000000000000259488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441c3f92aa566d152023-02-08 09:42:26.484root 11241100x8000000000000000259487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542847d829b11e42023-02-08 09:42:26.484root 11241100x8000000000000000259486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0468806025c57a92023-02-08 09:42:26.484root 11241100x8000000000000000259492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcb4eaaa5d182602023-02-08 09:42:26.485root 11241100x8000000000000000259495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452f3e05bf3b16922023-02-08 09:42:26.486root 11241100x8000000000000000259494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f06af027ed0392023-02-08 09:42:26.486root 11241100x8000000000000000259493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd04ebeeadb088462023-02-08 09:42:26.486root 11241100x8000000000000000259504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3829e2fa2e1303f82023-02-08 09:42:26.487root 11241100x8000000000000000259503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c645ae1c0dedbef2023-02-08 09:42:26.487root 11241100x8000000000000000259502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0d0e5cd4c471552023-02-08 09:42:26.487root 11241100x8000000000000000259501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722118b94cb660222023-02-08 09:42:26.487root 11241100x8000000000000000259500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a28f31372d15d7e2023-02-08 09:42:26.487root 11241100x8000000000000000259499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c1d6a9ec6738d2023-02-08 09:42:26.487root 11241100x8000000000000000259498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d894d3daaa77472023-02-08 09:42:26.487root 11241100x8000000000000000259497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfafc08cbe48f782023-02-08 09:42:26.487root 11241100x8000000000000000259496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b673e9bcb5d3a4162023-02-08 09:42:26.487root 11241100x8000000000000000259508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14c7ee87b418ec02023-02-08 09:42:26.984root 11241100x8000000000000000259507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda14eac7f5469342023-02-08 09:42:26.984root 11241100x8000000000000000259506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07ef5fdadc8efd2023-02-08 09:42:26.984root 11241100x8000000000000000259505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb683d675e9f4c2a2023-02-08 09:42:26.984root 11241100x8000000000000000259513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3db7ecdd6a9a7d2023-02-08 09:42:26.985root 11241100x8000000000000000259512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f84300e15f1c4652023-02-08 09:42:26.985root 11241100x8000000000000000259511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4990d5b2db3569e2023-02-08 09:42:26.985root 11241100x8000000000000000259510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad96d0262123f22023-02-08 09:42:26.985root 11241100x8000000000000000259509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d04e3ae0ca428f2023-02-08 09:42:26.985root 11241100x8000000000000000259521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3815f3dba5e6812023-02-08 09:42:26.986root 11241100x8000000000000000259520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ad3141bdf000a2023-02-08 09:42:26.986root 11241100x8000000000000000259519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f3f5dbce71aaf2023-02-08 09:42:26.986root 11241100x8000000000000000259518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3121418b4c4552023-02-08 09:42:26.986root 11241100x8000000000000000259517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e0f998b42c087f2023-02-08 09:42:26.986root 11241100x8000000000000000259516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebce065c965fa72023-02-08 09:42:26.986root 11241100x8000000000000000259515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d114b8ba86cf512023-02-08 09:42:26.986root 11241100x8000000000000000259514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e60e75792a77ef2023-02-08 09:42:26.986root 11241100x8000000000000000259522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd4dca97e5fa8e2023-02-08 09:42:27.484root 11241100x8000000000000000259535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be025db3e7636312023-02-08 09:42:27.485root 11241100x8000000000000000259534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e82efb5531f2f2023-02-08 09:42:27.485root 11241100x8000000000000000259533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3820a0fb0a2926b2023-02-08 09:42:27.485root 11241100x8000000000000000259532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8954081cbc8ec0592023-02-08 09:42:27.485root 11241100x8000000000000000259531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a80bd01aeaf6a2023-02-08 09:42:27.485root 11241100x8000000000000000259530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a3af98cc7617082023-02-08 09:42:27.485root 11241100x8000000000000000259529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dad833c14d184e02023-02-08 09:42:27.485root 11241100x8000000000000000259528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d1af401fd0898e2023-02-08 09:42:27.485root 11241100x8000000000000000259527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26fdd2136210f002023-02-08 09:42:27.485root 11241100x8000000000000000259526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e063dd47689bac92023-02-08 09:42:27.485root 11241100x8000000000000000259525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ffb73bfc7adafb2023-02-08 09:42:27.485root 11241100x8000000000000000259524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891eb16b7cf26d562023-02-08 09:42:27.485root 11241100x8000000000000000259523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2dacd411e33862023-02-08 09:42:27.485root 11241100x8000000000000000259538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc1751325765cd82023-02-08 09:42:27.486root 11241100x8000000000000000259537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f4fc01fb322bcc2023-02-08 09:42:27.486root 11241100x8000000000000000259536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1272e3d3070f33572023-02-08 09:42:27.486root 11241100x8000000000000000259540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4596e81b8a0cbb82023-02-08 09:42:27.984root 11241100x8000000000000000259539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d592d76df75bcc2023-02-08 09:42:27.984root 11241100x8000000000000000259549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15572dbcd5b4c19b2023-02-08 09:42:27.985root 11241100x8000000000000000259548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1345450a01375a282023-02-08 09:42:27.985root 11241100x8000000000000000259547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52ffa425d139dfd2023-02-08 09:42:27.985root 11241100x8000000000000000259546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09af90e10591996c2023-02-08 09:42:27.985root 11241100x8000000000000000259545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dca1e057238c572023-02-08 09:42:27.985root 11241100x8000000000000000259544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4dbbb73aa67082023-02-08 09:42:27.985root 11241100x8000000000000000259543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222cefbc078a9c6c2023-02-08 09:42:27.985root 11241100x8000000000000000259542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc64dfce2f28bd0e2023-02-08 09:42:27.985root 11241100x8000000000000000259541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96782cb69a8f1fc22023-02-08 09:42:27.985root 11241100x8000000000000000259555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91712ff6ca38819c2023-02-08 09:42:27.986root 11241100x8000000000000000259554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3c42b9ec3c7f392023-02-08 09:42:27.986root 11241100x8000000000000000259553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a490f675219003c2023-02-08 09:42:27.986root 11241100x8000000000000000259552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44981096fec73ee02023-02-08 09:42:27.986root 11241100x8000000000000000259551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977856b36c18b1fd2023-02-08 09:42:27.986root 11241100x8000000000000000259550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60971ec8636484002023-02-08 09:42:27.986root 354300x8000000000000000259556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.005{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53260-false10.0.1.12-8000- 11241100x8000000000000000259558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb1bd16cafc3012023-02-08 09:42:28.484root 11241100x8000000000000000259557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56d05ffa0494102023-02-08 09:42:28.484root 11241100x8000000000000000259560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd5fbd0c8259a82023-02-08 09:42:28.485root 11241100x8000000000000000259559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121ee0b57c78f7072023-02-08 09:42:28.485root 11241100x8000000000000000259570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a877be5f6a5bd582023-02-08 09:42:28.486root 11241100x8000000000000000259569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb7a896b03152e72023-02-08 09:42:28.486root 11241100x8000000000000000259568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420074c40f6ae33a2023-02-08 09:42:28.486root 11241100x8000000000000000259567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f10dab33f1eb0a2023-02-08 09:42:28.486root 11241100x8000000000000000259566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ab0fbb2b9cc8e82023-02-08 09:42:28.486root 11241100x8000000000000000259565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6381aa1806da9822023-02-08 09:42:28.486root 11241100x8000000000000000259564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e45939b59087b32023-02-08 09:42:28.486root 11241100x8000000000000000259563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601a87faf35d3382023-02-08 09:42:28.486root 11241100x8000000000000000259562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f5df2020c776972023-02-08 09:42:28.486root 11241100x8000000000000000259561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35215112651538062023-02-08 09:42:28.486root 11241100x8000000000000000259574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35b522c0ec77cfe2023-02-08 09:42:28.487root 11241100x8000000000000000259573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca63e3a40aef5802023-02-08 09:42:28.487root 11241100x8000000000000000259572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee12075cf5bcb52023-02-08 09:42:28.487root 11241100x8000000000000000259571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda5f352fa9a51b42023-02-08 09:42:28.487root 11241100x8000000000000000259578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a504b9a33aa2e42023-02-08 09:42:28.984root 11241100x8000000000000000259577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bb9e09426361e82023-02-08 09:42:28.984root 11241100x8000000000000000259576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5b7ec9ce5d5eef2023-02-08 09:42:28.984root 11241100x8000000000000000259575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffc5c150ecc02b2023-02-08 09:42:28.984root 11241100x8000000000000000259584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ae9d390b0c2c1f2023-02-08 09:42:28.985root 11241100x8000000000000000259583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d8cb745244d7dc2023-02-08 09:42:28.985root 11241100x8000000000000000259582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f2c1cb24ad4acd2023-02-08 09:42:28.985root 11241100x8000000000000000259581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e395d92d46f7e2023-02-08 09:42:28.985root 11241100x8000000000000000259580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73b5720383cb3b2023-02-08 09:42:28.985root 11241100x8000000000000000259579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a78a8c0324abb2023-02-08 09:42:28.985root 11241100x8000000000000000259595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689137b1ef00dc62023-02-08 09:42:28.986root 11241100x8000000000000000259594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9420ac3dd6fdb6a2023-02-08 09:42:28.986root 11241100x8000000000000000259593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6543d2a44fa777b2023-02-08 09:42:28.986root 11241100x8000000000000000259592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14dabeaa9239ec2023-02-08 09:42:28.986root 11241100x8000000000000000259591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9359436a494a78592023-02-08 09:42:28.986root 11241100x8000000000000000259590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108f7ebd49e87652023-02-08 09:42:28.986root 11241100x8000000000000000259589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af77d01e2f2a56c2023-02-08 09:42:28.986root 11241100x8000000000000000259588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd39eb9eeed3d1102023-02-08 09:42:28.986root 11241100x8000000000000000259587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf4eb47315cb0df2023-02-08 09:42:28.986root 11241100x8000000000000000259586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dc2b9595516fa52023-02-08 09:42:28.986root 11241100x8000000000000000259585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509943eb710fbe772023-02-08 09:42:28.986root 11241100x8000000000000000259604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0108bc83e64e5ae2023-02-08 09:42:29.484root 11241100x8000000000000000259603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee6f91578356c12023-02-08 09:42:29.484root 11241100x8000000000000000259602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccc7e001e713c222023-02-08 09:42:29.484root 11241100x8000000000000000259601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc249a206e6d7422023-02-08 09:42:29.484root 11241100x8000000000000000259600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319658c750b2ea5a2023-02-08 09:42:29.484root 11241100x8000000000000000259599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a8a3b8f0fde962023-02-08 09:42:29.484root 11241100x8000000000000000259598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1737cc53565950942023-02-08 09:42:29.484root 11241100x8000000000000000259597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617750c342aad4f32023-02-08 09:42:29.484root 11241100x8000000000000000259596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b175fd6575e88af2023-02-08 09:42:29.484root 11241100x8000000000000000259613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6274b32761eaa22b2023-02-08 09:42:29.485root 11241100x8000000000000000259612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f53c182acdc1e2023-02-08 09:42:29.485root 11241100x8000000000000000259611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08683e65fcddb3bb2023-02-08 09:42:29.485root 11241100x8000000000000000259610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d48a753c1ab9d52023-02-08 09:42:29.485root 11241100x8000000000000000259609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f4c49a664a5472023-02-08 09:42:29.485root 11241100x8000000000000000259608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a0dec0e2668d52023-02-08 09:42:29.485root 11241100x8000000000000000259607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5015511c5cbf0bab2023-02-08 09:42:29.485root 11241100x8000000000000000259606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a1fc04de431672023-02-08 09:42:29.485root 11241100x8000000000000000259605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92913ed61f4762672023-02-08 09:42:29.485root 11241100x8000000000000000259616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4657a2480a7d6b2023-02-08 09:42:29.984root 11241100x8000000000000000259615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9d315712a8cd9b2023-02-08 09:42:29.984root 11241100x8000000000000000259614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f66d011ae62f22023-02-08 09:42:29.984root 11241100x8000000000000000259630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb6959864708a302023-02-08 09:42:29.985root 11241100x8000000000000000259629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0542285c754892023-02-08 09:42:29.985root 11241100x8000000000000000259628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4393f960140ef702023-02-08 09:42:29.985root 11241100x8000000000000000259627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6693b44ee953ad2023-02-08 09:42:29.985root 11241100x8000000000000000259626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143639603668d7d12023-02-08 09:42:29.985root 11241100x8000000000000000259625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc671cdb6c4cb742023-02-08 09:42:29.985root 11241100x8000000000000000259624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfae9c6a1b402bdf2023-02-08 09:42:29.985root 11241100x8000000000000000259623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81496a330fe71d5e2023-02-08 09:42:29.985root 11241100x8000000000000000259622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd26d06875c4b9332023-02-08 09:42:29.985root 11241100x8000000000000000259621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92c991d15493152023-02-08 09:42:29.985root 11241100x8000000000000000259620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de945f3988d62ae42023-02-08 09:42:29.985root 11241100x8000000000000000259619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07933e335de1922023-02-08 09:42:29.985root 11241100x8000000000000000259618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507543dbe4bac3f42023-02-08 09:42:29.985root 11241100x8000000000000000259617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be38f21ea3e85fbe2023-02-08 09:42:29.985root 11241100x8000000000000000259631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2df842cc6b954362023-02-08 09:42:29.986root 11241100x8000000000000000259639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f6fb7f8460c412023-02-08 09:42:30.484root 11241100x8000000000000000259638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59a437ee6024f332023-02-08 09:42:30.484root 11241100x8000000000000000259637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba14a4863c38185f2023-02-08 09:42:30.484root 11241100x8000000000000000259636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b767a56d5798f2023-02-08 09:42:30.484root 11241100x8000000000000000259635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17ee3110a335e52023-02-08 09:42:30.484root 11241100x8000000000000000259634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba64bd54afa59d2023-02-08 09:42:30.484root 11241100x8000000000000000259633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6780b9a44e4e12023-02-08 09:42:30.484root 11241100x8000000000000000259632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26664c9afcdc3bf2023-02-08 09:42:30.484root 11241100x8000000000000000259649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962288bf4e414f022023-02-08 09:42:30.485root 11241100x8000000000000000259648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31de02aa2ec7bfe92023-02-08 09:42:30.485root 11241100x8000000000000000259647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464c47324f32f6df2023-02-08 09:42:30.485root 11241100x8000000000000000259646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540ee31cef2a16ff2023-02-08 09:42:30.485root 11241100x8000000000000000259645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adad941b97eab662023-02-08 09:42:30.485root 11241100x8000000000000000259644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a856f4d68c66029d2023-02-08 09:42:30.485root 11241100x8000000000000000259643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1416dbd2600a152023-02-08 09:42:30.485root 11241100x8000000000000000259642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0de463f4c6515a72023-02-08 09:42:30.485root 11241100x8000000000000000259641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5623569f790c542023-02-08 09:42:30.485root 11241100x8000000000000000259640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c259a50872f08ed2023-02-08 09:42:30.485root 11241100x8000000000000000259654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e57dcc54e4a922023-02-08 09:42:30.984root 11241100x8000000000000000259653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f1130ee2fe6e02023-02-08 09:42:30.984root 11241100x8000000000000000259652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b51917a1d797a22023-02-08 09:42:30.984root 11241100x8000000000000000259651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e5c847cbe0bdc2023-02-08 09:42:30.984root 11241100x8000000000000000259650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4714f5599cc573372023-02-08 09:42:30.984root 11241100x8000000000000000259662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd88f852f24150662023-02-08 09:42:30.985root 11241100x8000000000000000259661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef3a6949bc659a2023-02-08 09:42:30.985root 11241100x8000000000000000259660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04eae302e76e1b2023-02-08 09:42:30.985root 11241100x8000000000000000259659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c7244d4485c1672023-02-08 09:42:30.985root 11241100x8000000000000000259658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c12bf643ce9db2023-02-08 09:42:30.985root 11241100x8000000000000000259657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc02e362150ad952023-02-08 09:42:30.985root 11241100x8000000000000000259656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef74177e4253d5f2023-02-08 09:42:30.985root 11241100x8000000000000000259655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f12034d51b2482023-02-08 09:42:30.985root 11241100x8000000000000000259667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f0e1a105ff9252023-02-08 09:42:30.986root 11241100x8000000000000000259666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f865f94ef52193cc2023-02-08 09:42:30.986root 11241100x8000000000000000259665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603b2b36e23cb7ad2023-02-08 09:42:30.986root 11241100x8000000000000000259664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfea7dda5f971f42023-02-08 09:42:30.986root 11241100x8000000000000000259663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba5934d4206c1242023-02-08 09:42:30.986root 11241100x8000000000000000259669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d840ea207eb14a2023-02-08 09:42:31.484root 11241100x8000000000000000259668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5ed97f28e4074d2023-02-08 09:42:31.484root 11241100x8000000000000000259675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d5f14558eac8c2023-02-08 09:42:31.485root 11241100x8000000000000000259674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b134f9775a429fd2023-02-08 09:42:31.485root 11241100x8000000000000000259673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb8d47ce953d0512023-02-08 09:42:31.485root 11241100x8000000000000000259672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ad7c2dfb2dd6812023-02-08 09:42:31.485root 11241100x8000000000000000259671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88540f84a057ed312023-02-08 09:42:31.485root 11241100x8000000000000000259670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793934c6472931102023-02-08 09:42:31.485root 11241100x8000000000000000259682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed81a8dfa57b0872023-02-08 09:42:31.486root 11241100x8000000000000000259681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa017028fa55712023-02-08 09:42:31.486root 11241100x8000000000000000259680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b47a0b10e082602023-02-08 09:42:31.486root 11241100x8000000000000000259679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041ec20060b91532023-02-08 09:42:31.486root 11241100x8000000000000000259678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd6a5bfd4005f6c2023-02-08 09:42:31.486root 11241100x8000000000000000259677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea35e5b10cab8e962023-02-08 09:42:31.486root 11241100x8000000000000000259676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664731a0b2bc16522023-02-08 09:42:31.486root 11241100x8000000000000000259685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b74d0e709c57fb22023-02-08 09:42:31.487root 11241100x8000000000000000259684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a7ca37a88d93e52023-02-08 09:42:31.487root 11241100x8000000000000000259683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef56dee0c696e5d2023-02-08 09:42:31.487root 11241100x8000000000000000259687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5369177035f4750b2023-02-08 09:42:31.984root 11241100x8000000000000000259686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08b748bb3c1a1892023-02-08 09:42:31.984root 11241100x8000000000000000259694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2538bdd8d31f992023-02-08 09:42:31.985root 11241100x8000000000000000259693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fdece67ba3875f2023-02-08 09:42:31.985root 11241100x8000000000000000259692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d513427503a758ed2023-02-08 09:42:31.985root 11241100x8000000000000000259691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6198462e9666e83e2023-02-08 09:42:31.985root 11241100x8000000000000000259690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ffd4768eebb3102023-02-08 09:42:31.985root 11241100x8000000000000000259689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49944c2d217b4c7a2023-02-08 09:42:31.985root 11241100x8000000000000000259688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f353bb4aeda6c2023-02-08 09:42:31.985root 11241100x8000000000000000259702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d583f6acc8bf8f952023-02-08 09:42:31.986root 11241100x8000000000000000259701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1641aacdc2cf9d2023-02-08 09:42:31.986root 11241100x8000000000000000259700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39511e7826a38a042023-02-08 09:42:31.986root 11241100x8000000000000000259699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fb0d0b1cc3ac342023-02-08 09:42:31.986root 11241100x8000000000000000259698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb47de3f2cf13ab2023-02-08 09:42:31.986root 11241100x8000000000000000259697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7cec95a57e81b12023-02-08 09:42:31.986root 11241100x8000000000000000259696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332d16f9aa73807b2023-02-08 09:42:31.986root 11241100x8000000000000000259695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d029b56325000a902023-02-08 09:42:31.986root 11241100x8000000000000000259703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1e60ce7eb05312023-02-08 09:42:31.987root 11241100x8000000000000000259711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d54de49689b1312023-02-08 09:42:32.484root 11241100x8000000000000000259710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959e0e5c32d1a502023-02-08 09:42:32.484root 11241100x8000000000000000259709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5933fd249f14b3892023-02-08 09:42:32.484root 11241100x8000000000000000259708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa2c4ee612fe732023-02-08 09:42:32.484root 11241100x8000000000000000259707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f20bb4ec23554532023-02-08 09:42:32.484root 11241100x8000000000000000259706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6334c82f9d7fee1a2023-02-08 09:42:32.484root 11241100x8000000000000000259705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c36bc6560191ba2023-02-08 09:42:32.484root 11241100x8000000000000000259704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54581402b28e01b62023-02-08 09:42:32.484root 11241100x8000000000000000259720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a0d0265401959b2023-02-08 09:42:32.485root 11241100x8000000000000000259719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aa71dd944a6b972023-02-08 09:42:32.485root 11241100x8000000000000000259718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a89ffb1562ab412023-02-08 09:42:32.485root 11241100x8000000000000000259717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334ae529b4e623d22023-02-08 09:42:32.485root 11241100x8000000000000000259716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33dad1bfafa54872023-02-08 09:42:32.485root 11241100x8000000000000000259715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb5ed8ddd958a5f2023-02-08 09:42:32.485root 11241100x8000000000000000259714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1046beaaa5f6d6102023-02-08 09:42:32.485root 11241100x8000000000000000259713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5aef97c2f109a92023-02-08 09:42:32.485root 11241100x8000000000000000259712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815dbe9d79e300fd2023-02-08 09:42:32.485root 11241100x8000000000000000259721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7712a400e8492b2023-02-08 09:42:32.486root 11241100x8000000000000000259723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab646779541d0c512023-02-08 09:42:32.984root 11241100x8000000000000000259722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baadc27cffdebef22023-02-08 09:42:32.984root 11241100x8000000000000000259732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a09e8c8d59501d2023-02-08 09:42:32.985root 11241100x8000000000000000259731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e15c1c36839d3d02023-02-08 09:42:32.985root 11241100x8000000000000000259730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedb2e73e3dc03342023-02-08 09:42:32.985root 11241100x8000000000000000259729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5ff42f2e6a2d02023-02-08 09:42:32.985root 11241100x8000000000000000259728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e27fd6da579cf12023-02-08 09:42:32.985root 11241100x8000000000000000259727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae60b2df27c6ba02023-02-08 09:42:32.985root 11241100x8000000000000000259726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1916acf7c5af0a42023-02-08 09:42:32.985root 11241100x8000000000000000259725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900165b38487be332023-02-08 09:42:32.985root 11241100x8000000000000000259724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd793d687a7621f2023-02-08 09:42:32.985root 11241100x8000000000000000259739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3cd0384d4cceaf2023-02-08 09:42:32.986root 11241100x8000000000000000259738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc24fd331f032572023-02-08 09:42:32.986root 11241100x8000000000000000259737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb20a8054bd67dc2023-02-08 09:42:32.986root 11241100x8000000000000000259736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf5fe54a7ac3ee2023-02-08 09:42:32.986root 11241100x8000000000000000259735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fd9456ebf3bc062023-02-08 09:42:32.986root 11241100x8000000000000000259734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89af0b2907d3b82023-02-08 09:42:32.986root 11241100x8000000000000000259733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410dbf565df9133f2023-02-08 09:42:32.986root 354300x8000000000000000259740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.084{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53264-false10.0.1.12-8000- 11241100x8000000000000000259743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c7071a41a4e9362023-02-08 09:42:33.484root 11241100x8000000000000000259742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a66ea27f488c7c2023-02-08 09:42:33.484root 11241100x8000000000000000259741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc13fd57445fa9492023-02-08 09:42:33.484root 11241100x8000000000000000259751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd74744657567cc62023-02-08 09:42:33.485root 11241100x8000000000000000259750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee16eb7767cca5c2023-02-08 09:42:33.485root 11241100x8000000000000000259749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d29df2a4076ae42023-02-08 09:42:33.485root 11241100x8000000000000000259748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14909c8d76e9692023-02-08 09:42:33.485root 11241100x8000000000000000259747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52a76286c752aa52023-02-08 09:42:33.485root 11241100x8000000000000000259746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573fb277d10438a2023-02-08 09:42:33.485root 11241100x8000000000000000259745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291030f4b22d59722023-02-08 09:42:33.485root 11241100x8000000000000000259744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644d208aedc690432023-02-08 09:42:33.485root 11241100x8000000000000000259758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb955a50015c4b312023-02-08 09:42:33.486root 11241100x8000000000000000259757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e9b80f841184e72023-02-08 09:42:33.486root 11241100x8000000000000000259756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aa1349906d34ec2023-02-08 09:42:33.486root 11241100x8000000000000000259755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f008ba32221d52023-02-08 09:42:33.486root 11241100x8000000000000000259754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350c2f75e76551ee2023-02-08 09:42:33.486root 11241100x8000000000000000259753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0871fd9284daba002023-02-08 09:42:33.486root 11241100x8000000000000000259752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddedbc626f6dfbcc2023-02-08 09:42:33.486root 11241100x8000000000000000259759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005312b4f8753b072023-02-08 09:42:33.487root 11241100x8000000000000000259761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73a349451bf99092023-02-08 09:42:33.984root 11241100x8000000000000000259760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27d8fc30695dfc22023-02-08 09:42:33.984root 11241100x8000000000000000259768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e98997d32b7632023-02-08 09:42:33.985root 11241100x8000000000000000259767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78d2a7d7ab935352023-02-08 09:42:33.985root 11241100x8000000000000000259766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5b024b32b47a212023-02-08 09:42:33.985root 11241100x8000000000000000259765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37617dfdf77d8b5d2023-02-08 09:42:33.985root 11241100x8000000000000000259764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88037914e765812d2023-02-08 09:42:33.985root 11241100x8000000000000000259763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018f9c99b524e5812023-02-08 09:42:33.985root 11241100x8000000000000000259762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fb02b412d152912023-02-08 09:42:33.985root 11241100x8000000000000000259771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6107fdce663292023-02-08 09:42:33.986root 11241100x8000000000000000259770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef90ccf8f6acd5e82023-02-08 09:42:33.986root 11241100x8000000000000000259769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba783339c79e72102023-02-08 09:42:33.986root 11241100x8000000000000000259778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f46275b58e6372023-02-08 09:42:33.987root 11241100x8000000000000000259777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a3a910044e46a2023-02-08 09:42:33.987root 11241100x8000000000000000259776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f850d7f64a4ef912023-02-08 09:42:33.987root 11241100x8000000000000000259775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146b9a3ed87f90822023-02-08 09:42:33.987root 11241100x8000000000000000259774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5bfca9138945b32023-02-08 09:42:33.987root 11241100x8000000000000000259773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180e101888731de82023-02-08 09:42:33.987root 11241100x8000000000000000259772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d9ac8e4402b0222023-02-08 09:42:33.987root 11241100x8000000000000000259779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293d8551a4e46552023-02-08 09:42:34.484root 11241100x8000000000000000259788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f72c83df72e0e9f2023-02-08 09:42:34.485root 11241100x8000000000000000259787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a22906b8d4baa32023-02-08 09:42:34.485root 11241100x8000000000000000259786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be4b71ec6a19a32023-02-08 09:42:34.485root 11241100x8000000000000000259785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c52a01c23cb9aba2023-02-08 09:42:34.485root 11241100x8000000000000000259784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13c058e8b9ef162023-02-08 09:42:34.485root 11241100x8000000000000000259783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f813fe51a43fcc2023-02-08 09:42:34.485root 11241100x8000000000000000259782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d4ed11b39ce602023-02-08 09:42:34.485root 11241100x8000000000000000259781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aade5a24ceca922023-02-08 09:42:34.485root 11241100x8000000000000000259780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650676eec3c77fad2023-02-08 09:42:34.485root 11241100x8000000000000000259795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8367a8e331e20d742023-02-08 09:42:34.486root 11241100x8000000000000000259794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377aedebd97e90a2023-02-08 09:42:34.486root 11241100x8000000000000000259793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4aafa166c58e792023-02-08 09:42:34.486root 11241100x8000000000000000259792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02803ee3986026882023-02-08 09:42:34.486root 11241100x8000000000000000259791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d079b56b273d70d2023-02-08 09:42:34.486root 11241100x8000000000000000259790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97fdc0752a6b172023-02-08 09:42:34.486root 11241100x8000000000000000259789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffb09bd4c427b7b2023-02-08 09:42:34.486root 11241100x8000000000000000259797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95b7aff1c6544b02023-02-08 09:42:34.487root 11241100x8000000000000000259796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a72b92d50af8992023-02-08 09:42:34.487root 11241100x8000000000000000259798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc994ea27fb2d2582023-02-08 09:42:34.984root 11241100x8000000000000000259807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540b46f2fb1ea20f2023-02-08 09:42:34.985root 11241100x8000000000000000259806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d781f663efab8962023-02-08 09:42:34.985root 11241100x8000000000000000259805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b06bb936ea632a2023-02-08 09:42:34.985root 11241100x8000000000000000259804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da4f71d52ccc7822023-02-08 09:42:34.985root 11241100x8000000000000000259803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ab3a721cae20372023-02-08 09:42:34.985root 11241100x8000000000000000259802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ebb06728b2c3e62023-02-08 09:42:34.985root 11241100x8000000000000000259801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0429c2d72693e32023-02-08 09:42:34.985root 11241100x8000000000000000259800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f75619dd295b4db2023-02-08 09:42:34.985root 11241100x8000000000000000259799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d1cf278906ea5e2023-02-08 09:42:34.985root 11241100x8000000000000000259816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d28e308930234e2023-02-08 09:42:34.986root 11241100x8000000000000000259815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98681bc45fbfed2023-02-08 09:42:34.986root 11241100x8000000000000000259814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe1f5329308f2b72023-02-08 09:42:34.986root 11241100x8000000000000000259813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e14b8dd1c814522023-02-08 09:42:34.986root 11241100x8000000000000000259812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034d753016fed30f2023-02-08 09:42:34.986root 11241100x8000000000000000259811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c91dc04c121b2e2023-02-08 09:42:34.986root 11241100x8000000000000000259810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac28f5b84778da2023-02-08 09:42:34.986root 11241100x8000000000000000259809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60c6e046e6903572023-02-08 09:42:34.986root 11241100x8000000000000000259808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c353524ffc556322023-02-08 09:42:34.986root 11241100x8000000000000000259818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571d148aec3582c22023-02-08 09:42:35.484root 11241100x8000000000000000259817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83faa8bf39bad02023-02-08 09:42:35.484root 11241100x8000000000000000259829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1f164127ed20542023-02-08 09:42:35.485root 11241100x8000000000000000259828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb9a5fb83728bb92023-02-08 09:42:35.485root 11241100x8000000000000000259827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb8a4664b0ce13c2023-02-08 09:42:35.485root 11241100x8000000000000000259826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97d51649e5db8e42023-02-08 09:42:35.485root 11241100x8000000000000000259825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507049d14332a512023-02-08 09:42:35.485root 11241100x8000000000000000259824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a22a144d401cf02023-02-08 09:42:35.485root 11241100x8000000000000000259823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f555abd05001022023-02-08 09:42:35.485root 11241100x8000000000000000259822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90847df5c0936bc52023-02-08 09:42:35.485root 11241100x8000000000000000259821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d78b0a535e2d4f2023-02-08 09:42:35.485root 11241100x8000000000000000259820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c9976299194552023-02-08 09:42:35.485root 11241100x8000000000000000259819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56b030c70b2f4b2023-02-08 09:42:35.485root 11241100x8000000000000000259835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f4093d720b4e782023-02-08 09:42:35.486root 11241100x8000000000000000259834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3443b6bae988dc02023-02-08 09:42:35.486root 11241100x8000000000000000259833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6de8a97ec6093272023-02-08 09:42:35.486root 11241100x8000000000000000259832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915c2c4525f4cc82023-02-08 09:42:35.486root 11241100x8000000000000000259831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5195dec692dc252023-02-08 09:42:35.486root 11241100x8000000000000000259830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc8bd40b70729122023-02-08 09:42:35.486root 11241100x8000000000000000259840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6f06e515dff162023-02-08 09:42:35.984root 11241100x8000000000000000259839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c10965427de39272023-02-08 09:42:35.984root 11241100x8000000000000000259838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d026639a628921182023-02-08 09:42:35.984root 11241100x8000000000000000259837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba680e2ef64756a2023-02-08 09:42:35.984root 11241100x8000000000000000259836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80eacdf46a505ce2023-02-08 09:42:35.984root 11241100x8000000000000000259847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1044c864ca902c72023-02-08 09:42:35.985root 11241100x8000000000000000259846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeebe86ca50133b02023-02-08 09:42:35.985root 11241100x8000000000000000259845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ea4de97cb97bef2023-02-08 09:42:35.985root 11241100x8000000000000000259844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18553e7d59e37fc42023-02-08 09:42:35.985root 11241100x8000000000000000259843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86660b5e0fdbde02023-02-08 09:42:35.985root 11241100x8000000000000000259842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a95212c95daf8cb2023-02-08 09:42:35.985root 11241100x8000000000000000259841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9606347c48552f2023-02-08 09:42:35.985root 11241100x8000000000000000259854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad357832d50c25572023-02-08 09:42:35.986root 11241100x8000000000000000259853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cada444871ae3dc62023-02-08 09:42:35.986root 11241100x8000000000000000259852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4841f63e37d2889d2023-02-08 09:42:35.986root 11241100x8000000000000000259851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456b50a23d478b5d2023-02-08 09:42:35.986root 11241100x8000000000000000259850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c286944356e0fed2023-02-08 09:42:35.986root 11241100x8000000000000000259849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825cdd6a76affde02023-02-08 09:42:35.986root 11241100x8000000000000000259848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff01345193354472023-02-08 09:42:35.986root 11241100x8000000000000000259855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:42:36.364root 11241100x8000000000000000259861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d390d02f06c65082023-02-08 09:42:36.365root 11241100x8000000000000000259860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07a745eaa821a342023-02-08 09:42:36.365root 11241100x8000000000000000259859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37af7bb036030d22023-02-08 09:42:36.365root 11241100x8000000000000000259858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8144e8a9969cb002023-02-08 09:42:36.365root 11241100x8000000000000000259857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfbf8d20769fc202023-02-08 09:42:36.365root 11241100x8000000000000000259856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04b82245ad9f582023-02-08 09:42:36.365root 11241100x8000000000000000259868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec303502f3946c812023-02-08 09:42:36.366root 11241100x8000000000000000259867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe59b274de93d70e2023-02-08 09:42:36.366root 11241100x8000000000000000259866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af3fe4eaf4811682023-02-08 09:42:36.366root 11241100x8000000000000000259865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385219c0ce9c0a512023-02-08 09:42:36.366root 11241100x8000000000000000259864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1e45c68ba7b81a2023-02-08 09:42:36.366root 11241100x8000000000000000259863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520607d788dda82c2023-02-08 09:42:36.366root 11241100x8000000000000000259862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f6990a26a65b452023-02-08 09:42:36.366root 11241100x8000000000000000259875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4600febf566bc2b82023-02-08 09:42:36.367root 11241100x8000000000000000259874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d07ade507804232023-02-08 09:42:36.367root 11241100x8000000000000000259873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865b49b63a7a6522023-02-08 09:42:36.367root 11241100x8000000000000000259872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4293d3a4648560a62023-02-08 09:42:36.367root 11241100x8000000000000000259871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5efbb94e18a84322023-02-08 09:42:36.367root 11241100x8000000000000000259870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dd80fb2b6c5a952023-02-08 09:42:36.367root 11241100x8000000000000000259869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d10127169cba432023-02-08 09:42:36.367root 11241100x8000000000000000259879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4e6bfa3c7fe4092023-02-08 09:42:36.368root 11241100x8000000000000000259878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485fb3e6aee05d32023-02-08 09:42:36.368root 11241100x8000000000000000259877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa6301d703f3eb82023-02-08 09:42:36.368root 11241100x8000000000000000259876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f92f394ebb53bb72023-02-08 09:42:36.368root 11241100x8000000000000000259881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68db3bffdbaf42472023-02-08 09:42:36.734root 11241100x8000000000000000259880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a749e0c54a9f29e2023-02-08 09:42:36.734root 11241100x8000000000000000259891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e8059fc8713072023-02-08 09:42:36.735root 11241100x8000000000000000259890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d466b9d79dc669bf2023-02-08 09:42:36.735root 11241100x8000000000000000259889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7c50c07220f4ca2023-02-08 09:42:36.735root 11241100x8000000000000000259888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2272ee6be95b42023-02-08 09:42:36.735root 11241100x8000000000000000259887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb5a20a7594efc22023-02-08 09:42:36.735root 11241100x8000000000000000259886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae026ba379a8b52023-02-08 09:42:36.735root 11241100x8000000000000000259885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d0e21a10401c82023-02-08 09:42:36.735root 11241100x8000000000000000259884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb333eb2445ca31c2023-02-08 09:42:36.735root 11241100x8000000000000000259883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a9dacc13376dcc2023-02-08 09:42:36.735root 11241100x8000000000000000259882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7f4bfc04b44acc2023-02-08 09:42:36.735root 11241100x8000000000000000259899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9645c4b6fec4ffc2023-02-08 09:42:36.736root 11241100x8000000000000000259898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b2a82c545b36bb2023-02-08 09:42:36.736root 11241100x8000000000000000259897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9f37ebcae2bfbe2023-02-08 09:42:36.736root 11241100x8000000000000000259896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ed5a79f6b19e142023-02-08 09:42:36.736root 11241100x8000000000000000259895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47da58db264706c12023-02-08 09:42:36.736root 11241100x8000000000000000259894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6b08654a668ef12023-02-08 09:42:36.736root 11241100x8000000000000000259893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11354e9cab41c95e2023-02-08 09:42:36.736root 11241100x8000000000000000259892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfac16a1767f9f42023-02-08 09:42:36.736root 11241100x8000000000000000259900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9895bcb1da76976c2023-02-08 09:42:37.234root 11241100x8000000000000000259908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ae252ab32bb4542023-02-08 09:42:37.235root 11241100x8000000000000000259907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3af135a113c7c82023-02-08 09:42:37.235root 11241100x8000000000000000259906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876010517a197b562023-02-08 09:42:37.235root 11241100x8000000000000000259905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2816d868f88a427e2023-02-08 09:42:37.235root 11241100x8000000000000000259904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299058824652bce2023-02-08 09:42:37.235root 11241100x8000000000000000259903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b715280a398c452023-02-08 09:42:37.235root 11241100x8000000000000000259902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15371f6946ae744f2023-02-08 09:42:37.235root 11241100x8000000000000000259901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddee744b90a68d2023-02-08 09:42:37.235root 11241100x8000000000000000259919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c86f85d8f2e2ea2023-02-08 09:42:37.236root 11241100x8000000000000000259918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7567e0c3edaa622023-02-08 09:42:37.236root 11241100x8000000000000000259917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc533f50d2427e32023-02-08 09:42:37.236root 11241100x8000000000000000259916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be7e37fc374f5cf2023-02-08 09:42:37.236root 11241100x8000000000000000259915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d18788a0da13cd2023-02-08 09:42:37.236root 11241100x8000000000000000259914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040963329f43bfd72023-02-08 09:42:37.236root 11241100x8000000000000000259913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45717904e7279cfa2023-02-08 09:42:37.236root 11241100x8000000000000000259912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c125b5268752f1942023-02-08 09:42:37.236root 11241100x8000000000000000259911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c87bb48499832422023-02-08 09:42:37.236root 11241100x8000000000000000259910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965d950fb285cb62023-02-08 09:42:37.236root 11241100x8000000000000000259909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e5383abda2994a2023-02-08 09:42:37.236root 11241100x8000000000000000259920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1afbcb7a4e872ee2023-02-08 09:42:37.734root 11241100x8000000000000000259935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500a28b94fac9d12023-02-08 09:42:37.735root 11241100x8000000000000000259934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d9cb5422be2662023-02-08 09:42:37.735root 11241100x8000000000000000259933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85e5985e1ef5c72023-02-08 09:42:37.735root 11241100x8000000000000000259932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f54687cbf66cd92023-02-08 09:42:37.735root 11241100x8000000000000000259931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70456480f7628f372023-02-08 09:42:37.735root 11241100x8000000000000000259930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b1d6d5b82d78452023-02-08 09:42:37.735root 11241100x8000000000000000259929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88fbe34965018412023-02-08 09:42:37.735root 11241100x8000000000000000259928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a112ee2ab386ad432023-02-08 09:42:37.735root 11241100x8000000000000000259927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaa6f6c327012fe2023-02-08 09:42:37.735root 11241100x8000000000000000259926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b78c67efe99d6332023-02-08 09:42:37.735root 11241100x8000000000000000259925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9bee2986a3a2862023-02-08 09:42:37.735root 11241100x8000000000000000259924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ece8479eef1e7b2023-02-08 09:42:37.735root 11241100x8000000000000000259923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c444ba5545cfeed2023-02-08 09:42:37.735root 11241100x8000000000000000259922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac67315b58e1b912023-02-08 09:42:37.735root 11241100x8000000000000000259921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b04b1d1153959ab2023-02-08 09:42:37.735root 11241100x8000000000000000259939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784ff02fc8b73d52023-02-08 09:42:37.736root 11241100x8000000000000000259938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf842f44f63ebc22023-02-08 09:42:37.736root 11241100x8000000000000000259937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09398bd8e1e954382023-02-08 09:42:37.736root 11241100x8000000000000000259936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d87084f28f3bbee2023-02-08 09:42:37.736root 11241100x8000000000000000259942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5ef2de8420254d2023-02-08 09:42:38.089root 11241100x8000000000000000259941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf3d7d1244228f62023-02-08 09:42:38.089root 354300x8000000000000000259940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.089{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36694-false10.0.1.12-8000- 11241100x8000000000000000259949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57052b313df6c47b2023-02-08 09:42:38.090root 11241100x8000000000000000259948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9552ccc22dea6b2023-02-08 09:42:38.090root 11241100x8000000000000000259947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200128cba949e512023-02-08 09:42:38.090root 11241100x8000000000000000259946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f270ba4bca3692023-02-08 09:42:38.090root 11241100x8000000000000000259945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b7728a8cfbedf22023-02-08 09:42:38.090root 11241100x8000000000000000259944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd3cca681240d892023-02-08 09:42:38.090root 11241100x8000000000000000259943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.090{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a9e0f720012642023-02-08 09:42:38.090root 11241100x8000000000000000259952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56cc70ff97ac6e2023-02-08 09:42:38.091root 11241100x8000000000000000259951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabd1fa06b70a5102023-02-08 09:42:38.091root 11241100x8000000000000000259950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.091{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3965dc534dffd6ef2023-02-08 09:42:38.091root 11241100x8000000000000000259956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2041ae6b1065935b2023-02-08 09:42:38.092root 11241100x8000000000000000259955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8ddc032cc0a8922023-02-08 09:42:38.092root 11241100x8000000000000000259954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b7fa09e492f2b52023-02-08 09:42:38.092root 11241100x8000000000000000259953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.092{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddee129fd21a49a2023-02-08 09:42:38.092root 11241100x8000000000000000259960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61635a1d4a9669dc2023-02-08 09:42:38.093root 11241100x8000000000000000259959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1c573951c7106e2023-02-08 09:42:38.093root 11241100x8000000000000000259958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda0a990fd522cbf2023-02-08 09:42:38.093root 11241100x8000000000000000259957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.093{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96437cf1aa01e7c52023-02-08 09:42:38.093root 11241100x8000000000000000259963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffd1631c20c8d892023-02-08 09:42:38.094root 11241100x8000000000000000259962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b9f0ad2d9d52c32023-02-08 09:42:38.094root 11241100x8000000000000000259961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b24ef2ab66d11952023-02-08 09:42:38.094root 11241100x8000000000000000259967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f032ec89d641a21f2023-02-08 09:42:38.095root 11241100x8000000000000000259966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88e51ef466c81a2023-02-08 09:42:38.095root 11241100x8000000000000000259965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424d6096691249782023-02-08 09:42:38.095root 11241100x8000000000000000259964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25916dd2595323472023-02-08 09:42:38.095root 11241100x8000000000000000259972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457373ab36faf7a2023-02-08 09:42:38.096root 11241100x8000000000000000259971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab9eed6597193ce2023-02-08 09:42:38.096root 11241100x8000000000000000259970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ece31f4c2aeed12023-02-08 09:42:38.096root 11241100x8000000000000000259969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007834735420e2032023-02-08 09:42:38.096root 11241100x8000000000000000259968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff163741ccc15722023-02-08 09:42:38.096root 11241100x8000000000000000259973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453085019bc60a582023-02-08 09:42:38.484root 11241100x8000000000000000259985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d44f496252c15a2023-02-08 09:42:38.485root 11241100x8000000000000000259984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18cf6970331eef2023-02-08 09:42:38.485root 11241100x8000000000000000259983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be94ff469a9438f72023-02-08 09:42:38.485root 11241100x8000000000000000259982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cade16a512f574c2023-02-08 09:42:38.485root 11241100x8000000000000000259981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283d7b7d48239b432023-02-08 09:42:38.485root 11241100x8000000000000000259980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5386eb92301256cb2023-02-08 09:42:38.485root 11241100x8000000000000000259979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bbef9cf0296e672023-02-08 09:42:38.485root 11241100x8000000000000000259978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c234f8fae741072023-02-08 09:42:38.485root 11241100x8000000000000000259977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dd9c173f8df2bb2023-02-08 09:42:38.485root 11241100x8000000000000000259976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aef82f8d4f6a9d2023-02-08 09:42:38.485root 11241100x8000000000000000259975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542a38b4252fc1932023-02-08 09:42:38.485root 11241100x8000000000000000259974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d964e7168ccf0e2023-02-08 09:42:38.485root 11241100x8000000000000000259992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bdbde707c422a62023-02-08 09:42:38.486root 11241100x8000000000000000259991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b250451922092cf2023-02-08 09:42:38.486root 11241100x8000000000000000259990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bb97817d89d83f2023-02-08 09:42:38.486root 11241100x8000000000000000259989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1468e893b42e61b2023-02-08 09:42:38.486root 11241100x8000000000000000259988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff633df445b16cb92023-02-08 09:42:38.486root 11241100x8000000000000000259987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8bf9d58754cd72023-02-08 09:42:38.486root 11241100x8000000000000000259986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b514b4a7c2cde2023-02-08 09:42:38.486root 11241100x8000000000000000259993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e849f8628378c92023-02-08 09:42:38.487root 11241100x8000000000000000259994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60d687b293813ba2023-02-08 09:42:38.984root 11241100x8000000000000000260004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a784512d79e4ca2023-02-08 09:42:38.985root 11241100x8000000000000000260003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e094f1302da1c99b2023-02-08 09:42:38.985root 11241100x8000000000000000260002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327ca81e77e1dd242023-02-08 09:42:38.985root 11241100x8000000000000000260001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a404e57b8401862023-02-08 09:42:38.985root 11241100x8000000000000000260000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faabb6a5029304a22023-02-08 09:42:38.985root 11241100x8000000000000000259999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022157a5062825582023-02-08 09:42:38.985root 11241100x8000000000000000259998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7810536037821bc2023-02-08 09:42:38.985root 11241100x8000000000000000259997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432eca5f17b58cc82023-02-08 09:42:38.985root 11241100x8000000000000000259996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eef0743fcaa1752023-02-08 09:42:38.985root 11241100x8000000000000000259995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e474e87e4aa68b32023-02-08 09:42:38.985root 11241100x8000000000000000260014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c373da1c8826f7482023-02-08 09:42:38.986root 11241100x8000000000000000260013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835fe57d9477e8ef2023-02-08 09:42:38.986root 11241100x8000000000000000260012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0324119138d9e9c2023-02-08 09:42:38.986root 11241100x8000000000000000260011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95e5930190b439d2023-02-08 09:42:38.986root 11241100x8000000000000000260010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7e9267a4d05fd72023-02-08 09:42:38.986root 11241100x8000000000000000260009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72ca055d35250682023-02-08 09:42:38.986root 11241100x8000000000000000260008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8067997f402edf2023-02-08 09:42:38.986root 11241100x8000000000000000260007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f5dfc3cc3784f2023-02-08 09:42:38.986root 11241100x8000000000000000260006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b272a605b6be9a2023-02-08 09:42:38.986root 11241100x8000000000000000260005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f782749a3b6f05da2023-02-08 09:42:38.986root 23542300x8000000000000000260015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000260022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99521b302f6aa2ba2023-02-08 09:42:39.366root 11241100x8000000000000000260021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8ce3c1779943862023-02-08 09:42:39.366root 11241100x8000000000000000260020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b1f72ecd434c8b2023-02-08 09:42:39.366root 11241100x8000000000000000260019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8eef750b6716112023-02-08 09:42:39.366root 11241100x8000000000000000260018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef50021f484aaa2023-02-08 09:42:39.366root 11241100x8000000000000000260017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550c3018ad06f472023-02-08 09:42:39.366root 11241100x8000000000000000260016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5b6590145e9db2023-02-08 09:42:39.366root 11241100x8000000000000000260033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b2f79eae2df8fb2023-02-08 09:42:39.367root 11241100x8000000000000000260032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15b6a5c0dadd2c82023-02-08 09:42:39.367root 11241100x8000000000000000260031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33edc1b09b1b7ee12023-02-08 09:42:39.367root 11241100x8000000000000000260030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b6c861aa79c9b2023-02-08 09:42:39.367root 11241100x8000000000000000260029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eff7df98c4e082c2023-02-08 09:42:39.367root 11241100x8000000000000000260028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e3410e8ee19d512023-02-08 09:42:39.367root 11241100x8000000000000000260027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6dea911c68e4802023-02-08 09:42:39.367root 11241100x8000000000000000260026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78354c22d911d3c12023-02-08 09:42:39.367root 11241100x8000000000000000260025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86318a99a5f9fb882023-02-08 09:42:39.367root 11241100x8000000000000000260024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff094146efa5f61f2023-02-08 09:42:39.367root 11241100x8000000000000000260023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8bb7939f4b44522023-02-08 09:42:39.367root 11241100x8000000000000000260040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a285005db95e5e42023-02-08 09:42:39.368root 11241100x8000000000000000260039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ef71721fd28c72023-02-08 09:42:39.368root 11241100x8000000000000000260038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8559f0695b090df72023-02-08 09:42:39.368root 11241100x8000000000000000260037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad4d2ae2d334d7f2023-02-08 09:42:39.368root 11241100x8000000000000000260036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715546d6361bfdd62023-02-08 09:42:39.368root 11241100x8000000000000000260035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657392f8d4b13732023-02-08 09:42:39.368root 11241100x8000000000000000260034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be530aafcf390192023-02-08 09:42:39.368root 11241100x8000000000000000260041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992deffc7ef65a092023-02-08 09:42:39.734root 11241100x8000000000000000260055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c685d6d3f718e7e82023-02-08 09:42:39.735root 11241100x8000000000000000260054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b405b62e97c983902023-02-08 09:42:39.735root 11241100x8000000000000000260053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bf62afc9ba6e432023-02-08 09:42:39.735root 11241100x8000000000000000260052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396da98a04b743172023-02-08 09:42:39.735root 11241100x8000000000000000260051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73738f97e9ab4c5e2023-02-08 09:42:39.735root 11241100x8000000000000000260050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93e5bfa36a718062023-02-08 09:42:39.735root 11241100x8000000000000000260049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8899cc6369e81c2a2023-02-08 09:42:39.735root 11241100x8000000000000000260048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc17fbb4b0a377aa2023-02-08 09:42:39.735root 11241100x8000000000000000260047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62960490bd4cfb322023-02-08 09:42:39.735root 11241100x8000000000000000260046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077cd672f9b576e42023-02-08 09:42:39.735root 11241100x8000000000000000260045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64151404044720b2023-02-08 09:42:39.735root 11241100x8000000000000000260044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22638b6a0cec99c52023-02-08 09:42:39.735root 11241100x8000000000000000260043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8837e0ef06da898a2023-02-08 09:42:39.735root 11241100x8000000000000000260042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7922cd0cda7ffa12023-02-08 09:42:39.735root 11241100x8000000000000000260062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411b0f1ceb561ec32023-02-08 09:42:39.736root 11241100x8000000000000000260061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aeba6fc08c0c952023-02-08 09:42:39.736root 11241100x8000000000000000260060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2f35fd9f6f6f412023-02-08 09:42:39.736root 11241100x8000000000000000260059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70c2b3db16e7cd02023-02-08 09:42:39.736root 11241100x8000000000000000260058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e873ef5494c495e2023-02-08 09:42:39.736root 11241100x8000000000000000260057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11739491e52c1ad82023-02-08 09:42:39.736root 11241100x8000000000000000260056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9a1316c275add2023-02-08 09:42:39.736root 11241100x8000000000000000260063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0876a8cd463e8b6c2023-02-08 09:42:40.234root 11241100x8000000000000000260074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a2893601d738a62023-02-08 09:42:40.235root 11241100x8000000000000000260073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0137de83dc89fd292023-02-08 09:42:40.235root 11241100x8000000000000000260072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1923a1cb7a0af5052023-02-08 09:42:40.235root 11241100x8000000000000000260071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cffe7ce53f45e12023-02-08 09:42:40.235root 11241100x8000000000000000260070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650dfb02cc080ee2023-02-08 09:42:40.235root 11241100x8000000000000000260069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631751523bab7a432023-02-08 09:42:40.235root 11241100x8000000000000000260068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73107fa7d237528b2023-02-08 09:42:40.235root 11241100x8000000000000000260067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3ee4acdb9c5ceb2023-02-08 09:42:40.235root 11241100x8000000000000000260066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5375c103f4f4168a2023-02-08 09:42:40.235root 11241100x8000000000000000260065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db6a4eeda42a5672023-02-08 09:42:40.235root 11241100x8000000000000000260064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b11a01f667661a12023-02-08 09:42:40.235root 11241100x8000000000000000260084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3e074163ac5f972023-02-08 09:42:40.236root 11241100x8000000000000000260083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0789d813174742023-02-08 09:42:40.236root 11241100x8000000000000000260082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab5a3c4975661d22023-02-08 09:42:40.236root 11241100x8000000000000000260081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748d3f3c84d6d9ed2023-02-08 09:42:40.236root 11241100x8000000000000000260080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7f13895392d9d2023-02-08 09:42:40.236root 11241100x8000000000000000260079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaeb6e4d46027e82023-02-08 09:42:40.236root 11241100x8000000000000000260078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f000afe99df8f2023-02-08 09:42:40.236root 11241100x8000000000000000260077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4176ca87b1c55d2023-02-08 09:42:40.236root 11241100x8000000000000000260076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a87d084b4d9f42023-02-08 09:42:40.236root 11241100x8000000000000000260075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e78211bc8ff6a512023-02-08 09:42:40.236root 11241100x8000000000000000260090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9675fc0ba29308c2023-02-08 09:42:40.734root 11241100x8000000000000000260089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18163aaa96d38dcc2023-02-08 09:42:40.734root 11241100x8000000000000000260088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e8ec11269d5e352023-02-08 09:42:40.734root 11241100x8000000000000000260087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d990d22bbcc2a2023-02-08 09:42:40.734root 11241100x8000000000000000260086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940ad87dad0cc6112023-02-08 09:42:40.734root 11241100x8000000000000000260085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ed780203a6a762023-02-08 09:42:40.734root 11241100x8000000000000000260105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d181db2e416fc2023-02-08 09:42:40.735root 11241100x8000000000000000260104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715556716e8f9ff12023-02-08 09:42:40.735root 11241100x8000000000000000260103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5aabfac46f3af22023-02-08 09:42:40.735root 11241100x8000000000000000260102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7729d74d799fb32023-02-08 09:42:40.735root 11241100x8000000000000000260101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd1c944dc049de2023-02-08 09:42:40.735root 11241100x8000000000000000260100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5116cc0f67c782023-02-08 09:42:40.735root 11241100x8000000000000000260099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d8beb5404bcb12023-02-08 09:42:40.735root 11241100x8000000000000000260098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00ebeddd06299dc2023-02-08 09:42:40.735root 11241100x8000000000000000260097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f6fce31ee876452023-02-08 09:42:40.735root 11241100x8000000000000000260096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a4a42f8de5e6392023-02-08 09:42:40.735root 11241100x8000000000000000260095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a052f101aaf72b82023-02-08 09:42:40.735root 11241100x8000000000000000260094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd65a3f42bede62023-02-08 09:42:40.735root 11241100x8000000000000000260093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25dd365680489f32023-02-08 09:42:40.735root 11241100x8000000000000000260092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44929931bb69972b2023-02-08 09:42:40.735root 11241100x8000000000000000260091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818aad3e4ccbe7df2023-02-08 09:42:40.735root 11241100x8000000000000000260106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e6ab30516675f42023-02-08 09:42:40.736root 11241100x8000000000000000260113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e53148cc76235022023-02-08 09:42:41.235root 11241100x8000000000000000260112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee0e3fc8411c76e2023-02-08 09:42:41.235root 11241100x8000000000000000260111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85506c3977536b192023-02-08 09:42:41.235root 11241100x8000000000000000260110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ca3a1316f6f3172023-02-08 09:42:41.235root 11241100x8000000000000000260109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b4dcb84673fe7d2023-02-08 09:42:41.235root 11241100x8000000000000000260108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f57bc46a22ef342023-02-08 09:42:41.235root 11241100x8000000000000000260107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e709689a12f90812023-02-08 09:42:41.235root 11241100x8000000000000000260122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7612ae2f96b2c0b72023-02-08 09:42:41.236root 11241100x8000000000000000260121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787899f56203e7f2023-02-08 09:42:41.236root 11241100x8000000000000000260120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc94a35ebede7cd2023-02-08 09:42:41.236root 11241100x8000000000000000260119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c8964da73cd85b2023-02-08 09:42:41.236root 11241100x8000000000000000260118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b1fb2589a1ffd2023-02-08 09:42:41.236root 11241100x8000000000000000260117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874e17d80062b31b2023-02-08 09:42:41.236root 11241100x8000000000000000260116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74f9a2caf31156a2023-02-08 09:42:41.236root 11241100x8000000000000000260115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563335214123543f2023-02-08 09:42:41.236root 11241100x8000000000000000260114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1356cff8f3bb3e2023-02-08 09:42:41.236root 11241100x8000000000000000260128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf8ac119de1a2a02023-02-08 09:42:41.237root 11241100x8000000000000000260127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbf4ebb68ea50382023-02-08 09:42:41.237root 11241100x8000000000000000260126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4145043d06cde7ab2023-02-08 09:42:41.237root 11241100x8000000000000000260125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755d81a76c5afdcd2023-02-08 09:42:41.237root 11241100x8000000000000000260124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c60221b8bd5fbc32023-02-08 09:42:41.237root 11241100x8000000000000000260123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a321503732f33ff62023-02-08 09:42:41.237root 11241100x8000000000000000260129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1b682effbf9572023-02-08 09:42:41.734root 11241100x8000000000000000260134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c08e30d226c7cf72023-02-08 09:42:41.735root 11241100x8000000000000000260133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c9888b565c2fb82023-02-08 09:42:41.735root 11241100x8000000000000000260132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8987e292c468c22023-02-08 09:42:41.735root 11241100x8000000000000000260131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01586367a960c2742023-02-08 09:42:41.735root 11241100x8000000000000000260130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8b87ba579eb5822023-02-08 09:42:41.735root 11241100x8000000000000000260138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dcbf898b8449e72023-02-08 09:42:41.736root 11241100x8000000000000000260137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d10cfb768e6f4f2023-02-08 09:42:41.736root 11241100x8000000000000000260136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b758be0d8fafcc12023-02-08 09:42:41.736root 11241100x8000000000000000260135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b39cd8812f4fc832023-02-08 09:42:41.736root 11241100x8000000000000000260147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36f183eef0812522023-02-08 09:42:41.737root 11241100x8000000000000000260146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056fd34a74d5e162023-02-08 09:42:41.737root 11241100x8000000000000000260145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eebbd3a81ad22c2023-02-08 09:42:41.737root 11241100x8000000000000000260144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8e958c1f9349562023-02-08 09:42:41.737root 11241100x8000000000000000260143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4917e1081a0d832023-02-08 09:42:41.737root 11241100x8000000000000000260142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a3afff830073292023-02-08 09:42:41.737root 11241100x8000000000000000260141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde330c4781063632023-02-08 09:42:41.737root 11241100x8000000000000000260140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838caf7c1120a5ab2023-02-08 09:42:41.737root 11241100x8000000000000000260139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4727df72766ea62023-02-08 09:42:41.737root 11241100x8000000000000000260150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f38fd035303a0872023-02-08 09:42:41.738root 11241100x8000000000000000260149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1d00d6d0a9bce82023-02-08 09:42:41.738root 11241100x8000000000000000260148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d164819dcf5f0682023-02-08 09:42:41.738root 11241100x8000000000000000260152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf7fe74c43439c42023-02-08 09:42:42.234root 11241100x8000000000000000260151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58698f7badb540572023-02-08 09:42:42.234root 11241100x8000000000000000260163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb78626314863e2023-02-08 09:42:42.235root 11241100x8000000000000000260162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be240bf33a4751de2023-02-08 09:42:42.235root 11241100x8000000000000000260161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb97336ab364c52023-02-08 09:42:42.235root 11241100x8000000000000000260160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450910101eeb67b62023-02-08 09:42:42.235root 11241100x8000000000000000260159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8be3e12cdc37bf02023-02-08 09:42:42.235root 11241100x8000000000000000260158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9710d9be94e11b032023-02-08 09:42:42.235root 11241100x8000000000000000260157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5810b0b285a9e902023-02-08 09:42:42.235root 11241100x8000000000000000260156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c7cab2814439092023-02-08 09:42:42.235root 11241100x8000000000000000260155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a8481ed736b9c2023-02-08 09:42:42.235root 11241100x8000000000000000260154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2911c9d8a8ac02023-02-08 09:42:42.235root 11241100x8000000000000000260153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2fa0ea46f8745b2023-02-08 09:42:42.235root 11241100x8000000000000000260172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf67d632cb9868d92023-02-08 09:42:42.236root 11241100x8000000000000000260171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f09921600111402023-02-08 09:42:42.236root 11241100x8000000000000000260170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4e421efd4631ed2023-02-08 09:42:42.236root 11241100x8000000000000000260169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bb7c034d979ccc2023-02-08 09:42:42.236root 11241100x8000000000000000260168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d373cc7aa3dd792023-02-08 09:42:42.236root 11241100x8000000000000000260167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd66bbe24ed9fd232023-02-08 09:42:42.236root 11241100x8000000000000000260166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26595f885054c1ae2023-02-08 09:42:42.236root 11241100x8000000000000000260165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ab92eb36186372023-02-08 09:42:42.236root 11241100x8000000000000000260164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30f7c9961d555b2023-02-08 09:42:42.236root 11241100x8000000000000000260176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2942181565bba2a2023-02-08 09:42:42.734root 11241100x8000000000000000260175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e47a2c07cee7a72023-02-08 09:42:42.734root 11241100x8000000000000000260174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ce5b13ca18ab52023-02-08 09:42:42.734root 11241100x8000000000000000260173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b12b9bf46984bc2023-02-08 09:42:42.734root 11241100x8000000000000000260191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6b6731047db7a42023-02-08 09:42:42.735root 11241100x8000000000000000260190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09dd1cc842f5dbb2023-02-08 09:42:42.735root 11241100x8000000000000000260189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb2b8ec95f34f92023-02-08 09:42:42.735root 11241100x8000000000000000260188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3838d1395d53d002023-02-08 09:42:42.735root 11241100x8000000000000000260187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a954e0ace97ce32023-02-08 09:42:42.735root 11241100x8000000000000000260186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73f2f59bf5f4862023-02-08 09:42:42.735root 11241100x8000000000000000260185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186598047c1a3dc2023-02-08 09:42:42.735root 11241100x8000000000000000260184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e529acd54da312023-02-08 09:42:42.735root 11241100x8000000000000000260183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b845c0d4aeeec05f2023-02-08 09:42:42.735root 11241100x8000000000000000260182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38fe88a169c7db12023-02-08 09:42:42.735root 11241100x8000000000000000260181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde13f85b85e84c72023-02-08 09:42:42.735root 11241100x8000000000000000260180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbee148c8198700e2023-02-08 09:42:42.735root 11241100x8000000000000000260179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc8e304a45635e2023-02-08 09:42:42.735root 11241100x8000000000000000260178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fa91bc20fb47492023-02-08 09:42:42.735root 11241100x8000000000000000260177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd0791ad5f868832023-02-08 09:42:42.735root 11241100x8000000000000000260194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be086a1ea02c49202023-02-08 09:42:42.736root 11241100x8000000000000000260193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e0bb7f9370d3542023-02-08 09:42:42.736root 11241100x8000000000000000260192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c74aeab9ffc1df2023-02-08 09:42:42.736root 11241100x8000000000000000260196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d05033cd77781b2023-02-08 09:42:43.169root 354300x8000000000000000260195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.169{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36698-false10.0.1.12-8000- 11241100x8000000000000000260209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcacbb5fa627adf2023-02-08 09:42:43.170root 11241100x8000000000000000260208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bf156b3966051c2023-02-08 09:42:43.170root 11241100x8000000000000000260207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5e0c4289dc02c92023-02-08 09:42:43.170root 11241100x8000000000000000260206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a957aaa4a6153c2023-02-08 09:42:43.170root 11241100x8000000000000000260205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce357cefe630c9a2023-02-08 09:42:43.170root 11241100x8000000000000000260204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59bb9df65ab1ab72023-02-08 09:42:43.170root 11241100x8000000000000000260203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e75e67dba586df2023-02-08 09:42:43.170root 11241100x8000000000000000260202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78939b1cdd2e95512023-02-08 09:42:43.170root 11241100x8000000000000000260201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8324afcc4a47ba822023-02-08 09:42:43.170root 11241100x8000000000000000260200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563cd6030f0c43b82023-02-08 09:42:43.170root 11241100x8000000000000000260199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5b4b922c53964b2023-02-08 09:42:43.170root 11241100x8000000000000000260198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b258d987faf4a2023-02-08 09:42:43.170root 11241100x8000000000000000260197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f91468ab4547c82023-02-08 09:42:43.170root 11241100x8000000000000000260221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61169c4bd804d22023-02-08 09:42:43.171root 11241100x8000000000000000260220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545d6f498d40a572023-02-08 09:42:43.171root 11241100x8000000000000000260219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7fd018f5392ad2023-02-08 09:42:43.171root 11241100x8000000000000000260218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13777ab1e2c653252023-02-08 09:42:43.171root 11241100x8000000000000000260217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78b3960d93dde12023-02-08 09:42:43.171root 11241100x8000000000000000260216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae1ebc7fdef0162023-02-08 09:42:43.171root 11241100x8000000000000000260215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4113b529c5f5cb242023-02-08 09:42:43.171root 11241100x8000000000000000260214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8661bec496c641152023-02-08 09:42:43.171root 11241100x8000000000000000260213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d8b14e45edca42023-02-08 09:42:43.171root 11241100x8000000000000000260212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46b794977ee99b72023-02-08 09:42:43.171root 11241100x8000000000000000260211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9682c3ac1a32f2023-02-08 09:42:43.171root 11241100x8000000000000000260210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1a5ef04a196b062023-02-08 09:42:43.171root 11241100x8000000000000000260225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66786982ff36f6b2023-02-08 09:42:43.172root 11241100x8000000000000000260224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e2166aa4603172023-02-08 09:42:43.172root 11241100x8000000000000000260223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915e3b50699fb40a2023-02-08 09:42:43.172root 11241100x8000000000000000260222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e568c17e23d7a2702023-02-08 09:42:43.172root 11241100x8000000000000000260226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f960e98361be9d82023-02-08 09:42:43.484root 11241100x8000000000000000260235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f701e05afb6e12023-02-08 09:42:43.485root 11241100x8000000000000000260234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b27c8035b933552023-02-08 09:42:43.485root 11241100x8000000000000000260233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdcd9c232b586632023-02-08 09:42:43.485root 11241100x8000000000000000260232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b5f9479eb72abe2023-02-08 09:42:43.485root 11241100x8000000000000000260231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdc6e1ea74083b92023-02-08 09:42:43.485root 11241100x8000000000000000260230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c5e6be2d9e29d2023-02-08 09:42:43.485root 11241100x8000000000000000260229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d701efe2153cd38e2023-02-08 09:42:43.485root 11241100x8000000000000000260228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1561e1b515712ea2023-02-08 09:42:43.485root 11241100x8000000000000000260227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdf64b014311102023-02-08 09:42:43.485root 11241100x8000000000000000260247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55693b399c4b01ad2023-02-08 09:42:43.486root 11241100x8000000000000000260246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af041aaeebfdc9b42023-02-08 09:42:43.486root 11241100x8000000000000000260245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fa322fd0c0437d2023-02-08 09:42:43.486root 11241100x8000000000000000260244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612654a8c8aa7a8f2023-02-08 09:42:43.486root 11241100x8000000000000000260243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d8f530330551e92023-02-08 09:42:43.486root 11241100x8000000000000000260242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b624460a2c0b302023-02-08 09:42:43.486root 11241100x8000000000000000260241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc8c25ca3085622023-02-08 09:42:43.486root 11241100x8000000000000000260240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6f5799d508e9022023-02-08 09:42:43.486root 11241100x8000000000000000260239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94823b650be8cc7a2023-02-08 09:42:43.486root 11241100x8000000000000000260238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1eab1dedfe6762023-02-08 09:42:43.486root 11241100x8000000000000000260237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa49357bdb2746332023-02-08 09:42:43.486root 11241100x8000000000000000260236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee99e3d34dd21892023-02-08 09:42:43.486root 11241100x8000000000000000260248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35873320bb2f9c942023-02-08 09:42:43.487root 11241100x8000000000000000260249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c3672c4f790e2b2023-02-08 09:42:43.984root 11241100x8000000000000000260261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f92ab538b9595f52023-02-08 09:42:43.985root 11241100x8000000000000000260260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bea82e40260ee2023-02-08 09:42:43.985root 11241100x8000000000000000260259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c4a7faa8cebe9e2023-02-08 09:42:43.985root 11241100x8000000000000000260258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3318be105251f62023-02-08 09:42:43.985root 11241100x8000000000000000260257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af3dd34f25f39f2023-02-08 09:42:43.985root 11241100x8000000000000000260256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258eb94264bd683b2023-02-08 09:42:43.985root 11241100x8000000000000000260255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda38edb9fc36b992023-02-08 09:42:43.985root 11241100x8000000000000000260254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a964153450f156832023-02-08 09:42:43.985root 11241100x8000000000000000260253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba90a59533dbdc392023-02-08 09:42:43.985root 11241100x8000000000000000260252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913c9f13d01e0f2b2023-02-08 09:42:43.985root 11241100x8000000000000000260251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c613ba5262bc6b22023-02-08 09:42:43.985root 11241100x8000000000000000260250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b9cc34a28e63052023-02-08 09:42:43.985root 11241100x8000000000000000260271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c1f6470317b1d2023-02-08 09:42:43.986root 11241100x8000000000000000260270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bdb53e077b4b72023-02-08 09:42:43.986root 11241100x8000000000000000260269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc235201c984a5bc2023-02-08 09:42:43.986root 11241100x8000000000000000260268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b98508972a07462023-02-08 09:42:43.986root 11241100x8000000000000000260267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b15f2218e4f0972023-02-08 09:42:43.986root 11241100x8000000000000000260266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf48c8d75a3c9942023-02-08 09:42:43.986root 11241100x8000000000000000260265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3468edc0d63bb2023-02-08 09:42:43.986root 11241100x8000000000000000260264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a32d1b11478ae552023-02-08 09:42:43.986root 11241100x8000000000000000260263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250069e2334f21a02023-02-08 09:42:43.986root 11241100x8000000000000000260262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74133a70fb032852023-02-08 09:42:43.986root 11241100x8000000000000000260272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7585d5652246ab9a2023-02-08 09:42:44.484root 11241100x8000000000000000260285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65216b33a5c434fd2023-02-08 09:42:44.485root 11241100x8000000000000000260284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1901e8002334e2023-02-08 09:42:44.485root 11241100x8000000000000000260283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68adc8b4c9001a412023-02-08 09:42:44.485root 11241100x8000000000000000260282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe2fa32dcbd49572023-02-08 09:42:44.485root 11241100x8000000000000000260281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b8ba74abf66172023-02-08 09:42:44.485root 11241100x8000000000000000260280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a577399d4801a622023-02-08 09:42:44.485root 11241100x8000000000000000260279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edc474c8eb370a22023-02-08 09:42:44.485root 11241100x8000000000000000260278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22f1cc9e316f972023-02-08 09:42:44.485root 11241100x8000000000000000260277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf8c8cec81db3262023-02-08 09:42:44.485root 11241100x8000000000000000260276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e481590932f0e92023-02-08 09:42:44.485root 11241100x8000000000000000260275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1628548c69c58ab2023-02-08 09:42:44.485root 11241100x8000000000000000260274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b11e8f352ddbb1c2023-02-08 09:42:44.485root 11241100x8000000000000000260273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80b869b9b6bc51c2023-02-08 09:42:44.485root 11241100x8000000000000000260294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ebda3108da7b02023-02-08 09:42:44.486root 11241100x8000000000000000260293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae2c556377413d2023-02-08 09:42:44.486root 11241100x8000000000000000260292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea90a482468ed62023-02-08 09:42:44.486root 11241100x8000000000000000260291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd64c0025905e4c2023-02-08 09:42:44.486root 11241100x8000000000000000260290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f7b71d51420fb2023-02-08 09:42:44.486root 11241100x8000000000000000260289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117a7a5096f14872023-02-08 09:42:44.486root 11241100x8000000000000000260288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6afa89b78e96d422023-02-08 09:42:44.486root 11241100x8000000000000000260287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc7b658406a4e22023-02-08 09:42:44.486root 11241100x8000000000000000260286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a6e99e0a7a563b2023-02-08 09:42:44.486root 11241100x8000000000000000260299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9463270a4213f43e2023-02-08 09:42:44.984root 11241100x8000000000000000260298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9274a63ff8fcf2023-02-08 09:42:44.984root 11241100x8000000000000000260297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d2090d34fc82c62023-02-08 09:42:44.984root 11241100x8000000000000000260296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e2f8ffb6938b12023-02-08 09:42:44.984root 11241100x8000000000000000260295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e85dd1084984a62023-02-08 09:42:44.984root 11241100x8000000000000000260303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb12cfffe10a85ac2023-02-08 09:42:44.985root 11241100x8000000000000000260302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba652aa57289d42023-02-08 09:42:44.985root 11241100x8000000000000000260301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3a43c6f376cf042023-02-08 09:42:44.985root 11241100x8000000000000000260300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6149d7c6785f40a62023-02-08 09:42:44.985root 11241100x8000000000000000260313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aab954d49275ec2023-02-08 09:42:44.986root 11241100x8000000000000000260312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c480233ba1acb7dc2023-02-08 09:42:44.986root 11241100x8000000000000000260311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060ef28ae6bae4d2023-02-08 09:42:44.986root 11241100x8000000000000000260310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f9b3114eded1852023-02-08 09:42:44.986root 11241100x8000000000000000260309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0dd4416f1508592023-02-08 09:42:44.986root 11241100x8000000000000000260308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0007ab0b557ab992023-02-08 09:42:44.986root 11241100x8000000000000000260307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa826bb5798554802023-02-08 09:42:44.986root 11241100x8000000000000000260306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa23061abb24babe2023-02-08 09:42:44.986root 11241100x8000000000000000260305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7020a5efec4203c2023-02-08 09:42:44.986root 11241100x8000000000000000260304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399a897bcdd050652023-02-08 09:42:44.986root 11241100x8000000000000000260317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db857e7c33a78dfb2023-02-08 09:42:44.987root 11241100x8000000000000000260316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136757afa9db42162023-02-08 09:42:44.987root 11241100x8000000000000000260315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab41c46552dcc6d52023-02-08 09:42:44.987root 11241100x8000000000000000260314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d518c509678bb12023-02-08 09:42:44.987root 11241100x8000000000000000260325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb12340e44825f542023-02-08 09:42:45.484root 11241100x8000000000000000260324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1ea5dc48a66c542023-02-08 09:42:45.484root 11241100x8000000000000000260323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0c0f651b9a4082023-02-08 09:42:45.484root 11241100x8000000000000000260322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213b0be46af73e3d2023-02-08 09:42:45.484root 11241100x8000000000000000260321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37880efd6b837d442023-02-08 09:42:45.484root 11241100x8000000000000000260320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0cdac82acbf962023-02-08 09:42:45.484root 11241100x8000000000000000260319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1cf076a77e5572023-02-08 09:42:45.484root 11241100x8000000000000000260318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b49236be9b423182023-02-08 09:42:45.484root 11241100x8000000000000000260333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c81293f64a045c82023-02-08 09:42:45.485root 11241100x8000000000000000260332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c43da4463dc7932023-02-08 09:42:45.485root 11241100x8000000000000000260331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4bbbd409d820e2023-02-08 09:42:45.485root 11241100x8000000000000000260330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef13e343d2015032023-02-08 09:42:45.485root 11241100x8000000000000000260329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c693d8eb096d602023-02-08 09:42:45.485root 11241100x8000000000000000260328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47898e398bc899e2023-02-08 09:42:45.485root 11241100x8000000000000000260327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6900f71b03b198712023-02-08 09:42:45.485root 11241100x8000000000000000260326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bbdde011ccaaa82023-02-08 09:42:45.485root 11241100x8000000000000000260334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3bc21aaa0331d82023-02-08 09:42:45.486root 11241100x8000000000000000260340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db18649775382672023-02-08 09:42:45.488root 11241100x8000000000000000260339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601298c9d4b2ac152023-02-08 09:42:45.488root 11241100x8000000000000000260338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80009ec9ff53f752023-02-08 09:42:45.488root 11241100x8000000000000000260337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8863a21cb4b64de82023-02-08 09:42:45.488root 11241100x8000000000000000260336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4263ce1fd06fbd932023-02-08 09:42:45.488root 11241100x8000000000000000260335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e42f260c5848192023-02-08 09:42:45.488root 11241100x8000000000000000260346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debb5edc575f24752023-02-08 09:42:45.984root 11241100x8000000000000000260345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8107664f39c3cb0f2023-02-08 09:42:45.984root 11241100x8000000000000000260344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceace8d06e04d3f12023-02-08 09:42:45.984root 11241100x8000000000000000260343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bca6bebabaadbb2023-02-08 09:42:45.984root 11241100x8000000000000000260342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43180746663126892023-02-08 09:42:45.984root 11241100x8000000000000000260341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d022abecfa2dad2023-02-08 09:42:45.984root 11241100x8000000000000000260354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffbab575b7caf292023-02-08 09:42:45.985root 11241100x8000000000000000260353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4adbdd1df7f8ca2023-02-08 09:42:45.985root 11241100x8000000000000000260352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b0c3f0f5307f02023-02-08 09:42:45.985root 11241100x8000000000000000260351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141a9ce10af2d9ea2023-02-08 09:42:45.985root 11241100x8000000000000000260350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21ee5e97556def82023-02-08 09:42:45.985root 11241100x8000000000000000260349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de99ec689ff74fc2023-02-08 09:42:45.985root 11241100x8000000000000000260348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81acdc7e3032bc72023-02-08 09:42:45.985root 11241100x8000000000000000260347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792d3346565fad902023-02-08 09:42:45.985root 11241100x8000000000000000260363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99c76bfccc72f32023-02-08 09:42:45.986root 11241100x8000000000000000260362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a00008ae25ce4a2023-02-08 09:42:45.986root 11241100x8000000000000000260361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d15db79aded312023-02-08 09:42:45.986root 11241100x8000000000000000260360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85a1290b66e7742023-02-08 09:42:45.986root 11241100x8000000000000000260359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4a24e266955fc22023-02-08 09:42:45.986root 11241100x8000000000000000260358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ff08c1e858b802023-02-08 09:42:45.986root 11241100x8000000000000000260357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81b8eb38a1aada42023-02-08 09:42:45.986root 11241100x8000000000000000260356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7326ca63df859ef2023-02-08 09:42:45.986root 11241100x8000000000000000260355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291ffe80d7d03ce32023-02-08 09:42:45.986root 11241100x8000000000000000260369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6365d7335038b2023-02-08 09:42:46.484root 11241100x8000000000000000260368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221144e4b0c7ea382023-02-08 09:42:46.484root 11241100x8000000000000000260367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15086873c1adc8c42023-02-08 09:42:46.484root 11241100x8000000000000000260366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8f7fa96c7fcf632023-02-08 09:42:46.484root 11241100x8000000000000000260365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17cd41d5f615dbb2023-02-08 09:42:46.484root 11241100x8000000000000000260364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c379ca1f37853d3d2023-02-08 09:42:46.484root 11241100x8000000000000000260375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b15659aabee8ea2023-02-08 09:42:46.485root 11241100x8000000000000000260374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6045aca8a43882302023-02-08 09:42:46.485root 11241100x8000000000000000260373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90701b28cbb97da62023-02-08 09:42:46.485root 11241100x8000000000000000260372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a282f9bb1a7c7aa2023-02-08 09:42:46.485root 11241100x8000000000000000260371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec0f0bd83c81c2f2023-02-08 09:42:46.485root 11241100x8000000000000000260370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb91e09f336e7d32023-02-08 09:42:46.485root 11241100x8000000000000000260379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3234fe7d03089202023-02-08 09:42:46.486root 11241100x8000000000000000260378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647a6fab5d6f45c2023-02-08 09:42:46.486root 11241100x8000000000000000260377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f83f153c2f746d72023-02-08 09:42:46.486root 11241100x8000000000000000260376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6591cf8f8e77ec2023-02-08 09:42:46.486root 11241100x8000000000000000260382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82869f90399b2b62023-02-08 09:42:46.487root 11241100x8000000000000000260381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d13e7b68810e082023-02-08 09:42:46.487root 11241100x8000000000000000260380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4d37a2654812c2023-02-08 09:42:46.487root 11241100x8000000000000000260386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690db9f0688ddb6e2023-02-08 09:42:46.488root 11241100x8000000000000000260385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308dba37187c1402023-02-08 09:42:46.488root 11241100x8000000000000000260384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d5bbf1e561d682023-02-08 09:42:46.488root 11241100x8000000000000000260383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b985b28e04943cdd2023-02-08 09:42:46.488root 11241100x8000000000000000260393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311ccee5e6976d4a2023-02-08 09:42:46.984root 11241100x8000000000000000260392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfe2f6beb52b0c12023-02-08 09:42:46.984root 11241100x8000000000000000260391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8484d3e990360c1a2023-02-08 09:42:46.984root 11241100x8000000000000000260390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcad83855ec98aca2023-02-08 09:42:46.984root 11241100x8000000000000000260389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec57264f66144892023-02-08 09:42:46.984root 11241100x8000000000000000260388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dbde20a18ce3e22023-02-08 09:42:46.984root 11241100x8000000000000000260387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaac12ac7ed13812023-02-08 09:42:46.984root 11241100x8000000000000000260399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa15d84584952372023-02-08 09:42:46.985root 11241100x8000000000000000260398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f6be1b772d6742023-02-08 09:42:46.985root 11241100x8000000000000000260397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f210fa13732a322023-02-08 09:42:46.985root 11241100x8000000000000000260396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c67675db0bbbda2023-02-08 09:42:46.985root 11241100x8000000000000000260395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c838a1efe4b785e2023-02-08 09:42:46.985root 11241100x8000000000000000260394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee6ceaa3c1fb132023-02-08 09:42:46.985root 11241100x8000000000000000260405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e7869b14a0c6ab2023-02-08 09:42:46.986root 11241100x8000000000000000260404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df071bf1a3ea6d2023-02-08 09:42:46.986root 11241100x8000000000000000260403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5e34886781a8ad2023-02-08 09:42:46.986root 11241100x8000000000000000260402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c37f8a77a5f8252023-02-08 09:42:46.986root 11241100x8000000000000000260401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e1979dd8163ba52023-02-08 09:42:46.986root 11241100x8000000000000000260400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130d5a96f9c387ff2023-02-08 09:42:46.986root 11241100x8000000000000000260412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfdd1d4a9c8fb0f2023-02-08 09:42:46.987root 11241100x8000000000000000260411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b805e983df48c62023-02-08 09:42:46.987root 11241100x8000000000000000260410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56b01d8d6d2cbee2023-02-08 09:42:46.987root 11241100x8000000000000000260409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c886fc03925882023-02-08 09:42:46.987root 11241100x8000000000000000260408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc74be3432870ea22023-02-08 09:42:46.987root 11241100x8000000000000000260407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbbcec62cd808cb2023-02-08 09:42:46.987root 11241100x8000000000000000260406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14c34d3d5284c5a2023-02-08 09:42:46.987root 11241100x8000000000000000260416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d92e295d55858d72023-02-08 09:42:46.988root 11241100x8000000000000000260415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6943cb93019452023-02-08 09:42:46.988root 11241100x8000000000000000260414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5d82ec86c8d55b2023-02-08 09:42:46.988root 11241100x8000000000000000260413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f86c2a0c40f98c2023-02-08 09:42:46.988root 11241100x8000000000000000260419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db880555f0386d9e2023-02-08 09:42:47.484root 11241100x8000000000000000260418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423001eaedd009642023-02-08 09:42:47.484root 11241100x8000000000000000260417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27d106ee5795d92023-02-08 09:42:47.484root 11241100x8000000000000000260423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e7db87d532c9f2023-02-08 09:42:47.485root 11241100x8000000000000000260422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2ba55d29839552023-02-08 09:42:47.485root 11241100x8000000000000000260421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47592b0d56f38572023-02-08 09:42:47.485root 11241100x8000000000000000260420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b4db069ff34cb42023-02-08 09:42:47.485root 11241100x8000000000000000260429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706b0d11347634bb2023-02-08 09:42:47.486root 11241100x8000000000000000260428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c846d30ad1d0fd2023-02-08 09:42:47.486root 11241100x8000000000000000260427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d63678a551cdb82023-02-08 09:42:47.486root 11241100x8000000000000000260426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57cd5755aeb40c82023-02-08 09:42:47.486root 11241100x8000000000000000260425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e3cbb0434b68d2023-02-08 09:42:47.486root 11241100x8000000000000000260424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eedabd8fa543b02023-02-08 09:42:47.486root 11241100x8000000000000000260434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d231a394692df6542023-02-08 09:42:47.487root 11241100x8000000000000000260433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19a4293f33ca4d32023-02-08 09:42:47.487root 11241100x8000000000000000260432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db29f48ae349e5a2023-02-08 09:42:47.487root 11241100x8000000000000000260431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f5a16b713f72d42023-02-08 09:42:47.487root 11241100x8000000000000000260430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0f324366e44c732023-02-08 09:42:47.487root 11241100x8000000000000000260439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2039d1129470af0d2023-02-08 09:42:47.488root 11241100x8000000000000000260438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27853815a88998a92023-02-08 09:42:47.488root 11241100x8000000000000000260437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb63f6fb3347548f2023-02-08 09:42:47.488root 11241100x8000000000000000260436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e7b07b89ee11d42023-02-08 09:42:47.488root 11241100x8000000000000000260435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc49a728bd63852023-02-08 09:42:47.488root 11241100x8000000000000000260446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f7f36ce83d5492023-02-08 09:42:47.984root 11241100x8000000000000000260445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933403c881c510fc2023-02-08 09:42:47.984root 11241100x8000000000000000260444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3e9ffe486374d02023-02-08 09:42:47.984root 11241100x8000000000000000260443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096b66ce3f8d36482023-02-08 09:42:47.984root 11241100x8000000000000000260442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76da4d8333ad77ac2023-02-08 09:42:47.984root 11241100x8000000000000000260441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd956dc5b74103122023-02-08 09:42:47.984root 11241100x8000000000000000260440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088373ede2472ce82023-02-08 09:42:47.984root 11241100x8000000000000000260456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae16223a39f50b6f2023-02-08 09:42:47.985root 11241100x8000000000000000260455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bdad9a18fdb6a62023-02-08 09:42:47.985root 11241100x8000000000000000260454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d9e8919dd5f1e2023-02-08 09:42:47.985root 11241100x8000000000000000260453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa1fe5c985e6ef2023-02-08 09:42:47.985root 11241100x8000000000000000260452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a0a04991a5a46b2023-02-08 09:42:47.985root 11241100x8000000000000000260451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a999088865b6f46e2023-02-08 09:42:47.985root 11241100x8000000000000000260450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed956f8d8143fa62023-02-08 09:42:47.985root 11241100x8000000000000000260449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffaa196d383eda2023-02-08 09:42:47.985root 11241100x8000000000000000260448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae982fe6c031822023-02-08 09:42:47.985root 11241100x8000000000000000260447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdd7c929061901c2023-02-08 09:42:47.985root 11241100x8000000000000000260464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17331883f7e06512023-02-08 09:42:47.986root 11241100x8000000000000000260463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c3a7e3c55336d92023-02-08 09:42:47.986root 11241100x8000000000000000260462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44184935fa0202242023-02-08 09:42:47.986root 11241100x8000000000000000260461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aaa2785ba1c17282023-02-08 09:42:47.986root 11241100x8000000000000000260460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4275c43caca9bab2023-02-08 09:42:47.986root 11241100x8000000000000000260459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189d56e23cddd4862023-02-08 09:42:47.986root 11241100x8000000000000000260458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b549facedb429cc2023-02-08 09:42:47.986root 11241100x8000000000000000260457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660d0d88b30c14c72023-02-08 09:42:47.986root 354300x8000000000000000260465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.187{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42272-false10.0.1.12-8000- 11241100x8000000000000000260472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362980fe08c9ab8d2023-02-08 09:42:48.484root 11241100x8000000000000000260471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f0601481cf9362023-02-08 09:42:48.484root 11241100x8000000000000000260470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c078dd8d72004f2023-02-08 09:42:48.484root 11241100x8000000000000000260469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2970fc36ac4cd22023-02-08 09:42:48.484root 11241100x8000000000000000260468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19abada4c52cbe22023-02-08 09:42:48.484root 11241100x8000000000000000260467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93d4ed7075f1dc72023-02-08 09:42:48.484root 11241100x8000000000000000260466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c147ba1a926b892023-02-08 09:42:48.484root 11241100x8000000000000000260485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6ad2ebff3886b92023-02-08 09:42:48.485root 11241100x8000000000000000260484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a01f53c910b1fd2023-02-08 09:42:48.485root 11241100x8000000000000000260483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be2e4b6a6b266cc2023-02-08 09:42:48.485root 11241100x8000000000000000260482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60347ff29bc57a172023-02-08 09:42:48.485root 11241100x8000000000000000260481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2e80a149679632023-02-08 09:42:48.485root 11241100x8000000000000000260480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c256f686809ba112023-02-08 09:42:48.485root 11241100x8000000000000000260479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2371803df645bb042023-02-08 09:42:48.485root 11241100x8000000000000000260478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64fb129de2aff92023-02-08 09:42:48.485root 11241100x8000000000000000260477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01f32aa87a7ed342023-02-08 09:42:48.485root 11241100x8000000000000000260476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9812a1895e77ae762023-02-08 09:42:48.485root 11241100x8000000000000000260475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16309727e1f73b52023-02-08 09:42:48.485root 11241100x8000000000000000260474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98380bd24396c76c2023-02-08 09:42:48.485root 11241100x8000000000000000260473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9ff3db4c7f30802023-02-08 09:42:48.485root 11241100x8000000000000000260489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b658abf3864dffd2023-02-08 09:42:48.486root 11241100x8000000000000000260488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f727cb30a70a582023-02-08 09:42:48.486root 11241100x8000000000000000260487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa94271fcdfae82023-02-08 09:42:48.486root 11241100x8000000000000000260486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c824f627aebdbe2023-02-08 09:42:48.486root 11241100x8000000000000000260496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb48167d937ef3b2023-02-08 09:42:48.984root 11241100x8000000000000000260495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddfd45c43d6f9882023-02-08 09:42:48.984root 11241100x8000000000000000260494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c72b83554e189412023-02-08 09:42:48.984root 11241100x8000000000000000260493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee01ba3deac95e082023-02-08 09:42:48.984root 11241100x8000000000000000260492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfae9def50b2e6a2023-02-08 09:42:48.984root 11241100x8000000000000000260491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126ff004161883d02023-02-08 09:42:48.984root 11241100x8000000000000000260490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa6ddb665a409382023-02-08 09:42:48.984root 11241100x8000000000000000260505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c18bfa896a0a262023-02-08 09:42:48.985root 11241100x8000000000000000260504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bdad2d09f7a4f52023-02-08 09:42:48.985root 11241100x8000000000000000260503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff092d781c78762023-02-08 09:42:48.985root 11241100x8000000000000000260502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c3dc10614f1af72023-02-08 09:42:48.985root 11241100x8000000000000000260501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65ac40720936cfb2023-02-08 09:42:48.985root 11241100x8000000000000000260500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65bda91f8c4d8772023-02-08 09:42:48.985root 11241100x8000000000000000260499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6f190c8b89d5462023-02-08 09:42:48.985root 11241100x8000000000000000260498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d558c7613c591a12023-02-08 09:42:48.985root 11241100x8000000000000000260497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90195ea3f4dcb89d2023-02-08 09:42:48.985root 11241100x8000000000000000260514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ace5e0f129b6682023-02-08 09:42:48.986root 11241100x8000000000000000260513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacc9560de4562af2023-02-08 09:42:48.986root 11241100x8000000000000000260512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49876f63b548e95b2023-02-08 09:42:48.986root 11241100x8000000000000000260511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16178f63ccd5df62023-02-08 09:42:48.986root 11241100x8000000000000000260510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2e3626da8c3ce2023-02-08 09:42:48.986root 11241100x8000000000000000260509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7142f29327fa922023-02-08 09:42:48.986root 11241100x8000000000000000260508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e318d04e288552023-02-08 09:42:48.986root 11241100x8000000000000000260507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabaf8cc9cf888222023-02-08 09:42:48.986root 11241100x8000000000000000260506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f313a8d387a858e2023-02-08 09:42:48.986root 11241100x8000000000000000260516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53968db44dda07f2023-02-08 09:42:49.484root 11241100x8000000000000000260515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca4f8915c2ce1ac2023-02-08 09:42:49.484root 11241100x8000000000000000260525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcce7f7bb89519dd2023-02-08 09:42:49.485root 11241100x8000000000000000260524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbbe12134779f12023-02-08 09:42:49.485root 11241100x8000000000000000260523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becb32b01990633b2023-02-08 09:42:49.485root 11241100x8000000000000000260522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51ff92e0b6dcf22023-02-08 09:42:49.485root 11241100x8000000000000000260521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880dc1737ed07542023-02-08 09:42:49.485root 11241100x8000000000000000260520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc17429429fa09c2023-02-08 09:42:49.485root 11241100x8000000000000000260519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc438ae9c7d60142023-02-08 09:42:49.485root 11241100x8000000000000000260518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874d93ef7c340ed02023-02-08 09:42:49.485root 11241100x8000000000000000260517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96171cf5754719e42023-02-08 09:42:49.485root 11241100x8000000000000000260533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9921ca362685a4e52023-02-08 09:42:49.486root 11241100x8000000000000000260532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7f030a98642032023-02-08 09:42:49.486root 11241100x8000000000000000260531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f331d7f296c0ccf2023-02-08 09:42:49.486root 11241100x8000000000000000260530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57be0650f333d922023-02-08 09:42:49.486root 11241100x8000000000000000260529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc875b5af6838ef2023-02-08 09:42:49.486root 11241100x8000000000000000260528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb7640121fa74482023-02-08 09:42:49.486root 11241100x8000000000000000260527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3507a006738fcf2023-02-08 09:42:49.486root 11241100x8000000000000000260526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de6ad0a66d686b42023-02-08 09:42:49.486root 11241100x8000000000000000260536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d636b21beb8219b2023-02-08 09:42:49.487root 11241100x8000000000000000260535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14288cb01e86f6c2023-02-08 09:42:49.487root 11241100x8000000000000000260534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263134d7c5128e322023-02-08 09:42:49.487root 11241100x8000000000000000260538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4fdd95715d2f852023-02-08 09:42:49.488root 11241100x8000000000000000260537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f063196cc4ff6e4d2023-02-08 09:42:49.488root 11241100x8000000000000000260540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a93984d8d7558d2023-02-08 09:42:49.984root 11241100x8000000000000000260539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8648880ad3054652023-02-08 09:42:49.984root 11241100x8000000000000000260543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091fad8b05a2b4f62023-02-08 09:42:49.985root 11241100x8000000000000000260542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4272de5bda22402023-02-08 09:42:49.985root 11241100x8000000000000000260541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6718bfbd50cb0c702023-02-08 09:42:49.985root 11241100x8000000000000000260549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba73cea826a6abce2023-02-08 09:42:49.986root 11241100x8000000000000000260548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f20daae04e77282023-02-08 09:42:49.986root 11241100x8000000000000000260547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b703d22a8d86a8da2023-02-08 09:42:49.986root 11241100x8000000000000000260546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16041ec26173e0732023-02-08 09:42:49.986root 11241100x8000000000000000260545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8252f1b55ea1f2023-02-08 09:42:49.986root 11241100x8000000000000000260544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0b2370f2c76442023-02-08 09:42:49.986root 11241100x8000000000000000260559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3f98f191a71e3e2023-02-08 09:42:49.987root 11241100x8000000000000000260558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf54010c26b25fbf2023-02-08 09:42:49.987root 11241100x8000000000000000260557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb1308ac04db592023-02-08 09:42:49.987root 11241100x8000000000000000260556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3137c4b163e6ece42023-02-08 09:42:49.987root 11241100x8000000000000000260555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54424b9031032aa52023-02-08 09:42:49.987root 11241100x8000000000000000260554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee33e5c05fd8222023-02-08 09:42:49.987root 11241100x8000000000000000260553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2f031cd6a95f62023-02-08 09:42:49.987root 11241100x8000000000000000260552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eef111371611ec2023-02-08 09:42:49.987root 11241100x8000000000000000260551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529d9d24e70acfc12023-02-08 09:42:49.987root 11241100x8000000000000000260550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23ede8f673d3abb2023-02-08 09:42:49.987root 11241100x8000000000000000260562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cfb4c24bd824fc2023-02-08 09:42:49.988root 11241100x8000000000000000260561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5ad98673bce6292023-02-08 09:42:49.988root 11241100x8000000000000000260560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49b24d7637c56b2023-02-08 09:42:49.988root 11241100x8000000000000000260570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680d04976fd58d892023-02-08 09:42:50.484root 11241100x8000000000000000260569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ddf67d05ae75c12023-02-08 09:42:50.484root 11241100x8000000000000000260568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbfdc4f4f8b03ca2023-02-08 09:42:50.484root 11241100x8000000000000000260567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4254c240087983662023-02-08 09:42:50.484root 11241100x8000000000000000260566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664893de174eb652023-02-08 09:42:50.484root 11241100x8000000000000000260565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b800266c59e5642023-02-08 09:42:50.484root 11241100x8000000000000000260564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9a4d34cece9762023-02-08 09:42:50.484root 11241100x8000000000000000260563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51770f07a8aea7612023-02-08 09:42:50.484root 11241100x8000000000000000260585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5dec1385ff0c42023-02-08 09:42:50.485root 11241100x8000000000000000260584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edd820abb252a082023-02-08 09:42:50.485root 11241100x8000000000000000260583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bca7a097f769db2023-02-08 09:42:50.485root 11241100x8000000000000000260582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e0d6f87b8f34d62023-02-08 09:42:50.485root 11241100x8000000000000000260581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8671881d48804f2023-02-08 09:42:50.485root 11241100x8000000000000000260580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b774095545eafa72023-02-08 09:42:50.485root 11241100x8000000000000000260579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06e45b0eb5912bb2023-02-08 09:42:50.485root 11241100x8000000000000000260578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9957b12192809b4d2023-02-08 09:42:50.485root 11241100x8000000000000000260577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a75c11adfac672a2023-02-08 09:42:50.485root 11241100x8000000000000000260576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9518d335e80a54292023-02-08 09:42:50.485root 11241100x8000000000000000260575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355461efa133b9802023-02-08 09:42:50.485root 11241100x8000000000000000260574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e266d7e90648cd5f2023-02-08 09:42:50.485root 11241100x8000000000000000260573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb48ce16805627b2023-02-08 09:42:50.485root 11241100x8000000000000000260572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc56d6877dff0d692023-02-08 09:42:50.485root 11241100x8000000000000000260571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a9abe9b92b7072023-02-08 09:42:50.485root 11241100x8000000000000000260597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fea92fb9eb70412023-02-08 09:42:50.486root 11241100x8000000000000000260596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4f5e8e0329a3c22023-02-08 09:42:50.486root 11241100x8000000000000000260595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19ca50de318ec322023-02-08 09:42:50.486root 11241100x8000000000000000260594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca6a7188393ad32023-02-08 09:42:50.486root 11241100x8000000000000000260593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49225e683cbc3982023-02-08 09:42:50.486root 11241100x8000000000000000260592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb7c21cabb7417d2023-02-08 09:42:50.486root 11241100x8000000000000000260591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1a43a61222ee52023-02-08 09:42:50.486root 11241100x8000000000000000260590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0837cd1ece29bd002023-02-08 09:42:50.486root 11241100x8000000000000000260589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9ac1d380c56782023-02-08 09:42:50.486root 11241100x8000000000000000260588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51455a36f925aef02023-02-08 09:42:50.486root 11241100x8000000000000000260587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbcbea48546cb042023-02-08 09:42:50.486root 11241100x8000000000000000260586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a3704d6fa9fc62023-02-08 09:42:50.486root 11241100x8000000000000000260601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae099084254e0d92023-02-08 09:42:50.487root 11241100x8000000000000000260600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172c3a24b12533a2023-02-08 09:42:50.487root 11241100x8000000000000000260599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cce8734f59d87522023-02-08 09:42:50.487root 11241100x8000000000000000260598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701caab5172dfb032023-02-08 09:42:50.487root 11241100x8000000000000000260602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cd101d9b7dc53e2023-02-08 09:42:50.984root 11241100x8000000000000000260614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb16aabadea690e2023-02-08 09:42:50.985root 11241100x8000000000000000260613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e32fe630b27acb22023-02-08 09:42:50.985root 11241100x8000000000000000260612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9440d9a8bdaea2023-02-08 09:42:50.985root 11241100x8000000000000000260611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c1dec8c50f29202023-02-08 09:42:50.985root 11241100x8000000000000000260610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bab92f2c30719a2023-02-08 09:42:50.985root 11241100x8000000000000000260609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2432d831e3dfc9652023-02-08 09:42:50.985root 11241100x8000000000000000260608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7120503f5b3c8d542023-02-08 09:42:50.985root 11241100x8000000000000000260607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d6e1b92063fe282023-02-08 09:42:50.985root 11241100x8000000000000000260606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1368e32f26663a6c2023-02-08 09:42:50.985root 11241100x8000000000000000260605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb13755443be05302023-02-08 09:42:50.985root 11241100x8000000000000000260604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4b6bceb41c9782023-02-08 09:42:50.985root 11241100x8000000000000000260603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802583fab34fe1dd2023-02-08 09:42:50.985root 11241100x8000000000000000260623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9e7604afd5d4602023-02-08 09:42:50.986root 11241100x8000000000000000260622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579220008e716f2e2023-02-08 09:42:50.986root 11241100x8000000000000000260621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95a62a7f98300032023-02-08 09:42:50.986root 11241100x8000000000000000260620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de2b5c8f37152632023-02-08 09:42:50.986root 11241100x8000000000000000260619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00198adfca8a59d2023-02-08 09:42:50.986root 11241100x8000000000000000260618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc024d4f7e21972e2023-02-08 09:42:50.986root 11241100x8000000000000000260617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6fe9464df067062023-02-08 09:42:50.986root 11241100x8000000000000000260616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d2cee83eabd6f42023-02-08 09:42:50.986root 11241100x8000000000000000260615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b9b75469cded7f2023-02-08 09:42:50.986root 11241100x8000000000000000260625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37e0256283eee312023-02-08 09:42:50.987root 11241100x8000000000000000260624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75736c6297faa72023-02-08 09:42:50.987root 11241100x8000000000000000260629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b837921652cd5892023-02-08 09:42:51.484root 11241100x8000000000000000260628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460be8dab51804732023-02-08 09:42:51.484root 11241100x8000000000000000260627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd437641b46b6282023-02-08 09:42:51.484root 11241100x8000000000000000260626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630fd0009bf706a72023-02-08 09:42:51.484root 11241100x8000000000000000260636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59056c1fb7585ca52023-02-08 09:42:51.485root 11241100x8000000000000000260635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d09021e2829230c2023-02-08 09:42:51.485root 11241100x8000000000000000260634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e69bd7e4ad3872023-02-08 09:42:51.485root 11241100x8000000000000000260633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0dc0514c1d76062023-02-08 09:42:51.485root 11241100x8000000000000000260632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f200dedddea26a5b2023-02-08 09:42:51.485root 11241100x8000000000000000260631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec8b39592b6cff2023-02-08 09:42:51.485root 11241100x8000000000000000260630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a70a78f58e447102023-02-08 09:42:51.485root 11241100x8000000000000000260649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93043c7df638a9f92023-02-08 09:42:51.486root 11241100x8000000000000000260648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d48ff0238c188b2023-02-08 09:42:51.486root 11241100x8000000000000000260647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f1d694b0dfbb0b2023-02-08 09:42:51.486root 11241100x8000000000000000260646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281493e4647eea442023-02-08 09:42:51.486root 11241100x8000000000000000260645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef5c27c4ea92d22023-02-08 09:42:51.486root 11241100x8000000000000000260644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420f6a1ea8d5bd02023-02-08 09:42:51.486root 11241100x8000000000000000260643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3c5e362de1366a2023-02-08 09:42:51.486root 11241100x8000000000000000260642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba944d21995e226e2023-02-08 09:42:51.486root 11241100x8000000000000000260641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fedb909cf5680a2023-02-08 09:42:51.486root 11241100x8000000000000000260640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9358bb9074df75692023-02-08 09:42:51.486root 11241100x8000000000000000260639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baf4b962d5390ea2023-02-08 09:42:51.486root 11241100x8000000000000000260638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90641c04c5ff45ce2023-02-08 09:42:51.486root 11241100x8000000000000000260637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cd6b54a427b402023-02-08 09:42:51.486root 11241100x8000000000000000260654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf7ac798b7ab48d2023-02-08 09:42:51.984root 11241100x8000000000000000260653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6d4e95ec0f1f492023-02-08 09:42:51.984root 11241100x8000000000000000260652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242cf21ec220ab92023-02-08 09:42:51.984root 11241100x8000000000000000260651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441e3c1cde09e7652023-02-08 09:42:51.984root 11241100x8000000000000000260650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e191402049686fb92023-02-08 09:42:51.984root 11241100x8000000000000000260665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d052ff8cb1097752023-02-08 09:42:51.985root 11241100x8000000000000000260664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706de7d530ccabe82023-02-08 09:42:51.985root 11241100x8000000000000000260663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a8fa8fc50538e2023-02-08 09:42:51.985root 11241100x8000000000000000260662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a97ccd48be1382023-02-08 09:42:51.985root 11241100x8000000000000000260661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f577177efcadc60e2023-02-08 09:42:51.985root 11241100x8000000000000000260660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23710d48f4fde90d2023-02-08 09:42:51.985root 11241100x8000000000000000260659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b04a1af9b8ef2642023-02-08 09:42:51.985root 11241100x8000000000000000260658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7d8af376c3fe4c2023-02-08 09:42:51.985root 11241100x8000000000000000260657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc78742c82df3522023-02-08 09:42:51.985root 11241100x8000000000000000260656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b571ea6acf294c0c2023-02-08 09:42:51.985root 11241100x8000000000000000260655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6cdff0c568e01a2023-02-08 09:42:51.985root 11241100x8000000000000000260673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095ae32331891a552023-02-08 09:42:51.986root 11241100x8000000000000000260672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e321e284223d29f2023-02-08 09:42:51.986root 11241100x8000000000000000260671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49ec01f91c692c92023-02-08 09:42:51.986root 11241100x8000000000000000260670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb6dd4a08e3952b2023-02-08 09:42:51.986root 11241100x8000000000000000260669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea3880ce1ff70122023-02-08 09:42:51.986root 11241100x8000000000000000260668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2906c8db64a07892023-02-08 09:42:51.986root 11241100x8000000000000000260667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e460751d71b76fb2023-02-08 09:42:51.986root 11241100x8000000000000000260666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17993b822f3394ab2023-02-08 09:42:51.986root 11241100x8000000000000000260677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd7fb5dd3f5e0832023-02-08 09:42:52.484root 11241100x8000000000000000260676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134eb4879dee6c432023-02-08 09:42:52.484root 11241100x8000000000000000260675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ef7a9d00f44b4c2023-02-08 09:42:52.484root 11241100x8000000000000000260674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3dabc398c1d35a2023-02-08 09:42:52.484root 11241100x8000000000000000260688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178fae69ff415f192023-02-08 09:42:52.485root 11241100x8000000000000000260687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5f76ecc7e07e762023-02-08 09:42:52.485root 11241100x8000000000000000260686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da264bfcd5afc972023-02-08 09:42:52.485root 11241100x8000000000000000260685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07f0906fc55d33e2023-02-08 09:42:52.485root 11241100x8000000000000000260684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3358c8c52dc000da2023-02-08 09:42:52.485root 11241100x8000000000000000260683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741a3068502e3e722023-02-08 09:42:52.485root 11241100x8000000000000000260682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045b3331576d87302023-02-08 09:42:52.485root 11241100x8000000000000000260681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd101964454b102023-02-08 09:42:52.485root 11241100x8000000000000000260680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec32f78daac31f52023-02-08 09:42:52.485root 11241100x8000000000000000260679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae53c72e31c5e82023-02-08 09:42:52.485root 11241100x8000000000000000260678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a2c106b353d98a2023-02-08 09:42:52.485root 11241100x8000000000000000260697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eeef0137bf5d4d2023-02-08 09:42:52.486root 11241100x8000000000000000260696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f954cc7a5fe32482023-02-08 09:42:52.486root 11241100x8000000000000000260695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ef185a4debb2e12023-02-08 09:42:52.486root 11241100x8000000000000000260694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f36b7fe892b46802023-02-08 09:42:52.486root 11241100x8000000000000000260693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f5ec142aacf59a2023-02-08 09:42:52.486root 11241100x8000000000000000260692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1be2812ebd71332023-02-08 09:42:52.486root 11241100x8000000000000000260691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbb35b537b5156a2023-02-08 09:42:52.486root 11241100x8000000000000000260690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27dbcf3973bf81f2023-02-08 09:42:52.486root 11241100x8000000000000000260689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82034eb0adaf9ffb2023-02-08 09:42:52.486root 11241100x8000000000000000260702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7768d21c647a4472023-02-08 09:42:52.984root 11241100x8000000000000000260701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d8540e4e20974b2023-02-08 09:42:52.984root 11241100x8000000000000000260700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a1836c92acd8f2023-02-08 09:42:52.984root 11241100x8000000000000000260699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a9b5e8eccb73f72023-02-08 09:42:52.984root 11241100x8000000000000000260698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7d4ec87a1d7b7b2023-02-08 09:42:52.984root 11241100x8000000000000000260708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589902203f2a0a172023-02-08 09:42:52.985root 11241100x8000000000000000260707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e528de9d33833e5a2023-02-08 09:42:52.985root 11241100x8000000000000000260706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9226d361f212b6052023-02-08 09:42:52.985root 11241100x8000000000000000260705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d97f51260b9cb32023-02-08 09:42:52.985root 11241100x8000000000000000260704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f5199de43de7622023-02-08 09:42:52.985root 11241100x8000000000000000260703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c3a73e4f46bd002023-02-08 09:42:52.985root 11241100x8000000000000000260720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2a3224a2ebac62023-02-08 09:42:52.986root 11241100x8000000000000000260719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80877b9bfabd20782023-02-08 09:42:52.986root 11241100x8000000000000000260718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7a84a102edab5d2023-02-08 09:42:52.986root 11241100x8000000000000000260717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd297df1a266766b2023-02-08 09:42:52.986root 11241100x8000000000000000260716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921413639242c902023-02-08 09:42:52.986root 11241100x8000000000000000260715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67170ea886ce50612023-02-08 09:42:52.986root 11241100x8000000000000000260714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b2ca23df71cb62023-02-08 09:42:52.986root 11241100x8000000000000000260713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99ce4334cb0ea52023-02-08 09:42:52.986root 11241100x8000000000000000260712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dca67b24cdbe612023-02-08 09:42:52.986root 11241100x8000000000000000260711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f0bb9acef5c7f2023-02-08 09:42:52.986root 11241100x8000000000000000260710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7032123a8fd125ba2023-02-08 09:42:52.986root 11241100x8000000000000000260709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8235bb8a38b7792023-02-08 09:42:52.986root 11241100x8000000000000000260721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c268125ff00881802023-02-08 09:42:52.987root 354300x8000000000000000260722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.226{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42276-false10.0.1.12-8000- 11241100x8000000000000000260725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3140566719cbc32023-02-08 09:42:53.484root 11241100x8000000000000000260724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de63265e5b511a2023-02-08 09:42:53.484root 11241100x8000000000000000260723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656f495955a635372023-02-08 09:42:53.484root 11241100x8000000000000000260730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d1361c35f64e672023-02-08 09:42:53.485root 11241100x8000000000000000260729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39e9d1e866cd6dd2023-02-08 09:42:53.485root 11241100x8000000000000000260728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1eb4b5dfd3f15d2023-02-08 09:42:53.485root 11241100x8000000000000000260727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231afb9ca56e32fe2023-02-08 09:42:53.485root 11241100x8000000000000000260726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a9262f585c398d2023-02-08 09:42:53.485root 11241100x8000000000000000260745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434cca102b86c4f22023-02-08 09:42:53.486root 11241100x8000000000000000260744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9494f10ba43852023-02-08 09:42:53.486root 11241100x8000000000000000260743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39144947a97c7372023-02-08 09:42:53.486root 11241100x8000000000000000260742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb8b66005f2bfe42023-02-08 09:42:53.486root 11241100x8000000000000000260741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1825c920d4e669a2023-02-08 09:42:53.486root 11241100x8000000000000000260740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f8579182edf8702023-02-08 09:42:53.486root 11241100x8000000000000000260739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d4bddb67af12002023-02-08 09:42:53.486root 11241100x8000000000000000260738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc508fd4730dd672023-02-08 09:42:53.486root 11241100x8000000000000000260737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f97bd3d177497a2023-02-08 09:42:53.486root 11241100x8000000000000000260736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d65dfd9f52ce552023-02-08 09:42:53.486root 11241100x8000000000000000260735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4197601c17d8ff2023-02-08 09:42:53.486root 11241100x8000000000000000260734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6bd10c1a59af4f2023-02-08 09:42:53.486root 11241100x8000000000000000260733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156c5a9f194e0aa2023-02-08 09:42:53.486root 11241100x8000000000000000260732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0e34f9d583a602023-02-08 09:42:53.486root 11241100x8000000000000000260731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f8a96760740f1f2023-02-08 09:42:53.486root 11241100x8000000000000000260749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18aacdabd5addbc2023-02-08 09:42:53.487root 11241100x8000000000000000260748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6588598585d1bee62023-02-08 09:42:53.487root 11241100x8000000000000000260747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0cdbea26ee135f2023-02-08 09:42:53.487root 11241100x8000000000000000260746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6aae2f2bb1a5ac2023-02-08 09:42:53.487root 11241100x8000000000000000260754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd13c1098efed0a02023-02-08 09:42:53.984root 11241100x8000000000000000260753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b197913c8354a362023-02-08 09:42:53.984root 11241100x8000000000000000260752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44989996b8311e82023-02-08 09:42:53.984root 11241100x8000000000000000260751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e241b7b73893f782023-02-08 09:42:53.984root 11241100x8000000000000000260750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d779356caf371672023-02-08 09:42:53.984root 11241100x8000000000000000260767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2792027304577d42023-02-08 09:42:53.985root 11241100x8000000000000000260766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc218f9cfbb257582023-02-08 09:42:53.985root 11241100x8000000000000000260765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe57b7036420f9b82023-02-08 09:42:53.985root 11241100x8000000000000000260764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ed520e909c139f2023-02-08 09:42:53.985root 11241100x8000000000000000260763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e67c8765b5752e12023-02-08 09:42:53.985root 11241100x8000000000000000260762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adae9c613cf17df2023-02-08 09:42:53.985root 11241100x8000000000000000260761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfb39d43ad6f3ff2023-02-08 09:42:53.985root 11241100x8000000000000000260760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c9c5a3b93cc3f2023-02-08 09:42:53.985root 11241100x8000000000000000260759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e3299ad7cea50d2023-02-08 09:42:53.985root 11241100x8000000000000000260758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586cf6c3d3f2b912023-02-08 09:42:53.985root 11241100x8000000000000000260757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa223ca975d78f2023-02-08 09:42:53.985root 11241100x8000000000000000260756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609a364ef1b978e12023-02-08 09:42:53.985root 11241100x8000000000000000260755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addaae2fb08631262023-02-08 09:42:53.985root 11241100x8000000000000000260774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fddc38b79bea9142023-02-08 09:42:53.986root 11241100x8000000000000000260773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f488e9afe66e7e2023-02-08 09:42:53.986root 11241100x8000000000000000260772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f681a5a62815142023-02-08 09:42:53.986root 11241100x8000000000000000260771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3857a3b808ffce422023-02-08 09:42:53.986root 11241100x8000000000000000260770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ba157447ac0ef2023-02-08 09:42:53.986root 11241100x8000000000000000260769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4441a2dbb4d7fa2023-02-08 09:42:53.986root 11241100x8000000000000000260768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715d0dcde9bebf862023-02-08 09:42:53.986root 11241100x8000000000000000260778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420ec0507dd3f4962023-02-08 09:42:54.484root 11241100x8000000000000000260777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8210f43e1af3ca2023-02-08 09:42:54.484root 11241100x8000000000000000260776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5baca2642e4a492023-02-08 09:42:54.484root 11241100x8000000000000000260775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac007188e16b7db12023-02-08 09:42:54.484root 11241100x8000000000000000260790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67603b9033227ec72023-02-08 09:42:54.485root 11241100x8000000000000000260789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8bad4a8798d8bd2023-02-08 09:42:54.485root 11241100x8000000000000000260788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4191a1efd0b9ec1a2023-02-08 09:42:54.485root 11241100x8000000000000000260787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e85956ca7ee1942023-02-08 09:42:54.485root 11241100x8000000000000000260786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50984f0107a446622023-02-08 09:42:54.485root 11241100x8000000000000000260785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea43e9618207afa92023-02-08 09:42:54.485root 11241100x8000000000000000260784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900dfd5bda502ee92023-02-08 09:42:54.485root 11241100x8000000000000000260783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1ee6e8938405ff2023-02-08 09:42:54.485root 11241100x8000000000000000260782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9c8fa877dc6c192023-02-08 09:42:54.485root 11241100x8000000000000000260781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6371807a58cea1c92023-02-08 09:42:54.485root 11241100x8000000000000000260780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131018996d8d985c2023-02-08 09:42:54.485root 11241100x8000000000000000260779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfa05e4b15164ea2023-02-08 09:42:54.485root 11241100x8000000000000000260800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f127b1df38221c902023-02-08 09:42:54.486root 11241100x8000000000000000260799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade32a08fdf87df12023-02-08 09:42:54.486root 11241100x8000000000000000260798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15feb44622cd7f222023-02-08 09:42:54.486root 11241100x8000000000000000260797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f89cda9f5714452023-02-08 09:42:54.486root 11241100x8000000000000000260796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea3b0dc36528df2023-02-08 09:42:54.486root 11241100x8000000000000000260795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7990f727834a66c82023-02-08 09:42:54.486root 11241100x8000000000000000260794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be566f6107db70862023-02-08 09:42:54.486root 11241100x8000000000000000260793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153d80e3352ed9292023-02-08 09:42:54.486root 11241100x8000000000000000260792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec2ea48a785c81a2023-02-08 09:42:54.486root 11241100x8000000000000000260791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9c31db512518c32023-02-08 09:42:54.486root 11241100x8000000000000000260809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4dfb25c6572e9a2023-02-08 09:42:54.985root 11241100x8000000000000000260808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba369bea17b8f6a2023-02-08 09:42:54.985root 11241100x8000000000000000260807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095132fe8c3c9bc72023-02-08 09:42:54.985root 11241100x8000000000000000260806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5846bed1cbaf3ec42023-02-08 09:42:54.985root 11241100x8000000000000000260805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c6e9369af350d62023-02-08 09:42:54.985root 11241100x8000000000000000260804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101c84541389b0f72023-02-08 09:42:54.985root 11241100x8000000000000000260803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e42b8e3be259842023-02-08 09:42:54.985root 11241100x8000000000000000260802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d71645594e4392023-02-08 09:42:54.985root 11241100x8000000000000000260801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8b986281c098b22023-02-08 09:42:54.985root 11241100x8000000000000000260822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b418779d39621502023-02-08 09:42:54.986root 11241100x8000000000000000260821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e81760428aa1732023-02-08 09:42:54.986root 11241100x8000000000000000260820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9574c2ed7fcef42023-02-08 09:42:54.986root 11241100x8000000000000000260819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ce3ce6e5e57b072023-02-08 09:42:54.986root 11241100x8000000000000000260818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4bdbdf7469f6402023-02-08 09:42:54.986root 11241100x8000000000000000260817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a936864505df432023-02-08 09:42:54.986root 11241100x8000000000000000260816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ca08e172e6f0622023-02-08 09:42:54.986root 11241100x8000000000000000260815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c4bfae9c2423bb2023-02-08 09:42:54.986root 11241100x8000000000000000260814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b86b92b0840672023-02-08 09:42:54.986root 11241100x8000000000000000260813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e990aa193dccd02023-02-08 09:42:54.986root 11241100x8000000000000000260812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b142c40f1869ee52023-02-08 09:42:54.986root 11241100x8000000000000000260811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a782030dd67f352023-02-08 09:42:54.986root 11241100x8000000000000000260810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae01b465d1a0b522023-02-08 09:42:54.986root 11241100x8000000000000000260825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73898382f636f4c92023-02-08 09:42:54.987root 11241100x8000000000000000260824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c01971e969482f2023-02-08 09:42:54.987root 11241100x8000000000000000260823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea724d4e3078ef92023-02-08 09:42:54.987root 11241100x8000000000000000260826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361934a040377182023-02-08 09:42:55.484root 11241100x8000000000000000260837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97223f56d4d1f72023-02-08 09:42:55.485root 11241100x8000000000000000260836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d612c76e8072b52023-02-08 09:42:55.485root 11241100x8000000000000000260835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acfe8c73189c59e2023-02-08 09:42:55.485root 11241100x8000000000000000260834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d0268d57970fb82023-02-08 09:42:55.485root 11241100x8000000000000000260833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b2482673a3b102023-02-08 09:42:55.485root 11241100x8000000000000000260832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9194f3059e3d68d2023-02-08 09:42:55.485root 11241100x8000000000000000260831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4425f226335c12023-02-08 09:42:55.485root 11241100x8000000000000000260830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae07422995c8fd2023-02-08 09:42:55.485root 11241100x8000000000000000260829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b3e2f37f167b092023-02-08 09:42:55.485root 11241100x8000000000000000260828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60fcb46c8e21902023-02-08 09:42:55.485root 11241100x8000000000000000260827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f4fb21578b9e6b2023-02-08 09:42:55.485root 11241100x8000000000000000260846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ae1f49104eb842023-02-08 09:42:55.486root 11241100x8000000000000000260845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd928778d87ea2732023-02-08 09:42:55.486root 11241100x8000000000000000260844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede23b0fe9e8f4d12023-02-08 09:42:55.486root 11241100x8000000000000000260843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca5243803171bb42023-02-08 09:42:55.486root 11241100x8000000000000000260842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e53a74e1be468f52023-02-08 09:42:55.486root 11241100x8000000000000000260841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c750449e21c04122023-02-08 09:42:55.486root 11241100x8000000000000000260840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a173b33cf0fd8e2023-02-08 09:42:55.486root 11241100x8000000000000000260839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2636be40e1829a0d2023-02-08 09:42:55.486root 11241100x8000000000000000260838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf044e0f13ba85c32023-02-08 09:42:55.486root 11241100x8000000000000000260850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827b8e455bae8b1c2023-02-08 09:42:55.487root 11241100x8000000000000000260849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae23089e0ebbed2023-02-08 09:42:55.487root 11241100x8000000000000000260848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540326413abbb98a2023-02-08 09:42:55.487root 11241100x8000000000000000260847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc411fe1cad73ed2023-02-08 09:42:55.487root 11241100x8000000000000000260851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f85b6b2e36ba632023-02-08 09:42:55.984root 11241100x8000000000000000260861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e172f3f7c475e3e02023-02-08 09:42:55.985root 11241100x8000000000000000260860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7dace1ca0868b92023-02-08 09:42:55.985root 11241100x8000000000000000260859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d27f43693013792023-02-08 09:42:55.985root 11241100x8000000000000000260858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcb509e2b438e592023-02-08 09:42:55.985root 11241100x8000000000000000260857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f3d13537d919b2023-02-08 09:42:55.985root 11241100x8000000000000000260856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55156919c2d9fa02023-02-08 09:42:55.985root 11241100x8000000000000000260855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc720671def9d6202023-02-08 09:42:55.985root 11241100x8000000000000000260854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b523ecf7c5a9446c2023-02-08 09:42:55.985root 11241100x8000000000000000260853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a8e73c7eb5fb42023-02-08 09:42:55.985root 11241100x8000000000000000260852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043e18f16855aa672023-02-08 09:42:55.985root 11241100x8000000000000000260875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54a9b48e76e250b2023-02-08 09:42:55.986root 11241100x8000000000000000260874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f223ce94dda2dc2023-02-08 09:42:55.986root 11241100x8000000000000000260873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350a0aed1a2a44dc2023-02-08 09:42:55.986root 11241100x8000000000000000260872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4656f92f1112fdb32023-02-08 09:42:55.986root 11241100x8000000000000000260871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd3433f38f64fc2023-02-08 09:42:55.986root 11241100x8000000000000000260870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0996e5bbde1f1b2c2023-02-08 09:42:55.986root 11241100x8000000000000000260869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e2b9bb9753c0402023-02-08 09:42:55.986root 11241100x8000000000000000260868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb60d36a39259f22023-02-08 09:42:55.986root 11241100x8000000000000000260867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34125fe0451b40eb2023-02-08 09:42:55.986root 11241100x8000000000000000260866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a75d27c41f7d302023-02-08 09:42:55.986root 11241100x8000000000000000260865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef08c74f161dcc222023-02-08 09:42:55.986root 11241100x8000000000000000260864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b535e70aed675f2023-02-08 09:42:55.986root 11241100x8000000000000000260863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15ef81636793ab2023-02-08 09:42:55.986root 11241100x8000000000000000260862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c112dee194ffbd42023-02-08 09:42:55.986root 11241100x8000000000000000260888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef93d382bcf7ac2023-02-08 09:42:56.485root 11241100x8000000000000000260887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107555a4638a16172023-02-08 09:42:56.485root 11241100x8000000000000000260886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7600eeca1646632023-02-08 09:42:56.485root 11241100x8000000000000000260885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd89e2f5dd25e0e32023-02-08 09:42:56.485root 11241100x8000000000000000260884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179a42859a88be5d2023-02-08 09:42:56.485root 11241100x8000000000000000260883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9e9246cb36d9d2023-02-08 09:42:56.485root 11241100x8000000000000000260882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc35da3107f1a402023-02-08 09:42:56.485root 11241100x8000000000000000260881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395001ea80139a962023-02-08 09:42:56.485root 11241100x8000000000000000260880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63f06436cae0132023-02-08 09:42:56.485root 11241100x8000000000000000260879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da49c5a5ed52dc8a2023-02-08 09:42:56.485root 11241100x8000000000000000260878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb720d661b1a5652023-02-08 09:42:56.485root 11241100x8000000000000000260877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191028e1bbcdc43c2023-02-08 09:42:56.485root 11241100x8000000000000000260876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095ac7f684dd2eb2023-02-08 09:42:56.485root 11241100x8000000000000000260900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72ea72117657be12023-02-08 09:42:56.486root 11241100x8000000000000000260899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37b021c8466f562023-02-08 09:42:56.486root 11241100x8000000000000000260898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99b793967f760412023-02-08 09:42:56.486root 11241100x8000000000000000260897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e207f90dbab0b712023-02-08 09:42:56.486root 11241100x8000000000000000260896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424b59e956271272023-02-08 09:42:56.486root 11241100x8000000000000000260895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f4fc70506b39d32023-02-08 09:42:56.486root 11241100x8000000000000000260894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7445aebd59c981452023-02-08 09:42:56.486root 11241100x8000000000000000260893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9408eae6b1669d312023-02-08 09:42:56.486root 11241100x8000000000000000260892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c8e82c73b318692023-02-08 09:42:56.486root 11241100x8000000000000000260891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5142f4617f04312023-02-08 09:42:56.486root 11241100x8000000000000000260890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6259a7731937082023-02-08 09:42:56.486root 11241100x8000000000000000260889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943956860f5ddd402023-02-08 09:42:56.486root 11241100x8000000000000000260903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ca7f69c41512e82023-02-08 09:42:56.984root 11241100x8000000000000000260902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bfba4fcad4b6bc2023-02-08 09:42:56.984root 11241100x8000000000000000260901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5649af88ac7c00d02023-02-08 09:42:56.984root 11241100x8000000000000000260919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e37fd52437383e2023-02-08 09:42:56.985root 11241100x8000000000000000260918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612d94a892d777ca2023-02-08 09:42:56.985root 11241100x8000000000000000260917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13e6780a95fe632023-02-08 09:42:56.985root 11241100x8000000000000000260916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a0959f78972c32023-02-08 09:42:56.985root 11241100x8000000000000000260915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5d24ed6c8c5c682023-02-08 09:42:56.985root 11241100x8000000000000000260914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45219eac370603b2023-02-08 09:42:56.985root 11241100x8000000000000000260913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bd6524259ee8f22023-02-08 09:42:56.985root 11241100x8000000000000000260912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a474840f8c7ed2023-02-08 09:42:56.985root 11241100x8000000000000000260911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0eb1a865dfdf762023-02-08 09:42:56.985root 11241100x8000000000000000260910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b206f3c9f4ddca442023-02-08 09:42:56.985root 11241100x8000000000000000260909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb85a49eeb9e25362023-02-08 09:42:56.985root 11241100x8000000000000000260908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a889774732107c22023-02-08 09:42:56.985root 11241100x8000000000000000260907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c1d972574698fd2023-02-08 09:42:56.985root 11241100x8000000000000000260906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8267eaed2ead689c2023-02-08 09:42:56.985root 11241100x8000000000000000260905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b22efd7ab3eccb2023-02-08 09:42:56.985root 11241100x8000000000000000260904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f579335684009c2023-02-08 09:42:56.985root 11241100x8000000000000000260925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6666f89bb69c59902023-02-08 09:42:56.986root 11241100x8000000000000000260924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0919e88820260f9c2023-02-08 09:42:56.986root 11241100x8000000000000000260923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afcfa91df143a152023-02-08 09:42:56.986root 11241100x8000000000000000260922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101fc0e613efba5b2023-02-08 09:42:56.986root 11241100x8000000000000000260921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ac45754d85eaf22023-02-08 09:42:56.986root 11241100x8000000000000000260920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312f84923e28dd612023-02-08 09:42:56.986root 11241100x8000000000000000260932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc878df85eebf72023-02-08 09:42:57.485root 11241100x8000000000000000260931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309bdcd78d91924f2023-02-08 09:42:57.485root 11241100x8000000000000000260930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d56da809d7340e2023-02-08 09:42:57.485root 11241100x8000000000000000260929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cfead8d754bc972023-02-08 09:42:57.485root 11241100x8000000000000000260928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa04e88a231ef60f2023-02-08 09:42:57.485root 11241100x8000000000000000260927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c42c2d2d9ae832023-02-08 09:42:57.485root 11241100x8000000000000000260926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8436312b993bcef2023-02-08 09:42:57.485root 11241100x8000000000000000260943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195466054af43fd92023-02-08 09:42:57.486root 11241100x8000000000000000260942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5d809c7ba50b52023-02-08 09:42:57.486root 11241100x8000000000000000260941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20700d8c1676c19b2023-02-08 09:42:57.486root 11241100x8000000000000000260940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e7ad25e455715d2023-02-08 09:42:57.486root 11241100x8000000000000000260939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1f319e57ceff9f2023-02-08 09:42:57.486root 11241100x8000000000000000260938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e6473c72d2e3b2023-02-08 09:42:57.486root 11241100x8000000000000000260937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee10ce8b9bbefdf2023-02-08 09:42:57.486root 11241100x8000000000000000260936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fb07942fe6b91a2023-02-08 09:42:57.486root 11241100x8000000000000000260935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea022586d634a382023-02-08 09:42:57.486root 11241100x8000000000000000260934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97449d47d42f2f2023-02-08 09:42:57.486root 11241100x8000000000000000260933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abdd4a7cc261f932023-02-08 09:42:57.486root 11241100x8000000000000000260947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f693c8346c45062023-02-08 09:42:57.487root 11241100x8000000000000000260946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88e99e214a4fcb42023-02-08 09:42:57.487root 11241100x8000000000000000260945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec56ff994aedfc712023-02-08 09:42:57.487root 11241100x8000000000000000260944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33a63f4e557d512023-02-08 09:42:57.487root 11241100x8000000000000000260950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63f675a25df6caf2023-02-08 09:42:57.488root 11241100x8000000000000000260949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be5bffb618ee07f2023-02-08 09:42:57.488root 11241100x8000000000000000260948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a31855ca62e9172023-02-08 09:42:57.488root 11241100x8000000000000000260952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb72e8c05fea1e2023-02-08 09:42:57.984root 11241100x8000000000000000260951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098668f10e7c7fcd2023-02-08 09:42:57.984root 11241100x8000000000000000260955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d32238e5983a632023-02-08 09:42:57.985root 11241100x8000000000000000260954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cb67fd84ee9ea2023-02-08 09:42:57.985root 11241100x8000000000000000260953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2a3f3d2a9168792023-02-08 09:42:57.985root 11241100x8000000000000000260959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982ff071c9b1de02023-02-08 09:42:57.986root 11241100x8000000000000000260958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286204d0b72ad0692023-02-08 09:42:57.986root 11241100x8000000000000000260957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068fd5483fa1dda22023-02-08 09:42:57.986root 11241100x8000000000000000260956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f49412985d7cc222023-02-08 09:42:57.986root 11241100x8000000000000000260964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4b23102cd8b5902023-02-08 09:42:57.987root 11241100x8000000000000000260963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1d4ee6ba8881592023-02-08 09:42:57.987root 11241100x8000000000000000260962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46281f7b4de8f9d72023-02-08 09:42:57.987root 11241100x8000000000000000260961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181e26b1c78aaad92023-02-08 09:42:57.987root 11241100x8000000000000000260960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1812a6f67159ea2023-02-08 09:42:57.987root 11241100x8000000000000000260968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c40ad04d5688622023-02-08 09:42:57.988root 11241100x8000000000000000260967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2bf2cab5fea19a2023-02-08 09:42:57.988root 11241100x8000000000000000260966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca24b197ff95d092023-02-08 09:42:57.988root 11241100x8000000000000000260965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55239837f57861812023-02-08 09:42:57.988root 11241100x8000000000000000260970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbaa673a94fb5f2023-02-08 09:42:57.989root 11241100x8000000000000000260969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b563d59366516f2023-02-08 09:42:57.989root 11241100x8000000000000000260974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfc640129c33392023-02-08 09:42:57.990root 11241100x8000000000000000260973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ccefdbab34736f2023-02-08 09:42:57.990root 11241100x8000000000000000260972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed8d3e26ab3e562023-02-08 09:42:57.990root 11241100x8000000000000000260971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74689ceec31d65b2023-02-08 09:42:57.990root 11241100x8000000000000000260975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:57.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c570540aca6f6542023-02-08 09:42:57.991root 11241100x8000000000000000260979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121d33780c3bf3232023-02-08 09:42:58.484root 11241100x8000000000000000260978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52acfd0ea99c3362023-02-08 09:42:58.484root 11241100x8000000000000000260977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a8d885bde6f5122023-02-08 09:42:58.484root 11241100x8000000000000000260976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c3a0db109de82e2023-02-08 09:42:58.484root 11241100x8000000000000000260985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792022623d7ea8d82023-02-08 09:42:58.485root 11241100x8000000000000000260984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987c8642610181d52023-02-08 09:42:58.485root 11241100x8000000000000000260983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331be43b3837f8632023-02-08 09:42:58.485root 11241100x8000000000000000260982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3333df61320f5f22023-02-08 09:42:58.485root 11241100x8000000000000000260981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d7dc1ac97e4a612023-02-08 09:42:58.485root 11241100x8000000000000000260980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded028414b4f35bd2023-02-08 09:42:58.485root 11241100x8000000000000000260997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90e25533453b2e62023-02-08 09:42:58.486root 11241100x8000000000000000260996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c550cf7ef7437a2023-02-08 09:42:58.486root 11241100x8000000000000000260995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716534bf76f02f1e2023-02-08 09:42:58.486root 11241100x8000000000000000260994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c9803ddbcc41ec2023-02-08 09:42:58.486root 11241100x8000000000000000260993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f341f4166080672023-02-08 09:42:58.486root 11241100x8000000000000000260992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab790fa5a14c22c2023-02-08 09:42:58.486root 11241100x8000000000000000260991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d974d6e6c48d52023-02-08 09:42:58.486root 11241100x8000000000000000260990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843eb9d88149a4392023-02-08 09:42:58.486root 11241100x8000000000000000260989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92c86b832db88f72023-02-08 09:42:58.486root 11241100x8000000000000000260988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de8f1b055156ddc2023-02-08 09:42:58.486root 11241100x8000000000000000260987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61841ea575a5f802023-02-08 09:42:58.486root 11241100x8000000000000000260986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21564be3925842f02023-02-08 09:42:58.486root 11241100x8000000000000000261002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e36641f0106ce2023-02-08 09:42:58.487root 11241100x8000000000000000261001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095aec5e155636422023-02-08 09:42:58.487root 11241100x8000000000000000261000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed65df70ec059efa2023-02-08 09:42:58.487root 11241100x8000000000000000260999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ea594f7a284d402023-02-08 09:42:58.487root 11241100x8000000000000000260998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b43af863acf9a12023-02-08 09:42:58.487root 11241100x8000000000000000261010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406872eadfda16292023-02-08 09:42:58.984root 11241100x8000000000000000261009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac8071d2cc822532023-02-08 09:42:58.984root 11241100x8000000000000000261008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71fcfd47f8ca5332023-02-08 09:42:58.984root 11241100x8000000000000000261007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8a35d19fe1ce22023-02-08 09:42:58.984root 11241100x8000000000000000261006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41800fb407feacd32023-02-08 09:42:58.984root 11241100x8000000000000000261005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aaf8844a2d67d52023-02-08 09:42:58.984root 11241100x8000000000000000261004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204f2c0a4fb4fcb2023-02-08 09:42:58.984root 11241100x8000000000000000261003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea263f01d16a0042023-02-08 09:42:58.984root 11241100x8000000000000000261024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c0954be1b4c0f2023-02-08 09:42:58.985root 11241100x8000000000000000261023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d669e20d76e43ae2023-02-08 09:42:58.985root 11241100x8000000000000000261022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d86bfca8cce88a2023-02-08 09:42:58.985root 11241100x8000000000000000261021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6341fc0b770410062023-02-08 09:42:58.985root 11241100x8000000000000000261020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236dd5719b6fa73f2023-02-08 09:42:58.985root 11241100x8000000000000000261019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6779f84c91d0f68c2023-02-08 09:42:58.985root 11241100x8000000000000000261018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fe5f3fef96cf532023-02-08 09:42:58.985root 11241100x8000000000000000261017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb000475352d7822023-02-08 09:42:58.985root 11241100x8000000000000000261016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054817a000ab71b62023-02-08 09:42:58.985root 11241100x8000000000000000261015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bdfe16454f47db2023-02-08 09:42:58.985root 11241100x8000000000000000261014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0bd717114715262023-02-08 09:42:58.985root 11241100x8000000000000000261013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58025f19b72251ee2023-02-08 09:42:58.985root 11241100x8000000000000000261012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beaf62160c080092023-02-08 09:42:58.985root 11241100x8000000000000000261011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998240c16ff52bd12023-02-08 09:42:58.985root 11241100x8000000000000000261028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134a820bdc9543d22023-02-08 09:42:58.986root 11241100x8000000000000000261027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad946789be16f61d2023-02-08 09:42:58.986root 11241100x8000000000000000261026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061c16d83d48c15c2023-02-08 09:42:58.986root 11241100x8000000000000000261025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e8aad3afdc18b62023-02-08 09:42:58.986root 354300x8000000000000000261029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.091{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41904-false10.0.1.12-8000- 11241100x8000000000000000261031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e01240157250592023-02-08 09:42:59.484root 11241100x8000000000000000261030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b1ad86d0d6a7f2023-02-08 09:42:59.484root 11241100x8000000000000000261042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f545b585f6e902023-02-08 09:42:59.485root 11241100x8000000000000000261041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88f8120530d011b2023-02-08 09:42:59.485root 11241100x8000000000000000261040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaa311adcf8fbdf2023-02-08 09:42:59.485root 11241100x8000000000000000261039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380feb47232bbd22023-02-08 09:42:59.485root 11241100x8000000000000000261038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e147cabe376714e2023-02-08 09:42:59.485root 11241100x8000000000000000261037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df85c7ffc081982023-02-08 09:42:59.485root 11241100x8000000000000000261036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dc37dc5b72d56b2023-02-08 09:42:59.485root 11241100x8000000000000000261035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e258a5b119fd529e2023-02-08 09:42:59.485root 11241100x8000000000000000261034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73748106bb74f2252023-02-08 09:42:59.485root 11241100x8000000000000000261033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a5d499a311de522023-02-08 09:42:59.485root 11241100x8000000000000000261032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11332da7ffed99f12023-02-08 09:42:59.485root 11241100x8000000000000000261055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee598a28e2419272023-02-08 09:42:59.486root 11241100x8000000000000000261054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f93a3cf99926642023-02-08 09:42:59.486root 11241100x8000000000000000261053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb852e90fefddf12023-02-08 09:42:59.486root 11241100x8000000000000000261052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d382389df275a2023-02-08 09:42:59.486root 11241100x8000000000000000261051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdc11aedb51fed42023-02-08 09:42:59.486root 11241100x8000000000000000261050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab6c86438629de2023-02-08 09:42:59.486root 11241100x8000000000000000261049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd598039654a026c2023-02-08 09:42:59.486root 11241100x8000000000000000261048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2902abc095b900ea2023-02-08 09:42:59.486root 11241100x8000000000000000261047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f0d08361f2f8ab2023-02-08 09:42:59.486root 11241100x8000000000000000261046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6dfa0c8cd0ba032023-02-08 09:42:59.486root 11241100x8000000000000000261045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33365e981419f12023-02-08 09:42:59.486root 11241100x8000000000000000261044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e5a472e5c6f13a2023-02-08 09:42:59.486root 11241100x8000000000000000261043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3086649bb40539922023-02-08 09:42:59.486root 11241100x8000000000000000261067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ff71faac68cecd2023-02-08 09:42:59.985root 11241100x8000000000000000261066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9579c566954b874f2023-02-08 09:42:59.985root 11241100x8000000000000000261065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9509a33e0b7dccb2023-02-08 09:42:59.985root 11241100x8000000000000000261064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b81b2ee5dbeeb22023-02-08 09:42:59.985root 11241100x8000000000000000261063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446b15919e1237d2023-02-08 09:42:59.985root 11241100x8000000000000000261062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe2ac3ef07c83972023-02-08 09:42:59.985root 11241100x8000000000000000261061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306f5a3df4bdfc02023-02-08 09:42:59.985root 11241100x8000000000000000261060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2341b3b87ebbb5bd2023-02-08 09:42:59.985root 11241100x8000000000000000261059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a95bb6f43c1a0ff2023-02-08 09:42:59.985root 11241100x8000000000000000261058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb25b39ff002c38c2023-02-08 09:42:59.985root 11241100x8000000000000000261057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5e4077b331e5692023-02-08 09:42:59.985root 11241100x8000000000000000261056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f7f6bb78c820b2023-02-08 09:42:59.985root 11241100x8000000000000000261081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a4446ca5d2fa42023-02-08 09:42:59.986root 11241100x8000000000000000261080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca282e051682cc2023-02-08 09:42:59.986root 11241100x8000000000000000261079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b435dce98b7ed82023-02-08 09:42:59.986root 11241100x8000000000000000261078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfff07a27a540102023-02-08 09:42:59.986root 11241100x8000000000000000261077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a596b395d38412023-02-08 09:42:59.986root 11241100x8000000000000000261076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61732b4d29e922e2023-02-08 09:42:59.986root 11241100x8000000000000000261075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb59e89c6ec3cd2023-02-08 09:42:59.986root 11241100x8000000000000000261074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca541092f0afbf192023-02-08 09:42:59.986root 11241100x8000000000000000261073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e0b4bdcfff2572023-02-08 09:42:59.986root 11241100x8000000000000000261072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede5cc2041b69a5c2023-02-08 09:42:59.986root 11241100x8000000000000000261071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a29d05ef4b630082023-02-08 09:42:59.986root 11241100x8000000000000000261070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed1bcd84e1e3a3f2023-02-08 09:42:59.986root 11241100x8000000000000000261069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961c50dada151e3e2023-02-08 09:42:59.986root 11241100x8000000000000000261068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:42:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c379c089bf5dd12023-02-08 09:42:59.986root 11241100x8000000000000000261087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e408522f1cf16f2023-02-08 09:43:00.484root 11241100x8000000000000000261086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5373b2ede32f58722023-02-08 09:43:00.484root 11241100x8000000000000000261085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da8c309018d181f2023-02-08 09:43:00.484root 11241100x8000000000000000261084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee501a0ee0bf91932023-02-08 09:43:00.484root 11241100x8000000000000000261083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809d39b02a1269af2023-02-08 09:43:00.484root 11241100x8000000000000000261082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edf0f45c16d5aac2023-02-08 09:43:00.484root 11241100x8000000000000000261101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bfd62b8af57eaa2023-02-08 09:43:00.485root 11241100x8000000000000000261100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bfba8eecf36a332023-02-08 09:43:00.485root 11241100x8000000000000000261099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d6afd9bb8924d62023-02-08 09:43:00.485root 11241100x8000000000000000261098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fa0107eecd771e2023-02-08 09:43:00.485root 11241100x8000000000000000261097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d318ea380a7732023-02-08 09:43:00.485root 11241100x8000000000000000261096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4db54e970af4012023-02-08 09:43:00.485root 11241100x8000000000000000261095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4dcc04c18d8c022023-02-08 09:43:00.485root 11241100x8000000000000000261094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6808b2f112c5aba2023-02-08 09:43:00.485root 11241100x8000000000000000261093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bfea7f947463e82023-02-08 09:43:00.485root 11241100x8000000000000000261092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e759ee2a2ca5d532023-02-08 09:43:00.485root 11241100x8000000000000000261091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f5ade9cb1e77432023-02-08 09:43:00.485root 11241100x8000000000000000261090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd47020aefcf140b2023-02-08 09:43:00.485root 11241100x8000000000000000261089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7e50c6c7126882023-02-08 09:43:00.485root 11241100x8000000000000000261088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771b5b7e6f1a3db42023-02-08 09:43:00.485root 11241100x8000000000000000261108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fa17e08df517dd2023-02-08 09:43:00.486root 11241100x8000000000000000261107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde660fd79303d272023-02-08 09:43:00.486root 11241100x8000000000000000261106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1f2f2ad8aa2d3b2023-02-08 09:43:00.486root 11241100x8000000000000000261105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17a5b024c67a8ea2023-02-08 09:43:00.486root 11241100x8000000000000000261104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca57fbc07d8bf0742023-02-08 09:43:00.486root 11241100x8000000000000000261103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f51e99a10ce1c02023-02-08 09:43:00.486root 11241100x8000000000000000261102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c488dc5389bd872023-02-08 09:43:00.486root 154100x8000000000000000261109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.866{ec2a0601-6ea4-63e3-6844-c62ec0550000}5804/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000261113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3887918716414e2023-02-08 09:43:00.867root 11241100x8000000000000000261112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0cc5dec32085bf2023-02-08 09:43:00.867root 11241100x8000000000000000261111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a686f0f3cff47e052023-02-08 09:43:00.867root 11241100x8000000000000000261110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.867{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6b6fc457be15d2023-02-08 09:43:00.867root 11241100x8000000000000000261118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f77b9980ce7972023-02-08 09:43:00.868root 11241100x8000000000000000261117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc22117808bcb3fa2023-02-08 09:43:00.868root 11241100x8000000000000000261116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a4c2263419e30e2023-02-08 09:43:00.868root 11241100x8000000000000000261115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425a98d79074d18a2023-02-08 09:43:00.868root 11241100x8000000000000000261114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.868{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ece93d38f4a8b92023-02-08 09:43:00.868root 11241100x8000000000000000261128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3497600d93bbc1752023-02-08 09:43:00.869root 11241100x8000000000000000261127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15f2ee3eb0aa2c2023-02-08 09:43:00.869root 11241100x8000000000000000261126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39ae0afb6f5f7ed2023-02-08 09:43:00.869root 11241100x8000000000000000261125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f4e2480992a0d22023-02-08 09:43:00.869root 11241100x8000000000000000261124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0954d3b799f0332023-02-08 09:43:00.869root 11241100x8000000000000000261123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932672ec25841a502023-02-08 09:43:00.869root 11241100x8000000000000000261122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae57354db700c78d2023-02-08 09:43:00.869root 11241100x8000000000000000261121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256be55d0ad265f2023-02-08 09:43:00.869root 11241100x8000000000000000261120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a138d488f18be2023-02-08 09:43:00.869root 11241100x8000000000000000261119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.869{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0577b6f705cc64be2023-02-08 09:43:00.869root 11241100x8000000000000000261132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8213b562cb3b6d652023-02-08 09:43:00.870root 11241100x8000000000000000261131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72cc2693a666fb22023-02-08 09:43:00.870root 11241100x8000000000000000261130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2424b3e07cdf392023-02-08 09:43:00.870root 11241100x8000000000000000261129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.870{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008257ad8c029662023-02-08 09:43:00.870root 11241100x8000000000000000261133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.871{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec6ee6c62629e292023-02-08 09:43:00.871root 11241100x8000000000000000261140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff33a70186fadb02023-02-08 09:43:00.872root 11241100x8000000000000000261139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b99e596bc9012d2023-02-08 09:43:00.872root 11241100x8000000000000000261138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79e1330ecdb088d2023-02-08 09:43:00.872root 11241100x8000000000000000261137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f44d4b4d35702182023-02-08 09:43:00.872root 11241100x8000000000000000261136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4141222a51fb7d62023-02-08 09:43:00.872root 11241100x8000000000000000261135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffb6417e7bc2d002023-02-08 09:43:00.872root 11241100x8000000000000000261134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.872{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d6dc42ece41a312023-02-08 09:43:00.872root 11241100x8000000000000000261141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.874{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18dd629ac6a736c2023-02-08 09:43:00.874root 534500x8000000000000000261142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:00.890{ec2a0601-6ea4-63e3-6844-c62ec0550000}5804/bin/psroot 11241100x8000000000000000261146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acf0c76822d243f2023-02-08 09:43:01.234root 11241100x8000000000000000261145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba1150d647581f2023-02-08 09:43:01.234root 11241100x8000000000000000261144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f902d2a5a2dfc3db2023-02-08 09:43:01.234root 11241100x8000000000000000261143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e602037dfd4607f2023-02-08 09:43:01.234root 11241100x8000000000000000261154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477c66fefd2cee972023-02-08 09:43:01.235root 11241100x8000000000000000261153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db95807b08c40ef2023-02-08 09:43:01.235root 11241100x8000000000000000261152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d302c728d6038c72023-02-08 09:43:01.235root 11241100x8000000000000000261151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4e7d730b1bfaba2023-02-08 09:43:01.235root 11241100x8000000000000000261150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23e1afa1075701f2023-02-08 09:43:01.235root 11241100x8000000000000000261149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bbdf54f02194e42023-02-08 09:43:01.235root 11241100x8000000000000000261148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead6384f13da77112023-02-08 09:43:01.235root 11241100x8000000000000000261147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f54f049ac5f502023-02-08 09:43:01.235root 11241100x8000000000000000261162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1787eaf3382c006c2023-02-08 09:43:01.236root 11241100x8000000000000000261161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e303f9e998926a72023-02-08 09:43:01.236root 11241100x8000000000000000261160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e62437c69fe1b2023-02-08 09:43:01.236root 11241100x8000000000000000261159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d576f48190c0b2023-02-08 09:43:01.236root 11241100x8000000000000000261158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aadac77681982cd2023-02-08 09:43:01.236root 11241100x8000000000000000261157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bb07aee9d866252023-02-08 09:43:01.236root 11241100x8000000000000000261156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc75c98327b5e52023-02-08 09:43:01.236root 11241100x8000000000000000261155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2f36e08f0fff452023-02-08 09:43:01.236root 11241100x8000000000000000261170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51792b13e17aad4b2023-02-08 09:43:01.237root 11241100x8000000000000000261169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cc5a72980bb0c92023-02-08 09:43:01.237root 11241100x8000000000000000261168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fcf3bb7e9b80432023-02-08 09:43:01.237root 11241100x8000000000000000261167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c15c88728461eba2023-02-08 09:43:01.237root 11241100x8000000000000000261166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1388a75b8a0cf9382023-02-08 09:43:01.237root 11241100x8000000000000000261165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6369316bb69092023-02-08 09:43:01.237root 11241100x8000000000000000261164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c2faf46cc946c72023-02-08 09:43:01.237root 11241100x8000000000000000261163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f9865cf3c728222023-02-08 09:43:01.237root 11241100x8000000000000000261179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d54f6a6da50f2ef2023-02-08 09:43:01.735root 11241100x8000000000000000261178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d001449d7d93b8612023-02-08 09:43:01.735root 11241100x8000000000000000261177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f4f591a4884a62023-02-08 09:43:01.735root 11241100x8000000000000000261176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357e48b6d9a38292023-02-08 09:43:01.735root 11241100x8000000000000000261175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007dddc2b245b6312023-02-08 09:43:01.735root 11241100x8000000000000000261174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d820853d36a0a72023-02-08 09:43:01.735root 11241100x8000000000000000261173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b4b992baaaaf62023-02-08 09:43:01.735root 11241100x8000000000000000261172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71dc0611aaa9b4f2023-02-08 09:43:01.735root 11241100x8000000000000000261171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4999a2cd965e1352023-02-08 09:43:01.735root 11241100x8000000000000000261188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ea6a87c5c93dd52023-02-08 09:43:01.736root 11241100x8000000000000000261187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b6284c39f818422023-02-08 09:43:01.736root 11241100x8000000000000000261186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e6060bc3bc5bd52023-02-08 09:43:01.736root 11241100x8000000000000000261185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f920b4b69cdf24f72023-02-08 09:43:01.736root 11241100x8000000000000000261184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b28867fa55ed3f2023-02-08 09:43:01.736root 11241100x8000000000000000261183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce180f16e42045ac2023-02-08 09:43:01.736root 11241100x8000000000000000261182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b45afaf7c572862023-02-08 09:43:01.736root 11241100x8000000000000000261181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40456466c04bc74a2023-02-08 09:43:01.736root 11241100x8000000000000000261180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc79c59635324582023-02-08 09:43:01.736root 11241100x8000000000000000261197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300af0890fe593962023-02-08 09:43:01.737root 11241100x8000000000000000261196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995df8b4631433f62023-02-08 09:43:01.737root 11241100x8000000000000000261195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9463069297b83c122023-02-08 09:43:01.737root 11241100x8000000000000000261194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b3b822fc6ebff2023-02-08 09:43:01.737root 11241100x8000000000000000261193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc77386de1d71202023-02-08 09:43:01.737root 11241100x8000000000000000261192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff471ae3a54cdfed2023-02-08 09:43:01.737root 11241100x8000000000000000261191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7ad14f285a64a2023-02-08 09:43:01.737root 11241100x8000000000000000261190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32e852ba1d886be2023-02-08 09:43:01.737root 11241100x8000000000000000261189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7239c48566738e82023-02-08 09:43:01.737root 11241100x8000000000000000261198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e259f556eef08ba2023-02-08 09:43:01.738root 11241100x8000000000000000261203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab6f3a2a0fa38802023-02-08 09:43:02.234root 11241100x8000000000000000261202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee1de08221103ed2023-02-08 09:43:02.234root 11241100x8000000000000000261201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc61803d0cdbc0262023-02-08 09:43:02.234root 11241100x8000000000000000261200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfb87fa8170d7132023-02-08 09:43:02.234root 11241100x8000000000000000261199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f3dbecc344e40e2023-02-08 09:43:02.234root 11241100x8000000000000000261213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c32a72d5f586352023-02-08 09:43:02.235root 11241100x8000000000000000261212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8995b29c1a7c60122023-02-08 09:43:02.235root 11241100x8000000000000000261211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c6fb5c712f5a262023-02-08 09:43:02.235root 11241100x8000000000000000261210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f0a2d11d133492023-02-08 09:43:02.235root 11241100x8000000000000000261209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4fb2207d532c22023-02-08 09:43:02.235root 11241100x8000000000000000261208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11da8cade6d2962023-02-08 09:43:02.235root 11241100x8000000000000000261207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6d990bcd4f358e2023-02-08 09:43:02.235root 11241100x8000000000000000261206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff2cefa3c39f5f2023-02-08 09:43:02.235root 11241100x8000000000000000261205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e3bfa31a93f6c92023-02-08 09:43:02.235root 11241100x8000000000000000261204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f72285ee0e40a3e2023-02-08 09:43:02.235root 11241100x8000000000000000261228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0288a26af564273b2023-02-08 09:43:02.236root 11241100x8000000000000000261227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbb0810475678952023-02-08 09:43:02.236root 11241100x8000000000000000261226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b9a470b6376def2023-02-08 09:43:02.236root 11241100x8000000000000000261225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6935a562494e442023-02-08 09:43:02.236root 11241100x8000000000000000261224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa19fe8df47c39ff2023-02-08 09:43:02.236root 11241100x8000000000000000261223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e836de9d24f9a4ed2023-02-08 09:43:02.236root 11241100x8000000000000000261222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece2012356d0abb82023-02-08 09:43:02.236root 11241100x8000000000000000261221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afed7782ab6254582023-02-08 09:43:02.236root 11241100x8000000000000000261220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24372ae5e5f774d22023-02-08 09:43:02.236root 11241100x8000000000000000261219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a26703f690f11382023-02-08 09:43:02.236root 11241100x8000000000000000261218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ea1e7d22bdf8342023-02-08 09:43:02.236root 11241100x8000000000000000261217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be8c08945e14a602023-02-08 09:43:02.236root 11241100x8000000000000000261216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428321e33b32cc5e2023-02-08 09:43:02.236root 11241100x8000000000000000261215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39008af5ae10ceef2023-02-08 09:43:02.236root 11241100x8000000000000000261214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4cec819b8b8c82023-02-08 09:43:02.236root 11241100x8000000000000000261229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76664e94cec4e752023-02-08 09:43:02.237root 11241100x8000000000000000261235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039a8bf95ccf9b182023-02-08 09:43:02.734root 11241100x8000000000000000261234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed669235fec3d8a2023-02-08 09:43:02.734root 11241100x8000000000000000261233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf51db97c38f88f2023-02-08 09:43:02.734root 11241100x8000000000000000261232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74b89dd6abed8562023-02-08 09:43:02.734root 11241100x8000000000000000261231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643778aaa442b7492023-02-08 09:43:02.734root 11241100x8000000000000000261230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6201a95d3f7ae62023-02-08 09:43:02.734root 11241100x8000000000000000261244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cd89b75b8975212023-02-08 09:43:02.735root 11241100x8000000000000000261243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2237cc5ed7e5a92023-02-08 09:43:02.735root 11241100x8000000000000000261242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56de99cb02acb9f2023-02-08 09:43:02.735root 11241100x8000000000000000261241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1455a0d2135fed2023-02-08 09:43:02.735root 11241100x8000000000000000261240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d1ba8155f10ab2023-02-08 09:43:02.735root 11241100x8000000000000000261239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382dff8e4919392e2023-02-08 09:43:02.735root 11241100x8000000000000000261238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3026151d336e582023-02-08 09:43:02.735root 11241100x8000000000000000261237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da82fe7fe0d91132023-02-08 09:43:02.735root 11241100x8000000000000000261236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89682b24f83542bf2023-02-08 09:43:02.735root 11241100x8000000000000000261257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefe3886538c5b882023-02-08 09:43:02.736root 11241100x8000000000000000261256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606295cd9430ee7d2023-02-08 09:43:02.736root 11241100x8000000000000000261255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368cc9e5213aa9392023-02-08 09:43:02.736root 11241100x8000000000000000261254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c583fbbde194bc572023-02-08 09:43:02.736root 11241100x8000000000000000261253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb8e597009f3692023-02-08 09:43:02.736root 11241100x8000000000000000261252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dee6d3975a7d772023-02-08 09:43:02.736root 11241100x8000000000000000261251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a7c0250b86a5c22023-02-08 09:43:02.736root 11241100x8000000000000000261250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011894231bcc489d2023-02-08 09:43:02.736root 11241100x8000000000000000261249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763e8de2655462942023-02-08 09:43:02.736root 11241100x8000000000000000261248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2547550fe7c2f5d22023-02-08 09:43:02.736root 11241100x8000000000000000261247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19af1e708ee9292023-02-08 09:43:02.736root 11241100x8000000000000000261246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c462338a6da7ec2023-02-08 09:43:02.736root 11241100x8000000000000000261245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816b7681a703963b2023-02-08 09:43:02.736root 11241100x8000000000000000261263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93577a0fff17706d2023-02-08 09:43:02.737root 11241100x8000000000000000261262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12a819e6d5b3102023-02-08 09:43:02.737root 11241100x8000000000000000261261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8724e816f7bb57832023-02-08 09:43:02.737root 11241100x8000000000000000261260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239c001d2bae154e2023-02-08 09:43:02.737root 11241100x8000000000000000261259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b2801264dd19422023-02-08 09:43:02.737root 11241100x8000000000000000261258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5379de2b1d5e713f2023-02-08 09:43:02.737root 11241100x8000000000000000261272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0db7289cd4b8742023-02-08 09:43:02.738root 11241100x8000000000000000261271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51aac11820b79272023-02-08 09:43:02.738root 11241100x8000000000000000261270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7c410278c651072023-02-08 09:43:02.738root 11241100x8000000000000000261269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891d26c19b2c37d2023-02-08 09:43:02.738root 11241100x8000000000000000261268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed1a28550b8ae682023-02-08 09:43:02.738root 11241100x8000000000000000261267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8f2bfcd7fb1e602023-02-08 09:43:02.738root 11241100x8000000000000000261266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5482b90906c082023-02-08 09:43:02.738root 11241100x8000000000000000261265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecbbae48bdc1a2b2023-02-08 09:43:02.738root 11241100x8000000000000000261264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7cf87cab5b8ba22023-02-08 09:43:02.738root 11241100x8000000000000000261281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7305cb802f102702023-02-08 09:43:03.235root 11241100x8000000000000000261280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebb5a3dabc8bad42023-02-08 09:43:03.235root 11241100x8000000000000000261279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75002e2898e86cfb2023-02-08 09:43:03.235root 11241100x8000000000000000261278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ea03fd16f11bf2023-02-08 09:43:03.235root 11241100x8000000000000000261277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844291f5122ddefa2023-02-08 09:43:03.235root 11241100x8000000000000000261276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4311cd2572f9431c2023-02-08 09:43:03.235root 11241100x8000000000000000261275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231919dd5f1c37162023-02-08 09:43:03.235root 11241100x8000000000000000261274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9673a4949103ed912023-02-08 09:43:03.235root 11241100x8000000000000000261273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1320db3aa272b7a2023-02-08 09:43:03.235root 11241100x8000000000000000261290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046702d40ae6ce32023-02-08 09:43:03.236root 11241100x8000000000000000261289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02a376f9eba0f722023-02-08 09:43:03.236root 11241100x8000000000000000261288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1d79c18665f7b2023-02-08 09:43:03.236root 11241100x8000000000000000261287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3251c237c46bf9662023-02-08 09:43:03.236root 11241100x8000000000000000261286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d10341dbb53f4d82023-02-08 09:43:03.236root 11241100x8000000000000000261285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d4e2dd9cb532b2023-02-08 09:43:03.236root 11241100x8000000000000000261284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db8e87b9db33e62023-02-08 09:43:03.236root 11241100x8000000000000000261283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2147ddf9195711e2023-02-08 09:43:03.236root 11241100x8000000000000000261282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed80e85868abf42023-02-08 09:43:03.236root 11241100x8000000000000000261300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e07227d60eaf7d2023-02-08 09:43:03.237root 11241100x8000000000000000261299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75927f073efa32b52023-02-08 09:43:03.237root 11241100x8000000000000000261298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e07cd837ff35c2023-02-08 09:43:03.237root 11241100x8000000000000000261297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119f4ddc6cb225cd2023-02-08 09:43:03.237root 11241100x8000000000000000261296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6e08af7c4e2d5d2023-02-08 09:43:03.237root 11241100x8000000000000000261295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9ffbdd086e0162023-02-08 09:43:03.237root 11241100x8000000000000000261294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1b411bb6e9d0a2023-02-08 09:43:03.237root 11241100x8000000000000000261293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c0d4788d40a0a22023-02-08 09:43:03.237root 11241100x8000000000000000261292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6bfdf59fb107fd2023-02-08 09:43:03.237root 11241100x8000000000000000261291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e1caad9ad6641c2023-02-08 09:43:03.237root 11241100x8000000000000000261302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52088f0e42cf4fd12023-02-08 09:43:03.734root 11241100x8000000000000000261301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c193c2d4b144542023-02-08 09:43:03.734root 11241100x8000000000000000261313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8832d5508cb6632023-02-08 09:43:03.735root 11241100x8000000000000000261312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40eb5962802ff62023-02-08 09:43:03.735root 11241100x8000000000000000261311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753d0790090c1152023-02-08 09:43:03.735root 11241100x8000000000000000261310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8819f7d61270472023-02-08 09:43:03.735root 11241100x8000000000000000261309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b6d8af399d4ba42023-02-08 09:43:03.735root 11241100x8000000000000000261308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe597bab356f1392023-02-08 09:43:03.735root 11241100x8000000000000000261307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b19f9666475fcc2023-02-08 09:43:03.735root 11241100x8000000000000000261306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8247b4fa57cbdf2023-02-08 09:43:03.735root 11241100x8000000000000000261305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a6cbb14cf426942023-02-08 09:43:03.735root 11241100x8000000000000000261304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2631d6b6f56342ef2023-02-08 09:43:03.735root 11241100x8000000000000000261303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384d279b9464bef82023-02-08 09:43:03.735root 11241100x8000000000000000261324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7d5e683e69ce42023-02-08 09:43:03.736root 11241100x8000000000000000261323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3d34fbf3ff0dae2023-02-08 09:43:03.736root 11241100x8000000000000000261322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01edc2c135ef7322023-02-08 09:43:03.736root 11241100x8000000000000000261321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96afcfac19cc6392023-02-08 09:43:03.736root 11241100x8000000000000000261320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0485719d8d993b72023-02-08 09:43:03.736root 11241100x8000000000000000261319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7170bf88202ed92023-02-08 09:43:03.736root 11241100x8000000000000000261318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418cedeec8012db32023-02-08 09:43:03.736root 11241100x8000000000000000261317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9b2ee7e649d9c42023-02-08 09:43:03.736root 11241100x8000000000000000261316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e7a7c8c1ce6bd2023-02-08 09:43:03.736root 11241100x8000000000000000261315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6853728cd15412023-02-08 09:43:03.736root 11241100x8000000000000000261314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3899386c6feedf2023-02-08 09:43:03.736root 11241100x8000000000000000261328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12fc0bc13942e292023-02-08 09:43:03.737root 11241100x8000000000000000261327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f617cf182570b5a2023-02-08 09:43:03.737root 11241100x8000000000000000261326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a022299d045a72842023-02-08 09:43:03.737root 11241100x8000000000000000261325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da16ab64ccd3e2b92023-02-08 09:43:03.737root 11241100x8000000000000000261331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26828a493f2cda882023-02-08 09:43:04.234root 11241100x8000000000000000261330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc36d5f33d48baf2023-02-08 09:43:04.234root 11241100x8000000000000000261329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36159defc3bce652023-02-08 09:43:04.234root 11241100x8000000000000000261343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc553478b8630e2023-02-08 09:43:04.235root 11241100x8000000000000000261342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1207aa39187ef4c2023-02-08 09:43:04.235root 11241100x8000000000000000261341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514f9a3dd195431b2023-02-08 09:43:04.235root 11241100x8000000000000000261340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d22ac43e3cb5392023-02-08 09:43:04.235root 11241100x8000000000000000261339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0a3adae5ecbf742023-02-08 09:43:04.235root 11241100x8000000000000000261338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef71afbcb285fa2023-02-08 09:43:04.235root 11241100x8000000000000000261337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cc5c2099cd56922023-02-08 09:43:04.235root 11241100x8000000000000000261336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5784321df67be522023-02-08 09:43:04.235root 11241100x8000000000000000261335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625194215919ca682023-02-08 09:43:04.235root 11241100x8000000000000000261334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9990e738ac8402332023-02-08 09:43:04.235root 11241100x8000000000000000261333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a849bf64c6463562023-02-08 09:43:04.235root 11241100x8000000000000000261332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f2b58f48761482023-02-08 09:43:04.235root 11241100x8000000000000000261354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed4cf7181bed402023-02-08 09:43:04.236root 11241100x8000000000000000261353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c839038822df97352023-02-08 09:43:04.236root 11241100x8000000000000000261352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b480e2d83ace5a2023-02-08 09:43:04.236root 11241100x8000000000000000261351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79423e0e8891ec82023-02-08 09:43:04.236root 11241100x8000000000000000261350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d603317091159932023-02-08 09:43:04.236root 11241100x8000000000000000261349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9192e82a37d43b2023-02-08 09:43:04.236root 11241100x8000000000000000261348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec43de4e22f449a2023-02-08 09:43:04.236root 11241100x8000000000000000261347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec28ac0f7c1fb9742023-02-08 09:43:04.236root 11241100x8000000000000000261346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cca0dea0b4beb9c2023-02-08 09:43:04.236root 11241100x8000000000000000261345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba6713a3d13e8b72023-02-08 09:43:04.236root 11241100x8000000000000000261344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30832aeb7a4dc492023-02-08 09:43:04.236root 11241100x8000000000000000261360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1073f2db0c23b6ae2023-02-08 09:43:04.237root 11241100x8000000000000000261359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497aa37ad7591b0f2023-02-08 09:43:04.237root 11241100x8000000000000000261358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0724063721226912023-02-08 09:43:04.237root 11241100x8000000000000000261357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8447614bf617f7ee2023-02-08 09:43:04.237root 11241100x8000000000000000261356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc45195b89eb2f32023-02-08 09:43:04.237root 11241100x8000000000000000261355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d898be26933d5a12023-02-08 09:43:04.237root 11241100x8000000000000000261369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9578fea200bc6ad2023-02-08 09:43:04.734root 11241100x8000000000000000261368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db106c35d25fb632023-02-08 09:43:04.734root 11241100x8000000000000000261367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1566ed566e5345282023-02-08 09:43:04.734root 11241100x8000000000000000261366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dca9893af8facb2023-02-08 09:43:04.734root 11241100x8000000000000000261365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4523c020c6c092023-02-08 09:43:04.734root 11241100x8000000000000000261364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a231cf6a1161ecff2023-02-08 09:43:04.734root 11241100x8000000000000000261363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5a19b0ce5fd8702023-02-08 09:43:04.734root 11241100x8000000000000000261362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cac20f4488da3e2023-02-08 09:43:04.734root 11241100x8000000000000000261361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb979050a80f0cfd2023-02-08 09:43:04.734root 11241100x8000000000000000261377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd4a00cf4d9addd2023-02-08 09:43:04.735root 11241100x8000000000000000261376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df9e5fc6977f242023-02-08 09:43:04.735root 11241100x8000000000000000261375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf360b048a62032023-02-08 09:43:04.735root 11241100x8000000000000000261374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6138a502976a8a02023-02-08 09:43:04.735root 11241100x8000000000000000261373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f203f6a7cf411002023-02-08 09:43:04.735root 11241100x8000000000000000261372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6aed7c465882a62023-02-08 09:43:04.735root 11241100x8000000000000000261371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf796b5bb2fe030c2023-02-08 09:43:04.735root 11241100x8000000000000000261370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4495e3c1f771712023-02-08 09:43:04.735root 11241100x8000000000000000261387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629f1e2dfc4d6af2023-02-08 09:43:04.736root 11241100x8000000000000000261386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7de3221fecd8d02023-02-08 09:43:04.736root 11241100x8000000000000000261385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98284fa1219cc4dd2023-02-08 09:43:04.736root 11241100x8000000000000000261384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e79c7ff7dfecc2023-02-08 09:43:04.736root 11241100x8000000000000000261383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b3dd96623773e22023-02-08 09:43:04.736root 11241100x8000000000000000261382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ff5bdaf3d830cc2023-02-08 09:43:04.736root 11241100x8000000000000000261381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71081d2ae27176c02023-02-08 09:43:04.736root 11241100x8000000000000000261380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f985ebff709e082023-02-08 09:43:04.736root 11241100x8000000000000000261379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02e8380bba4f6ea2023-02-08 09:43:04.736root 11241100x8000000000000000261378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fe513fea22e2912023-02-08 09:43:04.736root 11241100x8000000000000000261389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80a32a9721667182023-02-08 09:43:04.737root 11241100x8000000000000000261388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd52586f4a4a7db2023-02-08 09:43:04.737root 11241100x8000000000000000261395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f79a747768167102023-02-08 09:43:04.738root 11241100x8000000000000000261394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807262fc136056302023-02-08 09:43:04.738root 11241100x8000000000000000261393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f190911e3ed2b2023-02-08 09:43:04.738root 11241100x8000000000000000261392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55cf0b45e7085852023-02-08 09:43:04.738root 11241100x8000000000000000261391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553ceb9255b763e82023-02-08 09:43:04.738root 11241100x8000000000000000261390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf795e9df54c962023-02-08 09:43:04.738root 11241100x8000000000000000261400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b2843b134b4022023-02-08 09:43:04.739root 11241100x8000000000000000261399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c97f60558ae97a2023-02-08 09:43:04.739root 11241100x8000000000000000261398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f73108c1ec4d4f2023-02-08 09:43:04.739root 11241100x8000000000000000261397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140bc017b054c7d02023-02-08 09:43:04.739root 11241100x8000000000000000261396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1365ffff36322e012023-02-08 09:43:04.739root 11241100x8000000000000000261404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc35ee612ec35e92023-02-08 09:43:04.740root 11241100x8000000000000000261403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4273aacf90a3841f2023-02-08 09:43:04.740root 11241100x8000000000000000261402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058fbeba97a456cb2023-02-08 09:43:04.740root 11241100x8000000000000000261401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5adc38f6d28526b2023-02-08 09:43:04.740root 11241100x8000000000000000261407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ecf6b4fc7a5ba62023-02-08 09:43:04.741root 11241100x8000000000000000261406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18494ce451c9a25a2023-02-08 09:43:04.741root 11241100x8000000000000000261405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f45bb24438ea3022023-02-08 09:43:04.741root 11241100x8000000000000000261415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e3061f7837ad12023-02-08 09:43:04.742root 11241100x8000000000000000261414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8869d58a85db902023-02-08 09:43:04.742root 11241100x8000000000000000261413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f021c2420fed0e02023-02-08 09:43:04.742root 11241100x8000000000000000261412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed073025295224a92023-02-08 09:43:04.742root 11241100x8000000000000000261411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937d7aa490b8ec3e2023-02-08 09:43:04.742root 11241100x8000000000000000261410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f97d826c17d4e92023-02-08 09:43:04.742root 11241100x8000000000000000261409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9699cf609be3a3362023-02-08 09:43:04.742root 11241100x8000000000000000261408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288a777c45f9b79e2023-02-08 09:43:04.742root 354300x8000000000000000261416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.064{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41906-false10.0.1.12-8000- 11241100x8000000000000000261420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc977cf628af9b9c2023-02-08 09:43:05.065root 11241100x8000000000000000261419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e095b80217f46b4a2023-02-08 09:43:05.065root 11241100x8000000000000000261418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312022e7fe8c107e2023-02-08 09:43:05.065root 11241100x8000000000000000261417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.065{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d95a1aae95c22642023-02-08 09:43:05.065root 11241100x8000000000000000261423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cb2af87d03cd072023-02-08 09:43:05.066root 11241100x8000000000000000261422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3b41f7326152a12023-02-08 09:43:05.066root 11241100x8000000000000000261421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.066{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489aeb476d799b62023-02-08 09:43:05.066root 11241100x8000000000000000261432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7865fbe28ba08502023-02-08 09:43:05.067root 11241100x8000000000000000261431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1152f13002a052023-02-08 09:43:05.067root 11241100x8000000000000000261430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262e6e59d2e0ca642023-02-08 09:43:05.067root 11241100x8000000000000000261429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a519ecbccb708c2023-02-08 09:43:05.067root 11241100x8000000000000000261428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dd2f98b1dc19ee2023-02-08 09:43:05.067root 11241100x8000000000000000261427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d261e51ad88486d2023-02-08 09:43:05.067root 11241100x8000000000000000261426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9ababb6146f3c32023-02-08 09:43:05.067root 11241100x8000000000000000261425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286bcd7e5e7251862023-02-08 09:43:05.067root 11241100x8000000000000000261424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.067{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01803aca7782d7782023-02-08 09:43:05.067root 11241100x8000000000000000261438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd141d493b4f8cc2023-02-08 09:43:05.068root 11241100x8000000000000000261437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd35e4ecbce149a72023-02-08 09:43:05.068root 11241100x8000000000000000261436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a878b105da66f2023-02-08 09:43:05.068root 11241100x8000000000000000261435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a55d9ec519012bd2023-02-08 09:43:05.068root 11241100x8000000000000000261434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8635bc26c374d81a2023-02-08 09:43:05.068root 11241100x8000000000000000261433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.068{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d1b2944af65f8b2023-02-08 09:43:05.068root 11241100x8000000000000000261442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c8c2e89156fa192023-02-08 09:43:05.069root 11241100x8000000000000000261441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a249095e6705c62023-02-08 09:43:05.069root 11241100x8000000000000000261440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4d1832e047a8522023-02-08 09:43:05.069root 11241100x8000000000000000261439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.069{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9568bcf5486752023-02-08 09:43:05.069root 11241100x8000000000000000261451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e29c42b4f2ca4fe2023-02-08 09:43:05.070root 11241100x8000000000000000261450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33387671b11f0652023-02-08 09:43:05.070root 11241100x8000000000000000261449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52191d335beda3c42023-02-08 09:43:05.070root 11241100x8000000000000000261448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a84fb92bf47e662023-02-08 09:43:05.070root 11241100x8000000000000000261447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c141d4f2df29f4572023-02-08 09:43:05.070root 11241100x8000000000000000261446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d46e15e0bc6d80e2023-02-08 09:43:05.070root 11241100x8000000000000000261445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1735e1ebd8ec3602023-02-08 09:43:05.070root 11241100x8000000000000000261444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf6f17c72532bc42023-02-08 09:43:05.070root 11241100x8000000000000000261443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.070{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98210636f0f620712023-02-08 09:43:05.070root 11241100x8000000000000000261452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.071{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64f76eb7dff4f0e2023-02-08 09:43:05.071root 11241100x8000000000000000261453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbff4ae74d512392023-02-08 09:43:05.484root 11241100x8000000000000000261458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf48edcd53762592023-02-08 09:43:05.485root 11241100x8000000000000000261457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbba0a0b1cc069f2023-02-08 09:43:05.485root 11241100x8000000000000000261456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa595328d19398f52023-02-08 09:43:05.485root 11241100x8000000000000000261455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e996ecdb01d04df2023-02-08 09:43:05.485root 11241100x8000000000000000261454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bcb648fa5ab71a2023-02-08 09:43:05.485root 11241100x8000000000000000261462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c01671eedaae7aa2023-02-08 09:43:05.486root 11241100x8000000000000000261461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abdb665d99cd4ca2023-02-08 09:43:05.486root 11241100x8000000000000000261460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f114c13804ef0ae2023-02-08 09:43:05.486root 11241100x8000000000000000261459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3454510b837cdd2023-02-08 09:43:05.486root 11241100x8000000000000000261468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926867b8d3169b0b2023-02-08 09:43:05.487root 11241100x8000000000000000261467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae07bb2f2af452ea2023-02-08 09:43:05.487root 11241100x8000000000000000261466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050a8e6693b5544b2023-02-08 09:43:05.487root 11241100x8000000000000000261465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecff0a68f016da712023-02-08 09:43:05.487root 11241100x8000000000000000261464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a94c3baf30b9642023-02-08 09:43:05.487root 11241100x8000000000000000261463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68d34bda9eaafe22023-02-08 09:43:05.487root 11241100x8000000000000000261469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e8212f657fe9c2023-02-08 09:43:05.488root 11241100x8000000000000000261475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd558db9c401da2d2023-02-08 09:43:05.489root 11241100x8000000000000000261474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091cb71cfcca0cfd2023-02-08 09:43:05.489root 11241100x8000000000000000261473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d1d1dd01d6975e2023-02-08 09:43:05.489root 11241100x8000000000000000261472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea625a85dbfdac052023-02-08 09:43:05.489root 11241100x8000000000000000261471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a539ba348eaa22023-02-08 09:43:05.489root 11241100x8000000000000000261470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf10b4ad701135da2023-02-08 09:43:05.489root 11241100x8000000000000000261480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7d651eb5bee4112023-02-08 09:43:05.491root 11241100x8000000000000000261479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ea78de3aa55152023-02-08 09:43:05.491root 11241100x8000000000000000261478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb04726631cbbc572023-02-08 09:43:05.491root 11241100x8000000000000000261477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5286209b52fba1e2023-02-08 09:43:05.491root 11241100x8000000000000000261476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14f01645d1cd75c2023-02-08 09:43:05.491root 11241100x8000000000000000261481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2d387c2cdefae2023-02-08 09:43:05.492root 11241100x8000000000000000261484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d99e1262d834a92023-02-08 09:43:05.984root 11241100x8000000000000000261483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8207a01591aa982023-02-08 09:43:05.984root 11241100x8000000000000000261482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff88bd181c1ac52023-02-08 09:43:05.984root 11241100x8000000000000000261490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72868ad72fed932023-02-08 09:43:05.985root 11241100x8000000000000000261489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a6fd50427f64f72023-02-08 09:43:05.985root 11241100x8000000000000000261488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a372f90ea9cd8cfc2023-02-08 09:43:05.985root 11241100x8000000000000000261487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f977c4ef171daa2023-02-08 09:43:05.985root 11241100x8000000000000000261486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca0ea116d96f172023-02-08 09:43:05.985root 11241100x8000000000000000261485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e2134534b9b392023-02-08 09:43:05.985root 11241100x8000000000000000261491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961c296d3d05f972023-02-08 09:43:05.986root 11241100x8000000000000000261499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed30062ffac1b4f22023-02-08 09:43:05.987root 11241100x8000000000000000261498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f0ef9d5cae83742023-02-08 09:43:05.987root 11241100x8000000000000000261497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a6a81e159e8d8b2023-02-08 09:43:05.987root 11241100x8000000000000000261496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ad0b753d7fdf0b2023-02-08 09:43:05.987root 11241100x8000000000000000261495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f86d7817fc96f12023-02-08 09:43:05.987root 11241100x8000000000000000261494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa9b8773f8b04e92023-02-08 09:43:05.987root 11241100x8000000000000000261493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79e0ff52701d5f2023-02-08 09:43:05.987root 11241100x8000000000000000261492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a976ba4438a38b2023-02-08 09:43:05.987root 11241100x8000000000000000261514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535949bc01a798b02023-02-08 09:43:05.988root 11241100x8000000000000000261513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90079d65021a43812023-02-08 09:43:05.988root 11241100x8000000000000000261512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348426ec33e5bd5b2023-02-08 09:43:05.988root 11241100x8000000000000000261511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e5b3718211d6632023-02-08 09:43:05.988root 11241100x8000000000000000261510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866a841952655602023-02-08 09:43:05.988root 11241100x8000000000000000261509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46248a6aa30fc842023-02-08 09:43:05.988root 11241100x8000000000000000261508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67c011bb63a00d2023-02-08 09:43:05.988root 11241100x8000000000000000261507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff9a735a164226e2023-02-08 09:43:05.988root 11241100x8000000000000000261506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338306fbe24477c02023-02-08 09:43:05.988root 11241100x8000000000000000261505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ee46a4da4041e82023-02-08 09:43:05.988root 11241100x8000000000000000261504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1302561ec4ebb2152023-02-08 09:43:05.988root 11241100x8000000000000000261503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e415c5eb5e825f2023-02-08 09:43:05.988root 11241100x8000000000000000261502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c272eaabfb1a422023-02-08 09:43:05.988root 11241100x8000000000000000261501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cdbb2dd83466782023-02-08 09:43:05.988root 11241100x8000000000000000261500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec68c4ea21dcfe02023-02-08 09:43:05.988root 11241100x8000000000000000261527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b0ffadf5f23ac2023-02-08 09:43:05.989root 11241100x8000000000000000261526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1211fd7dcea1cc02023-02-08 09:43:05.989root 11241100x8000000000000000261525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4599e858c153e472023-02-08 09:43:05.989root 11241100x8000000000000000261524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a337e84dd8ae267f2023-02-08 09:43:05.989root 11241100x8000000000000000261523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f2bae36c262e1d2023-02-08 09:43:05.989root 11241100x8000000000000000261522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d4a339b3a27a232023-02-08 09:43:05.989root 11241100x8000000000000000261521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d1d36d228d8ff92023-02-08 09:43:05.989root 11241100x8000000000000000261520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2fd385baaedd6e2023-02-08 09:43:05.989root 11241100x8000000000000000261519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ed246ee9d75c0b2023-02-08 09:43:05.989root 11241100x8000000000000000261518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4230a87ab1dbd7d92023-02-08 09:43:05.989root 11241100x8000000000000000261517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b891a8acea8872023-02-08 09:43:05.989root 11241100x8000000000000000261516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83dc4b7d1a450382023-02-08 09:43:05.989root 11241100x8000000000000000261515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d492d2657bff46f02023-02-08 09:43:05.989root 11241100x8000000000000000261532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cbc515f75041482023-02-08 09:43:05.990root 11241100x8000000000000000261531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396fcdaf8df740432023-02-08 09:43:05.990root 11241100x8000000000000000261530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7c2404de260c222023-02-08 09:43:05.990root 11241100x8000000000000000261529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2001b0229784d5762023-02-08 09:43:05.990root 11241100x8000000000000000261528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51936d7c8c4687032023-02-08 09:43:05.990root 11241100x8000000000000000261535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54204cb22954c75c2023-02-08 09:43:06.364root 11241100x8000000000000000261534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bcbd2346fac1812023-02-08 09:43:06.364root 11241100x8000000000000000261533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:43:06.364root 11241100x8000000000000000261536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa963cc8ef606b092023-02-08 09:43:06.365root 11241100x8000000000000000261540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a34e3c4b9300bd2023-02-08 09:43:06.366root 11241100x8000000000000000261539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817cd946ad5d46402023-02-08 09:43:06.366root 11241100x8000000000000000261538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5340e36e096e68a22023-02-08 09:43:06.366root 11241100x8000000000000000261537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96133de1c33fdf92023-02-08 09:43:06.366root 11241100x8000000000000000261546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22015d6626c784a2023-02-08 09:43:06.367root 11241100x8000000000000000261545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74916728b6df4b232023-02-08 09:43:06.367root 11241100x8000000000000000261544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d27abdee8c87f12023-02-08 09:43:06.367root 11241100x8000000000000000261543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc1ce631c9d87e2023-02-08 09:43:06.367root 11241100x8000000000000000261542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a43bad5bd2746022023-02-08 09:43:06.367root 11241100x8000000000000000261541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efd6a4800c3a0fb2023-02-08 09:43:06.367root 11241100x8000000000000000261552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c2efbe6c9b63c2023-02-08 09:43:06.368root 11241100x8000000000000000261551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98f0f3c19dbc3a2023-02-08 09:43:06.368root 11241100x8000000000000000261550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5870fc2f77a134e2023-02-08 09:43:06.368root 11241100x8000000000000000261549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d302ebcc73ce96d42023-02-08 09:43:06.368root 11241100x8000000000000000261548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e5bc2219712532023-02-08 09:43:06.368root 11241100x8000000000000000261547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84785ab0e926b01b2023-02-08 09:43:06.368root 11241100x8000000000000000261557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d00837f9c8e264e2023-02-08 09:43:06.369root 11241100x8000000000000000261556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef36ab43b03edf082023-02-08 09:43:06.369root 11241100x8000000000000000261555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1e1356e6e2014a2023-02-08 09:43:06.369root 11241100x8000000000000000261554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d607f3afdd91ff72023-02-08 09:43:06.369root 11241100x8000000000000000261553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa7dee054e1a1c2023-02-08 09:43:06.369root 11241100x8000000000000000261563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e3e6aa8f6766c02023-02-08 09:43:06.370root 11241100x8000000000000000261562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae707aee17a9e282023-02-08 09:43:06.370root 11241100x8000000000000000261561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4194af6b242e88102023-02-08 09:43:06.370root 11241100x8000000000000000261560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de724386bce6108d2023-02-08 09:43:06.370root 11241100x8000000000000000261559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8dd6b1553b5f3a2023-02-08 09:43:06.370root 11241100x8000000000000000261558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec150a650f8016972023-02-08 09:43:06.370root 11241100x8000000000000000261566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd6548c63a2fcf42023-02-08 09:43:06.371root 11241100x8000000000000000261565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b213bf6bcda5bf2023-02-08 09:43:06.371root 11241100x8000000000000000261564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a9078f1723d3712023-02-08 09:43:06.371root 354300x8000000000000000261567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.708{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-39570-false10.0.1.12-8089- 11241100x8000000000000000261574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a916276e67aa67d2023-02-08 09:43:06.709root 11241100x8000000000000000261573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db00e6cf6a2690c2023-02-08 09:43:06.709root 11241100x8000000000000000261572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9431417e3a73092023-02-08 09:43:06.709root 11241100x8000000000000000261571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f3b2334930ccc2023-02-08 09:43:06.709root 11241100x8000000000000000261570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0b1569a7d75fcd2023-02-08 09:43:06.709root 11241100x8000000000000000261569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5575f02264bb1532023-02-08 09:43:06.709root 11241100x8000000000000000261568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1563c697349b6bc2023-02-08 09:43:06.709root 11241100x8000000000000000261590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9990cf6e6c6370b32023-02-08 09:43:06.710root 11241100x8000000000000000261589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5500f4003592cc22023-02-08 09:43:06.710root 11241100x8000000000000000261588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7503b9fd5c7a9f52023-02-08 09:43:06.710root 11241100x8000000000000000261587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e92c4281424cf22023-02-08 09:43:06.710root 11241100x8000000000000000261586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761e41d5659802d62023-02-08 09:43:06.710root 11241100x8000000000000000261585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f0f87e66a31b12023-02-08 09:43:06.710root 11241100x8000000000000000261584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97a48e16e72ac272023-02-08 09:43:06.710root 11241100x8000000000000000261583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f06345ccf667be72023-02-08 09:43:06.710root 11241100x8000000000000000261582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71f8d7c1a0506a2023-02-08 09:43:06.710root 11241100x8000000000000000261581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07983ec1f89a26332023-02-08 09:43:06.710root 11241100x8000000000000000261580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d52ac829d9efeee2023-02-08 09:43:06.710root 11241100x8000000000000000261579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6036a6420452fa6b2023-02-08 09:43:06.710root 11241100x8000000000000000261578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628901d2818c6422023-02-08 09:43:06.710root 11241100x8000000000000000261577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4e9fc0c2122cf2023-02-08 09:43:06.710root 11241100x8000000000000000261576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db2a8bc420c8bb82023-02-08 09:43:06.710root 11241100x8000000000000000261575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b2ba396827f092023-02-08 09:43:06.710root 11241100x8000000000000000261603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a13c84c6b23e452023-02-08 09:43:06.711root 11241100x8000000000000000261602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b1d2abcf6ce4722023-02-08 09:43:06.711root 11241100x8000000000000000261601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cde194fb40d0ea2023-02-08 09:43:06.711root 11241100x8000000000000000261600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ce73d34c5931a2023-02-08 09:43:06.711root 11241100x8000000000000000261599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108f284e5135ad72023-02-08 09:43:06.711root 11241100x8000000000000000261598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e27c44da70bf382023-02-08 09:43:06.711root 11241100x8000000000000000261597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43440b3524e0f1212023-02-08 09:43:06.711root 11241100x8000000000000000261596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f289df94c7c21da2023-02-08 09:43:06.711root 11241100x8000000000000000261595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7abde82befe78c12023-02-08 09:43:06.711root 11241100x8000000000000000261594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce1d0a3c8fdac5d2023-02-08 09:43:06.711root 11241100x8000000000000000261593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cd97b62204b76a2023-02-08 09:43:06.711root 11241100x8000000000000000261592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99a558a41d38c92023-02-08 09:43:06.711root 11241100x8000000000000000261591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd518ffb21e36e2023-02-08 09:43:06.711root 11241100x8000000000000000261608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe70f4ff5cc27c2023-02-08 09:43:06.985root 11241100x8000000000000000261607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d8269e677b842f2023-02-08 09:43:06.985root 11241100x8000000000000000261606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b3ae5d8fb65322023-02-08 09:43:06.985root 11241100x8000000000000000261605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d7516e1952091d2023-02-08 09:43:06.985root 11241100x8000000000000000261604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f738baab1cf42c2023-02-08 09:43:06.985root 11241100x8000000000000000261614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca357b333835c6f42023-02-08 09:43:06.986root 11241100x8000000000000000261613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881e95dab9a59b2f2023-02-08 09:43:06.986root 11241100x8000000000000000261612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a723bb8a5f9e850f2023-02-08 09:43:06.986root 11241100x8000000000000000261611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1223396af335d6f62023-02-08 09:43:06.986root 11241100x8000000000000000261610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7713ae83cf9bd3f32023-02-08 09:43:06.986root 11241100x8000000000000000261609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e02773e60f6b2c2023-02-08 09:43:06.986root 11241100x8000000000000000261626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1315c9e58c3925e2023-02-08 09:43:06.987root 11241100x8000000000000000261625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbd9d2abf03f0fe2023-02-08 09:43:06.987root 11241100x8000000000000000261624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f54521e0508e62023-02-08 09:43:06.987root 11241100x8000000000000000261623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df7a3c685fb2a802023-02-08 09:43:06.987root 11241100x8000000000000000261622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b364774c20941e2023-02-08 09:43:06.987root 11241100x8000000000000000261621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224f8ea7cd405002023-02-08 09:43:06.987root 11241100x8000000000000000261620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98658e602f76062023-02-08 09:43:06.987root 11241100x8000000000000000261619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a4926c46c604a02023-02-08 09:43:06.987root 11241100x8000000000000000261618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189f5cf112994912023-02-08 09:43:06.987root 11241100x8000000000000000261617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbc0528a9d6dd202023-02-08 09:43:06.987root 11241100x8000000000000000261616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed791377c0140e22023-02-08 09:43:06.987root 11241100x8000000000000000261615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e87c1fe283827a2023-02-08 09:43:06.987root 11241100x8000000000000000261633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222ecb8e068c3ac32023-02-08 09:43:06.988root 11241100x8000000000000000261632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae5857a2f5ddb032023-02-08 09:43:06.988root 11241100x8000000000000000261631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c001acf2aa34989a2023-02-08 09:43:06.988root 11241100x8000000000000000261630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45510fc5aec3102f2023-02-08 09:43:06.988root 11241100x8000000000000000261629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d7d6b2912c09a2023-02-08 09:43:06.988root 11241100x8000000000000000261628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fc94899fd2f3fe2023-02-08 09:43:06.988root 11241100x8000000000000000261627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db48220ffd7e84b02023-02-08 09:43:06.988root 11241100x8000000000000000261634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24987659d927fe0c2023-02-08 09:43:06.989root 11241100x8000000000000000261635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ddfa0a6b996d4e2023-02-08 09:43:07.484root 11241100x8000000000000000261639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe801a30573d5c92023-02-08 09:43:07.485root 11241100x8000000000000000261638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af6811d34807312023-02-08 09:43:07.485root 11241100x8000000000000000261637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267cf941f5548e042023-02-08 09:43:07.485root 11241100x8000000000000000261636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c0f2845c6d5c532023-02-08 09:43:07.485root 11241100x8000000000000000261650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49a87b6589fe0052023-02-08 09:43:07.486root 11241100x8000000000000000261649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc4fcd80b788622023-02-08 09:43:07.486root 11241100x8000000000000000261648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3949bb960c2047882023-02-08 09:43:07.486root 11241100x8000000000000000261647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b8a34334aa92c2023-02-08 09:43:07.486root 11241100x8000000000000000261646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981b47c931d3f43e2023-02-08 09:43:07.486root 11241100x8000000000000000261645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb1e3cfdadc25b32023-02-08 09:43:07.486root 11241100x8000000000000000261644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810950e1f211c7a2023-02-08 09:43:07.486root 11241100x8000000000000000261643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a369e14d0908590e2023-02-08 09:43:07.486root 11241100x8000000000000000261642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02774e8b2d3f5c932023-02-08 09:43:07.486root 11241100x8000000000000000261641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778907d75f43dba32023-02-08 09:43:07.486root 11241100x8000000000000000261640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d63d08d6b14b7e2023-02-08 09:43:07.486root 11241100x8000000000000000261657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf152b21c0ffa212023-02-08 09:43:07.487root 11241100x8000000000000000261656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a437375649cd149b2023-02-08 09:43:07.487root 11241100x8000000000000000261655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca6e2c36b613c462023-02-08 09:43:07.487root 11241100x8000000000000000261654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471f7a7e96264722023-02-08 09:43:07.487root 11241100x8000000000000000261653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b693247448fbac8f2023-02-08 09:43:07.487root 11241100x8000000000000000261652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457411be93882c1e2023-02-08 09:43:07.487root 11241100x8000000000000000261651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef1a04f699b651f2023-02-08 09:43:07.487root 11241100x8000000000000000261666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c41063270037f32023-02-08 09:43:07.488root 11241100x8000000000000000261665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b086de7a71bd2f302023-02-08 09:43:07.488root 11241100x8000000000000000261664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103b4e05443daf512023-02-08 09:43:07.488root 11241100x8000000000000000261663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4130f4d126219512023-02-08 09:43:07.488root 11241100x8000000000000000261662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523dc054cfceb3d02023-02-08 09:43:07.488root 11241100x8000000000000000261661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d18acdba3be2b282023-02-08 09:43:07.488root 11241100x8000000000000000261660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92ae7327c0a1c542023-02-08 09:43:07.488root 11241100x8000000000000000261659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5e02308c98c402023-02-08 09:43:07.488root 11241100x8000000000000000261658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5146111916f54b2023-02-08 09:43:07.488root 11241100x8000000000000000261676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61959e06f8bd59842023-02-08 09:43:07.985root 11241100x8000000000000000261675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa123cdddb902e732023-02-08 09:43:07.985root 11241100x8000000000000000261674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793afaa4c622e72d2023-02-08 09:43:07.985root 11241100x8000000000000000261673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a4a4cecc8ed572023-02-08 09:43:07.985root 11241100x8000000000000000261672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c4a4d5ef92b9fd2023-02-08 09:43:07.985root 11241100x8000000000000000261671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b66f1b3c6b53c312023-02-08 09:43:07.985root 11241100x8000000000000000261670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f2b4529e2036a2023-02-08 09:43:07.985root 11241100x8000000000000000261669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c97f7609eef97c2023-02-08 09:43:07.985root 11241100x8000000000000000261668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46825798551f0b652023-02-08 09:43:07.985root 11241100x8000000000000000261667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4b1ee5dd42380e2023-02-08 09:43:07.985root 11241100x8000000000000000261683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233e1a1b12c898c52023-02-08 09:43:07.986root 11241100x8000000000000000261682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18131247df315c722023-02-08 09:43:07.986root 11241100x8000000000000000261681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fe33d8b02e775a2023-02-08 09:43:07.986root 11241100x8000000000000000261680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8560b9dcfb8f7302023-02-08 09:43:07.986root 11241100x8000000000000000261679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff732d8e6bd3572023-02-08 09:43:07.986root 11241100x8000000000000000261678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c57ea9fd94701642023-02-08 09:43:07.986root 11241100x8000000000000000261677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b53a53d95db0b32023-02-08 09:43:07.986root 11241100x8000000000000000261689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f4cd9e9228cb1e2023-02-08 09:43:07.987root 11241100x8000000000000000261688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6b6f89777472d62023-02-08 09:43:07.987root 11241100x8000000000000000261687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d28596e752e0ec12023-02-08 09:43:07.987root 11241100x8000000000000000261686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2be0295a84c4ad2023-02-08 09:43:07.987root 11241100x8000000000000000261685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27781b4b87b9b3972023-02-08 09:43:07.987root 11241100x8000000000000000261684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a881200933d960652023-02-08 09:43:07.987root 11241100x8000000000000000261694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6706595e1177cf2023-02-08 09:43:07.988root 11241100x8000000000000000261693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce719a655003cc62023-02-08 09:43:07.988root 11241100x8000000000000000261692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f09076f60c396c2023-02-08 09:43:07.988root 11241100x8000000000000000261691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4d30f988b26242023-02-08 09:43:07.988root 11241100x8000000000000000261690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde5dbdd7071cb32023-02-08 09:43:07.988root 11241100x8000000000000000261695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22077168651d12f32023-02-08 09:43:07.989root 11241100x8000000000000000261697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d736c8fd9feb66ab2023-02-08 09:43:07.990root 11241100x8000000000000000261696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3881246fdd809dc12023-02-08 09:43:07.990root 11241100x8000000000000000261701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219ae13f424b08562023-02-08 09:43:08.484root 11241100x8000000000000000261700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efff86741c4677b2023-02-08 09:43:08.484root 11241100x8000000000000000261699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8374559f0bb230492023-02-08 09:43:08.484root 11241100x8000000000000000261698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b1e285a6220c92023-02-08 09:43:08.484root 11241100x8000000000000000261706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5565b001e54cef02023-02-08 09:43:08.485root 11241100x8000000000000000261705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d7fb98a771759a2023-02-08 09:43:08.485root 11241100x8000000000000000261704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ccc2f62a25f8562023-02-08 09:43:08.485root 11241100x8000000000000000261703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315288a5fd6930bd2023-02-08 09:43:08.485root 11241100x8000000000000000261702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e358f550d06c2a22023-02-08 09:43:08.485root 11241100x8000000000000000261712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43ab43fb0a3c2912023-02-08 09:43:08.486root 11241100x8000000000000000261711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640736dbafd4e5512023-02-08 09:43:08.486root 11241100x8000000000000000261710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c679bd9329298f2023-02-08 09:43:08.486root 11241100x8000000000000000261709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b142ea95ed05ebd82023-02-08 09:43:08.486root 11241100x8000000000000000261708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c713a9ad218498f32023-02-08 09:43:08.486root 11241100x8000000000000000261707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4508a545e3d2882023-02-08 09:43:08.486root 11241100x8000000000000000261721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f8b6e3546fb5782023-02-08 09:43:08.487root 11241100x8000000000000000261720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7196033f131ba2023-02-08 09:43:08.487root 11241100x8000000000000000261719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3243423252d2ad2023-02-08 09:43:08.487root 11241100x8000000000000000261718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb2704d98193b62023-02-08 09:43:08.487root 11241100x8000000000000000261717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f22e4428cdba002023-02-08 09:43:08.487root 11241100x8000000000000000261716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b6cb43349ea5f02023-02-08 09:43:08.487root 11241100x8000000000000000261715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e166fc79c2d8b02023-02-08 09:43:08.487root 11241100x8000000000000000261714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88a8427ff405d572023-02-08 09:43:08.487root 11241100x8000000000000000261713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a55d636534ccf52023-02-08 09:43:08.487root 11241100x8000000000000000261729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ce9d7897e45b7e2023-02-08 09:43:08.488root 11241100x8000000000000000261728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae6a677c9fd06522023-02-08 09:43:08.488root 11241100x8000000000000000261727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86be97d60326b92d2023-02-08 09:43:08.488root 11241100x8000000000000000261726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef7d95d02e3359a2023-02-08 09:43:08.488root 11241100x8000000000000000261725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00fd81c7a31a36e2023-02-08 09:43:08.488root 11241100x8000000000000000261724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42951642c8d9f2be2023-02-08 09:43:08.488root 11241100x8000000000000000261723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f31c6b5f22b0bcb2023-02-08 09:43:08.488root 11241100x8000000000000000261722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b8a335c9332fd52023-02-08 09:43:08.488root 11241100x8000000000000000261730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a9ba3495ceae82023-02-08 09:43:08.984root 11241100x8000000000000000261744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b3234f50212a172023-02-08 09:43:08.985root 11241100x8000000000000000261743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d48794831053872023-02-08 09:43:08.985root 11241100x8000000000000000261742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9c726a670e54402023-02-08 09:43:08.985root 11241100x8000000000000000261741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba29414cf4b7f4962023-02-08 09:43:08.985root 11241100x8000000000000000261740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b2788816d4e2d12023-02-08 09:43:08.985root 11241100x8000000000000000261739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb444fc33d866a092023-02-08 09:43:08.985root 11241100x8000000000000000261738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4285e31e4266589f2023-02-08 09:43:08.985root 11241100x8000000000000000261737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2513efe29a663d2023-02-08 09:43:08.985root 11241100x8000000000000000261736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb9d7130ccf88e12023-02-08 09:43:08.985root 11241100x8000000000000000261735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a533315dd6ebd62023-02-08 09:43:08.985root 11241100x8000000000000000261734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49561d4a4a531612023-02-08 09:43:08.985root 11241100x8000000000000000261733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99acec9e38319ab02023-02-08 09:43:08.985root 11241100x8000000000000000261732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd149c0044dbb12023-02-08 09:43:08.985root 11241100x8000000000000000261731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37df464d2583122023-02-08 09:43:08.985root 11241100x8000000000000000261760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8ab049994800f62023-02-08 09:43:08.986root 11241100x8000000000000000261759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1513ed9d174adfe2023-02-08 09:43:08.986root 11241100x8000000000000000261758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aad1ddc0e8b15732023-02-08 09:43:08.986root 11241100x8000000000000000261757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c1801d2bafa27d2023-02-08 09:43:08.986root 11241100x8000000000000000261756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b306b6a36f51acc2023-02-08 09:43:08.986root 11241100x8000000000000000261755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4bda086f5d65692023-02-08 09:43:08.986root 11241100x8000000000000000261754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d617542a5011167e2023-02-08 09:43:08.986root 11241100x8000000000000000261753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fef151685485f52023-02-08 09:43:08.986root 11241100x8000000000000000261752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd30a8ae97954ee2023-02-08 09:43:08.986root 11241100x8000000000000000261751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e156aa00cac78072023-02-08 09:43:08.986root 11241100x8000000000000000261750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d40c3f38317fd2023-02-08 09:43:08.986root 11241100x8000000000000000261749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dc1201c12530a82023-02-08 09:43:08.986root 11241100x8000000000000000261748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7cb7e51be2b2812023-02-08 09:43:08.986root 11241100x8000000000000000261747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821fa68295665cb62023-02-08 09:43:08.986root 11241100x8000000000000000261746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c49506a94f2d3892023-02-08 09:43:08.986root 11241100x8000000000000000261745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961b747f06d8c3582023-02-08 09:43:08.986root 23542300x8000000000000000261761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000261766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a9726eda2ad7952023-02-08 09:43:09.366root 11241100x8000000000000000261765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb908b5b6dd0f3702023-02-08 09:43:09.366root 11241100x8000000000000000261764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9681966e6768dab2023-02-08 09:43:09.366root 11241100x8000000000000000261763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957f9ce9bc0255a92023-02-08 09:43:09.366root 11241100x8000000000000000261762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b60410cfc80bac2023-02-08 09:43:09.366root 11241100x8000000000000000261779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783db4c158f95d32023-02-08 09:43:09.367root 11241100x8000000000000000261778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe4345a5242e382023-02-08 09:43:09.367root 11241100x8000000000000000261777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d45d9ae00983b22023-02-08 09:43:09.367root 11241100x8000000000000000261776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9a9f008e12a9e22023-02-08 09:43:09.367root 11241100x8000000000000000261775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9143495ee422ba082023-02-08 09:43:09.367root 11241100x8000000000000000261774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fa220f08ce5aef2023-02-08 09:43:09.367root 11241100x8000000000000000261773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b50cd5803aa4a2a2023-02-08 09:43:09.367root 11241100x8000000000000000261772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e185531d840de962023-02-08 09:43:09.367root 11241100x8000000000000000261771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b0021ca3454f762023-02-08 09:43:09.367root 11241100x8000000000000000261770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5907e3d94bdec2f62023-02-08 09:43:09.367root 11241100x8000000000000000261769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32bf2960ebef5b12023-02-08 09:43:09.367root 11241100x8000000000000000261768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f5d9f637dbf2c2023-02-08 09:43:09.367root 11241100x8000000000000000261767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926ceacf51106b92023-02-08 09:43:09.367root 11241100x8000000000000000261795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901abdad9206e81c2023-02-08 09:43:09.368root 11241100x8000000000000000261794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4d3d3cd4e43b2023-02-08 09:43:09.368root 11241100x8000000000000000261793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe1231ed98092b2023-02-08 09:43:09.368root 11241100x8000000000000000261792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad99cf1e431b5cde2023-02-08 09:43:09.368root 11241100x8000000000000000261791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b82f891e27f63f2023-02-08 09:43:09.368root 11241100x8000000000000000261790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92651050a12bde922023-02-08 09:43:09.368root 11241100x8000000000000000261789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9685c1b0e4fd72023-02-08 09:43:09.368root 11241100x8000000000000000261788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9205ef6cb5ee32c2023-02-08 09:43:09.368root 11241100x8000000000000000261787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae0dc70da73b562023-02-08 09:43:09.368root 11241100x8000000000000000261786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31b582bf28122562023-02-08 09:43:09.368root 11241100x8000000000000000261785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9191aeb9eb548b2023-02-08 09:43:09.368root 11241100x8000000000000000261784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03105066c024abb2023-02-08 09:43:09.368root 11241100x8000000000000000261783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c62b62c289c44922023-02-08 09:43:09.368root 11241100x8000000000000000261782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156b65cf3b9bd5772023-02-08 09:43:09.368root 11241100x8000000000000000261781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b741075255e31792023-02-08 09:43:09.368root 11241100x8000000000000000261780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9267d44e2342b2023-02-08 09:43:09.368root 11241100x8000000000000000261798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2638ad97c0dfa9fe2023-02-08 09:43:09.369root 11241100x8000000000000000261797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fcc269c47435562023-02-08 09:43:09.369root 11241100x8000000000000000261796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810bf12b2136ffbd2023-02-08 09:43:09.369root 11241100x8000000000000000261801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76467cea5e0d75592023-02-08 09:43:09.734root 11241100x8000000000000000261800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff68704eb0488152023-02-08 09:43:09.734root 11241100x8000000000000000261799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16248019747b032e2023-02-08 09:43:09.734root 11241100x8000000000000000261810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c3f44ba71e4aac2023-02-08 09:43:09.735root 11241100x8000000000000000261809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03b35c7f68944892023-02-08 09:43:09.735root 11241100x8000000000000000261808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f393b9835c46f22023-02-08 09:43:09.735root 11241100x8000000000000000261807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230120d6020f2c32023-02-08 09:43:09.735root 11241100x8000000000000000261806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11448dab80aac5a92023-02-08 09:43:09.735root 11241100x8000000000000000261805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075d7720204339402023-02-08 09:43:09.735root 11241100x8000000000000000261804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709778885eaaf3b52023-02-08 09:43:09.735root 11241100x8000000000000000261803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe332b9f98bf02f2023-02-08 09:43:09.735root 11241100x8000000000000000261802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5789420c32d3193d2023-02-08 09:43:09.735root 11241100x8000000000000000261824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb38e9b7de3ab4ac2023-02-08 09:43:09.736root 11241100x8000000000000000261823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afef3b430c8b0012023-02-08 09:43:09.736root 11241100x8000000000000000261822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35572d3bc11f354f2023-02-08 09:43:09.736root 11241100x8000000000000000261821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb80a9314ce5ebe2023-02-08 09:43:09.736root 11241100x8000000000000000261820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab20af654a327a32023-02-08 09:43:09.736root 11241100x8000000000000000261819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d69d466224eefcd2023-02-08 09:43:09.736root 11241100x8000000000000000261818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3952f64592c9837d2023-02-08 09:43:09.736root 11241100x8000000000000000261817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7857118ad1a32b2023-02-08 09:43:09.736root 11241100x8000000000000000261816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3882bae52ab2fc522023-02-08 09:43:09.736root 11241100x8000000000000000261815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab37d1fe8c74777f2023-02-08 09:43:09.736root 11241100x8000000000000000261814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3790d008d17f50dd2023-02-08 09:43:09.736root 11241100x8000000000000000261813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f8c9fc00558592023-02-08 09:43:09.736root 11241100x8000000000000000261812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc7538c9c7a9efd2023-02-08 09:43:09.736root 11241100x8000000000000000261811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30853d5a7720b2202023-02-08 09:43:09.736root 11241100x8000000000000000261836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1e76550f7060a32023-02-08 09:43:09.737root 11241100x8000000000000000261835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5305f7e5f2f534b2023-02-08 09:43:09.737root 11241100x8000000000000000261834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3b3d3d378ca0282023-02-08 09:43:09.737root 11241100x8000000000000000261833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a109699f4650296c2023-02-08 09:43:09.737root 11241100x8000000000000000261832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bff5403ba979442023-02-08 09:43:09.737root 11241100x8000000000000000261831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618dfb2acd4fe1922023-02-08 09:43:09.737root 11241100x8000000000000000261830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec24ec46d4d19c382023-02-08 09:43:09.737root 11241100x8000000000000000261829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fef5499441ece532023-02-08 09:43:09.737root 11241100x8000000000000000261828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4279d38535375c732023-02-08 09:43:09.737root 11241100x8000000000000000261827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b113022f8144822023-02-08 09:43:09.737root 11241100x8000000000000000261826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4399e01f25bd121f2023-02-08 09:43:09.737root 11241100x8000000000000000261825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8e5f1d30d0cdea2023-02-08 09:43:09.737root 11241100x8000000000000000261837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:09.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c07cd103b340fc22023-02-08 09:43:09.738root 354300x8000000000000000261838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.131{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35710-false10.0.1.12-8000- 11241100x8000000000000000261840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11205319dfbce3a2023-02-08 09:43:10.132root 11241100x8000000000000000261839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b1e47f952fda62023-02-08 09:43:10.132root 11241100x8000000000000000261846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c4d0c69f62ef752023-02-08 09:43:10.133root 11241100x8000000000000000261845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15c562513c7ac3d2023-02-08 09:43:10.133root 11241100x8000000000000000261844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7d3519f063e7ca2023-02-08 09:43:10.133root 11241100x8000000000000000261843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306f11cc979eed652023-02-08 09:43:10.133root 11241100x8000000000000000261842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c7a963b1f84bc12023-02-08 09:43:10.133root 11241100x8000000000000000261841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeccf9d7e299ecf82023-02-08 09:43:10.133root 11241100x8000000000000000261850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.134{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4d8eb0170585652023-02-08 09:43:10.134root 11241100x8000000000000000261849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.134{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1601eda93e0390112023-02-08 09:43:10.134root 11241100x8000000000000000261848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.134{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e329f66a71850d922023-02-08 09:43:10.134root 11241100x8000000000000000261847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.134{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b145b673cd874b42023-02-08 09:43:10.134root 11241100x8000000000000000261856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6575656bf6160e2023-02-08 09:43:10.135root 11241100x8000000000000000261855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b1ebe047396f202023-02-08 09:43:10.135root 11241100x8000000000000000261854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726d050490d14e82023-02-08 09:43:10.135root 11241100x8000000000000000261853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d33fca4f6f8fd12023-02-08 09:43:10.135root 11241100x8000000000000000261852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68210922c640f4892023-02-08 09:43:10.135root 11241100x8000000000000000261851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7719df89b2039b2023-02-08 09:43:10.135root 11241100x8000000000000000261860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78802f283550e74e2023-02-08 09:43:10.136root 11241100x8000000000000000261859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12acbb90455ced752023-02-08 09:43:10.136root 11241100x8000000000000000261858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a3b92b457c64e22023-02-08 09:43:10.136root 11241100x8000000000000000261857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8a5de4dba4c66b2023-02-08 09:43:10.136root 11241100x8000000000000000261868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a799f917d73dc02023-02-08 09:43:10.137root 11241100x8000000000000000261867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528657cc69e218fe2023-02-08 09:43:10.137root 11241100x8000000000000000261866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e810da95bff54f12023-02-08 09:43:10.137root 11241100x8000000000000000261865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87327e16405adad2023-02-08 09:43:10.137root 11241100x8000000000000000261864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f518673742c3362023-02-08 09:43:10.137root 11241100x8000000000000000261863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cda28baa02d2b7a2023-02-08 09:43:10.137root 11241100x8000000000000000261862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245a6479f410a7ee2023-02-08 09:43:10.137root 11241100x8000000000000000261861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94104d2c41d46a892023-02-08 09:43:10.137root 11241100x8000000000000000261877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba52c3a871a826f2023-02-08 09:43:10.138root 11241100x8000000000000000261876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204dba16ae0493892023-02-08 09:43:10.138root 11241100x8000000000000000261875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16d2dc158a8d2552023-02-08 09:43:10.138root 11241100x8000000000000000261874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a645560081828b522023-02-08 09:43:10.138root 11241100x8000000000000000261873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15f5dd0da868bb2023-02-08 09:43:10.138root 11241100x8000000000000000261872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b8208b4c46b742023-02-08 09:43:10.138root 11241100x8000000000000000261871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc08d139de5fb022023-02-08 09:43:10.138root 11241100x8000000000000000261870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc85e617a57e1502023-02-08 09:43:10.138root 11241100x8000000000000000261869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213b8fd6ab80242e2023-02-08 09:43:10.138root 11241100x8000000000000000261883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006b4c041a279432023-02-08 09:43:10.139root 11241100x8000000000000000261882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527b884925ae13e72023-02-08 09:43:10.139root 11241100x8000000000000000261881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c7f31a426071f22023-02-08 09:43:10.139root 11241100x8000000000000000261880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26fc54474a27d142023-02-08 09:43:10.139root 11241100x8000000000000000261879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8782e87bd8417cff2023-02-08 09:43:10.139root 11241100x8000000000000000261878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc94d47c6f79986c2023-02-08 09:43:10.139root 11241100x8000000000000000261884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3288bb77b466f112023-02-08 09:43:10.484root 11241100x8000000000000000261892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d6d3322fe6d01f2023-02-08 09:43:10.485root 11241100x8000000000000000261891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f966a1d740b64ab2023-02-08 09:43:10.485root 11241100x8000000000000000261890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135559292ee15e212023-02-08 09:43:10.485root 11241100x8000000000000000261889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8bbee0e98641492023-02-08 09:43:10.485root 11241100x8000000000000000261888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaac037e044bb602023-02-08 09:43:10.485root 11241100x8000000000000000261887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f56e0a3c222e1722023-02-08 09:43:10.485root 11241100x8000000000000000261886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c62f01d1693a3a02023-02-08 09:43:10.485root 11241100x8000000000000000261885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abd48d2b17fad2d2023-02-08 09:43:10.485root 11241100x8000000000000000261901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35c9ca31509719c2023-02-08 09:43:10.486root 11241100x8000000000000000261900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f8d4b88e71c6802023-02-08 09:43:10.486root 11241100x8000000000000000261899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d888dbfeaa63a22023-02-08 09:43:10.486root 11241100x8000000000000000261898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9970f07f15acc72023-02-08 09:43:10.486root 11241100x8000000000000000261897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec0a6d97f20cb52023-02-08 09:43:10.486root 11241100x8000000000000000261896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee13655e406143f2023-02-08 09:43:10.486root 11241100x8000000000000000261895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b905c516e2e9e22023-02-08 09:43:10.486root 11241100x8000000000000000261894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7f47fcf4ba4e402023-02-08 09:43:10.486root 11241100x8000000000000000261893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0d136967fc55282023-02-08 09:43:10.486root 11241100x8000000000000000261909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38a6d88ec46e5d82023-02-08 09:43:10.487root 11241100x8000000000000000261908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caf8976637d7c112023-02-08 09:43:10.487root 11241100x8000000000000000261907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740de805ba3831fd2023-02-08 09:43:10.487root 11241100x8000000000000000261906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df10db6ab28723c2023-02-08 09:43:10.487root 11241100x8000000000000000261905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0685c8b865e2558a2023-02-08 09:43:10.487root 11241100x8000000000000000261904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2af32386948a22023-02-08 09:43:10.487root 11241100x8000000000000000261903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8756597af33ced2023-02-08 09:43:10.487root 11241100x8000000000000000261902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13de9eb1e35c41542023-02-08 09:43:10.487root 11241100x8000000000000000261916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce600f56be7408782023-02-08 09:43:10.488root 11241100x8000000000000000261915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccaba8e196a4f232023-02-08 09:43:10.488root 11241100x8000000000000000261914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133bbc0b999560652023-02-08 09:43:10.488root 11241100x8000000000000000261913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a090f70b6f7052023-02-08 09:43:10.488root 11241100x8000000000000000261912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf476a82c737d7b2023-02-08 09:43:10.488root 11241100x8000000000000000261911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56575bd3e3382c3a2023-02-08 09:43:10.488root 11241100x8000000000000000261910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46da14d275cb80c2023-02-08 09:43:10.488root 11241100x8000000000000000261922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823baa161eceb06c2023-02-08 09:43:10.984root 11241100x8000000000000000261921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb3c4a203f2f6a82023-02-08 09:43:10.984root 11241100x8000000000000000261920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cf2adb706c95602023-02-08 09:43:10.984root 11241100x8000000000000000261919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c7f313f0246ff92023-02-08 09:43:10.984root 11241100x8000000000000000261918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee244993fcd90332023-02-08 09:43:10.984root 11241100x8000000000000000261917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b16b5c0e16966e2023-02-08 09:43:10.984root 11241100x8000000000000000261926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd75d0eaa828a3f2023-02-08 09:43:10.985root 11241100x8000000000000000261925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62197ec91573cce42023-02-08 09:43:10.985root 11241100x8000000000000000261924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b2d912beb11ab52023-02-08 09:43:10.985root 11241100x8000000000000000261923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fcbd6b7e8659682023-02-08 09:43:10.985root 11241100x8000000000000000261938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e32df615f97461a2023-02-08 09:43:10.986root 11241100x8000000000000000261937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce587bdbd6471522023-02-08 09:43:10.986root 11241100x8000000000000000261936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ae30e1a961f4aa2023-02-08 09:43:10.986root 11241100x8000000000000000261935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d02967df5db9c1d2023-02-08 09:43:10.986root 11241100x8000000000000000261934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5360548c211cb63e2023-02-08 09:43:10.986root 11241100x8000000000000000261933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e1e23ad11eee8a2023-02-08 09:43:10.986root 11241100x8000000000000000261932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676be1bb0550904a2023-02-08 09:43:10.986root 11241100x8000000000000000261931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71032ba4f4f8700e2023-02-08 09:43:10.986root 11241100x8000000000000000261930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99871d7b56c8ffc62023-02-08 09:43:10.986root 11241100x8000000000000000261929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92196be9d41da7cc2023-02-08 09:43:10.986root 11241100x8000000000000000261928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98901669b651bd42023-02-08 09:43:10.986root 11241100x8000000000000000261927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af593bfc405c9d82023-02-08 09:43:10.986root 11241100x8000000000000000261951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8149e43ac7b469e2023-02-08 09:43:10.987root 11241100x8000000000000000261950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec04b8612a20552023-02-08 09:43:10.987root 11241100x8000000000000000261949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2754b63d02c67a4c2023-02-08 09:43:10.987root 11241100x8000000000000000261948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bdaccd0349051c2023-02-08 09:43:10.987root 11241100x8000000000000000261947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15317b043a6699502023-02-08 09:43:10.987root 11241100x8000000000000000261946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04455434727e941c2023-02-08 09:43:10.987root 11241100x8000000000000000261945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9bfadb2a400972023-02-08 09:43:10.987root 11241100x8000000000000000261944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78588c1ae96ee7a2023-02-08 09:43:10.987root 11241100x8000000000000000261943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9c6f61752097462023-02-08 09:43:10.987root 11241100x8000000000000000261942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9556c8e5fa14ff052023-02-08 09:43:10.987root 11241100x8000000000000000261941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b0fcbd1e6d08f2023-02-08 09:43:10.987root 11241100x8000000000000000261940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be5c57efc7b93092023-02-08 09:43:10.987root 11241100x8000000000000000261939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54ea4e28999ace32023-02-08 09:43:10.987root 11241100x8000000000000000261953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2db4d4e03cb1cd2023-02-08 09:43:10.988root 11241100x8000000000000000261952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a341ef8dd109272023-02-08 09:43:10.988root 11241100x8000000000000000261954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28574f9a5e96d52023-02-08 09:43:11.484root 11241100x8000000000000000261958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fad7e770351f112023-02-08 09:43:11.485root 11241100x8000000000000000261957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39012fcb46cf9c932023-02-08 09:43:11.485root 11241100x8000000000000000261956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e92522cfe2b6c582023-02-08 09:43:11.485root 11241100x8000000000000000261955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5357ad69b5fe4ff62023-02-08 09:43:11.485root 11241100x8000000000000000261962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff93ea3db8e4d4922023-02-08 09:43:11.486root 11241100x8000000000000000261961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d005030abf321ad2023-02-08 09:43:11.486root 11241100x8000000000000000261960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d897c526def30062023-02-08 09:43:11.486root 11241100x8000000000000000261959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1c0e4551e2f19a2023-02-08 09:43:11.486root 11241100x8000000000000000261969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87dadc23e1ee8052023-02-08 09:43:11.487root 11241100x8000000000000000261968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cea4048cf7a7cb2023-02-08 09:43:11.487root 11241100x8000000000000000261967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f596f877755e8902023-02-08 09:43:11.487root 11241100x8000000000000000261966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e6da01e65baa82023-02-08 09:43:11.487root 11241100x8000000000000000261965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e13a8553e23e9b2023-02-08 09:43:11.487root 11241100x8000000000000000261964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50005ce67cdf4c3a2023-02-08 09:43:11.487root 11241100x8000000000000000261963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dca7e1f61bef3d2023-02-08 09:43:11.487root 11241100x8000000000000000261975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a87788725fad4f12023-02-08 09:43:11.488root 11241100x8000000000000000261974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f1aca88d8d92122023-02-08 09:43:11.488root 11241100x8000000000000000261973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7572b9ebdfe24f922023-02-08 09:43:11.488root 11241100x8000000000000000261972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2c24fb58d26cb72023-02-08 09:43:11.488root 11241100x8000000000000000261971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4a0bebcbb80a922023-02-08 09:43:11.488root 11241100x8000000000000000261970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf4c02c438295b2023-02-08 09:43:11.488root 11241100x8000000000000000261982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f289aa623338c982023-02-08 09:43:11.489root 11241100x8000000000000000261981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c6a83e70b0140e2023-02-08 09:43:11.489root 11241100x8000000000000000261980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed04b24d3c49a8bf2023-02-08 09:43:11.489root 11241100x8000000000000000261979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5c7ccc850a7add2023-02-08 09:43:11.489root 11241100x8000000000000000261978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e6f8a810257832023-02-08 09:43:11.489root 11241100x8000000000000000261977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6ff3a9709178572023-02-08 09:43:11.489root 11241100x8000000000000000261976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b53b8a8999619f02023-02-08 09:43:11.489root 11241100x8000000000000000261986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81725719639ab32023-02-08 09:43:11.490root 11241100x8000000000000000261985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd7df99341f4aa02023-02-08 09:43:11.490root 11241100x8000000000000000261984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfdff566660cfb32023-02-08 09:43:11.490root 11241100x8000000000000000261983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268356c7a966e88a2023-02-08 09:43:11.490root 11241100x8000000000000000261987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3a86c0b44bca42023-02-08 09:43:11.984root 11241100x8000000000000000261991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68df6e558e1ae892023-02-08 09:43:11.985root 11241100x8000000000000000261990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5c0788f9a56c112023-02-08 09:43:11.985root 11241100x8000000000000000261989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f095d4a757992b2023-02-08 09:43:11.985root 11241100x8000000000000000261988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b686334e76eb22023-02-08 09:43:11.985root 11241100x8000000000000000261995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f625e2600516e3d2023-02-08 09:43:11.986root 11241100x8000000000000000261994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6190d669788a97c32023-02-08 09:43:11.986root 11241100x8000000000000000261993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fe703129319a5b2023-02-08 09:43:11.986root 11241100x8000000000000000261992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b551b0482d820862023-02-08 09:43:11.986root 11241100x8000000000000000261996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d41df0006bcbca72023-02-08 09:43:11.988root 11241100x8000000000000000262001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33de3eb18df1d5f82023-02-08 09:43:11.989root 11241100x8000000000000000262000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421abb0e4e75794d2023-02-08 09:43:11.989root 11241100x8000000000000000261999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f3852c002a2ac2023-02-08 09:43:11.989root 11241100x8000000000000000261998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d6cb9b3cf3b07e2023-02-08 09:43:11.989root 11241100x8000000000000000261997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48cc615846f20ff2023-02-08 09:43:11.989root 11241100x8000000000000000262003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2d2c8d57a324772023-02-08 09:43:11.990root 11241100x8000000000000000262002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb54f0a3744cdbf2023-02-08 09:43:11.990root 11241100x8000000000000000262009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b0509823bc6b2c2023-02-08 09:43:11.992root 11241100x8000000000000000262008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8accea4115b919d02023-02-08 09:43:11.992root 11241100x8000000000000000262007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24fd1a7727ff0922023-02-08 09:43:11.992root 11241100x8000000000000000262006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac20a5cc0fa1f7982023-02-08 09:43:11.992root 11241100x8000000000000000262005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9002989d262405db2023-02-08 09:43:11.992root 11241100x8000000000000000262004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96d9709b9a91be32023-02-08 09:43:11.992root 11241100x8000000000000000262021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d90b611aa0c6d92023-02-08 09:43:11.993root 11241100x8000000000000000262020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30526d63c8ff1e732023-02-08 09:43:11.993root 11241100x8000000000000000262019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df1de8369a274192023-02-08 09:43:11.993root 11241100x8000000000000000262018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46108f125148774a2023-02-08 09:43:11.993root 11241100x8000000000000000262017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454fa0dc93409d272023-02-08 09:43:11.993root 11241100x8000000000000000262016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff276bb703e4ed2023-02-08 09:43:11.993root 11241100x8000000000000000262015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89254a04c3c555a32023-02-08 09:43:11.993root 11241100x8000000000000000262014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eac9d25a673c3c2023-02-08 09:43:11.993root 11241100x8000000000000000262013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd1a07b00ac1a732023-02-08 09:43:11.993root 11241100x8000000000000000262012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e956659f6352132023-02-08 09:43:11.993root 11241100x8000000000000000262011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0811ee5d5fa946c22023-02-08 09:43:11.993root 11241100x8000000000000000262010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d6ceac8b3632c92023-02-08 09:43:11.993root 11241100x8000000000000000262022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:11.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35bceb37b459fab2023-02-08 09:43:11.994root 11241100x8000000000000000262026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a9e6b62eab91752023-02-08 09:43:12.484root 11241100x8000000000000000262025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cb3148948473182023-02-08 09:43:12.484root 11241100x8000000000000000262024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d563d673f05b8812023-02-08 09:43:12.484root 11241100x8000000000000000262023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5883f8d1bb7772d2023-02-08 09:43:12.484root 11241100x8000000000000000262038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37091705deed437c2023-02-08 09:43:12.485root 11241100x8000000000000000262037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de755bcfcd6696e42023-02-08 09:43:12.485root 11241100x8000000000000000262036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da08f06148b8d1a2023-02-08 09:43:12.485root 11241100x8000000000000000262035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec79d68a55804702023-02-08 09:43:12.485root 11241100x8000000000000000262034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c589ac87af846112023-02-08 09:43:12.485root 11241100x8000000000000000262033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7523c3e05da67e2023-02-08 09:43:12.485root 11241100x8000000000000000262032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed125907437ec9e72023-02-08 09:43:12.485root 11241100x8000000000000000262031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06f0dc6b7a0c9362023-02-08 09:43:12.485root 11241100x8000000000000000262030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2d06b1b8c1ac962023-02-08 09:43:12.485root 11241100x8000000000000000262029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd911f731087fc92023-02-08 09:43:12.485root 11241100x8000000000000000262028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defebfbc1c60d0f72023-02-08 09:43:12.485root 11241100x8000000000000000262027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14fc1162d7e27132023-02-08 09:43:12.485root 11241100x8000000000000000262053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de73afd3d81bba742023-02-08 09:43:12.486root 11241100x8000000000000000262052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2183363ce859f552023-02-08 09:43:12.486root 11241100x8000000000000000262051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180e5377bf9ac902023-02-08 09:43:12.486root 11241100x8000000000000000262050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1dbed9e6e76612023-02-08 09:43:12.486root 11241100x8000000000000000262049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d56945d9020edbb2023-02-08 09:43:12.486root 11241100x8000000000000000262048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd88e0e58225c84a2023-02-08 09:43:12.486root 11241100x8000000000000000262047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc2fb7c7a5ce1af2023-02-08 09:43:12.486root 11241100x8000000000000000262046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b3fce6391713dd2023-02-08 09:43:12.486root 11241100x8000000000000000262045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faf7a3d0b9bc65c2023-02-08 09:43:12.486root 11241100x8000000000000000262044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047c6a1f56d18d5f2023-02-08 09:43:12.486root 11241100x8000000000000000262043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310f2fdada145e252023-02-08 09:43:12.486root 11241100x8000000000000000262042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895d1b1914c69ea2023-02-08 09:43:12.486root 11241100x8000000000000000262041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b85cec1f0bc13a2023-02-08 09:43:12.486root 11241100x8000000000000000262040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d276b87d0d816cf42023-02-08 09:43:12.486root 11241100x8000000000000000262039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b40fa44d8b7243d2023-02-08 09:43:12.486root 11241100x8000000000000000262056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7cfabac62c92a2023-02-08 09:43:12.487root 11241100x8000000000000000262055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729484cce6ad44252023-02-08 09:43:12.487root 11241100x8000000000000000262054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb2d027db33f0e2023-02-08 09:43:12.487root 11241100x8000000000000000262061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6faf3e4a278a39092023-02-08 09:43:12.984root 11241100x8000000000000000262060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d62c278000165702023-02-08 09:43:12.984root 11241100x8000000000000000262059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d093722ffd7daf2023-02-08 09:43:12.984root 11241100x8000000000000000262058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c889837bbb7f4032023-02-08 09:43:12.984root 11241100x8000000000000000262057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab0c073fdcfa252023-02-08 09:43:12.984root 11241100x8000000000000000262069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d8d20618b7e2ce2023-02-08 09:43:12.985root 11241100x8000000000000000262068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1d9d2ffc787602023-02-08 09:43:12.985root 11241100x8000000000000000262067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dd17c9038a4b1d2023-02-08 09:43:12.985root 11241100x8000000000000000262066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2727580fea532fbf2023-02-08 09:43:12.985root 11241100x8000000000000000262065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a9953b03d62e652023-02-08 09:43:12.985root 11241100x8000000000000000262064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd7310720b23a742023-02-08 09:43:12.985root 11241100x8000000000000000262063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098528b385c3a10d2023-02-08 09:43:12.985root 11241100x8000000000000000262062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760a11bbaaaa215c2023-02-08 09:43:12.985root 11241100x8000000000000000262078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1005c00d4731a2a52023-02-08 09:43:12.986root 11241100x8000000000000000262077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7238fae38f591abb2023-02-08 09:43:12.986root 11241100x8000000000000000262076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d108a00185a26b2023-02-08 09:43:12.986root 11241100x8000000000000000262075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57a5a1b045459742023-02-08 09:43:12.986root 11241100x8000000000000000262074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f298084fb4343e182023-02-08 09:43:12.986root 11241100x8000000000000000262073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4c8522dbece4ca2023-02-08 09:43:12.986root 11241100x8000000000000000262072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf41f9056729d9d2023-02-08 09:43:12.986root 11241100x8000000000000000262071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbe48d083bed07d2023-02-08 09:43:12.986root 11241100x8000000000000000262070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833f4cb959e8d2a2023-02-08 09:43:12.986root 11241100x8000000000000000262084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26fadc6b6ad7a192023-02-08 09:43:12.987root 11241100x8000000000000000262083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385fb2d98e731ffc2023-02-08 09:43:12.987root 11241100x8000000000000000262082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b356f646ba54ea2023-02-08 09:43:12.987root 11241100x8000000000000000262081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0304314190199e42023-02-08 09:43:12.987root 11241100x8000000000000000262080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430637b6a46efe942023-02-08 09:43:12.987root 11241100x8000000000000000262079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eae4a320c5d954b2023-02-08 09:43:12.987root 11241100x8000000000000000262090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0391547784c7c72023-02-08 09:43:12.988root 11241100x8000000000000000262089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a40c51f554143262023-02-08 09:43:12.988root 11241100x8000000000000000262088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faab07224f3858e52023-02-08 09:43:12.988root 11241100x8000000000000000262087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47374d40dd919fbf2023-02-08 09:43:12.988root 11241100x8000000000000000262086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f2ee18d63cc562023-02-08 09:43:12.988root 11241100x8000000000000000262085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d285592c5207ef2023-02-08 09:43:12.988root 11241100x8000000000000000262095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180bf708b00263d52023-02-08 09:43:13.484root 11241100x8000000000000000262094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a0c2142f3edf5f2023-02-08 09:43:13.484root 11241100x8000000000000000262093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b294bd9886f1fb32023-02-08 09:43:13.484root 11241100x8000000000000000262092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f3bb3db411ece02023-02-08 09:43:13.484root 11241100x8000000000000000262091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d29dfba66be4b42023-02-08 09:43:13.484root 11241100x8000000000000000262104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f80688bfff638b22023-02-08 09:43:13.485root 11241100x8000000000000000262103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a4c70e389725bf2023-02-08 09:43:13.485root 11241100x8000000000000000262102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88d0e5931c466862023-02-08 09:43:13.485root 11241100x8000000000000000262101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1879e1cc2ce28992023-02-08 09:43:13.485root 11241100x8000000000000000262100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84e38d2cf04e33b2023-02-08 09:43:13.485root 11241100x8000000000000000262099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57acd0491a125d8d2023-02-08 09:43:13.485root 11241100x8000000000000000262098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f090feb1f7b2372023-02-08 09:43:13.485root 11241100x8000000000000000262097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20c312de04a92762023-02-08 09:43:13.485root 11241100x8000000000000000262096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bde2963910de0e2023-02-08 09:43:13.485root 11241100x8000000000000000262113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c371b41f47a57dc2023-02-08 09:43:13.486root 11241100x8000000000000000262112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965aa5d6155df1f02023-02-08 09:43:13.486root 11241100x8000000000000000262111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c413ed711482bb8d2023-02-08 09:43:13.486root 11241100x8000000000000000262110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299db25390196b552023-02-08 09:43:13.486root 11241100x8000000000000000262109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967d6a44bd0f04332023-02-08 09:43:13.486root 11241100x8000000000000000262108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc59b81756a9ea92023-02-08 09:43:13.486root 11241100x8000000000000000262107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2123d831391acfb62023-02-08 09:43:13.486root 11241100x8000000000000000262106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5bb4c6f7ed24aa2023-02-08 09:43:13.486root 11241100x8000000000000000262105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6abdc084e4269e2023-02-08 09:43:13.486root 11241100x8000000000000000262117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656579023c05f02d2023-02-08 09:43:13.487root 11241100x8000000000000000262116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5351934fd6346fda2023-02-08 09:43:13.487root 11241100x8000000000000000262115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a633771785fb7df2023-02-08 09:43:13.487root 11241100x8000000000000000262114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55818719e8f462862023-02-08 09:43:13.487root 11241100x8000000000000000262125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ffa8c1630349f2023-02-08 09:43:13.488root 11241100x8000000000000000262124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad242a7d602951b2023-02-08 09:43:13.488root 11241100x8000000000000000262123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9744b6618529b72f2023-02-08 09:43:13.488root 11241100x8000000000000000262122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a191d455251f782023-02-08 09:43:13.488root 11241100x8000000000000000262121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3090cb5095f8bed12023-02-08 09:43:13.488root 11241100x8000000000000000262120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78ef6040752ad872023-02-08 09:43:13.488root 11241100x8000000000000000262119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d599caddfa26712023-02-08 09:43:13.488root 11241100x8000000000000000262118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b6637ee31cbaac2023-02-08 09:43:13.488root 11241100x8000000000000000262127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0aade4c161a7d62023-02-08 09:43:13.489root 11241100x8000000000000000262126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed4a7bad645f3b2023-02-08 09:43:13.489root 11241100x8000000000000000262128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5015d92e7c78f2fa2023-02-08 09:43:13.984root 11241100x8000000000000000262131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91ee8b896839bdf2023-02-08 09:43:13.985root 11241100x8000000000000000262130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e809dfb89ae269c42023-02-08 09:43:13.985root 11241100x8000000000000000262129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d30c0557cd8172023-02-08 09:43:13.985root 11241100x8000000000000000262140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1518c734d509032023-02-08 09:43:13.986root 11241100x8000000000000000262139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf60b638fa397702023-02-08 09:43:13.986root 11241100x8000000000000000262138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db8a07e657863e2023-02-08 09:43:13.986root 11241100x8000000000000000262137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83a6b1d0b8cf02c2023-02-08 09:43:13.986root 11241100x8000000000000000262136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef179a42f38a8d002023-02-08 09:43:13.986root 11241100x8000000000000000262135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7623d646ba458e1a2023-02-08 09:43:13.986root 11241100x8000000000000000262134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f3214b7aead4652023-02-08 09:43:13.986root 11241100x8000000000000000262133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370566149c0af8d72023-02-08 09:43:13.986root 11241100x8000000000000000262132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535c5bbe1f0f89282023-02-08 09:43:13.986root 11241100x8000000000000000262150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735f0a83b24158e02023-02-08 09:43:13.987root 11241100x8000000000000000262149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6507170592683912023-02-08 09:43:13.987root 11241100x8000000000000000262148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b86d2f005a980582023-02-08 09:43:13.987root 11241100x8000000000000000262147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db47c0291c54db412023-02-08 09:43:13.987root 11241100x8000000000000000262146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75a21490b9c6eb2023-02-08 09:43:13.987root 11241100x8000000000000000262145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f073e115bac3e30c2023-02-08 09:43:13.987root 11241100x8000000000000000262144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45db635e4ecbf162023-02-08 09:43:13.987root 11241100x8000000000000000262143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55634f41656cba12023-02-08 09:43:13.987root 11241100x8000000000000000262142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4990a03440b76b002023-02-08 09:43:13.987root 11241100x8000000000000000262141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43d3c49f70696892023-02-08 09:43:13.987root 11241100x8000000000000000262159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6963f163b5bb6c2c2023-02-08 09:43:13.988root 11241100x8000000000000000262158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df25297440ebef2023-02-08 09:43:13.988root 11241100x8000000000000000262157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d31f03e9e3e09092023-02-08 09:43:13.988root 11241100x8000000000000000262156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42de930c724e65df2023-02-08 09:43:13.988root 11241100x8000000000000000262155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21538c4d6bdf28a2023-02-08 09:43:13.988root 11241100x8000000000000000262154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a4a1cefabf94d2023-02-08 09:43:13.988root 11241100x8000000000000000262153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dd937b840cc5692023-02-08 09:43:13.988root 11241100x8000000000000000262152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457ca7f0a2c81dc92023-02-08 09:43:13.988root 11241100x8000000000000000262151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae995114c48a8f3f2023-02-08 09:43:13.988root 11241100x8000000000000000262160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:13.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39be1fb366828d652023-02-08 09:43:13.989root 11241100x8000000000000000262162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d445db6d9a3027432023-02-08 09:43:14.484root 11241100x8000000000000000262161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee6434a03374072023-02-08 09:43:14.484root 11241100x8000000000000000262167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1552df949740eb12023-02-08 09:43:14.485root 11241100x8000000000000000262166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bac5acf820ce582023-02-08 09:43:14.485root 11241100x8000000000000000262165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ff5e7e7874bcc2023-02-08 09:43:14.485root 11241100x8000000000000000262164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8a54568789c0e52023-02-08 09:43:14.485root 11241100x8000000000000000262163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1682a4482323ccb82023-02-08 09:43:14.485root 11241100x8000000000000000262172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e58ce2e58aeb192023-02-08 09:43:14.486root 11241100x8000000000000000262171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53992b6b92f30552023-02-08 09:43:14.486root 11241100x8000000000000000262170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2485a8106003a92023-02-08 09:43:14.486root 11241100x8000000000000000262169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c91d0f75cbde112023-02-08 09:43:14.486root 11241100x8000000000000000262168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73753b53f0557c5a2023-02-08 09:43:14.486root 11241100x8000000000000000262176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db68ec4dc8e49a542023-02-08 09:43:14.487root 11241100x8000000000000000262175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60be8b4ce7d159192023-02-08 09:43:14.487root 11241100x8000000000000000262174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af2e59daec46e132023-02-08 09:43:14.487root 11241100x8000000000000000262173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52db04a7946675712023-02-08 09:43:14.487root 11241100x8000000000000000262181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a594b0153695d532023-02-08 09:43:14.488root 11241100x8000000000000000262180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0bc74a4dc872492023-02-08 09:43:14.488root 11241100x8000000000000000262179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077943b20928d0bc2023-02-08 09:43:14.488root 11241100x8000000000000000262178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f43c73d027848f2023-02-08 09:43:14.488root 11241100x8000000000000000262177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8515901d347ed3c2023-02-08 09:43:14.488root 11241100x8000000000000000262185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825f8679fe6f82b52023-02-08 09:43:14.489root 11241100x8000000000000000262184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd2c8b1bdbdbd32023-02-08 09:43:14.489root 11241100x8000000000000000262183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dd6dbd3f247afa2023-02-08 09:43:14.489root 11241100x8000000000000000262182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8083b50d50d5b65c2023-02-08 09:43:14.489root 11241100x8000000000000000262191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49a04eb23bccc092023-02-08 09:43:14.490root 11241100x8000000000000000262190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668d35b7bc8dcd482023-02-08 09:43:14.490root 11241100x8000000000000000262189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cc726085b859152023-02-08 09:43:14.490root 11241100x8000000000000000262188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5afa6e187ea6d852023-02-08 09:43:14.490root 11241100x8000000000000000262187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d07ac4b8128e6de2023-02-08 09:43:14.490root 11241100x8000000000000000262186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3020776c9ef9a52023-02-08 09:43:14.490root 11241100x8000000000000000262196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0ef30a4495eeb22023-02-08 09:43:14.491root 11241100x8000000000000000262195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a998a0e2c99b52023-02-08 09:43:14.491root 11241100x8000000000000000262194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1a1ce523ce5be72023-02-08 09:43:14.491root 11241100x8000000000000000262193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7df79fe4abd3b2023-02-08 09:43:14.491root 11241100x8000000000000000262192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e585e469a90777a42023-02-08 09:43:14.491root 11241100x8000000000000000262201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4204dab01e4fec22023-02-08 09:43:14.984root 11241100x8000000000000000262200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99d030359de66382023-02-08 09:43:14.984root 11241100x8000000000000000262199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d917bf1e3f87867b2023-02-08 09:43:14.984root 11241100x8000000000000000262198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1ebacdb33d8222023-02-08 09:43:14.984root 11241100x8000000000000000262197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3382aa4778fcd72a2023-02-08 09:43:14.984root 11241100x8000000000000000262210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86a6642306333272023-02-08 09:43:14.985root 11241100x8000000000000000262209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef64b26efbbe7b9b2023-02-08 09:43:14.985root 11241100x8000000000000000262208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98417690521a06592023-02-08 09:43:14.985root 11241100x8000000000000000262207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b16dd229e60362023-02-08 09:43:14.985root 11241100x8000000000000000262206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f6fd7b44a8a1362023-02-08 09:43:14.985root 11241100x8000000000000000262205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df22e3ee21fe2f32023-02-08 09:43:14.985root 11241100x8000000000000000262204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5209c3c9436c672023-02-08 09:43:14.985root 11241100x8000000000000000262203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab2e2f7d20c4962023-02-08 09:43:14.985root 11241100x8000000000000000262202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e660b71fccade1a2023-02-08 09:43:14.985root 11241100x8000000000000000262221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aad8dac67301c12023-02-08 09:43:14.986root 11241100x8000000000000000262220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926eaa5fcb18515f2023-02-08 09:43:14.986root 11241100x8000000000000000262219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6523b231ed0ace22023-02-08 09:43:14.986root 11241100x8000000000000000262218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb2629ffe9a4042023-02-08 09:43:14.986root 11241100x8000000000000000262217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0a8231f254e77a2023-02-08 09:43:14.986root 11241100x8000000000000000262216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f52d6528e75ce5b2023-02-08 09:43:14.986root 11241100x8000000000000000262215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4743e7117d4fd02023-02-08 09:43:14.986root 11241100x8000000000000000262214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3853f951c294df7b2023-02-08 09:43:14.986root 11241100x8000000000000000262213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9633106a517167ee2023-02-08 09:43:14.986root 11241100x8000000000000000262212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48530d1e1413c7e2023-02-08 09:43:14.986root 11241100x8000000000000000262211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a5b817217f75052023-02-08 09:43:14.986root 11241100x8000000000000000262230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07147b6885fd0d482023-02-08 09:43:14.987root 11241100x8000000000000000262229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aca3a2155ff3ec82023-02-08 09:43:14.987root 11241100x8000000000000000262228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f8c3383b58c252023-02-08 09:43:14.987root 11241100x8000000000000000262227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6deca05ed1fe22023-02-08 09:43:14.987root 11241100x8000000000000000262226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75f6319f89f7ad2023-02-08 09:43:14.987root 11241100x8000000000000000262225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23fa209a703208c2023-02-08 09:43:14.987root 11241100x8000000000000000262224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78739814cbe79a8b2023-02-08 09:43:14.987root 11241100x8000000000000000262223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c7b644b9e34acb2023-02-08 09:43:14.987root 11241100x8000000000000000262222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a54848ba6cb24222023-02-08 09:43:14.987root 11241100x8000000000000000262232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fdc11ac287622c2023-02-08 09:43:14.988root 11241100x8000000000000000262231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39779b1dc32a8fac2023-02-08 09:43:14.988root 11241100x8000000000000000262235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53b1568fe40a3c32023-02-08 09:43:15.484root 11241100x8000000000000000262234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9964e5f9fd9517c62023-02-08 09:43:15.484root 11241100x8000000000000000262233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa269f7980adcc2023-02-08 09:43:15.484root 11241100x8000000000000000262245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb17b43cb5d89792023-02-08 09:43:15.485root 11241100x8000000000000000262244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52bce84b649060c2023-02-08 09:43:15.485root 11241100x8000000000000000262243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33ee2c06148de992023-02-08 09:43:15.485root 11241100x8000000000000000262242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9675c58a5768af2023-02-08 09:43:15.485root 11241100x8000000000000000262241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e5c399f21905d2023-02-08 09:43:15.485root 11241100x8000000000000000262240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562c1643d88081902023-02-08 09:43:15.485root 11241100x8000000000000000262239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f67904a190963eb2023-02-08 09:43:15.485root 11241100x8000000000000000262238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbdb5ea375c78332023-02-08 09:43:15.485root 11241100x8000000000000000262237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2fd1eaf895ad242023-02-08 09:43:15.485root 11241100x8000000000000000262236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb7e42fdfe9f8172023-02-08 09:43:15.485root 11241100x8000000000000000262256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43fa7999cc71ae32023-02-08 09:43:15.486root 11241100x8000000000000000262255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886540d72fed2a342023-02-08 09:43:15.486root 11241100x8000000000000000262254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba4253b4eb0b8b2023-02-08 09:43:15.486root 11241100x8000000000000000262253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57c790f20f6eb4e2023-02-08 09:43:15.486root 11241100x8000000000000000262252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fad2f8f11dd3a62023-02-08 09:43:15.486root 11241100x8000000000000000262251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da75eb09e32f9c8b2023-02-08 09:43:15.486root 11241100x8000000000000000262250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c656e7452e117d12023-02-08 09:43:15.486root 11241100x8000000000000000262249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e41723aa6f83d82023-02-08 09:43:15.486root 11241100x8000000000000000262248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cfca704f7a07282023-02-08 09:43:15.486root 11241100x8000000000000000262247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9eea30075a6d9c2023-02-08 09:43:15.486root 11241100x8000000000000000262246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bb61e519d082a52023-02-08 09:43:15.486root 11241100x8000000000000000262265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfe3d6b0057556d2023-02-08 09:43:15.487root 11241100x8000000000000000262264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbe3bc0c207bcd42023-02-08 09:43:15.487root 11241100x8000000000000000262263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea3423896c8bd6d2023-02-08 09:43:15.487root 11241100x8000000000000000262262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b619b39c468be2023-02-08 09:43:15.487root 11241100x8000000000000000262261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e45bef9c25b0822023-02-08 09:43:15.487root 11241100x8000000000000000262260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a911307999687a522023-02-08 09:43:15.487root 11241100x8000000000000000262259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5258a2518cbc5c72023-02-08 09:43:15.487root 11241100x8000000000000000262258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fb497a59f1f3102023-02-08 09:43:15.487root 11241100x8000000000000000262257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ce3392ca7c257c2023-02-08 09:43:15.487root 11241100x8000000000000000262276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f358cddc5074792023-02-08 09:43:15.488root 11241100x8000000000000000262275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cca5e26bc774652023-02-08 09:43:15.488root 11241100x8000000000000000262274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d547c03631250b2023-02-08 09:43:15.488root 11241100x8000000000000000262273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3acca42d4c147ce2023-02-08 09:43:15.488root 11241100x8000000000000000262272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effe5a382871e482023-02-08 09:43:15.488root 11241100x8000000000000000262271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05969780804fe9062023-02-08 09:43:15.488root 11241100x8000000000000000262270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018c2c85fa64f6192023-02-08 09:43:15.488root 11241100x8000000000000000262269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2f107b156133d62023-02-08 09:43:15.488root 11241100x8000000000000000262268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1480f18bb14413492023-02-08 09:43:15.488root 11241100x8000000000000000262267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fd2fbd9afdab552023-02-08 09:43:15.488root 11241100x8000000000000000262266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43750a89ec4afea2023-02-08 09:43:15.488root 11241100x8000000000000000262285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e1e0274346f7972023-02-08 09:43:15.489root 11241100x8000000000000000262284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de63226536dd37c62023-02-08 09:43:15.489root 11241100x8000000000000000262283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7638065c2de5e2272023-02-08 09:43:15.489root 11241100x8000000000000000262282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16f1abb53f322332023-02-08 09:43:15.489root 11241100x8000000000000000262281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98668f25c2980c022023-02-08 09:43:15.489root 11241100x8000000000000000262280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99e046bb3e1bb592023-02-08 09:43:15.489root 11241100x8000000000000000262279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6ae3c7858571132023-02-08 09:43:15.489root 11241100x8000000000000000262278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f032c7e03082b122023-02-08 09:43:15.489root 11241100x8000000000000000262277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba995be1af929222023-02-08 09:43:15.489root 11241100x8000000000000000262296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db60eb1ff1a7972f2023-02-08 09:43:15.490root 11241100x8000000000000000262295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5eeceaf81891492023-02-08 09:43:15.490root 11241100x8000000000000000262294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb5d2bc078487f02023-02-08 09:43:15.490root 11241100x8000000000000000262293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfe4b582583c632023-02-08 09:43:15.490root 11241100x8000000000000000262292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14e52d0ed5fb1f2023-02-08 09:43:15.490root 11241100x8000000000000000262291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b71151e368e3c0a2023-02-08 09:43:15.490root 11241100x8000000000000000262290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb36f8cd48dc3b2023-02-08 09:43:15.490root 11241100x8000000000000000262289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbb988dc54faac42023-02-08 09:43:15.490root 11241100x8000000000000000262288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0c565ea7ce06092023-02-08 09:43:15.490root 11241100x8000000000000000262287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef02489e50c42e4e2023-02-08 09:43:15.490root 11241100x8000000000000000262286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18af3e208db3a9022023-02-08 09:43:15.490root 11241100x8000000000000000262307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d6f91819375c32023-02-08 09:43:15.491root 11241100x8000000000000000262306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46af851ccdc169552023-02-08 09:43:15.491root 11241100x8000000000000000262305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982e95ac9b41e5572023-02-08 09:43:15.491root 11241100x8000000000000000262304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b87293c6b9082fc2023-02-08 09:43:15.491root 11241100x8000000000000000262303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04bf85a2b09e0be2023-02-08 09:43:15.491root 11241100x8000000000000000262302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b1835e005fbfdd2023-02-08 09:43:15.491root 11241100x8000000000000000262301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870e7e7d692b45eb2023-02-08 09:43:15.491root 11241100x8000000000000000262300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6357f81ab683f6832023-02-08 09:43:15.491root 11241100x8000000000000000262299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb03895072af01e42023-02-08 09:43:15.491root 11241100x8000000000000000262298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2f4b5eeff78892023-02-08 09:43:15.491root 11241100x8000000000000000262297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872b369aa331cb9d2023-02-08 09:43:15.491root 11241100x8000000000000000262319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c38796085f5bc2023-02-08 09:43:15.492root 11241100x8000000000000000262318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d35ff937a06af92023-02-08 09:43:15.492root 11241100x8000000000000000262317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f80169f0596073f2023-02-08 09:43:15.492root 11241100x8000000000000000262316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2160d6866217fb3a2023-02-08 09:43:15.492root 11241100x8000000000000000262315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd8cae2bbff4eae2023-02-08 09:43:15.492root 11241100x8000000000000000262314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c252748ddd9620a12023-02-08 09:43:15.492root 11241100x8000000000000000262313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0175fc6993a3602023-02-08 09:43:15.492root 11241100x8000000000000000262312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0424f2f2b8cf62023-02-08 09:43:15.492root 11241100x8000000000000000262311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9cbb7ea9ddd742023-02-08 09:43:15.492root 11241100x8000000000000000262310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2f919a98048cdc2023-02-08 09:43:15.492root 11241100x8000000000000000262309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c5e484d4af35fd2023-02-08 09:43:15.492root 11241100x8000000000000000262308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6235661e070246402023-02-08 09:43:15.492root 11241100x8000000000000000262325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b73f019152d778e2023-02-08 09:43:15.493root 11241100x8000000000000000262324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d461892341490ff82023-02-08 09:43:15.493root 11241100x8000000000000000262323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51afee88c7c8eaa2023-02-08 09:43:15.493root 11241100x8000000000000000262322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca019e0c9eca88e82023-02-08 09:43:15.493root 11241100x8000000000000000262321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4decaaca351b62ee2023-02-08 09:43:15.493root 11241100x8000000000000000262320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71b214281b3dcc32023-02-08 09:43:15.493root 11241100x8000000000000000262329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca9c7e56e40b9c2023-02-08 09:43:15.494root 11241100x8000000000000000262328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de5327b2e283fc92023-02-08 09:43:15.494root 11241100x8000000000000000262327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553da3bdb47c88bc2023-02-08 09:43:15.494root 11241100x8000000000000000262326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917de81edb0794fe2023-02-08 09:43:15.494root 11241100x8000000000000000262335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d9f4850c196c5e2023-02-08 09:43:15.495root 11241100x8000000000000000262334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b5e300489525de2023-02-08 09:43:15.495root 11241100x8000000000000000262333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ee880a8fd3705a2023-02-08 09:43:15.495root 11241100x8000000000000000262332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f394576f0b7075f2023-02-08 09:43:15.495root 11241100x8000000000000000262331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5efa330f6458fbf2023-02-08 09:43:15.495root 11241100x8000000000000000262330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c97d7a80d11e062023-02-08 09:43:15.495root 11241100x8000000000000000262336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aeb8c6788fac572023-02-08 09:43:15.496root 11241100x8000000000000000262343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43742cbf18e57b102023-02-08 09:43:15.984root 11241100x8000000000000000262342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2385f4a603560f832023-02-08 09:43:15.984root 11241100x8000000000000000262341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ceba8f078040bc2023-02-08 09:43:15.984root 11241100x8000000000000000262340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415af830472b37382023-02-08 09:43:15.984root 11241100x8000000000000000262339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cde9176d6df8d7d2023-02-08 09:43:15.984root 11241100x8000000000000000262338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8752bb8afd8b4d642023-02-08 09:43:15.984root 11241100x8000000000000000262337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb99ced7435bb872023-02-08 09:43:15.984root 11241100x8000000000000000262350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23547a18af892b472023-02-08 09:43:15.985root 11241100x8000000000000000262349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7c4b6128b573a92023-02-08 09:43:15.985root 11241100x8000000000000000262348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be30b411fd2601c52023-02-08 09:43:15.985root 11241100x8000000000000000262347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55574875db95c3ba2023-02-08 09:43:15.985root 11241100x8000000000000000262346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7218a1f818c9406e2023-02-08 09:43:15.985root 11241100x8000000000000000262345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508b79aaeb2aa0222023-02-08 09:43:15.985root 11241100x8000000000000000262344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b78b6fe34196482023-02-08 09:43:15.985root 11241100x8000000000000000262358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb00ad44e651e8662023-02-08 09:43:15.986root 11241100x8000000000000000262357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159eb423d7d852382023-02-08 09:43:15.986root 11241100x8000000000000000262356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78df008503b1bba52023-02-08 09:43:15.986root 11241100x8000000000000000262355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e613e2c95c35d3112023-02-08 09:43:15.986root 11241100x8000000000000000262354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec9a0eae9b27d482023-02-08 09:43:15.986root 11241100x8000000000000000262353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10430cd659f2ba842023-02-08 09:43:15.986root 11241100x8000000000000000262352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2beafb656dbe4f2023-02-08 09:43:15.986root 11241100x8000000000000000262351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9068418b5b79a822023-02-08 09:43:15.986root 11241100x8000000000000000262364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9641dfce7086b1922023-02-08 09:43:15.987root 11241100x8000000000000000262363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029e705824766aef2023-02-08 09:43:15.987root 11241100x8000000000000000262362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3eb7e5cecfb4d42023-02-08 09:43:15.987root 11241100x8000000000000000262361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c050bb02d607772023-02-08 09:43:15.987root 11241100x8000000000000000262360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898c3245993045cc2023-02-08 09:43:15.987root 11241100x8000000000000000262359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6efda44b2a36b82023-02-08 09:43:15.987root 11241100x8000000000000000262370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4832aeb5b72abe2023-02-08 09:43:15.988root 11241100x8000000000000000262369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40be413353abc382023-02-08 09:43:15.988root 11241100x8000000000000000262368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc760f6def48a4822023-02-08 09:43:15.988root 11241100x8000000000000000262367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49eefcb4bd93472023-02-08 09:43:15.988root 11241100x8000000000000000262366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b470408ce6ca7c42023-02-08 09:43:15.988root 11241100x8000000000000000262365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ff3dacd735d6a32023-02-08 09:43:15.988root 11241100x8000000000000000262373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181900726eb7d72f2023-02-08 09:43:15.989root 11241100x8000000000000000262372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d5ae53e40cfca52023-02-08 09:43:15.989root 11241100x8000000000000000262371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aeccd6904509702023-02-08 09:43:15.989root 11241100x8000000000000000262376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b26b24137d55b12023-02-08 09:43:15.990root 11241100x8000000000000000262375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eafe5b1e3a381cd2023-02-08 09:43:15.990root 11241100x8000000000000000262374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a1bb1412f37142023-02-08 09:43:15.990root 11241100x8000000000000000262378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf419d621a460532023-02-08 09:43:15.991root 11241100x8000000000000000262377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b3f713fafe14ec2023-02-08 09:43:15.991root 11241100x8000000000000000262379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe3576220edaadb2023-02-08 09:43:15.994root 11241100x8000000000000000262381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c188e6960964dd3f2023-02-08 09:43:15.995root 11241100x8000000000000000262380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a29ad985b0cc572023-02-08 09:43:15.995root 11241100x8000000000000000262384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e28b5db0c1e462023-02-08 09:43:15.996root 11241100x8000000000000000262383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4306c637890bf25f2023-02-08 09:43:15.996root 11241100x8000000000000000262382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:15.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e2a362cd9d6622023-02-08 09:43:15.996root 354300x8000000000000000262385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.019{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35718-false10.0.1.12-8000- 11241100x8000000000000000262393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1bcf2f96ed0a192023-02-08 09:43:16.484root 11241100x8000000000000000262392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a661cdc5a9281282023-02-08 09:43:16.484root 11241100x8000000000000000262391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aab6e748ea7a13c2023-02-08 09:43:16.484root 11241100x8000000000000000262390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e6b2654d1e63292023-02-08 09:43:16.484root 11241100x8000000000000000262389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321bf1860a6d4f3a2023-02-08 09:43:16.484root 11241100x8000000000000000262388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ddd55236a0316a2023-02-08 09:43:16.484root 11241100x8000000000000000262387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd05c5bd1dccbe02023-02-08 09:43:16.484root 11241100x8000000000000000262386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c209cfbbf25bc8712023-02-08 09:43:16.484root 11241100x8000000000000000262402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182914a078d964e32023-02-08 09:43:16.485root 11241100x8000000000000000262401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bc03736771d1752023-02-08 09:43:16.485root 11241100x8000000000000000262400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf442f051e3c3152023-02-08 09:43:16.485root 11241100x8000000000000000262399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e112eb4d09b919662023-02-08 09:43:16.485root 11241100x8000000000000000262398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b882c30944bb8c82023-02-08 09:43:16.485root 11241100x8000000000000000262397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa64fd48f4806782023-02-08 09:43:16.485root 11241100x8000000000000000262396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e467c54ef4c424282023-02-08 09:43:16.485root 11241100x8000000000000000262395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8220314202b9002023-02-08 09:43:16.485root 11241100x8000000000000000262394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349ef1e09c276c4d2023-02-08 09:43:16.485root 11241100x8000000000000000262410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815dece57849e82f2023-02-08 09:43:16.486root 11241100x8000000000000000262409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22d07c7a6f283372023-02-08 09:43:16.486root 11241100x8000000000000000262408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aa92e9b180cc4c2023-02-08 09:43:16.486root 11241100x8000000000000000262407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaea6920a0166ff2023-02-08 09:43:16.486root 11241100x8000000000000000262406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b81db34458361b92023-02-08 09:43:16.486root 11241100x8000000000000000262405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f916a48285deec722023-02-08 09:43:16.486root 11241100x8000000000000000262404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b990ba5000a862023-02-08 09:43:16.486root 11241100x8000000000000000262403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520ce75202866aaf2023-02-08 09:43:16.486root 11241100x8000000000000000262419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7317121020a996502023-02-08 09:43:16.487root 11241100x8000000000000000262418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd91ff8906ae59c32023-02-08 09:43:16.487root 11241100x8000000000000000262417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a111956604b75982023-02-08 09:43:16.487root 11241100x8000000000000000262416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a8e812ea79bf4a2023-02-08 09:43:16.487root 11241100x8000000000000000262415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b2de1224e9c7412023-02-08 09:43:16.487root 11241100x8000000000000000262414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae0ee1f5ddd582c2023-02-08 09:43:16.487root 11241100x8000000000000000262413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6bddbf8b1e120b2023-02-08 09:43:16.487root 11241100x8000000000000000262412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74bcee16a9a5052023-02-08 09:43:16.487root 11241100x8000000000000000262411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046cb25f0e45332e2023-02-08 09:43:16.487root 11241100x8000000000000000262425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea626f3f5004dd52023-02-08 09:43:16.488root 11241100x8000000000000000262424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e139b3d8ae79687b2023-02-08 09:43:16.488root 11241100x8000000000000000262423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f110221ed49bf782023-02-08 09:43:16.488root 11241100x8000000000000000262422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48403112441662402023-02-08 09:43:16.488root 11241100x8000000000000000262421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74c43f9ef92791e2023-02-08 09:43:16.488root 11241100x8000000000000000262420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71b76e450284bf2023-02-08 09:43:16.488root 11241100x8000000000000000262428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec935f6c511055d82023-02-08 09:43:16.489root 11241100x8000000000000000262427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edb123fc50ba5fa2023-02-08 09:43:16.489root 11241100x8000000000000000262426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aabb021458fab12023-02-08 09:43:16.489root 11241100x8000000000000000262432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04dcda16a8b5db62023-02-08 09:43:16.985root 11241100x8000000000000000262431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6417aa5ac4dff70c2023-02-08 09:43:16.985root 11241100x8000000000000000262430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d525ad8d9606412023-02-08 09:43:16.985root 11241100x8000000000000000262429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7741b88dec3de67f2023-02-08 09:43:16.985root 11241100x8000000000000000262440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4689e71b5ae253af2023-02-08 09:43:16.986root 11241100x8000000000000000262439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4992e9d072ad252023-02-08 09:43:16.986root 11241100x8000000000000000262438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeabbc69eb0c4be2023-02-08 09:43:16.986root 11241100x8000000000000000262437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d679413f94c9ec0d2023-02-08 09:43:16.986root 11241100x8000000000000000262436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da174377c14d66e2023-02-08 09:43:16.986root 11241100x8000000000000000262435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ff68e39a2412ad2023-02-08 09:43:16.986root 11241100x8000000000000000262434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9acf95b2ef310f2023-02-08 09:43:16.986root 11241100x8000000000000000262433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aed1602ca4199d2023-02-08 09:43:16.986root 11241100x8000000000000000262449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bad86233c0480f2023-02-08 09:43:16.987root 11241100x8000000000000000262448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a45c6a24438a592023-02-08 09:43:16.987root 11241100x8000000000000000262447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3422ca505855772023-02-08 09:43:16.987root 11241100x8000000000000000262446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8babb3603c89e5cc2023-02-08 09:43:16.987root 11241100x8000000000000000262445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bc64beb5d519502023-02-08 09:43:16.987root 11241100x8000000000000000262444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08f8d51b7e4c3582023-02-08 09:43:16.987root 11241100x8000000000000000262443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b24be5be2a9b0492023-02-08 09:43:16.987root 11241100x8000000000000000262442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ef414cb69a9a6f2023-02-08 09:43:16.987root 11241100x8000000000000000262441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bee1ecf67aea1e2023-02-08 09:43:16.987root 11241100x8000000000000000262454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a41d9b7be11c7ef2023-02-08 09:43:16.988root 11241100x8000000000000000262453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a168a721b4bee12023-02-08 09:43:16.988root 11241100x8000000000000000262452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc3723b5226acb32023-02-08 09:43:16.988root 11241100x8000000000000000262451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90231edafc479d2023-02-08 09:43:16.988root 11241100x8000000000000000262450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10b25a26eeedf2d2023-02-08 09:43:16.988root 11241100x8000000000000000262461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc90095de1883b72023-02-08 09:43:16.989root 11241100x8000000000000000262460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373d1ce0d6be2412023-02-08 09:43:16.989root 11241100x8000000000000000262459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234f614c9b2811522023-02-08 09:43:16.989root 11241100x8000000000000000262458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363d08a9a3308dc82023-02-08 09:43:16.989root 11241100x8000000000000000262457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e25ba405845bcb2023-02-08 09:43:16.989root 11241100x8000000000000000262456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea98e310782e41d2023-02-08 09:43:16.989root 11241100x8000000000000000262455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12713aa4238ecae2023-02-08 09:43:16.989root 11241100x8000000000000000262462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:16.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0df104efa65b1e2023-02-08 09:43:16.990root 11241100x8000000000000000262467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e27d3f73f66f7dd2023-02-08 09:43:17.484root 11241100x8000000000000000262466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f545d47750b3df2023-02-08 09:43:17.484root 11241100x8000000000000000262465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7552b46c1b78e4882023-02-08 09:43:17.484root 11241100x8000000000000000262464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2190a86d2352ee1f2023-02-08 09:43:17.484root 11241100x8000000000000000262463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1616a110548151a2023-02-08 09:43:17.484root 11241100x8000000000000000262474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fa347c331badc92023-02-08 09:43:17.485root 11241100x8000000000000000262473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d67020ca13895bb2023-02-08 09:43:17.485root 11241100x8000000000000000262472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac26e5bdbcc4002023-02-08 09:43:17.485root 11241100x8000000000000000262471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b721a36a5a3684212023-02-08 09:43:17.485root 11241100x8000000000000000262470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e765a5e6e87a722023-02-08 09:43:17.485root 11241100x8000000000000000262469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6845622b83aae7de2023-02-08 09:43:17.485root 11241100x8000000000000000262468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a83039cf7a19332023-02-08 09:43:17.485root 11241100x8000000000000000262486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd0afd2f39e9d4b2023-02-08 09:43:17.486root 11241100x8000000000000000262485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e9623aa2d5a0802023-02-08 09:43:17.486root 11241100x8000000000000000262484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e4e2e09763fadd2023-02-08 09:43:17.486root 11241100x8000000000000000262483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b919efb6fcb8eeb2023-02-08 09:43:17.486root 11241100x8000000000000000262482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2da24b8168e9a152023-02-08 09:43:17.486root 11241100x8000000000000000262481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8adcfc34e1a64c2023-02-08 09:43:17.486root 11241100x8000000000000000262480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe90ebd00a09d182023-02-08 09:43:17.486root 11241100x8000000000000000262479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe65c06cd329a10a2023-02-08 09:43:17.486root 11241100x8000000000000000262478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a11d9241089ff0c2023-02-08 09:43:17.486root 11241100x8000000000000000262477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8c4c111cd8336f2023-02-08 09:43:17.486root 11241100x8000000000000000262476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4404239ba4eb6c9e2023-02-08 09:43:17.486root 11241100x8000000000000000262475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7388acd8ec2de9c62023-02-08 09:43:17.486root 11241100x8000000000000000262487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ae0e471df43d512023-02-08 09:43:17.487root 11241100x8000000000000000262500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba05a19e3a2bb802023-02-08 09:43:17.488root 11241100x8000000000000000262499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c51f5e07628061d2023-02-08 09:43:17.488root 11241100x8000000000000000262498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b234712135c338b2023-02-08 09:43:17.488root 11241100x8000000000000000262497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd889f43ef2080b22023-02-08 09:43:17.488root 11241100x8000000000000000262496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f036161e48f194f2023-02-08 09:43:17.488root 11241100x8000000000000000262495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d706f6e0e99a3b2023-02-08 09:43:17.488root 11241100x8000000000000000262494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8536cd53f81924e2023-02-08 09:43:17.488root 11241100x8000000000000000262493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27f5f56cd13f9942023-02-08 09:43:17.488root 11241100x8000000000000000262492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a116ba885cde23dd2023-02-08 09:43:17.488root 11241100x8000000000000000262491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0c1651f352f4472023-02-08 09:43:17.488root 11241100x8000000000000000262490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efcc1dfb4059cb52023-02-08 09:43:17.488root 11241100x8000000000000000262489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023a63432f8f08912023-02-08 09:43:17.488root 11241100x8000000000000000262488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a45f143d0e7cd42023-02-08 09:43:17.488root 11241100x8000000000000000262504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fb2921d00fb34a2023-02-08 09:43:17.489root 11241100x8000000000000000262503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8327521eca7c01f62023-02-08 09:43:17.489root 11241100x8000000000000000262502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e43f845738122322023-02-08 09:43:17.489root 11241100x8000000000000000262501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01162a3d4f724b4f2023-02-08 09:43:17.489root 11241100x8000000000000000262510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be60e53b82382f8f2023-02-08 09:43:17.984root 11241100x8000000000000000262509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57acf0f8cfebfd052023-02-08 09:43:17.984root 11241100x8000000000000000262508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e93c55f9188bd2023-02-08 09:43:17.984root 11241100x8000000000000000262507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dad069025f003b22023-02-08 09:43:17.984root 11241100x8000000000000000262506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d6d15794db9a222023-02-08 09:43:17.984root 11241100x8000000000000000262505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeccca6b39b00cd2023-02-08 09:43:17.984root 11241100x8000000000000000262524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971f4deb0e12a2b12023-02-08 09:43:17.985root 11241100x8000000000000000262523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a97a6a16840ba82023-02-08 09:43:17.985root 11241100x8000000000000000262522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0402ab6fea9d422023-02-08 09:43:17.985root 11241100x8000000000000000262521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f50961467de52f92023-02-08 09:43:17.985root 11241100x8000000000000000262520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5660efe62e2a69a32023-02-08 09:43:17.985root 11241100x8000000000000000262519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1dfe31da2046542023-02-08 09:43:17.985root 11241100x8000000000000000262518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3247a7650c242e2023-02-08 09:43:17.985root 11241100x8000000000000000262517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2718cadd7dee7c2d2023-02-08 09:43:17.985root 11241100x8000000000000000262516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24e91c761c18c212023-02-08 09:43:17.985root 11241100x8000000000000000262515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec096c3f91e8734c2023-02-08 09:43:17.985root 11241100x8000000000000000262514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6635cb75521c32023-02-08 09:43:17.985root 11241100x8000000000000000262513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa7b6d99f45a8e2023-02-08 09:43:17.985root 11241100x8000000000000000262512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccce496900a506b2023-02-08 09:43:17.985root 11241100x8000000000000000262511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bcc39c92b223d22023-02-08 09:43:17.985root 11241100x8000000000000000262539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96197ce46ba810422023-02-08 09:43:17.986root 11241100x8000000000000000262538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34d879ce6cf7a6e2023-02-08 09:43:17.986root 11241100x8000000000000000262537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9bfbea316befb2023-02-08 09:43:17.986root 11241100x8000000000000000262536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fd7408cc257b0a2023-02-08 09:43:17.986root 11241100x8000000000000000262535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1bff1ab9f638ef2023-02-08 09:43:17.986root 11241100x8000000000000000262534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40886f73a6224d932023-02-08 09:43:17.986root 11241100x8000000000000000262533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14934814d80ea5c2023-02-08 09:43:17.986root 11241100x8000000000000000262532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5389f65c0a8ec5c2023-02-08 09:43:17.986root 11241100x8000000000000000262531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471043ed801d8762023-02-08 09:43:17.986root 11241100x8000000000000000262530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16990cb4a50f772023-02-08 09:43:17.986root 11241100x8000000000000000262529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e39218b7185cfd2023-02-08 09:43:17.986root 11241100x8000000000000000262528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9972b2beec2273f32023-02-08 09:43:17.986root 11241100x8000000000000000262527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f1fb8192aba5da2023-02-08 09:43:17.986root 11241100x8000000000000000262526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6364468550397c022023-02-08 09:43:17.986root 11241100x8000000000000000262525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071b85ad621416452023-02-08 09:43:17.986root 11241100x8000000000000000262547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8091c688a1be732023-02-08 09:43:17.987root 11241100x8000000000000000262546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7ce7e0301844092023-02-08 09:43:17.987root 11241100x8000000000000000262545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3283b6ca661f9d8b2023-02-08 09:43:17.987root 11241100x8000000000000000262544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87be56f0a57406eb2023-02-08 09:43:17.987root 11241100x8000000000000000262543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cbebc1dfbbb2512023-02-08 09:43:17.987root 11241100x8000000000000000262542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a886e42142ea7c022023-02-08 09:43:17.987root 11241100x8000000000000000262541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae78fcb15e53a612023-02-08 09:43:17.987root 11241100x8000000000000000262540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7593ffc52db418d32023-02-08 09:43:17.987root 11241100x8000000000000000262556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4610801d61123412023-02-08 09:43:17.988root 11241100x8000000000000000262555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a2dcd5795d2dc2023-02-08 09:43:17.988root 11241100x8000000000000000262554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b429dd2401ca93942023-02-08 09:43:17.988root 11241100x8000000000000000262553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0e63f54c9705692023-02-08 09:43:17.988root 11241100x8000000000000000262552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d62c1908fcfd482023-02-08 09:43:17.988root 11241100x8000000000000000262551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27edafa05b82d04b2023-02-08 09:43:17.988root 11241100x8000000000000000262550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abda2d275d9a85cf2023-02-08 09:43:17.988root 11241100x8000000000000000262549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e6eb4a951aac5b2023-02-08 09:43:17.988root 11241100x8000000000000000262548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f1f592793274f92023-02-08 09:43:17.988root 11241100x8000000000000000262557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb19a61aef49b70a2023-02-08 09:43:18.484root 11241100x8000000000000000262567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeecfc8076e754a2023-02-08 09:43:18.485root 11241100x8000000000000000262566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d2a53c0159641c2023-02-08 09:43:18.485root 11241100x8000000000000000262565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb72131742b9ef2023-02-08 09:43:18.485root 11241100x8000000000000000262564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91610267d7b535ad2023-02-08 09:43:18.485root 11241100x8000000000000000262563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8489b461910099b2023-02-08 09:43:18.485root 11241100x8000000000000000262562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbdce6a5784e3a52023-02-08 09:43:18.485root 11241100x8000000000000000262561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad84f3a5f63c3792023-02-08 09:43:18.485root 11241100x8000000000000000262560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7e8e56c205958f2023-02-08 09:43:18.485root 11241100x8000000000000000262559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90adc37e9c5b389f2023-02-08 09:43:18.485root 11241100x8000000000000000262558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7939fcc034a1972023-02-08 09:43:18.485root 11241100x8000000000000000262581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73df916f73f591312023-02-08 09:43:18.486root 11241100x8000000000000000262580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c6fbf7870d8582023-02-08 09:43:18.486root 11241100x8000000000000000262579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9d476e06b35d652023-02-08 09:43:18.486root 11241100x8000000000000000262578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c579cd7234edd62023-02-08 09:43:18.486root 11241100x8000000000000000262577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16716248d750fe682023-02-08 09:43:18.486root 11241100x8000000000000000262576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ee1c8e249c06682023-02-08 09:43:18.486root 11241100x8000000000000000262575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e86b0bedacf882023-02-08 09:43:18.486root 11241100x8000000000000000262574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6022f93ab9c2e3c2023-02-08 09:43:18.486root 11241100x8000000000000000262573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548e55a5249823762023-02-08 09:43:18.486root 11241100x8000000000000000262572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b809b3f92222ee2023-02-08 09:43:18.486root 11241100x8000000000000000262571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02fac0b85dd3472023-02-08 09:43:18.486root 11241100x8000000000000000262570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc14d4010c7f502023-02-08 09:43:18.486root 11241100x8000000000000000262569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdecab1f0bec42e2023-02-08 09:43:18.486root 11241100x8000000000000000262568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede4922dd023f3ca2023-02-08 09:43:18.486root 11241100x8000000000000000262590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b67ee0503dfe7042023-02-08 09:43:18.487root 11241100x8000000000000000262589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696a57db24c6a2162023-02-08 09:43:18.487root 11241100x8000000000000000262588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d07303b675012e2023-02-08 09:43:18.487root 11241100x8000000000000000262587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c927e38813fcbf8b2023-02-08 09:43:18.487root 11241100x8000000000000000262586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96726807e5f192992023-02-08 09:43:18.487root 11241100x8000000000000000262585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5135232c62ccb1e32023-02-08 09:43:18.487root 11241100x8000000000000000262584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09adf12268b32bd62023-02-08 09:43:18.487root 11241100x8000000000000000262583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318982c08d263a7b2023-02-08 09:43:18.487root 11241100x8000000000000000262582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccddc2e612c47a512023-02-08 09:43:18.487root 11241100x8000000000000000262602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a837914c2bc6722f2023-02-08 09:43:18.985root 11241100x8000000000000000262601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83092b461f7285f2023-02-08 09:43:18.985root 11241100x8000000000000000262600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dda2855ea2091e2023-02-08 09:43:18.985root 11241100x8000000000000000262599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a89dd2ba9594d52023-02-08 09:43:18.985root 11241100x8000000000000000262598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c3328b4b04f662023-02-08 09:43:18.985root 11241100x8000000000000000262597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f27c95bb76bceac2023-02-08 09:43:18.985root 11241100x8000000000000000262596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a324ba5a840cf02023-02-08 09:43:18.985root 11241100x8000000000000000262595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf378e7019a7acc02023-02-08 09:43:18.985root 11241100x8000000000000000262594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a62a39a9eb7a6c82023-02-08 09:43:18.985root 11241100x8000000000000000262593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fa8fa04f044a242023-02-08 09:43:18.985root 11241100x8000000000000000262592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdbd17050f1dd4f2023-02-08 09:43:18.985root 11241100x8000000000000000262591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663761ad43f57192023-02-08 09:43:18.985root 11241100x8000000000000000262616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43251b3fecf077d32023-02-08 09:43:18.986root 11241100x8000000000000000262615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a7dd41692093062023-02-08 09:43:18.986root 11241100x8000000000000000262614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f3dfd5282434992023-02-08 09:43:18.986root 11241100x8000000000000000262613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0748fbd83849f44d2023-02-08 09:43:18.986root 11241100x8000000000000000262612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59751ebb8663d582023-02-08 09:43:18.986root 11241100x8000000000000000262611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451e2f9f502294992023-02-08 09:43:18.986root 11241100x8000000000000000262610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e015f867446b632023-02-08 09:43:18.986root 11241100x8000000000000000262609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f75313f7582da712023-02-08 09:43:18.986root 11241100x8000000000000000262608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e2e47dc5c9c2c2023-02-08 09:43:18.986root 11241100x8000000000000000262607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b278fe4820a0bf2023-02-08 09:43:18.986root 11241100x8000000000000000262606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f9201f17f1c1812023-02-08 09:43:18.986root 11241100x8000000000000000262605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc90acef1fe1c362023-02-08 09:43:18.986root 11241100x8000000000000000262604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf11a0f6d07a06922023-02-08 09:43:18.986root 11241100x8000000000000000262603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e3939d652043b2023-02-08 09:43:18.986root 11241100x8000000000000000262624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315adc63f7d8c6c62023-02-08 09:43:18.987root 11241100x8000000000000000262623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9c6057e20faf912023-02-08 09:43:18.987root 11241100x8000000000000000262622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1457d4fa842b182023-02-08 09:43:18.987root 11241100x8000000000000000262621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96507ce902ea069e2023-02-08 09:43:18.987root 11241100x8000000000000000262620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d259be30aa65e342023-02-08 09:43:18.987root 11241100x8000000000000000262619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad02d58632d9642023-02-08 09:43:18.987root 11241100x8000000000000000262618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83caae0613a83132023-02-08 09:43:18.987root 11241100x8000000000000000262617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc46af28248cce2023-02-08 09:43:18.987root 11241100x8000000000000000262634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f830369e58ffd322023-02-08 09:43:19.484root 11241100x8000000000000000262633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5f0c0e2b987ad2023-02-08 09:43:19.484root 11241100x8000000000000000262632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bbdaa1941bcf0a2023-02-08 09:43:19.484root 11241100x8000000000000000262631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01fa192ac2cce7c2023-02-08 09:43:19.484root 11241100x8000000000000000262630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445aea7e2a02a1032023-02-08 09:43:19.484root 11241100x8000000000000000262629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0173cd233174d2023-02-08 09:43:19.484root 11241100x8000000000000000262628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b261ab1f3808582023-02-08 09:43:19.484root 11241100x8000000000000000262627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d950f7da31f1f62023-02-08 09:43:19.484root 11241100x8000000000000000262626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5997d00fcedc4e2023-02-08 09:43:19.484root 11241100x8000000000000000262625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3bb4e5577e7852023-02-08 09:43:19.484root 11241100x8000000000000000262638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eda7ded561d2fe2023-02-08 09:43:19.485root 11241100x8000000000000000262637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250849fe47296bd22023-02-08 09:43:19.485root 11241100x8000000000000000262636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c6e190cf053d542023-02-08 09:43:19.485root 11241100x8000000000000000262635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2976b0df38f0fa762023-02-08 09:43:19.485root 11241100x8000000000000000262647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e037ceea60f3df2023-02-08 09:43:19.486root 11241100x8000000000000000262646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586d2a3e273f9592023-02-08 09:43:19.486root 11241100x8000000000000000262645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7af5263bcbb8eb2023-02-08 09:43:19.486root 11241100x8000000000000000262644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ca6da9315bf8312023-02-08 09:43:19.486root 11241100x8000000000000000262643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477474a193155a432023-02-08 09:43:19.486root 11241100x8000000000000000262642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b83a6586d4fbbc2023-02-08 09:43:19.486root 11241100x8000000000000000262641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e242b415a869d5a72023-02-08 09:43:19.486root 11241100x8000000000000000262640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94183af801468432023-02-08 09:43:19.486root 11241100x8000000000000000262639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf09eaeed8d1a432023-02-08 09:43:19.486root 11241100x8000000000000000262662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d64a7e1b76cda92023-02-08 09:43:19.487root 11241100x8000000000000000262661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f29f2e3c9293ee2023-02-08 09:43:19.487root 11241100x8000000000000000262660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0430e4efb8121d9d2023-02-08 09:43:19.487root 11241100x8000000000000000262659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b2ca06b767c5f62023-02-08 09:43:19.487root 11241100x8000000000000000262658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b230a8b73bbf0c6b2023-02-08 09:43:19.487root 11241100x8000000000000000262657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b061a50ec8e1252023-02-08 09:43:19.487root 11241100x8000000000000000262656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b682202e3ce28252023-02-08 09:43:19.487root 11241100x8000000000000000262655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdad48956dc43d2c2023-02-08 09:43:19.487root 11241100x8000000000000000262654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c1c8c7a2c3afb22023-02-08 09:43:19.487root 11241100x8000000000000000262653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3eeef169f397122023-02-08 09:43:19.487root 11241100x8000000000000000262652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c4d96cc66e99922023-02-08 09:43:19.487root 11241100x8000000000000000262651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3958484b9195f79f2023-02-08 09:43:19.487root 11241100x8000000000000000262650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd11809dfccf3ed52023-02-08 09:43:19.487root 11241100x8000000000000000262649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912991621efdf5002023-02-08 09:43:19.487root 11241100x8000000000000000262648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4510096784ad32aa2023-02-08 09:43:19.487root 11241100x8000000000000000262671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19824af229eff0932023-02-08 09:43:19.488root 11241100x8000000000000000262670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd736e1ff3c4aca2023-02-08 09:43:19.488root 11241100x8000000000000000262669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62966e810f860f642023-02-08 09:43:19.488root 11241100x8000000000000000262668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3e5641c0c851c2023-02-08 09:43:19.488root 11241100x8000000000000000262667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8dff8a4ddc97d2023-02-08 09:43:19.488root 11241100x8000000000000000262666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e04a9957588ae52023-02-08 09:43:19.488root 11241100x8000000000000000262665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c05257dec49b30c2023-02-08 09:43:19.488root 11241100x8000000000000000262664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9cc562b82d23fc2023-02-08 09:43:19.488root 11241100x8000000000000000262663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e931fadae5760c3c2023-02-08 09:43:19.488root 11241100x8000000000000000262675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b2e12793a606422023-02-08 09:43:19.984root 11241100x8000000000000000262674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e42e74c053934c02023-02-08 09:43:19.984root 11241100x8000000000000000262673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a591b15166cda72023-02-08 09:43:19.984root 11241100x8000000000000000262672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53649bc92866dbb2023-02-08 09:43:19.984root 11241100x8000000000000000262690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fe764cfad0ed8d2023-02-08 09:43:19.985root 11241100x8000000000000000262689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44a254bd55784c62023-02-08 09:43:19.985root 11241100x8000000000000000262688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792aadfc66168fa02023-02-08 09:43:19.985root 11241100x8000000000000000262687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a5dde11288fdd2023-02-08 09:43:19.985root 11241100x8000000000000000262686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ed99574d5be0d2023-02-08 09:43:19.985root 11241100x8000000000000000262685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f311427f21a1ec2023-02-08 09:43:19.985root 11241100x8000000000000000262684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c31b7c1740a26dd2023-02-08 09:43:19.985root 11241100x8000000000000000262683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78fd8c522e737932023-02-08 09:43:19.985root 11241100x8000000000000000262682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b80f9f874bce7a2023-02-08 09:43:19.985root 11241100x8000000000000000262681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290e02d5983d9bd32023-02-08 09:43:19.985root 11241100x8000000000000000262680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e97daa3e370cbf2023-02-08 09:43:19.985root 11241100x8000000000000000262679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1b2db4a5d3ada72023-02-08 09:43:19.985root 11241100x8000000000000000262678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a3dbcc2bbe5e452023-02-08 09:43:19.985root 11241100x8000000000000000262677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b2179499e420672023-02-08 09:43:19.985root 11241100x8000000000000000262676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f2c5ac7d860332023-02-08 09:43:19.985root 11241100x8000000000000000262700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf94bad4d539ee22023-02-08 09:43:19.986root 11241100x8000000000000000262699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90ee252cde7c5492023-02-08 09:43:19.986root 11241100x8000000000000000262698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff43a4eb8b1c3e2b2023-02-08 09:43:19.986root 11241100x8000000000000000262697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4177a0569fe016752023-02-08 09:43:19.986root 11241100x8000000000000000262696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23c1743b5e357a2023-02-08 09:43:19.986root 11241100x8000000000000000262695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f14b9df4f9a22b42023-02-08 09:43:19.986root 11241100x8000000000000000262694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c819f3649b460d2023-02-08 09:43:19.986root 11241100x8000000000000000262693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa84874aed9b0a92023-02-08 09:43:19.986root 11241100x8000000000000000262692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e51725f364462d2023-02-08 09:43:19.986root 11241100x8000000000000000262691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9739d9be94d9497e2023-02-08 09:43:19.986root 11241100x8000000000000000262709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6bbab7226e2f532023-02-08 09:43:19.987root 11241100x8000000000000000262708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1966d4201c88aef2023-02-08 09:43:19.987root 11241100x8000000000000000262707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7268172153d2c3e32023-02-08 09:43:19.987root 11241100x8000000000000000262706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c11d23685b84e2023-02-08 09:43:19.987root 11241100x8000000000000000262705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6def3b9826061c2023-02-08 09:43:19.987root 11241100x8000000000000000262704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83401262a6c7dde2023-02-08 09:43:19.987root 11241100x8000000000000000262703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738fed300c6942392023-02-08 09:43:19.987root 11241100x8000000000000000262702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd4b3e2847398af2023-02-08 09:43:19.987root 11241100x8000000000000000262701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c014b63c5c9a12af2023-02-08 09:43:19.987root 11241100x8000000000000000262714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43c4135947b18b2023-02-08 09:43:19.988root 11241100x8000000000000000262713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f99b738ffab8cee2023-02-08 09:43:19.988root 11241100x8000000000000000262712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670581b5b6d6de652023-02-08 09:43:19.988root 11241100x8000000000000000262711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eded2d4a425f7782023-02-08 09:43:19.988root 11241100x8000000000000000262710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4c66097c708032023-02-08 09:43:19.988root 11241100x8000000000000000262718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48082b1bc6022b42023-02-08 09:43:19.989root 11241100x8000000000000000262717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efffbfb1ae5bf762023-02-08 09:43:19.989root 11241100x8000000000000000262716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546284f8c1cd84ea2023-02-08 09:43:19.989root 11241100x8000000000000000262715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893f57c64884137a2023-02-08 09:43:19.989root 11241100x8000000000000000262728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3a073c448f1e5c2023-02-08 09:43:20.485root 11241100x8000000000000000262727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a712ad1d7eea3daa2023-02-08 09:43:20.485root 11241100x8000000000000000262726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d72a9a7b44bbfad2023-02-08 09:43:20.485root 11241100x8000000000000000262725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00f3abb6b9a11072023-02-08 09:43:20.485root 11241100x8000000000000000262724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7750551f1abba02023-02-08 09:43:20.485root 11241100x8000000000000000262723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1fa497a08343172023-02-08 09:43:20.485root 11241100x8000000000000000262722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f540187916fb7032023-02-08 09:43:20.485root 11241100x8000000000000000262721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55d8c9b7af6b8b2023-02-08 09:43:20.485root 11241100x8000000000000000262720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8799cb3d6869d312023-02-08 09:43:20.485root 11241100x8000000000000000262719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a46c0ddf0dffc612023-02-08 09:43:20.485root 11241100x8000000000000000262737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edbe2c5b9ead4b42023-02-08 09:43:20.486root 11241100x8000000000000000262736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187755993b1f593e2023-02-08 09:43:20.486root 11241100x8000000000000000262735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54b5c86e906cb2b2023-02-08 09:43:20.486root 11241100x8000000000000000262734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7dc94600aee1092023-02-08 09:43:20.486root 11241100x8000000000000000262733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4250afaa252a37e12023-02-08 09:43:20.486root 11241100x8000000000000000262732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb76c5fcf322a442023-02-08 09:43:20.486root 11241100x8000000000000000262731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd65f3166b3f58bd2023-02-08 09:43:20.486root 11241100x8000000000000000262730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df167814ef9ea452023-02-08 09:43:20.486root 11241100x8000000000000000262729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0528d774911541d12023-02-08 09:43:20.486root 11241100x8000000000000000262747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ff13631e6d5c2b2023-02-08 09:43:20.487root 11241100x8000000000000000262746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92da5094de3a0ab32023-02-08 09:43:20.487root 11241100x8000000000000000262745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1046bd86f95e971e2023-02-08 09:43:20.487root 11241100x8000000000000000262744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44299206a97b75b92023-02-08 09:43:20.487root 11241100x8000000000000000262743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b64dbf178b75ae2023-02-08 09:43:20.487root 11241100x8000000000000000262742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd7b60134b75a4a2023-02-08 09:43:20.487root 11241100x8000000000000000262741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14147cad1cfb218f2023-02-08 09:43:20.487root 11241100x8000000000000000262740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224f25aff86829932023-02-08 09:43:20.487root 11241100x8000000000000000262739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937ec5672ed0489d2023-02-08 09:43:20.487root 11241100x8000000000000000262738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c0d99ead8ee33f2023-02-08 09:43:20.487root 11241100x8000000000000000262752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0b82e723a8eee82023-02-08 09:43:20.488root 11241100x8000000000000000262751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5a904384170a672023-02-08 09:43:20.488root 11241100x8000000000000000262750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe611c34aa1b6c42023-02-08 09:43:20.488root 11241100x8000000000000000262749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a6b4b4a69fb8fc2023-02-08 09:43:20.488root 11241100x8000000000000000262748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967e290aca910baa2023-02-08 09:43:20.488root 11241100x8000000000000000262754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9ea5379786c0ee2023-02-08 09:43:20.984root 11241100x8000000000000000262753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc47593101de44c2023-02-08 09:43:20.984root 11241100x8000000000000000262759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f56a72279ec61e72023-02-08 09:43:20.985root 11241100x8000000000000000262758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ce7d5738d1a9e2023-02-08 09:43:20.985root 11241100x8000000000000000262757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5a1526b83758c2023-02-08 09:43:20.985root 11241100x8000000000000000262756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ed3c179ad655c22023-02-08 09:43:20.985root 11241100x8000000000000000262755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5020ea93b91b12023-02-08 09:43:20.985root 11241100x8000000000000000262769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e7019fca6dfdb92023-02-08 09:43:20.986root 11241100x8000000000000000262768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c7b9546b4115d62023-02-08 09:43:20.986root 11241100x8000000000000000262767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d780f3e3d09ef2023-02-08 09:43:20.986root 11241100x8000000000000000262766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a972cc32ef427ffd2023-02-08 09:43:20.986root 11241100x8000000000000000262765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e521b21767f3581f2023-02-08 09:43:20.986root 11241100x8000000000000000262764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4772b75d709a94d2023-02-08 09:43:20.986root 11241100x8000000000000000262763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df06962887f8c52023-02-08 09:43:20.986root 11241100x8000000000000000262762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001d289a84bd5a892023-02-08 09:43:20.986root 11241100x8000000000000000262761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65be3746c67bcecf2023-02-08 09:43:20.986root 11241100x8000000000000000262760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4077274330e80d2023-02-08 09:43:20.986root 11241100x8000000000000000262777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a51dec1112449b2023-02-08 09:43:20.987root 11241100x8000000000000000262776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83121a545ffac5b32023-02-08 09:43:20.987root 11241100x8000000000000000262775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e90c252330be00b2023-02-08 09:43:20.987root 11241100x8000000000000000262774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be401b360f0eeff82023-02-08 09:43:20.987root 11241100x8000000000000000262773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b531f8b7acc233d12023-02-08 09:43:20.987root 11241100x8000000000000000262772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17427e5960ffc23d2023-02-08 09:43:20.987root 11241100x8000000000000000262771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d490d78c26601492023-02-08 09:43:20.987root 11241100x8000000000000000262770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a44fd3393bb007b2023-02-08 09:43:20.987root 11241100x8000000000000000262785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae1ed69d7d0e8eb2023-02-08 09:43:20.988root 11241100x8000000000000000262784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d3f58d2ea26eeb2023-02-08 09:43:20.988root 11241100x8000000000000000262783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96de520419b9965a2023-02-08 09:43:20.988root 11241100x8000000000000000262782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8de0d35e4e6ab972023-02-08 09:43:20.988root 11241100x8000000000000000262781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b9e6963fbd70bc2023-02-08 09:43:20.988root 11241100x8000000000000000262780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a417dbc80945defe2023-02-08 09:43:20.988root 11241100x8000000000000000262779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7985d1c27a3df12023-02-08 09:43:20.988root 11241100x8000000000000000262778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b203b572bc7725d62023-02-08 09:43:20.988root 11241100x8000000000000000262789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06245077557c50b22023-02-08 09:43:20.989root 11241100x8000000000000000262788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ace8b24e279e7a2023-02-08 09:43:20.989root 11241100x8000000000000000262787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986f65ada838d5da2023-02-08 09:43:20.989root 11241100x8000000000000000262786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb85d854d46e2d362023-02-08 09:43:20.989root 11241100x8000000000000000262802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af3b64f45c8d8d2023-02-08 09:43:21.485root 11241100x8000000000000000262801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ddcb929b0cd87c2023-02-08 09:43:21.485root 11241100x8000000000000000262800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aa9268721b52572023-02-08 09:43:21.485root 11241100x8000000000000000262799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b9549f0855a102023-02-08 09:43:21.485root 11241100x8000000000000000262798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe94644e375601112023-02-08 09:43:21.485root 11241100x8000000000000000262797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138462f18a7cd042023-02-08 09:43:21.485root 11241100x8000000000000000262796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5ecd96c56086bf2023-02-08 09:43:21.485root 11241100x8000000000000000262795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b5b6fbf40b07b32023-02-08 09:43:21.485root 11241100x8000000000000000262794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102bfd30cf361afb2023-02-08 09:43:21.485root 11241100x8000000000000000262793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6853d321de3ad1d22023-02-08 09:43:21.485root 11241100x8000000000000000262792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20871f7645b76b42023-02-08 09:43:21.485root 11241100x8000000000000000262791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823bc30d5203c5ea2023-02-08 09:43:21.485root 11241100x8000000000000000262790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33619877c80996c2023-02-08 09:43:21.485root 11241100x8000000000000000262818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3bf934984395ee2023-02-08 09:43:21.486root 11241100x8000000000000000262817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc59a2c9950ceb62023-02-08 09:43:21.486root 11241100x8000000000000000262816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5760671563b78e32023-02-08 09:43:21.486root 11241100x8000000000000000262815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a796058d8c1c86d32023-02-08 09:43:21.486root 11241100x8000000000000000262814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157cb9b7367dfa5a2023-02-08 09:43:21.486root 11241100x8000000000000000262813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126aabc5c97a40f2023-02-08 09:43:21.486root 11241100x8000000000000000262812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f514078e9b1a0ce72023-02-08 09:43:21.486root 11241100x8000000000000000262811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438b2a89e2efb3012023-02-08 09:43:21.486root 11241100x8000000000000000262810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fb4e1087d4f0e22023-02-08 09:43:21.486root 11241100x8000000000000000262809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e1e3adfe3d15992023-02-08 09:43:21.486root 11241100x8000000000000000262808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a26d93e20e647ab2023-02-08 09:43:21.486root 11241100x8000000000000000262807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dddadaa1c6a254e2023-02-08 09:43:21.486root 11241100x8000000000000000262806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19b3d85db3c6eed2023-02-08 09:43:21.486root 11241100x8000000000000000262805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea23ec6f20a1bc92023-02-08 09:43:21.486root 11241100x8000000000000000262804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb7f2239b3486f2023-02-08 09:43:21.486root 11241100x8000000000000000262803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3071c2a111124dac2023-02-08 09:43:21.486root 11241100x8000000000000000262823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6274b12cc3876412023-02-08 09:43:21.487root 11241100x8000000000000000262822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a92e4e279a94f582023-02-08 09:43:21.487root 11241100x8000000000000000262821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47063e83d500aa2023-02-08 09:43:21.487root 11241100x8000000000000000262820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be60d9d981d4147c2023-02-08 09:43:21.487root 11241100x8000000000000000262819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c3a2ff188c42bc2023-02-08 09:43:21.487root 11241100x8000000000000000262825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671778969f2727922023-02-08 09:43:21.984root 11241100x8000000000000000262824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb927d8ab2f4922023-02-08 09:43:21.984root 11241100x8000000000000000262834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec9047066a480822023-02-08 09:43:21.985root 11241100x8000000000000000262833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1b5d1ce3d77cce2023-02-08 09:43:21.985root 11241100x8000000000000000262832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edebd6a23b2e5c62023-02-08 09:43:21.985root 11241100x8000000000000000262831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba0a90dfdd4905e2023-02-08 09:43:21.985root 11241100x8000000000000000262830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99eade37c8356b2023-02-08 09:43:21.985root 11241100x8000000000000000262829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddb462afd044432023-02-08 09:43:21.985root 11241100x8000000000000000262828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f60beaa4b15e022023-02-08 09:43:21.985root 11241100x8000000000000000262827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fccdb5f1adb4112023-02-08 09:43:21.985root 11241100x8000000000000000262826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6131a2a6635f282023-02-08 09:43:21.985root 11241100x8000000000000000262847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa094715f48cc492023-02-08 09:43:21.986root 11241100x8000000000000000262846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ad1c4878af299d2023-02-08 09:43:21.986root 11241100x8000000000000000262845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbb7563a28081a72023-02-08 09:43:21.986root 11241100x8000000000000000262844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fc3f0e96f004962023-02-08 09:43:21.986root 11241100x8000000000000000262843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3360ec7d2ed81e342023-02-08 09:43:21.986root 11241100x8000000000000000262842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d9ce120b4b61012023-02-08 09:43:21.986root 11241100x8000000000000000262841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ee5d738e801da92023-02-08 09:43:21.986root 11241100x8000000000000000262840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b1cdb833ce5e772023-02-08 09:43:21.986root 11241100x8000000000000000262839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f91117fb42daa2023-02-08 09:43:21.986root 11241100x8000000000000000262838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36de70e07a2e77752023-02-08 09:43:21.986root 11241100x8000000000000000262837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750eb18b84e1709f2023-02-08 09:43:21.986root 11241100x8000000000000000262836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a22b1245b8c0452023-02-08 09:43:21.986root 11241100x8000000000000000262835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d74e5725b1ce042023-02-08 09:43:21.986root 11241100x8000000000000000262863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1534dfb6058754b02023-02-08 09:43:21.987root 11241100x8000000000000000262862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca1dfd7a01ef1492023-02-08 09:43:21.987root 11241100x8000000000000000262861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ddc3faf92a5ef2023-02-08 09:43:21.987root 11241100x8000000000000000262860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f4dee793c860a2023-02-08 09:43:21.987root 11241100x8000000000000000262859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ad4e17304eb9862023-02-08 09:43:21.987root 11241100x8000000000000000262858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af8d209e25a37c92023-02-08 09:43:21.987root 11241100x8000000000000000262857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17822559eb5c4f82023-02-08 09:43:21.987root 11241100x8000000000000000262856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608982182c00d1c92023-02-08 09:43:21.987root 11241100x8000000000000000262855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406ba3e1c7d7fe002023-02-08 09:43:21.987root 11241100x8000000000000000262854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03f1bc0e650c1582023-02-08 09:43:21.987root 11241100x8000000000000000262853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95332e9f4df60ab12023-02-08 09:43:21.987root 11241100x8000000000000000262852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317559a6d723738e2023-02-08 09:43:21.987root 11241100x8000000000000000262851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de364190904567912023-02-08 09:43:21.987root 11241100x8000000000000000262850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947dbeb9dc48c0992023-02-08 09:43:21.987root 11241100x8000000000000000262849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b31efa9b0d3dc672023-02-08 09:43:21.987root 11241100x8000000000000000262848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c136f2192fa7ec2023-02-08 09:43:21.987root 11241100x8000000000000000262879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a81aa8c4f7bcd8a2023-02-08 09:43:21.988root 11241100x8000000000000000262878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0bc2edab7288f42023-02-08 09:43:21.988root 11241100x8000000000000000262877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94585badbf669042023-02-08 09:43:21.988root 11241100x8000000000000000262876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb1a247f0bebcae2023-02-08 09:43:21.988root 11241100x8000000000000000262875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cf66301a747e042023-02-08 09:43:21.988root 11241100x8000000000000000262874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd79c8e573d76c302023-02-08 09:43:21.988root 11241100x8000000000000000262873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1308ec79554c4e72023-02-08 09:43:21.988root 11241100x8000000000000000262872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e50f053412a84c02023-02-08 09:43:21.988root 11241100x8000000000000000262871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f999134deb7386ff2023-02-08 09:43:21.988root 11241100x8000000000000000262870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7162337b463f2d782023-02-08 09:43:21.988root 11241100x8000000000000000262869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e537cbf84bea042023-02-08 09:43:21.988root 11241100x8000000000000000262868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3a3ef8fd121c7f2023-02-08 09:43:21.988root 11241100x8000000000000000262867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f1987a12d1e6702023-02-08 09:43:21.988root 11241100x8000000000000000262866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e8ca1d107b19ca2023-02-08 09:43:21.988root 11241100x8000000000000000262865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50a9b9005622632023-02-08 09:43:21.988root 11241100x8000000000000000262864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bcefb8b7e2597c2023-02-08 09:43:21.988root 11241100x8000000000000000262885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcbaa688a0c7cb32023-02-08 09:43:21.989root 11241100x8000000000000000262884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9ffbd9f5a0aa692023-02-08 09:43:21.989root 11241100x8000000000000000262883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aac890473b363f2023-02-08 09:43:21.989root 11241100x8000000000000000262882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e4e792b92d21d52023-02-08 09:43:21.989root 11241100x8000000000000000262881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a3002186ef5f062023-02-08 09:43:21.989root 11241100x8000000000000000262880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac6dea5689725612023-02-08 09:43:21.989root 354300x8000000000000000262886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.017{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44208-false10.0.1.12-8000- 11241100x8000000000000000262887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311564baedb65522023-02-08 09:43:22.484root 11241100x8000000000000000262891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ede6729f30e367b2023-02-08 09:43:22.485root 11241100x8000000000000000262890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e85244ffb581062023-02-08 09:43:22.485root 11241100x8000000000000000262889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e5fc72bc75db02023-02-08 09:43:22.485root 11241100x8000000000000000262888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db821d1d890ca3592023-02-08 09:43:22.485root 11241100x8000000000000000262904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5332da066768922023-02-08 09:43:22.486root 11241100x8000000000000000262903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4958f9274b564782023-02-08 09:43:22.486root 11241100x8000000000000000262902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9ffa850530b47c2023-02-08 09:43:22.486root 11241100x8000000000000000262901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e1a6736f784b92023-02-08 09:43:22.486root 11241100x8000000000000000262900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5ed1834edc5df12023-02-08 09:43:22.486root 11241100x8000000000000000262899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde95592e291e1952023-02-08 09:43:22.486root 11241100x8000000000000000262898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bc9d2de90fdc342023-02-08 09:43:22.486root 11241100x8000000000000000262897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1da3dbe533e5592023-02-08 09:43:22.486root 11241100x8000000000000000262896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45dcaefe2258732023-02-08 09:43:22.486root 11241100x8000000000000000262895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be163d52edbb82412023-02-08 09:43:22.486root 11241100x8000000000000000262894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318589648fa886562023-02-08 09:43:22.486root 11241100x8000000000000000262893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b43b9c2fbb60462023-02-08 09:43:22.486root 11241100x8000000000000000262892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265e35a15eed3f2c2023-02-08 09:43:22.486root 11241100x8000000000000000262907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf5fcf49e2d65fb2023-02-08 09:43:22.487root 11241100x8000000000000000262906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71115948a0b65982023-02-08 09:43:22.487root 11241100x8000000000000000262905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee536ad5dc2b1622023-02-08 09:43:22.487root 11241100x8000000000000000262913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85f02496d69bdea2023-02-08 09:43:22.488root 11241100x8000000000000000262912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838c03e3a9cf289c2023-02-08 09:43:22.488root 11241100x8000000000000000262911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8613ac2ce775819d2023-02-08 09:43:22.488root 11241100x8000000000000000262910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9947858dc8f6f322023-02-08 09:43:22.488root 11241100x8000000000000000262909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420d84b48c570972023-02-08 09:43:22.488root 11241100x8000000000000000262908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985d69571c0d96a2023-02-08 09:43:22.488root 11241100x8000000000000000262920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108ed64c5b6bfba62023-02-08 09:43:22.489root 11241100x8000000000000000262919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498575aee57bfe652023-02-08 09:43:22.489root 11241100x8000000000000000262918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa7816358c4c9812023-02-08 09:43:22.489root 11241100x8000000000000000262917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff591d61a5522fde2023-02-08 09:43:22.489root 11241100x8000000000000000262916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70b17e280b4eae2023-02-08 09:43:22.489root 11241100x8000000000000000262915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f9a5af1ec577c42023-02-08 09:43:22.489root 11241100x8000000000000000262914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb06208bb4c9d602023-02-08 09:43:22.489root 11241100x8000000000000000262924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a218e0b1425dc182023-02-08 09:43:22.490root 11241100x8000000000000000262923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408d162affd94fc82023-02-08 09:43:22.490root 11241100x8000000000000000262922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52604e96a57ebc552023-02-08 09:43:22.490root 11241100x8000000000000000262921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a7ea1217441e1e2023-02-08 09:43:22.490root 11241100x8000000000000000262925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c21535656d0c8e2023-02-08 09:43:22.984root 11241100x8000000000000000262931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33df3559c1f05302023-02-08 09:43:22.985root 11241100x8000000000000000262930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9c9ee6c078be222023-02-08 09:43:22.985root 11241100x8000000000000000262929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b5371ab31dd6062023-02-08 09:43:22.985root 11241100x8000000000000000262928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce76abc0c8d77642023-02-08 09:43:22.985root 11241100x8000000000000000262927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658115fea02489582023-02-08 09:43:22.985root 11241100x8000000000000000262926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689e4b533b85de712023-02-08 09:43:22.985root 11241100x8000000000000000262944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e81e194a3f9b802023-02-08 09:43:22.986root 11241100x8000000000000000262943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03c0dc9fdd8b9722023-02-08 09:43:22.986root 11241100x8000000000000000262942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f7398809f57f662023-02-08 09:43:22.986root 11241100x8000000000000000262941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7b578b038beae22023-02-08 09:43:22.986root 11241100x8000000000000000262940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ba0d719bfdc3ad2023-02-08 09:43:22.986root 11241100x8000000000000000262939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0985d4cbe1e235e2023-02-08 09:43:22.986root 11241100x8000000000000000262938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac98edfa3ef20ff2023-02-08 09:43:22.986root 11241100x8000000000000000262937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e150dd9a0da51732023-02-08 09:43:22.986root 11241100x8000000000000000262936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818151c7dc3418dd2023-02-08 09:43:22.986root 11241100x8000000000000000262935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4adbc7cc1cd55c52023-02-08 09:43:22.986root 11241100x8000000000000000262934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c660c7ff6426b8a2023-02-08 09:43:22.986root 11241100x8000000000000000262933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a7f329f90a03662023-02-08 09:43:22.986root 11241100x8000000000000000262932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9293ad95db60e32023-02-08 09:43:22.986root 11241100x8000000000000000262955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd08928fba36a972023-02-08 09:43:22.987root 11241100x8000000000000000262954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93b1ff9ec72590d2023-02-08 09:43:22.987root 11241100x8000000000000000262953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb03b0fa2412dd2023-02-08 09:43:22.987root 11241100x8000000000000000262952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476f86d795c4df512023-02-08 09:43:22.987root 11241100x8000000000000000262951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb156abaededa5d52023-02-08 09:43:22.987root 11241100x8000000000000000262950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50510217bfbe620f2023-02-08 09:43:22.987root 11241100x8000000000000000262949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7d55c4608925d2023-02-08 09:43:22.987root 11241100x8000000000000000262948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52eb4d53eae75da2023-02-08 09:43:22.987root 11241100x8000000000000000262947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be50cf699eea29132023-02-08 09:43:22.987root 11241100x8000000000000000262946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ffe924a00f2fbe2023-02-08 09:43:22.987root 11241100x8000000000000000262945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2677bd942d1a05e42023-02-08 09:43:22.987root 11241100x8000000000000000262959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acec6a9d3c6d83d2023-02-08 09:43:22.988root 11241100x8000000000000000262958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcfe3a28d3030612023-02-08 09:43:22.988root 11241100x8000000000000000262957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0222c988713c2912023-02-08 09:43:22.988root 11241100x8000000000000000262956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24982f514109ad282023-02-08 09:43:22.988root 11241100x8000000000000000262970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d0e2cd762432c2023-02-08 09:43:23.484root 11241100x8000000000000000262969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216df8f0333fa4f52023-02-08 09:43:23.484root 11241100x8000000000000000262968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f7401fba3989c62023-02-08 09:43:23.484root 11241100x8000000000000000262967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915b5eb4553afea2023-02-08 09:43:23.484root 11241100x8000000000000000262966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea613192422c31a2023-02-08 09:43:23.484root 11241100x8000000000000000262965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3945e7978f05080d2023-02-08 09:43:23.484root 11241100x8000000000000000262964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddfa87f4ad9dca52023-02-08 09:43:23.484root 11241100x8000000000000000262963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3049ac6525784ea2023-02-08 09:43:23.484root 11241100x8000000000000000262962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d6916d489ca14c2023-02-08 09:43:23.484root 11241100x8000000000000000262961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ff541ffa4b90852023-02-08 09:43:23.484root 11241100x8000000000000000262960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940c712c767dfabe2023-02-08 09:43:23.484root 11241100x8000000000000000262975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d962b04415a38b2023-02-08 09:43:23.485root 11241100x8000000000000000262974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eba3c66ff51e4e92023-02-08 09:43:23.485root 11241100x8000000000000000262973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf146b7f04b24f12023-02-08 09:43:23.485root 11241100x8000000000000000262972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240959d0b83e76c32023-02-08 09:43:23.485root 11241100x8000000000000000262971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5162f588bac06ac72023-02-08 09:43:23.485root 11241100x8000000000000000262986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d42aaa8a5e061c2023-02-08 09:43:23.486root 11241100x8000000000000000262985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cbec61ea0e7a392023-02-08 09:43:23.486root 11241100x8000000000000000262984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa40c083357e9c2023-02-08 09:43:23.486root 11241100x8000000000000000262983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbb40c9c438e14a2023-02-08 09:43:23.486root 11241100x8000000000000000262982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe2fbda7641b5a52023-02-08 09:43:23.486root 11241100x8000000000000000262981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370117dccc2711ef2023-02-08 09:43:23.486root 11241100x8000000000000000262980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff67bc1867631bc2023-02-08 09:43:23.486root 11241100x8000000000000000262979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c05954bbf1291722023-02-08 09:43:23.486root 11241100x8000000000000000262978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49c7b50126ccbf2023-02-08 09:43:23.486root 11241100x8000000000000000262977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af522f96954fac412023-02-08 09:43:23.486root 11241100x8000000000000000262976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a1658b60f8c8762023-02-08 09:43:23.486root 11241100x8000000000000000263001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e6834683a18c3b2023-02-08 09:43:23.487root 11241100x8000000000000000263000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9210c1d3d728dcbb2023-02-08 09:43:23.487root 11241100x8000000000000000262999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4433f66f0a44d1b2023-02-08 09:43:23.487root 11241100x8000000000000000262998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47fc770e7b650822023-02-08 09:43:23.487root 11241100x8000000000000000262997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec5478f196ada522023-02-08 09:43:23.487root 11241100x8000000000000000262996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eef7472756648d2023-02-08 09:43:23.487root 11241100x8000000000000000262995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6af2756fe3f38702023-02-08 09:43:23.487root 11241100x8000000000000000262994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aee2748d9e914ef2023-02-08 09:43:23.487root 11241100x8000000000000000262993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda701eee3697342023-02-08 09:43:23.487root 11241100x8000000000000000262992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56706d0f132c40212023-02-08 09:43:23.487root 11241100x8000000000000000262991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd85dea380ad5542023-02-08 09:43:23.487root 11241100x8000000000000000262990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb334506ed2651902023-02-08 09:43:23.487root 11241100x8000000000000000262989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85baa6d074bb02732023-02-08 09:43:23.487root 11241100x8000000000000000262988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e74d4dc3a34d452023-02-08 09:43:23.487root 11241100x8000000000000000262987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400db902095346d62023-02-08 09:43:23.487root 11241100x8000000000000000263017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1d418b00350c72023-02-08 09:43:23.488root 11241100x8000000000000000263016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db550b049667f1c2023-02-08 09:43:23.488root 11241100x8000000000000000263015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf06212335146172023-02-08 09:43:23.488root 11241100x8000000000000000263014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f13ccff71fd52a2023-02-08 09:43:23.488root 11241100x8000000000000000263013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f954ee29ae5d4a2023-02-08 09:43:23.488root 11241100x8000000000000000263012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee4b53de7e6093b2023-02-08 09:43:23.488root 11241100x8000000000000000263011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4940c1baa744e39a2023-02-08 09:43:23.488root 11241100x8000000000000000263010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8165bf8dbc2ffec42023-02-08 09:43:23.488root 11241100x8000000000000000263009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff2b3f13dd2e962023-02-08 09:43:23.488root 11241100x8000000000000000263008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045fb1cdd7c9db8c2023-02-08 09:43:23.488root 11241100x8000000000000000263007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dad0f9d84eaeec2023-02-08 09:43:23.488root 11241100x8000000000000000263006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802c298cdd45592f2023-02-08 09:43:23.488root 11241100x8000000000000000263005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce9a5449ac4c4a2023-02-08 09:43:23.488root 11241100x8000000000000000263004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567bca87cd2afaa22023-02-08 09:43:23.488root 11241100x8000000000000000263003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042bbf9797b3615f2023-02-08 09:43:23.488root 11241100x8000000000000000263002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369e04b22aab4a12023-02-08 09:43:23.488root 11241100x8000000000000000263021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c069dfc109908ea42023-02-08 09:43:23.489root 11241100x8000000000000000263020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e03abdb84c6b9a2023-02-08 09:43:23.489root 11241100x8000000000000000263019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b2c17fb5ea6d8c2023-02-08 09:43:23.489root 11241100x8000000000000000263018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259297152279caf32023-02-08 09:43:23.489root 11241100x8000000000000000263025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754498ef22d12c592023-02-08 09:43:23.984root 11241100x8000000000000000263024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5895f5e77a4bd5472023-02-08 09:43:23.984root 11241100x8000000000000000263023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0180622042a55dd72023-02-08 09:43:23.984root 11241100x8000000000000000263022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd58888919cc84d2023-02-08 09:43:23.984root 11241100x8000000000000000263035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e07c107b42236672023-02-08 09:43:23.985root 11241100x8000000000000000263034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e34e22a31f4cd12023-02-08 09:43:23.985root 11241100x8000000000000000263033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6924b6e9f225a2482023-02-08 09:43:23.985root 11241100x8000000000000000263032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657febb22dfb69c2023-02-08 09:43:23.985root 11241100x8000000000000000263031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfd4c680088cd722023-02-08 09:43:23.985root 11241100x8000000000000000263030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4a979dc2903e692023-02-08 09:43:23.985root 11241100x8000000000000000263029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54db8a0dbdef6bc02023-02-08 09:43:23.985root 11241100x8000000000000000263028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d17b1095cf3b9c22023-02-08 09:43:23.985root 11241100x8000000000000000263027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d265232374da3a142023-02-08 09:43:23.985root 11241100x8000000000000000263026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7557b667516f25ff2023-02-08 09:43:23.985root 11241100x8000000000000000263047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2e3e4f636fa2512023-02-08 09:43:23.986root 11241100x8000000000000000263046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e871af907a7a5b2023-02-08 09:43:23.986root 11241100x8000000000000000263045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573b3d807c7558892023-02-08 09:43:23.986root 11241100x8000000000000000263044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f933b06b063302023-02-08 09:43:23.986root 11241100x8000000000000000263043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c28837595f59442023-02-08 09:43:23.986root 11241100x8000000000000000263042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdc50d4856940382023-02-08 09:43:23.986root 11241100x8000000000000000263041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f68be0cd0f904292023-02-08 09:43:23.986root 11241100x8000000000000000263040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07e3924c1263c02023-02-08 09:43:23.986root 11241100x8000000000000000263039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0335016adce7672023-02-08 09:43:23.986root 11241100x8000000000000000263038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb3be9646965adf2023-02-08 09:43:23.986root 11241100x8000000000000000263037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef74a62ddb7cf612023-02-08 09:43:23.986root 11241100x8000000000000000263036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0d00a4c4fbe1162023-02-08 09:43:23.986root 11241100x8000000000000000263060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d3f467c1f60a8c2023-02-08 09:43:23.987root 11241100x8000000000000000263059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e379aefefeead8092023-02-08 09:43:23.987root 11241100x8000000000000000263058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d000d014233b6b62023-02-08 09:43:23.987root 11241100x8000000000000000263057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a9d474d8452f32023-02-08 09:43:23.987root 11241100x8000000000000000263056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec385804c34249a2023-02-08 09:43:23.987root 11241100x8000000000000000263055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c691b77635c31c2023-02-08 09:43:23.987root 11241100x8000000000000000263054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d68021958e1e2852023-02-08 09:43:23.987root 11241100x8000000000000000263053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb794c06e46917902023-02-08 09:43:23.987root 11241100x8000000000000000263052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca7487fa06730df2023-02-08 09:43:23.987root 11241100x8000000000000000263051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe9b90505f5504a2023-02-08 09:43:23.987root 11241100x8000000000000000263050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ee897e4ac46e32023-02-08 09:43:23.987root 11241100x8000000000000000263049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cbb70b6e78f682023-02-08 09:43:23.987root 11241100x8000000000000000263048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5dfc119b4ef3cb2023-02-08 09:43:23.987root 11241100x8000000000000000263068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421af5dc680368962023-02-08 09:43:23.988root 11241100x8000000000000000263067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27a0e1b5589e1bf2023-02-08 09:43:23.988root 11241100x8000000000000000263066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b95a0475b02712023-02-08 09:43:23.988root 11241100x8000000000000000263065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d143cac721caee02023-02-08 09:43:23.988root 11241100x8000000000000000263064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d066b520c0a958e42023-02-08 09:43:23.988root 11241100x8000000000000000263063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c996a1302a73eae52023-02-08 09:43:23.988root 11241100x8000000000000000263062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c23a9d32a3c5082023-02-08 09:43:23.988root 11241100x8000000000000000263061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537d98a1ff7e7082023-02-08 09:43:23.988root 11241100x8000000000000000263076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a829d7c858e1f612023-02-08 09:43:24.484root 11241100x8000000000000000263075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b7e6432cc8b572023-02-08 09:43:24.484root 11241100x8000000000000000263074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58f6ef41bfe203d2023-02-08 09:43:24.484root 11241100x8000000000000000263073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec3ebdfba134e702023-02-08 09:43:24.484root 11241100x8000000000000000263072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd66c02d0413373f2023-02-08 09:43:24.484root 11241100x8000000000000000263071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe89d505306c5892023-02-08 09:43:24.484root 11241100x8000000000000000263070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea4d524433b75182023-02-08 09:43:24.484root 11241100x8000000000000000263069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeddec4952e5bb22023-02-08 09:43:24.484root 11241100x8000000000000000263084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1614cc43f66a6f2023-02-08 09:43:24.485root 11241100x8000000000000000263083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2493ddc09da8a8192023-02-08 09:43:24.485root 11241100x8000000000000000263082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d51ec9a33aecdbd2023-02-08 09:43:24.485root 11241100x8000000000000000263081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3fe553c0022fa52023-02-08 09:43:24.485root 11241100x8000000000000000263080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd4ae88c38832b42023-02-08 09:43:24.485root 11241100x8000000000000000263079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae947bdbe6f0d52023-02-08 09:43:24.485root 11241100x8000000000000000263078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5ff40996f51642023-02-08 09:43:24.485root 11241100x8000000000000000263077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb6ade258642d3c2023-02-08 09:43:24.485root 11241100x8000000000000000263093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb29c491b663ca62023-02-08 09:43:24.486root 11241100x8000000000000000263092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f29cf031fbc7ff2023-02-08 09:43:24.486root 11241100x8000000000000000263091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea89fde436c3bb992023-02-08 09:43:24.486root 11241100x8000000000000000263090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b690d198fe5a12023-02-08 09:43:24.486root 11241100x8000000000000000263089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c132eb37e71d452023-02-08 09:43:24.486root 11241100x8000000000000000263088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584533daaacb95d2023-02-08 09:43:24.486root 11241100x8000000000000000263087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f7cc56d6942eba2023-02-08 09:43:24.486root 11241100x8000000000000000263086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff6331a45f5703c2023-02-08 09:43:24.486root 11241100x8000000000000000263085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca32009b315986d22023-02-08 09:43:24.486root 11241100x8000000000000000263103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f731f5fd9566b72023-02-08 09:43:24.487root 11241100x8000000000000000263102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa80dbf6e7dfcb7a2023-02-08 09:43:24.487root 11241100x8000000000000000263101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78572913a0ebda382023-02-08 09:43:24.487root 11241100x8000000000000000263100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbdf9c3db59e0542023-02-08 09:43:24.487root 11241100x8000000000000000263099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a04718b4486c8d2023-02-08 09:43:24.487root 11241100x8000000000000000263098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b8f5b3221b58172023-02-08 09:43:24.487root 11241100x8000000000000000263097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396b43465925b8d2023-02-08 09:43:24.487root 11241100x8000000000000000263096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4db233b40f6b322023-02-08 09:43:24.487root 11241100x8000000000000000263095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e14c73651e331c2023-02-08 09:43:24.487root 11241100x8000000000000000263094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c8d91cba540682023-02-08 09:43:24.487root 11241100x8000000000000000263117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be02388118e3c0c82023-02-08 09:43:24.488root 11241100x8000000000000000263116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b60e9af1e945d2a2023-02-08 09:43:24.488root 11241100x8000000000000000263115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e4ca0e878a596b2023-02-08 09:43:24.488root 11241100x8000000000000000263114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed42ba4119125642023-02-08 09:43:24.488root 11241100x8000000000000000263113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe7ebefcfa78d5f2023-02-08 09:43:24.488root 11241100x8000000000000000263112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d494de35d8cf75cc2023-02-08 09:43:24.488root 11241100x8000000000000000263111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c000aabb9911652023-02-08 09:43:24.488root 11241100x8000000000000000263110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed97fd8a10df12b72023-02-08 09:43:24.488root 11241100x8000000000000000263109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c6f49bd7e6334d2023-02-08 09:43:24.488root 11241100x8000000000000000263108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9bd6ae5ee390672023-02-08 09:43:24.488root 11241100x8000000000000000263107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4266e09aecae69902023-02-08 09:43:24.488root 11241100x8000000000000000263106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947750d6c12986ea2023-02-08 09:43:24.488root 11241100x8000000000000000263105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a32df9104c21b52023-02-08 09:43:24.488root 11241100x8000000000000000263104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a639341a2d62e4f62023-02-08 09:43:24.488root 11241100x8000000000000000263122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bde182a62462be2023-02-08 09:43:24.489root 11241100x8000000000000000263121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6097ec45e0c79a992023-02-08 09:43:24.489root 11241100x8000000000000000263120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a4abf65d10b652023-02-08 09:43:24.489root 11241100x8000000000000000263119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9851e9eae863eae52023-02-08 09:43:24.489root 11241100x8000000000000000263118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfde98db494f8f12023-02-08 09:43:24.489root 11241100x8000000000000000263124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0536e3303972dbd62023-02-08 09:43:24.984root 11241100x8000000000000000263123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d895f43937ec22023-02-08 09:43:24.984root 11241100x8000000000000000263139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800fda84a37ea392023-02-08 09:43:24.985root 11241100x8000000000000000263138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d733905264c45a2023-02-08 09:43:24.985root 11241100x8000000000000000263137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b037f88a57c23492023-02-08 09:43:24.985root 11241100x8000000000000000263136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641979eaa46cb60f2023-02-08 09:43:24.985root 11241100x8000000000000000263135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6b525c4562ab12023-02-08 09:43:24.985root 11241100x8000000000000000263134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4825d63c9c3925be2023-02-08 09:43:24.985root 11241100x8000000000000000263133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63424ff1a08d68b2023-02-08 09:43:24.985root 11241100x8000000000000000263132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a162ca5b195aa2bd2023-02-08 09:43:24.985root 11241100x8000000000000000263131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d7b6ab745d0262023-02-08 09:43:24.985root 11241100x8000000000000000263130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b212913d109372023-02-08 09:43:24.985root 11241100x8000000000000000263129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa09245191ccb6dc2023-02-08 09:43:24.985root 11241100x8000000000000000263128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ccb60c5e980a7b2023-02-08 09:43:24.985root 11241100x8000000000000000263127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a29a6234bf4e802023-02-08 09:43:24.985root 11241100x8000000000000000263126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490d97e4f07ae6d02023-02-08 09:43:24.985root 11241100x8000000000000000263125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afaefd936a0fdb72023-02-08 09:43:24.985root 11241100x8000000000000000263150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5afe926e50bcecc2023-02-08 09:43:24.986root 11241100x8000000000000000263149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cbddd7fb84b18c2023-02-08 09:43:24.986root 11241100x8000000000000000263148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed00320862d194692023-02-08 09:43:24.986root 11241100x8000000000000000263147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaacce5cfb581aec2023-02-08 09:43:24.986root 11241100x8000000000000000263146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e038b711ff6b4762023-02-08 09:43:24.986root 11241100x8000000000000000263145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e59208ca5fafbc2023-02-08 09:43:24.986root 11241100x8000000000000000263144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d47106a38d7491b2023-02-08 09:43:24.986root 11241100x8000000000000000263143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003bb315373afa182023-02-08 09:43:24.986root 11241100x8000000000000000263142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1f9cdd0bb5356e2023-02-08 09:43:24.986root 11241100x8000000000000000263141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cab2a27f6698112023-02-08 09:43:24.986root 11241100x8000000000000000263140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937e7fc89284d8262023-02-08 09:43:24.986root 11241100x8000000000000000263156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ca54f578098dbe2023-02-08 09:43:24.987root 11241100x8000000000000000263155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d22fa71977ec9cc2023-02-08 09:43:24.987root 11241100x8000000000000000263154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da66ff9e3f4c3c02023-02-08 09:43:24.987root 11241100x8000000000000000263153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6826ae89313410a62023-02-08 09:43:24.987root 11241100x8000000000000000263152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d15a1219ab3e3e2023-02-08 09:43:24.987root 11241100x8000000000000000263151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74788fdb5a6b7dd92023-02-08 09:43:24.987root 11241100x8000000000000000263166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f8064f56f3d8d2023-02-08 09:43:24.988root 11241100x8000000000000000263165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1a746e41a103622023-02-08 09:43:24.988root 11241100x8000000000000000263164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7127da90d3c58692023-02-08 09:43:24.988root 11241100x8000000000000000263163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9749b4a8700a282023-02-08 09:43:24.988root 11241100x8000000000000000263162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c78b206bfc81352023-02-08 09:43:24.988root 11241100x8000000000000000263161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e4c77242f50ef2023-02-08 09:43:24.988root 11241100x8000000000000000263160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921aa2802acd25942023-02-08 09:43:24.988root 11241100x8000000000000000263159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309289bbbb021e172023-02-08 09:43:24.988root 11241100x8000000000000000263158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b440e6594dbff8e52023-02-08 09:43:24.988root 11241100x8000000000000000263157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ca00cb194c09e02023-02-08 09:43:24.988root 11241100x8000000000000000263168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcb7e1488d5ecf12023-02-08 09:43:25.484root 11241100x8000000000000000263167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58746e1b2deed83d2023-02-08 09:43:25.484root 11241100x8000000000000000263175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37041c0ec2a71b082023-02-08 09:43:25.486root 11241100x8000000000000000263174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708b2296ec1f8bb02023-02-08 09:43:25.486root 11241100x8000000000000000263173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cfae1cecdbe2a92023-02-08 09:43:25.486root 11241100x8000000000000000263172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9861762d120312023-02-08 09:43:25.486root 11241100x8000000000000000263171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7064cb5a2e0b53e12023-02-08 09:43:25.486root 11241100x8000000000000000263170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2080c22ed5d0d69b2023-02-08 09:43:25.486root 11241100x8000000000000000263169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0677cdb9e857a02023-02-08 09:43:25.486root 11241100x8000000000000000263187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51c3fcb3f4940c12023-02-08 09:43:25.487root 11241100x8000000000000000263186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e945485363c4d5b12023-02-08 09:43:25.487root 11241100x8000000000000000263185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad16b80efdc0ef2023-02-08 09:43:25.487root 11241100x8000000000000000263184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef5c802d2c642ad2023-02-08 09:43:25.487root 11241100x8000000000000000263183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af5cb01dd94cb02023-02-08 09:43:25.487root 11241100x8000000000000000263182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750b23677b09ddd2023-02-08 09:43:25.487root 11241100x8000000000000000263181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e875610e6d4df4022023-02-08 09:43:25.487root 11241100x8000000000000000263180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4c2b85625d80d2023-02-08 09:43:25.487root 11241100x8000000000000000263179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f49b3fa2623b02023-02-08 09:43:25.487root 11241100x8000000000000000263178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d654cd9cad30052023-02-08 09:43:25.487root 11241100x8000000000000000263177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f39d253435e54552023-02-08 09:43:25.487root 11241100x8000000000000000263176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6614fab88f35332023-02-08 09:43:25.487root 11241100x8000000000000000263202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d1b9c1684a5d12023-02-08 09:43:25.488root 11241100x8000000000000000263201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7fcf34ebf942fb2023-02-08 09:43:25.488root 11241100x8000000000000000263200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20aba9f38f3d5352023-02-08 09:43:25.488root 11241100x8000000000000000263199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8ae67bda74d712023-02-08 09:43:25.488root 11241100x8000000000000000263198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05950d2981c273d82023-02-08 09:43:25.488root 11241100x8000000000000000263197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa98998f5e056fc22023-02-08 09:43:25.488root 11241100x8000000000000000263196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fee0458cddb48f2023-02-08 09:43:25.488root 11241100x8000000000000000263195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd831f424c55f80f2023-02-08 09:43:25.488root 11241100x8000000000000000263194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f662298cec121c562023-02-08 09:43:25.488root 11241100x8000000000000000263193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180ecb3728b15e22023-02-08 09:43:25.488root 11241100x8000000000000000263192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f139f32a8a51c2023-02-08 09:43:25.488root 11241100x8000000000000000263191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65073747a477bca22023-02-08 09:43:25.488root 11241100x8000000000000000263190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f1f29eaad9a532023-02-08 09:43:25.488root 11241100x8000000000000000263189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500312f69cf217952023-02-08 09:43:25.488root 11241100x8000000000000000263188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d118c2a0c3bae5022023-02-08 09:43:25.488root 11241100x8000000000000000263203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9eb82067a6eff72023-02-08 09:43:25.489root 11241100x8000000000000000263204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b11f777098949a2023-02-08 09:43:25.984root 11241100x8000000000000000263215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5700adb9efb102b2023-02-08 09:43:25.985root 11241100x8000000000000000263214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403827fc54e6de9c2023-02-08 09:43:25.985root 11241100x8000000000000000263213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed985f7b107c2c9f2023-02-08 09:43:25.985root 11241100x8000000000000000263212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e90b713d2744082023-02-08 09:43:25.985root 11241100x8000000000000000263211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c70116aef8866bd2023-02-08 09:43:25.985root 11241100x8000000000000000263210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49445fdf4f1d98232023-02-08 09:43:25.985root 11241100x8000000000000000263209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda219e95609754c2023-02-08 09:43:25.985root 11241100x8000000000000000263208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1547f9513d4e69a2023-02-08 09:43:25.985root 11241100x8000000000000000263207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944472b0c5932af72023-02-08 09:43:25.985root 11241100x8000000000000000263206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c4921d5c2c3d432023-02-08 09:43:25.985root 11241100x8000000000000000263205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2af090c658ad8952023-02-08 09:43:25.985root 11241100x8000000000000000263225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6543e8ac18ab492023-02-08 09:43:25.986root 11241100x8000000000000000263224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb8a8b4e4cf887a2023-02-08 09:43:25.986root 11241100x8000000000000000263223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84fbda169c050c2023-02-08 09:43:25.986root 11241100x8000000000000000263222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e9f98d869891d02023-02-08 09:43:25.986root 11241100x8000000000000000263221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adb5bfa08e08a9b2023-02-08 09:43:25.986root 11241100x8000000000000000263220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975552a49e8f68d92023-02-08 09:43:25.986root 11241100x8000000000000000263219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239f4bad0093776c2023-02-08 09:43:25.986root 11241100x8000000000000000263218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3c2dd41c7b166d2023-02-08 09:43:25.986root 11241100x8000000000000000263217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a9ffcd6e60f312023-02-08 09:43:25.986root 11241100x8000000000000000263216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc28fb1d0cfeba42023-02-08 09:43:25.986root 11241100x8000000000000000263240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712bd4a465cfd13f2023-02-08 09:43:25.987root 11241100x8000000000000000263239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1dfb8129a0199e2023-02-08 09:43:25.987root 11241100x8000000000000000263238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ef059075b45262023-02-08 09:43:25.987root 11241100x8000000000000000263237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedd3e1641b06f912023-02-08 09:43:25.987root 11241100x8000000000000000263236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4997e3b4973067952023-02-08 09:43:25.987root 11241100x8000000000000000263235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36db14ae38acee1d2023-02-08 09:43:25.987root 11241100x8000000000000000263234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef04d7a3208814b2023-02-08 09:43:25.987root 11241100x8000000000000000263233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff5a14decdb45ba2023-02-08 09:43:25.987root 11241100x8000000000000000263232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f401215c83653322023-02-08 09:43:25.987root 11241100x8000000000000000263231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc207c0e612eb5402023-02-08 09:43:25.987root 11241100x8000000000000000263230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d763fd72e67847752023-02-08 09:43:25.987root 11241100x8000000000000000263229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87670470a25c56b92023-02-08 09:43:25.987root 11241100x8000000000000000263228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb5267f3cddfff02023-02-08 09:43:25.987root 11241100x8000000000000000263227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb3c3edb08084b2023-02-08 09:43:25.987root 11241100x8000000000000000263226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de601de1cd62022023-02-08 09:43:25.987root 11241100x8000000000000000263241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42569cefd4661a512023-02-08 09:43:25.988root 11241100x8000000000000000263245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb40939e801ae7112023-02-08 09:43:26.484root 11241100x8000000000000000263244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c276eb98876324c2023-02-08 09:43:26.484root 11241100x8000000000000000263243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d3124f91635372023-02-08 09:43:26.484root 11241100x8000000000000000263242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d786c1d4279c12023-02-08 09:43:26.484root 11241100x8000000000000000263257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e684f5036203f2023-02-08 09:43:26.485root 11241100x8000000000000000263256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53256a4ee37580b2023-02-08 09:43:26.485root 11241100x8000000000000000263255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f5f24b48eeac802023-02-08 09:43:26.485root 11241100x8000000000000000263254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fbe9285b0fbe992023-02-08 09:43:26.485root 11241100x8000000000000000263253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7315b29316a82eee2023-02-08 09:43:26.485root 11241100x8000000000000000263252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c2a4b5e15c26762023-02-08 09:43:26.485root 11241100x8000000000000000263251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730f31c709c115e2023-02-08 09:43:26.485root 11241100x8000000000000000263250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181da201926f15592023-02-08 09:43:26.485root 11241100x8000000000000000263249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4482f68f4c2a834d2023-02-08 09:43:26.485root 11241100x8000000000000000263248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278127c9d1fdee922023-02-08 09:43:26.485root 11241100x8000000000000000263247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d95a354cf44dfe02023-02-08 09:43:26.485root 11241100x8000000000000000263246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4280ca0e6d9bd672023-02-08 09:43:26.485root 11241100x8000000000000000263267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ec5f5b18f3d1552023-02-08 09:43:26.486root 11241100x8000000000000000263266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0255d05abd60dc2023-02-08 09:43:26.486root 11241100x8000000000000000263265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b229332fd02c4652023-02-08 09:43:26.486root 11241100x8000000000000000263264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb0bc5943fc47572023-02-08 09:43:26.486root 11241100x8000000000000000263263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3628885f4215d97c2023-02-08 09:43:26.486root 11241100x8000000000000000263262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85ffc995659204e2023-02-08 09:43:26.486root 11241100x8000000000000000263261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc90cecf0eb153b2023-02-08 09:43:26.486root 11241100x8000000000000000263260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b5c712a8a8a4dd2023-02-08 09:43:26.486root 11241100x8000000000000000263259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ff36fd0e44ea92023-02-08 09:43:26.486root 11241100x8000000000000000263258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d52bea571fc5b992023-02-08 09:43:26.486root 11241100x8000000000000000263276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eb2869ebd76ff12023-02-08 09:43:26.487root 11241100x8000000000000000263275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e904609652b7cb52023-02-08 09:43:26.487root 11241100x8000000000000000263274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8580990843b4ea7a2023-02-08 09:43:26.487root 11241100x8000000000000000263273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eeacc788d3bab82023-02-08 09:43:26.487root 11241100x8000000000000000263272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d7945eff3f2f7e2023-02-08 09:43:26.487root 11241100x8000000000000000263271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9610c4ee1f3e12023-02-08 09:43:26.487root 11241100x8000000000000000263270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c0687e160784a82023-02-08 09:43:26.487root 11241100x8000000000000000263269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee56b59fb25055f42023-02-08 09:43:26.487root 11241100x8000000000000000263268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b649ba30d5b659782023-02-08 09:43:26.487root 11241100x8000000000000000263287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c265733bbb34194b2023-02-08 09:43:26.488root 11241100x8000000000000000263286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb395531a62f9a6b2023-02-08 09:43:26.488root 11241100x8000000000000000263285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460be013aad57b52023-02-08 09:43:26.488root 11241100x8000000000000000263284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e277859eb2ef22023-02-08 09:43:26.488root 11241100x8000000000000000263283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7961d114e8198ea82023-02-08 09:43:26.488root 11241100x8000000000000000263282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4294272311388f2023-02-08 09:43:26.488root 11241100x8000000000000000263281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ad25a9c11836672023-02-08 09:43:26.488root 11241100x8000000000000000263280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956c56675e9b9ebe2023-02-08 09:43:26.488root 11241100x8000000000000000263279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bda18ca3ace4f52023-02-08 09:43:26.488root 11241100x8000000000000000263278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36cb10a349040a82023-02-08 09:43:26.488root 11241100x8000000000000000263277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec0307a3e3178ca2023-02-08 09:43:26.488root 11241100x8000000000000000263294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff10d1c98d00c322023-02-08 09:43:26.489root 11241100x8000000000000000263293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884add047a3cb3032023-02-08 09:43:26.489root 11241100x8000000000000000263292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f47aba74cd6da82023-02-08 09:43:26.489root 11241100x8000000000000000263291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd14a761e6b7b66b2023-02-08 09:43:26.489root 11241100x8000000000000000263290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63efbe5762db9a02023-02-08 09:43:26.489root 11241100x8000000000000000263289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dbe11fb34e59412023-02-08 09:43:26.489root 11241100x8000000000000000263288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf0a1f5a978f3b52023-02-08 09:43:26.489root 11241100x8000000000000000263299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16005fa12f20c0f92023-02-08 09:43:26.490root 11241100x8000000000000000263298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904b7097d53a940b2023-02-08 09:43:26.490root 11241100x8000000000000000263297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba88d0160cc4a6df2023-02-08 09:43:26.490root 11241100x8000000000000000263296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e76d3de950db9d2023-02-08 09:43:26.490root 11241100x8000000000000000263295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ec66460bee03a2023-02-08 09:43:26.490root 11241100x8000000000000000263302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e020bd711a2614e2023-02-08 09:43:26.491root 11241100x8000000000000000263301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf3221e8e3a03a42023-02-08 09:43:26.491root 11241100x8000000000000000263300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496df2bada2a09df2023-02-08 09:43:26.491root 11241100x8000000000000000263311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ff578dde2763e92023-02-08 09:43:26.984root 11241100x8000000000000000263310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e813f763d755772023-02-08 09:43:26.984root 11241100x8000000000000000263309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b33e51aee15c8512023-02-08 09:43:26.984root 11241100x8000000000000000263308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4cfffb63fb9a812023-02-08 09:43:26.984root 11241100x8000000000000000263307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809c4f498c72bf152023-02-08 09:43:26.984root 11241100x8000000000000000263306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f59278a1ce539d2023-02-08 09:43:26.984root 11241100x8000000000000000263305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63b88312ab181a22023-02-08 09:43:26.984root 11241100x8000000000000000263304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e0ccea788b9ab2023-02-08 09:43:26.984root 11241100x8000000000000000263303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f900581a16e7a8a52023-02-08 09:43:26.984root 11241100x8000000000000000263315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75010d48c7c629262023-02-08 09:43:26.985root 11241100x8000000000000000263314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf7562f20e19e972023-02-08 09:43:26.985root 11241100x8000000000000000263313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196547e9b1c00b832023-02-08 09:43:26.985root 11241100x8000000000000000263312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6fdb0a8f0ce6362023-02-08 09:43:26.985root 11241100x8000000000000000263328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f462e940d1a2aa2023-02-08 09:43:26.986root 11241100x8000000000000000263327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4b9bd408d4ebc2023-02-08 09:43:26.986root 11241100x8000000000000000263326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25508aad40b28a042023-02-08 09:43:26.986root 11241100x8000000000000000263325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ba26ea19f38f422023-02-08 09:43:26.986root 11241100x8000000000000000263324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5d05e2f217d0942023-02-08 09:43:26.986root 11241100x8000000000000000263323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91feb2a887a6fc072023-02-08 09:43:26.986root 11241100x8000000000000000263322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c27e3cdcf38e692023-02-08 09:43:26.986root 11241100x8000000000000000263321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3beb98f73e3ff402023-02-08 09:43:26.986root 11241100x8000000000000000263320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115aecc6e064b77f2023-02-08 09:43:26.986root 11241100x8000000000000000263319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47293e3e1374bd112023-02-08 09:43:26.986root 11241100x8000000000000000263318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d1fb4767f5b8942023-02-08 09:43:26.986root 11241100x8000000000000000263317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697abaeb5f112aa12023-02-08 09:43:26.986root 11241100x8000000000000000263316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f0eafe2a2194ab2023-02-08 09:43:26.986root 11241100x8000000000000000263333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bc2356f713a2372023-02-08 09:43:26.987root 11241100x8000000000000000263332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affa9df292608b962023-02-08 09:43:26.987root 11241100x8000000000000000263331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98c2002881106e32023-02-08 09:43:26.987root 11241100x8000000000000000263330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d33bc564190edf2023-02-08 09:43:26.987root 11241100x8000000000000000263329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf53c1f3d6fbc2ca2023-02-08 09:43:26.987root 11241100x8000000000000000263337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b2582f51c8d3e52023-02-08 09:43:26.988root 11241100x8000000000000000263336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a994d961da05fe2e2023-02-08 09:43:26.988root 11241100x8000000000000000263335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb199644bd98ad2023-02-08 09:43:26.988root 11241100x8000000000000000263334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e94374577d56d02023-02-08 09:43:26.988root 11241100x8000000000000000263339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c97838016b571222023-02-08 09:43:26.989root 11241100x8000000000000000263338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca0ca3f361eadc62023-02-08 09:43:26.989root 11241100x8000000000000000263345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090594c3ffdbf7342023-02-08 09:43:27.486root 11241100x8000000000000000263344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450d17f47ca5443b2023-02-08 09:43:27.486root 11241100x8000000000000000263343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1abb6ef4ac9cd72023-02-08 09:43:27.486root 11241100x8000000000000000263342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9294e64ea7184882023-02-08 09:43:27.486root 11241100x8000000000000000263341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c030523fdec25b2023-02-08 09:43:27.486root 11241100x8000000000000000263340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da47f4fd38464f252023-02-08 09:43:27.486root 11241100x8000000000000000263353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42adfaa4cd38b9442023-02-08 09:43:27.487root 11241100x8000000000000000263352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c774abdd1a00d0ba2023-02-08 09:43:27.487root 11241100x8000000000000000263351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d54fd5935158e972023-02-08 09:43:27.487root 11241100x8000000000000000263350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc02f23c114f4582023-02-08 09:43:27.487root 11241100x8000000000000000263349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859aaf88fb7b458d2023-02-08 09:43:27.487root 11241100x8000000000000000263348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfb15b7231bacc12023-02-08 09:43:27.487root 11241100x8000000000000000263347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e02c8562e61912023-02-08 09:43:27.487root 11241100x8000000000000000263346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aec70a5727f7222023-02-08 09:43:27.487root 11241100x8000000000000000263362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781de4ff62d536302023-02-08 09:43:27.488root 11241100x8000000000000000263361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49564d96215c57612023-02-08 09:43:27.488root 11241100x8000000000000000263360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a7ba751524fe162023-02-08 09:43:27.488root 11241100x8000000000000000263359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264b5479cbcf4662023-02-08 09:43:27.488root 11241100x8000000000000000263358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abfa8224ae00e2e2023-02-08 09:43:27.488root 11241100x8000000000000000263357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6435eac546f6452023-02-08 09:43:27.488root 11241100x8000000000000000263356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc218817f1fc32542023-02-08 09:43:27.488root 11241100x8000000000000000263355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed61661742863752023-02-08 09:43:27.488root 11241100x8000000000000000263354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6862c97123f782023-02-08 09:43:27.488root 11241100x8000000000000000263371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3445b1833b9026c02023-02-08 09:43:27.489root 11241100x8000000000000000263370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e915db2148bbbb902023-02-08 09:43:27.489root 11241100x8000000000000000263369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134dbd1363f4b0482023-02-08 09:43:27.489root 11241100x8000000000000000263368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316636239f2d674f2023-02-08 09:43:27.489root 11241100x8000000000000000263367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6f9d2d790814b22023-02-08 09:43:27.489root 11241100x8000000000000000263366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0122950efb1964c2023-02-08 09:43:27.489root 11241100x8000000000000000263365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c10a02c7eed08eb2023-02-08 09:43:27.489root 11241100x8000000000000000263364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399213846f8ebcff2023-02-08 09:43:27.489root 11241100x8000000000000000263363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c250d3d14a5dd2023-02-08 09:43:27.489root 11241100x8000000000000000263374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3402a7adf49650402023-02-08 09:43:27.490root 11241100x8000000000000000263373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7378934d2ec404882023-02-08 09:43:27.490root 11241100x8000000000000000263372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707192de8974c96f2023-02-08 09:43:27.490root 11241100x8000000000000000263375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602cce5c685cd2582023-02-08 09:43:27.984root 11241100x8000000000000000263389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797b5777bd85b1de2023-02-08 09:43:27.985root 11241100x8000000000000000263388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5980a26a3eb9f0b62023-02-08 09:43:27.985root 11241100x8000000000000000263387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9832f1d67dc37fc22023-02-08 09:43:27.985root 11241100x8000000000000000263386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7066fe1659574ae62023-02-08 09:43:27.985root 11241100x8000000000000000263385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781c3114c0a854212023-02-08 09:43:27.985root 11241100x8000000000000000263384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1b0ca02fccef6f2023-02-08 09:43:27.985root 11241100x8000000000000000263383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af212f098ed3160b2023-02-08 09:43:27.985root 11241100x8000000000000000263382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db173d06db3ccf82023-02-08 09:43:27.985root 11241100x8000000000000000263381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63690d09d5d13f2a2023-02-08 09:43:27.985root 11241100x8000000000000000263380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27c5307785d291f2023-02-08 09:43:27.985root 11241100x8000000000000000263379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e794c91351363a82023-02-08 09:43:27.985root 11241100x8000000000000000263378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910aac4d8ffe37852023-02-08 09:43:27.985root 11241100x8000000000000000263377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be31fbd14451c512023-02-08 09:43:27.985root 11241100x8000000000000000263376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0942e33d88af8f472023-02-08 09:43:27.985root 11241100x8000000000000000263397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bfe4ba2ee4b2642023-02-08 09:43:27.986root 11241100x8000000000000000263396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0737e9806baf872023-02-08 09:43:27.986root 11241100x8000000000000000263395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959b5aeb56fd605e2023-02-08 09:43:27.986root 11241100x8000000000000000263394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e22e88a878215962023-02-08 09:43:27.986root 11241100x8000000000000000263393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eb9e4bcfed81c02023-02-08 09:43:27.986root 11241100x8000000000000000263392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4e1b954e4521262023-02-08 09:43:27.986root 11241100x8000000000000000263391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a94bc411e1f82312023-02-08 09:43:27.986root 11241100x8000000000000000263390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074402e7d3f589332023-02-08 09:43:27.986root 11241100x8000000000000000263403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec1b0f874302a522023-02-08 09:43:27.987root 11241100x8000000000000000263402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec22ab28852921b2023-02-08 09:43:27.987root 11241100x8000000000000000263401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663ac4a4a1ee1ba22023-02-08 09:43:27.987root 11241100x8000000000000000263400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4581000a749ec5a2023-02-08 09:43:27.987root 11241100x8000000000000000263399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae37175027088992023-02-08 09:43:27.987root 11241100x8000000000000000263398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9378c0551dcf2d5e2023-02-08 09:43:27.987root 11241100x8000000000000000263410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6bf489b9f798c2023-02-08 09:43:27.988root 11241100x8000000000000000263409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b852cdf500f81ee52023-02-08 09:43:27.988root 11241100x8000000000000000263408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c6b28ab0bb704b2023-02-08 09:43:27.988root 11241100x8000000000000000263407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2452abbc29c806672023-02-08 09:43:27.988root 11241100x8000000000000000263406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ccee4cb068f6a02023-02-08 09:43:27.988root 11241100x8000000000000000263405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f76c1ea3dc2452023-02-08 09:43:27.988root 11241100x8000000000000000263404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f416fc480a1fd33f2023-02-08 09:43:27.988root 354300x8000000000000000263411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.010{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54624-false10.0.1.12-8000- 11241100x8000000000000000263418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8068c5af29e8f2582023-02-08 09:43:28.484root 11241100x8000000000000000263417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa231554417c8f452023-02-08 09:43:28.484root 11241100x8000000000000000263416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29a28a86f58fe692023-02-08 09:43:28.484root 11241100x8000000000000000263415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d8acfbbff3dc422023-02-08 09:43:28.484root 11241100x8000000000000000263414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b470ac5985014ba32023-02-08 09:43:28.484root 11241100x8000000000000000263413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da1e48e287c1d192023-02-08 09:43:28.484root 11241100x8000000000000000263412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f21a6bf4bdbefb2023-02-08 09:43:28.484root 11241100x8000000000000000263423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480dd9b2b98decf32023-02-08 09:43:28.485root 11241100x8000000000000000263422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e720566c77f2ee282023-02-08 09:43:28.485root 11241100x8000000000000000263421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4851a50638d21db2023-02-08 09:43:28.485root 11241100x8000000000000000263420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae493a391d8f84842023-02-08 09:43:28.485root 11241100x8000000000000000263419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1112ffc6e2c213e2023-02-08 09:43:28.485root 11241100x8000000000000000263431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f317a3b58a7096722023-02-08 09:43:28.486root 11241100x8000000000000000263430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2852f44e41c3542023-02-08 09:43:28.486root 11241100x8000000000000000263429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7582074b936d6fbd2023-02-08 09:43:28.486root 11241100x8000000000000000263428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c35df09f601652023-02-08 09:43:28.486root 11241100x8000000000000000263427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6ecf98816d3802023-02-08 09:43:28.486root 11241100x8000000000000000263426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e4c075ca3a730c2023-02-08 09:43:28.486root 11241100x8000000000000000263425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2908338206573b5d2023-02-08 09:43:28.486root 11241100x8000000000000000263424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73f5c732d706912023-02-08 09:43:28.486root 11241100x8000000000000000263436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959363917c126caf2023-02-08 09:43:28.487root 11241100x8000000000000000263435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95a77726cd45b052023-02-08 09:43:28.487root 11241100x8000000000000000263434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d056adaf2629c402023-02-08 09:43:28.487root 11241100x8000000000000000263433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba719a8a07bd0602023-02-08 09:43:28.487root 11241100x8000000000000000263432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0e4b827376b5b22023-02-08 09:43:28.487root 11241100x8000000000000000263444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814123745f0297fb2023-02-08 09:43:28.488root 11241100x8000000000000000263443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1dce8f1a025a9f2023-02-08 09:43:28.488root 11241100x8000000000000000263442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4bb1cdae77c1732023-02-08 09:43:28.488root 11241100x8000000000000000263441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff35f100e7c0c52023-02-08 09:43:28.488root 11241100x8000000000000000263440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c5a4dc747a97c32023-02-08 09:43:28.488root 11241100x8000000000000000263439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d61c0b039ace0e2023-02-08 09:43:28.488root 11241100x8000000000000000263438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1616f488e0efbf62023-02-08 09:43:28.488root 11241100x8000000000000000263437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb0997769ba33b2023-02-08 09:43:28.488root 11241100x8000000000000000263452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb285f8afa1fc952023-02-08 09:43:28.489root 11241100x8000000000000000263451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294b0c2ab2042bae2023-02-08 09:43:28.489root 11241100x8000000000000000263450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad4a8df831efb812023-02-08 09:43:28.489root 11241100x8000000000000000263449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f3031e9527c3822023-02-08 09:43:28.489root 11241100x8000000000000000263448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e593ae2a734627782023-02-08 09:43:28.489root 11241100x8000000000000000263447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500542dbd522d3782023-02-08 09:43:28.489root 11241100x8000000000000000263446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6543a19890d8f42023-02-08 09:43:28.489root 11241100x8000000000000000263445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8976c41b084947dd2023-02-08 09:43:28.489root 11241100x8000000000000000263461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff93261be6c71252023-02-08 09:43:28.490root 11241100x8000000000000000263460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79fcc1798a229a2023-02-08 09:43:28.490root 11241100x8000000000000000263459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9268f5e93c4b842023-02-08 09:43:28.490root 11241100x8000000000000000263458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2eb2805a9ebecd2023-02-08 09:43:28.490root 11241100x8000000000000000263457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2164b6247bb9ad2023-02-08 09:43:28.490root 11241100x8000000000000000263456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4bdda4f30ef9a62023-02-08 09:43:28.490root 11241100x8000000000000000263455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99c11c6150f60512023-02-08 09:43:28.490root 11241100x8000000000000000263454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35458cc2adb433562023-02-08 09:43:28.490root 11241100x8000000000000000263453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1444b5e498e59652023-02-08 09:43:28.490root 11241100x8000000000000000263471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c5795160cb0d0e2023-02-08 09:43:28.491root 11241100x8000000000000000263470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37945d6a250ba4612023-02-08 09:43:28.491root 11241100x8000000000000000263469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cf941058d5c1502023-02-08 09:43:28.491root 11241100x8000000000000000263468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0c8beb6aeb90ae2023-02-08 09:43:28.491root 11241100x8000000000000000263467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16e102828f427e12023-02-08 09:43:28.491root 11241100x8000000000000000263466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb634c1deab494e62023-02-08 09:43:28.491root 11241100x8000000000000000263465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00aa8d9953d12cff2023-02-08 09:43:28.491root 11241100x8000000000000000263464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65753ba07ca7aa882023-02-08 09:43:28.491root 11241100x8000000000000000263463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95235ddbb40329c82023-02-08 09:43:28.491root 11241100x8000000000000000263462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6197d12d056a04a22023-02-08 09:43:28.491root 11241100x8000000000000000263479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f705957b02dd3d52023-02-08 09:43:28.492root 11241100x8000000000000000263478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb923c15c0b369002023-02-08 09:43:28.492root 11241100x8000000000000000263477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a04e69ab304ef72023-02-08 09:43:28.492root 11241100x8000000000000000263476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c6b3873292f9382023-02-08 09:43:28.492root 11241100x8000000000000000263475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d73a78af0504fb2023-02-08 09:43:28.492root 11241100x8000000000000000263474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0265c2f54478c02023-02-08 09:43:28.492root 11241100x8000000000000000263473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f533cca523082192023-02-08 09:43:28.492root 11241100x8000000000000000263472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bce055a4030b412023-02-08 09:43:28.492root 11241100x8000000000000000263480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a2551c26ed1b02023-02-08 09:43:28.984root 11241100x8000000000000000263490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb6969fd615b5af2023-02-08 09:43:28.985root 11241100x8000000000000000263489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762cfbe671408c0a2023-02-08 09:43:28.985root 11241100x8000000000000000263488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66190fdac7a8c0022023-02-08 09:43:28.985root 11241100x8000000000000000263487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c069c9969e8b742023-02-08 09:43:28.985root 11241100x8000000000000000263486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc4cabd3314d03b2023-02-08 09:43:28.985root 11241100x8000000000000000263485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecc10e429d8e5af2023-02-08 09:43:28.985root 11241100x8000000000000000263484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ed4b7355a370162023-02-08 09:43:28.985root 11241100x8000000000000000263483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb2b2d4731ccbe2023-02-08 09:43:28.985root 11241100x8000000000000000263482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712a5785dbeef5ad2023-02-08 09:43:28.985root 11241100x8000000000000000263481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b7ef4d99658ae92023-02-08 09:43:28.985root 11241100x8000000000000000263498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8de822d57b15e2023-02-08 09:43:28.986root 11241100x8000000000000000263497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd1d1369fb05f3d2023-02-08 09:43:28.986root 11241100x8000000000000000263496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688d176dda8b30252023-02-08 09:43:28.986root 11241100x8000000000000000263495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0822d8b6479757542023-02-08 09:43:28.986root 11241100x8000000000000000263494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af791616c99df0e2023-02-08 09:43:28.986root 11241100x8000000000000000263493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2031939cc1a4fdb32023-02-08 09:43:28.986root 11241100x8000000000000000263492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cac9456da5535152023-02-08 09:43:28.986root 11241100x8000000000000000263491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805305b144bcd792023-02-08 09:43:28.986root 11241100x8000000000000000263503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f152665c19a73c132023-02-08 09:43:28.987root 11241100x8000000000000000263502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a629b02dedc6292023-02-08 09:43:28.987root 11241100x8000000000000000263501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c460e9c21593dd782023-02-08 09:43:28.987root 11241100x8000000000000000263500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e423cf79e3fd172023-02-08 09:43:28.987root 11241100x8000000000000000263499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ff971f3cd650e2023-02-08 09:43:28.987root 11241100x8000000000000000263508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0b39eefeef9e92023-02-08 09:43:28.988root 11241100x8000000000000000263507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99db28ea5656a8162023-02-08 09:43:28.988root 11241100x8000000000000000263506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed492e811aa3dbf2023-02-08 09:43:28.988root 11241100x8000000000000000263505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6854969926bd6b22023-02-08 09:43:28.988root 11241100x8000000000000000263504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad865b7a64b67402023-02-08 09:43:28.988root 11241100x8000000000000000263517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5466415b59e0a83e2023-02-08 09:43:28.989root 11241100x8000000000000000263516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433229921291eabe2023-02-08 09:43:28.989root 11241100x8000000000000000263515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cecb69257f24d7a2023-02-08 09:43:28.989root 11241100x8000000000000000263514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eabbbde0ef144862023-02-08 09:43:28.989root 11241100x8000000000000000263513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70980d3532b151e2023-02-08 09:43:28.989root 11241100x8000000000000000263512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10505d2a3cd458902023-02-08 09:43:28.989root 11241100x8000000000000000263511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ded839a3e85cdd82023-02-08 09:43:28.989root 11241100x8000000000000000263510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a12097d3e059092023-02-08 09:43:28.989root 11241100x8000000000000000263509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d1a646946e48392023-02-08 09:43:28.989root 11241100x8000000000000000263524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e08a9592a3bbb22023-02-08 09:43:28.990root 11241100x8000000000000000263523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3922a1b3991047a52023-02-08 09:43:28.990root 11241100x8000000000000000263522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2947a905df587cc72023-02-08 09:43:28.990root 11241100x8000000000000000263521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f85c796ba191712023-02-08 09:43:28.990root 11241100x8000000000000000263520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4850b34d234d7e722023-02-08 09:43:28.990root 11241100x8000000000000000263519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037a3470f0ef77692023-02-08 09:43:28.990root 11241100x8000000000000000263518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f771fadef9afe9d2023-02-08 09:43:28.990root 11241100x8000000000000000263525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c80d722aac46792023-02-08 09:43:29.484root 11241100x8000000000000000263529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a0763782355dd72023-02-08 09:43:29.485root 11241100x8000000000000000263528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792303971df48a412023-02-08 09:43:29.485root 11241100x8000000000000000263527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d2e1362eb5cad72023-02-08 09:43:29.485root 11241100x8000000000000000263526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04639aa8dd1bba622023-02-08 09:43:29.485root 11241100x8000000000000000263536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3564576a912810922023-02-08 09:43:29.486root 11241100x8000000000000000263535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d358da04e89104592023-02-08 09:43:29.486root 11241100x8000000000000000263534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68777b6409c6df412023-02-08 09:43:29.486root 11241100x8000000000000000263533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dacdbf3d99fb232023-02-08 09:43:29.486root 11241100x8000000000000000263532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77f54f116b4708c2023-02-08 09:43:29.486root 11241100x8000000000000000263531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d6a8ce52ab03832023-02-08 09:43:29.486root 11241100x8000000000000000263530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dccf7d7e05093e2023-02-08 09:43:29.486root 11241100x8000000000000000263544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aa6c026572fb852023-02-08 09:43:29.487root 11241100x8000000000000000263543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f16fcf6a2daa7b2023-02-08 09:43:29.487root 11241100x8000000000000000263542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb353c21a25ad42a2023-02-08 09:43:29.487root 11241100x8000000000000000263541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7453999f095e19162023-02-08 09:43:29.487root 11241100x8000000000000000263540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70df34b71f034e672023-02-08 09:43:29.487root 11241100x8000000000000000263539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe518c64ae5cfb42023-02-08 09:43:29.487root 11241100x8000000000000000263538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfd0aea78c366322023-02-08 09:43:29.487root 11241100x8000000000000000263537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bd3877813b8dc12023-02-08 09:43:29.487root 11241100x8000000000000000263547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef412f41e47a9c3c2023-02-08 09:43:29.489root 11241100x8000000000000000263546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d318712283c4cf2c2023-02-08 09:43:29.489root 11241100x8000000000000000263545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10badd2d35c2571b2023-02-08 09:43:29.489root 11241100x8000000000000000263556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a3580e3b4e9162023-02-08 09:43:29.490root 11241100x8000000000000000263555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f93b82dff1bc5d2023-02-08 09:43:29.490root 11241100x8000000000000000263554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a531551e5c19bc822023-02-08 09:43:29.490root 11241100x8000000000000000263553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9c1088f72cd6722023-02-08 09:43:29.490root 11241100x8000000000000000263552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c669c7d45d79a062023-02-08 09:43:29.490root 11241100x8000000000000000263551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b8cdc8af223f062023-02-08 09:43:29.490root 11241100x8000000000000000263550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd69acef30dc6932023-02-08 09:43:29.490root 11241100x8000000000000000263549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36329def5b731d9c2023-02-08 09:43:29.490root 11241100x8000000000000000263548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9a16086132df32023-02-08 09:43:29.490root 11241100x8000000000000000263565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f634b7e61b38b62023-02-08 09:43:29.491root 11241100x8000000000000000263564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50ca0be56872ad82023-02-08 09:43:29.491root 11241100x8000000000000000263563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773a19ce8c1afb6b2023-02-08 09:43:29.491root 11241100x8000000000000000263562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7202117db8c362023-02-08 09:43:29.491root 11241100x8000000000000000263561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89adc5637283f9d2023-02-08 09:43:29.491root 11241100x8000000000000000263560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81982848a336e3482023-02-08 09:43:29.491root 11241100x8000000000000000263559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95dd2c647310b972023-02-08 09:43:29.491root 11241100x8000000000000000263558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0276936f0d138e82023-02-08 09:43:29.491root 11241100x8000000000000000263557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ee4ad4482626bc2023-02-08 09:43:29.491root 11241100x8000000000000000263572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f14f324b9b7a3242023-02-08 09:43:29.984root 11241100x8000000000000000263571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8047de08cf86cc982023-02-08 09:43:29.984root 11241100x8000000000000000263570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc0e39708010bd2023-02-08 09:43:29.984root 11241100x8000000000000000263569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffc52c8a8b3ab672023-02-08 09:43:29.984root 11241100x8000000000000000263568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e1493e8bc6871f2023-02-08 09:43:29.984root 11241100x8000000000000000263567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644278fdd6ff058f2023-02-08 09:43:29.984root 11241100x8000000000000000263566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5d252459e1a74c2023-02-08 09:43:29.984root 11241100x8000000000000000263580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793207cdad7350362023-02-08 09:43:29.985root 11241100x8000000000000000263579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da681f03186e01522023-02-08 09:43:29.985root 11241100x8000000000000000263578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4e3af24f61669d2023-02-08 09:43:29.985root 11241100x8000000000000000263577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef6cb206a3b39702023-02-08 09:43:29.985root 11241100x8000000000000000263576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bf467e5076bb862023-02-08 09:43:29.985root 11241100x8000000000000000263575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f363d235e84e132023-02-08 09:43:29.985root 11241100x8000000000000000263574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb75cda4875c832023-02-08 09:43:29.985root 11241100x8000000000000000263573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71df98bff47f654e2023-02-08 09:43:29.985root 11241100x8000000000000000263588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d41f23df48b874a2023-02-08 09:43:29.986root 11241100x8000000000000000263587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff065fffcdc6f202023-02-08 09:43:29.986root 11241100x8000000000000000263586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77192a9fbe2b9e3d2023-02-08 09:43:29.986root 11241100x8000000000000000263585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fc9f4cabf3b1662023-02-08 09:43:29.986root 11241100x8000000000000000263584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a094aa581ae51a2023-02-08 09:43:29.986root 11241100x8000000000000000263583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe971137caf4d9f2023-02-08 09:43:29.986root 11241100x8000000000000000263582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415825784a9ce0c92023-02-08 09:43:29.986root 11241100x8000000000000000263581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76aff1a8fde2122023-02-08 09:43:29.986root 11241100x8000000000000000263599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f3d8f34588c20d2023-02-08 09:43:29.987root 11241100x8000000000000000263598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a4315db8f845322023-02-08 09:43:29.987root 11241100x8000000000000000263597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d065b651330f44612023-02-08 09:43:29.987root 11241100x8000000000000000263596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a4f2c95bc846812023-02-08 09:43:29.987root 11241100x8000000000000000263595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cb73bae0c9a4032023-02-08 09:43:29.987root 11241100x8000000000000000263594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea327b3dc49e01152023-02-08 09:43:29.987root 11241100x8000000000000000263593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659c49866e4e58c82023-02-08 09:43:29.987root 11241100x8000000000000000263592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5db5052b27080b12023-02-08 09:43:29.987root 11241100x8000000000000000263591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380c11c38754caee2023-02-08 09:43:29.987root 11241100x8000000000000000263590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e656bda384776f9e2023-02-08 09:43:29.987root 11241100x8000000000000000263589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ce1a7f79c8eb542023-02-08 09:43:29.987root 11241100x8000000000000000263611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6941c9b96cd1972023-02-08 09:43:29.988root 11241100x8000000000000000263610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9edce5737518d2023-02-08 09:43:29.988root 11241100x8000000000000000263609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f6e7a4326435262023-02-08 09:43:29.988root 11241100x8000000000000000263608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87981b93c4c59d02023-02-08 09:43:29.988root 11241100x8000000000000000263607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e5bbf2468cde622023-02-08 09:43:29.988root 11241100x8000000000000000263606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e890d592c646fc9b2023-02-08 09:43:29.988root 11241100x8000000000000000263605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951e2b3f63c216112023-02-08 09:43:29.988root 11241100x8000000000000000263604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a5f58901ea53cc2023-02-08 09:43:29.988root 11241100x8000000000000000263603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24374432c2df1ba2023-02-08 09:43:29.988root 11241100x8000000000000000263602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6342ae757dbd86f32023-02-08 09:43:29.988root 11241100x8000000000000000263601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b480d31a5a621d2023-02-08 09:43:29.988root 11241100x8000000000000000263600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ab0072d7c1d9cb2023-02-08 09:43:29.988root 11241100x8000000000000000263619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf9e1f500edfece2023-02-08 09:43:29.989root 11241100x8000000000000000263618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8611677cccca22023-02-08 09:43:29.989root 11241100x8000000000000000263617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd0499027c42c5a2023-02-08 09:43:29.989root 11241100x8000000000000000263616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da5578301f816402023-02-08 09:43:29.989root 11241100x8000000000000000263615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcef678640b0ba82023-02-08 09:43:29.989root 11241100x8000000000000000263614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5dbae4de2143b92023-02-08 09:43:29.989root 11241100x8000000000000000263613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2aa1ad4991c0172023-02-08 09:43:29.989root 11241100x8000000000000000263612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179de96f537d24102023-02-08 09:43:29.989root 11241100x8000000000000000263623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa352ad394ccd7342023-02-08 09:43:30.484root 11241100x8000000000000000263622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a521db7fb6ebf2852023-02-08 09:43:30.484root 11241100x8000000000000000263621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4058274a22761b92023-02-08 09:43:30.484root 11241100x8000000000000000263620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8b118a3fc79bd02023-02-08 09:43:30.484root 11241100x8000000000000000263633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618ba2ffbce266422023-02-08 09:43:30.485root 11241100x8000000000000000263632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04db067022b9d3f12023-02-08 09:43:30.485root 11241100x8000000000000000263631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495a7fc97f93b4942023-02-08 09:43:30.485root 11241100x8000000000000000263630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6dee2842b76bee2023-02-08 09:43:30.485root 11241100x8000000000000000263629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999825f7b1af4e292023-02-08 09:43:30.485root 11241100x8000000000000000263628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee6aaed78d62432023-02-08 09:43:30.485root 11241100x8000000000000000263627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172203ecc8f8d5f2023-02-08 09:43:30.485root 11241100x8000000000000000263626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2c52fa308a8f7e2023-02-08 09:43:30.485root 11241100x8000000000000000263625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba1fdc5c8dcf1632023-02-08 09:43:30.485root 11241100x8000000000000000263624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a8f6ece0cb0cd2023-02-08 09:43:30.485root 11241100x8000000000000000263648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c0846de3ce6f222023-02-08 09:43:30.486root 11241100x8000000000000000263647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0094a367f4b01a452023-02-08 09:43:30.486root 11241100x8000000000000000263646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5cdffda868e1392023-02-08 09:43:30.486root 11241100x8000000000000000263645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dde9e89644d39bb2023-02-08 09:43:30.486root 11241100x8000000000000000263644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1c4fae89996ee62023-02-08 09:43:30.486root 11241100x8000000000000000263643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def957a731bdfdfe2023-02-08 09:43:30.486root 11241100x8000000000000000263642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3dfe509a9e84592023-02-08 09:43:30.486root 11241100x8000000000000000263641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d4ae72c532a6f2023-02-08 09:43:30.486root 11241100x8000000000000000263640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65410ac7bbf37f1a2023-02-08 09:43:30.486root 11241100x8000000000000000263639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8a2cafafa5e54f2023-02-08 09:43:30.486root 11241100x8000000000000000263638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a266833fddb866932023-02-08 09:43:30.486root 11241100x8000000000000000263637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f1aa6cc85305c2023-02-08 09:43:30.486root 11241100x8000000000000000263636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36718f98f94227c2023-02-08 09:43:30.486root 11241100x8000000000000000263635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3e9ade0312f9182023-02-08 09:43:30.486root 11241100x8000000000000000263634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1abe8348edea5e72023-02-08 09:43:30.486root 11241100x8000000000000000263659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da03cdf0b9449882023-02-08 09:43:30.487root 11241100x8000000000000000263658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4061a99e64a49152023-02-08 09:43:30.487root 11241100x8000000000000000263657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f9c7a0c4046e692023-02-08 09:43:30.487root 11241100x8000000000000000263656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3cecd7c1c00efa2023-02-08 09:43:30.487root 11241100x8000000000000000263655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a0e46186436f3d2023-02-08 09:43:30.487root 11241100x8000000000000000263654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb82598f47e96fd2023-02-08 09:43:30.487root 11241100x8000000000000000263653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5400eaa847ba56d2023-02-08 09:43:30.487root 11241100x8000000000000000263652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2756884812990d742023-02-08 09:43:30.487root 11241100x8000000000000000263651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9eb1456dee83352023-02-08 09:43:30.487root 11241100x8000000000000000263650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d78fd2260a6ecc2023-02-08 09:43:30.487root 11241100x8000000000000000263649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721ce93727c0746b2023-02-08 09:43:30.487root 11241100x8000000000000000263670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985b54ebea152b552023-02-08 09:43:30.488root 11241100x8000000000000000263669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19123528479df962023-02-08 09:43:30.488root 11241100x8000000000000000263668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0706c36d85e5e52023-02-08 09:43:30.488root 11241100x8000000000000000263667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30346b29abcd4732023-02-08 09:43:30.488root 11241100x8000000000000000263666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f047255b9f9186672023-02-08 09:43:30.488root 11241100x8000000000000000263665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aee8367e5bda60d2023-02-08 09:43:30.488root 11241100x8000000000000000263664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14120943038af7e42023-02-08 09:43:30.488root 11241100x8000000000000000263663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c85cdd34b1edbc2023-02-08 09:43:30.488root 11241100x8000000000000000263662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d234c79c734c872023-02-08 09:43:30.488root 11241100x8000000000000000263661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a0c918570dc65b2023-02-08 09:43:30.488root 11241100x8000000000000000263660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e02d3c1db4ebe2023-02-08 09:43:30.488root 11241100x8000000000000000263680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a4e89abc305e272023-02-08 09:43:30.489root 11241100x8000000000000000263679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a311a18bf208c452023-02-08 09:43:30.489root 11241100x8000000000000000263678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c3c21b33abb8bf2023-02-08 09:43:30.489root 11241100x8000000000000000263677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb578330149dddd2023-02-08 09:43:30.489root 11241100x8000000000000000263676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33d22298b13897c2023-02-08 09:43:30.489root 11241100x8000000000000000263675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c6b46fc3ccbbbe2023-02-08 09:43:30.489root 11241100x8000000000000000263674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdd6a63a0d85fe22023-02-08 09:43:30.489root 11241100x8000000000000000263673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282a0e919b489f852023-02-08 09:43:30.489root 11241100x8000000000000000263672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265196b0ab5ee0682023-02-08 09:43:30.489root 11241100x8000000000000000263671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9664c30cc70601302023-02-08 09:43:30.489root 11241100x8000000000000000263690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5f273ea8a7da242023-02-08 09:43:30.490root 11241100x8000000000000000263689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f328bddd950ab2023-02-08 09:43:30.490root 11241100x8000000000000000263688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe1356d36262f32023-02-08 09:43:30.490root 11241100x8000000000000000263687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2303944b5931642023-02-08 09:43:30.490root 11241100x8000000000000000263686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7143529fe2c1532023-02-08 09:43:30.490root 11241100x8000000000000000263685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26345c8876b6d93b2023-02-08 09:43:30.490root 11241100x8000000000000000263684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79d3eab4859f4532023-02-08 09:43:30.490root 11241100x8000000000000000263683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b4278db412be82023-02-08 09:43:30.490root 11241100x8000000000000000263682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0aea1c4dbf332b2023-02-08 09:43:30.490root 11241100x8000000000000000263681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e704dc830f6d670a2023-02-08 09:43:30.490root 11241100x8000000000000000263702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814f83ef319bf35c2023-02-08 09:43:30.491root 11241100x8000000000000000263701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9304449de7a19262023-02-08 09:43:30.491root 11241100x8000000000000000263700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80dfe6feb71ee672023-02-08 09:43:30.491root 11241100x8000000000000000263699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc40f5382fe873832023-02-08 09:43:30.491root 11241100x8000000000000000263698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34772b51f66bf432023-02-08 09:43:30.491root 11241100x8000000000000000263697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a04234f358004a62023-02-08 09:43:30.491root 11241100x8000000000000000263696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a800f224ecadc642023-02-08 09:43:30.491root 11241100x8000000000000000263695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3879ebe1ab30adac2023-02-08 09:43:30.491root 11241100x8000000000000000263694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfcc27b1ae34f92023-02-08 09:43:30.491root 11241100x8000000000000000263693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc6318e5d4467ff2023-02-08 09:43:30.491root 11241100x8000000000000000263692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02819d3a8bd9ee12023-02-08 09:43:30.491root 11241100x8000000000000000263691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ef4471c8dbfa822023-02-08 09:43:30.491root 11241100x8000000000000000263704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304dd8643e5403c2023-02-08 09:43:30.492root 11241100x8000000000000000263703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f7d6fd480b1c792023-02-08 09:43:30.492root 11241100x8000000000000000263710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479cc176d8b4c2f2023-02-08 09:43:30.984root 11241100x8000000000000000263709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e91750039dfc6d62023-02-08 09:43:30.984root 11241100x8000000000000000263708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cd4fe07a54a0522023-02-08 09:43:30.984root 11241100x8000000000000000263707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b799b184915bb02023-02-08 09:43:30.984root 11241100x8000000000000000263706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f19b2b7dd819f22023-02-08 09:43:30.984root 11241100x8000000000000000263705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42354792327853d82023-02-08 09:43:30.984root 11241100x8000000000000000263719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62232a17d1d7705c2023-02-08 09:43:30.985root 11241100x8000000000000000263718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1787a591c8e28c432023-02-08 09:43:30.985root 11241100x8000000000000000263717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd26f7d771be2162023-02-08 09:43:30.985root 11241100x8000000000000000263716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7c4e461598f2612023-02-08 09:43:30.985root 11241100x8000000000000000263715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2312b2b459a8db02023-02-08 09:43:30.985root 11241100x8000000000000000263714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e473576cd1e0b42023-02-08 09:43:30.985root 11241100x8000000000000000263713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63847fac37aaf12023-02-08 09:43:30.985root 11241100x8000000000000000263712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f65d4d55ea89822023-02-08 09:43:30.985root 11241100x8000000000000000263711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a67f8764d9f88502023-02-08 09:43:30.985root 11241100x8000000000000000263728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f10a3832dcdfbd2023-02-08 09:43:30.986root 11241100x8000000000000000263727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7300ffa0a5a3bd02023-02-08 09:43:30.986root 11241100x8000000000000000263726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70ed8f1612ae4d12023-02-08 09:43:30.986root 11241100x8000000000000000263725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f278bd99ebe254ff2023-02-08 09:43:30.986root 11241100x8000000000000000263724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2308f4b3462e8162023-02-08 09:43:30.986root 11241100x8000000000000000263723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad2b0a7c6f1938d2023-02-08 09:43:30.986root 11241100x8000000000000000263722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f4133235a248f2023-02-08 09:43:30.986root 11241100x8000000000000000263721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd782870657aa4e2023-02-08 09:43:30.986root 11241100x8000000000000000263720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be510beb91ab8ce2023-02-08 09:43:30.986root 11241100x8000000000000000263737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611f5634e960a82e2023-02-08 09:43:30.987root 11241100x8000000000000000263736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c949e69480d234232023-02-08 09:43:30.987root 11241100x8000000000000000263735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395d5edbf47798a92023-02-08 09:43:30.987root 11241100x8000000000000000263734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979fe69633462e462023-02-08 09:43:30.987root 11241100x8000000000000000263733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8935e5e773695f532023-02-08 09:43:30.987root 11241100x8000000000000000263732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6f1f81da8339c82023-02-08 09:43:30.987root 11241100x8000000000000000263731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf1e33919a19262023-02-08 09:43:30.987root 11241100x8000000000000000263730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8225ab65e243462023-02-08 09:43:30.987root 11241100x8000000000000000263729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a257e1eafef2292023-02-08 09:43:30.987root 11241100x8000000000000000263745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039eee70f321dd722023-02-08 09:43:30.988root 11241100x8000000000000000263744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221d3e78174910b42023-02-08 09:43:30.988root 11241100x8000000000000000263743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7170b79f0044b0412023-02-08 09:43:30.988root 11241100x8000000000000000263742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0881919f9e86510b2023-02-08 09:43:30.988root 11241100x8000000000000000263741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a80e3fa1c56dcd12023-02-08 09:43:30.988root 11241100x8000000000000000263740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d8aa76aca75cab2023-02-08 09:43:30.988root 11241100x8000000000000000263739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82777c8a60f9027f2023-02-08 09:43:30.988root 11241100x8000000000000000263738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bbfc89c6a154562023-02-08 09:43:30.988root 11241100x8000000000000000263754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80230ba54ddc96532023-02-08 09:43:30.989root 11241100x8000000000000000263753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772b2173056a09952023-02-08 09:43:30.989root 11241100x8000000000000000263752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c21059ee397d9142023-02-08 09:43:30.989root 11241100x8000000000000000263751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fe14128feb54bf2023-02-08 09:43:30.989root 11241100x8000000000000000263750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f734cf6beda44fc2023-02-08 09:43:30.989root 11241100x8000000000000000263749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5700039630ce452023-02-08 09:43:30.989root 11241100x8000000000000000263748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aa0128dc74f8172023-02-08 09:43:30.989root 11241100x8000000000000000263747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7258bb1ab8b82aa2023-02-08 09:43:30.989root 11241100x8000000000000000263746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d93bcfe0af557d22023-02-08 09:43:30.989root 11241100x8000000000000000263758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc964cd35c512532023-02-08 09:43:31.484root 11241100x8000000000000000263757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742b541c8db19fe32023-02-08 09:43:31.484root 11241100x8000000000000000263756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1499f49587b8bec2023-02-08 09:43:31.484root 11241100x8000000000000000263755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5130cf5a1f0e202023-02-08 09:43:31.484root 11241100x8000000000000000263760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959dec3312bc232b2023-02-08 09:43:31.485root 11241100x8000000000000000263759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59fec4069f240052023-02-08 09:43:31.485root 11241100x8000000000000000263761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fcd537f706634b2023-02-08 09:43:31.486root 11241100x8000000000000000263774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db113d97b1ee81772023-02-08 09:43:31.487root 11241100x8000000000000000263773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401c73fed1c489b52023-02-08 09:43:31.487root 11241100x8000000000000000263772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0c3f5300a5138c2023-02-08 09:43:31.487root 11241100x8000000000000000263771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d69fc3dfe7d54a2023-02-08 09:43:31.487root 11241100x8000000000000000263770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d010a98296ec5732023-02-08 09:43:31.487root 11241100x8000000000000000263769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eacc5bc38a941c2023-02-08 09:43:31.487root 11241100x8000000000000000263768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14891eb06bbe8552023-02-08 09:43:31.487root 11241100x8000000000000000263767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464e41d5c8ea13002023-02-08 09:43:31.487root 11241100x8000000000000000263766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831696cadeb322742023-02-08 09:43:31.487root 11241100x8000000000000000263765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef5641ca41702ec2023-02-08 09:43:31.487root 11241100x8000000000000000263764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c528d30c8f05582023-02-08 09:43:31.487root 11241100x8000000000000000263763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a3d382ed1d0c432023-02-08 09:43:31.487root 11241100x8000000000000000263762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d2a88331267eb2023-02-08 09:43:31.487root 11241100x8000000000000000263777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdda629cfe396bd2023-02-08 09:43:31.488root 11241100x8000000000000000263776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2560e3da219d22932023-02-08 09:43:31.488root 11241100x8000000000000000263775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5532f3d0b45f1a2f2023-02-08 09:43:31.488root 11241100x8000000000000000263783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c5d526a61029022023-02-08 09:43:31.489root 11241100x8000000000000000263782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ff8e46436a40462023-02-08 09:43:31.489root 11241100x8000000000000000263781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d155869837e1ec4f2023-02-08 09:43:31.489root 11241100x8000000000000000263780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7429149ce58d94212023-02-08 09:43:31.489root 11241100x8000000000000000263779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7a0ca2af2194862023-02-08 09:43:31.489root 11241100x8000000000000000263778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a063b4b9f5850a2023-02-08 09:43:31.489root 11241100x8000000000000000263785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10fc752c438fa1b2023-02-08 09:43:31.490root 11241100x8000000000000000263784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21725d6beccf5f5f2023-02-08 09:43:31.490root 11241100x8000000000000000263786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058149cd5dacad502023-02-08 09:43:31.491root 11241100x8000000000000000263794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5d7f33368e04fb2023-02-08 09:43:31.492root 11241100x8000000000000000263793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f4675c3a7d01fe2023-02-08 09:43:31.492root 11241100x8000000000000000263792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c68efe74c0f12b22023-02-08 09:43:31.492root 11241100x8000000000000000263791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9304c37744e588e2023-02-08 09:43:31.492root 11241100x8000000000000000263790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afe4001ecbb1e842023-02-08 09:43:31.492root 11241100x8000000000000000263789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acfdaf26917cade2023-02-08 09:43:31.492root 11241100x8000000000000000263788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9049c36f397fd6ff2023-02-08 09:43:31.492root 11241100x8000000000000000263787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e560a9548a34d2023-02-08 09:43:31.492root 11241100x8000000000000000263795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0c81797e0fefd62023-02-08 09:43:31.493root 11241100x8000000000000000263796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd1edff896a2cf2023-02-08 09:43:31.494root 11241100x8000000000000000263800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e6ca4a5284bb22023-02-08 09:43:31.984root 11241100x8000000000000000263799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b00240dbe7a67352023-02-08 09:43:31.984root 11241100x8000000000000000263798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400efe62dad648842023-02-08 09:43:31.984root 11241100x8000000000000000263797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2a34e8397f33f22023-02-08 09:43:31.984root 11241100x8000000000000000263809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b230f192fde945272023-02-08 09:43:31.985root 11241100x8000000000000000263808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e93c13a6e93f002023-02-08 09:43:31.985root 11241100x8000000000000000263807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa01507b086648612023-02-08 09:43:31.985root 11241100x8000000000000000263806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1396706388db5cde2023-02-08 09:43:31.985root 11241100x8000000000000000263805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd84ede7619b4132023-02-08 09:43:31.985root 11241100x8000000000000000263804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a397a76069c1e2d2023-02-08 09:43:31.985root 11241100x8000000000000000263803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62973adc1b7492e42023-02-08 09:43:31.985root 11241100x8000000000000000263802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe918ea2595d9e42023-02-08 09:43:31.985root 11241100x8000000000000000263801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b06795ee0908b4f2023-02-08 09:43:31.985root 11241100x8000000000000000263817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09967bc867e6f9592023-02-08 09:43:31.986root 11241100x8000000000000000263816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f3422a04f065a52023-02-08 09:43:31.986root 11241100x8000000000000000263815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b600543e78d29a302023-02-08 09:43:31.986root 11241100x8000000000000000263814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f865ea30906db4e22023-02-08 09:43:31.986root 11241100x8000000000000000263813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa21cbe51b48672a2023-02-08 09:43:31.986root 11241100x8000000000000000263812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76ddb6e168feba2023-02-08 09:43:31.986root 11241100x8000000000000000263811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c58e18f507d83a02023-02-08 09:43:31.986root 11241100x8000000000000000263810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea60385592b200572023-02-08 09:43:31.986root 11241100x8000000000000000263826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fca29f933e34f322023-02-08 09:43:31.987root 11241100x8000000000000000263825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d84c74db01023a2023-02-08 09:43:31.987root 11241100x8000000000000000263824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be4c4ac3dd566892023-02-08 09:43:31.987root 11241100x8000000000000000263823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d585a72214db6e2023-02-08 09:43:31.987root 11241100x8000000000000000263822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c720e82423574fe2023-02-08 09:43:31.987root 11241100x8000000000000000263821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74b93b17d7a7f72023-02-08 09:43:31.987root 11241100x8000000000000000263820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576d8af90b2f2f442023-02-08 09:43:31.987root 11241100x8000000000000000263819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2e5c67a91fb4d52023-02-08 09:43:31.987root 11241100x8000000000000000263818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a8701631d9ec0c2023-02-08 09:43:31.987root 11241100x8000000000000000263834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92666f81cc6631b42023-02-08 09:43:31.988root 11241100x8000000000000000263833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0afdd7d978bae012023-02-08 09:43:31.988root 11241100x8000000000000000263832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a023dfe620e004772023-02-08 09:43:31.988root 11241100x8000000000000000263831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2191bab07e3c09282023-02-08 09:43:31.988root 11241100x8000000000000000263830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e354a786a0cfc5e2023-02-08 09:43:31.988root 11241100x8000000000000000263829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82984057206a97c2023-02-08 09:43:31.988root 11241100x8000000000000000263828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f716f4205dd092023-02-08 09:43:31.988root 11241100x8000000000000000263827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a68d3174e96c8f2023-02-08 09:43:31.988root 11241100x8000000000000000263839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30f21aa47168f9a2023-02-08 09:43:31.989root 11241100x8000000000000000263838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0902c5c11b568e02023-02-08 09:43:31.989root 11241100x8000000000000000263837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd10c6439d13d8a2023-02-08 09:43:31.989root 11241100x8000000000000000263836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b51c2bc6bc38392023-02-08 09:43:31.989root 11241100x8000000000000000263835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a537c9d096176d2023-02-08 09:43:31.989root 11241100x8000000000000000263841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11102ee0f46e7b792023-02-08 09:43:32.484root 11241100x8000000000000000263840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466082c91117f0002023-02-08 09:43:32.484root 11241100x8000000000000000263848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75fb7fc9454c52d2023-02-08 09:43:32.485root 11241100x8000000000000000263847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960f72f270bc1a5b2023-02-08 09:43:32.485root 11241100x8000000000000000263846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e894dff61f7add2023-02-08 09:43:32.485root 11241100x8000000000000000263845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee06e3407e2f32e2023-02-08 09:43:32.485root 11241100x8000000000000000263844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadde4b5e99c4b002023-02-08 09:43:32.485root 11241100x8000000000000000263843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e1cc1c5da444c2023-02-08 09:43:32.485root 11241100x8000000000000000263842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c73b10cfceb7f2023-02-08 09:43:32.485root 11241100x8000000000000000263860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ddcb2be8000fb2023-02-08 09:43:32.486root 11241100x8000000000000000263859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1369a0a09a7133e2023-02-08 09:43:32.486root 11241100x8000000000000000263858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574dc4986e4ae0ca2023-02-08 09:43:32.486root 11241100x8000000000000000263857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f84bec925ebc52023-02-08 09:43:32.486root 11241100x8000000000000000263856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a28ffe49d42c9e2023-02-08 09:43:32.486root 11241100x8000000000000000263855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534cb9984851a2642023-02-08 09:43:32.486root 11241100x8000000000000000263854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b9d5b1ec695df42023-02-08 09:43:32.486root 11241100x8000000000000000263853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886919b2f85c5e852023-02-08 09:43:32.486root 11241100x8000000000000000263852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7429fe8d61d7b4a2023-02-08 09:43:32.486root 11241100x8000000000000000263851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0670b4057ba4393e2023-02-08 09:43:32.486root 11241100x8000000000000000263850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a519f1889ee4885c2023-02-08 09:43:32.486root 11241100x8000000000000000263849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea3481a7e5e23432023-02-08 09:43:32.486root 11241100x8000000000000000263868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c44b4fc403ba052023-02-08 09:43:32.487root 11241100x8000000000000000263867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de87ab939a819c62023-02-08 09:43:32.487root 11241100x8000000000000000263866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b09db52bde43dcd2023-02-08 09:43:32.487root 11241100x8000000000000000263865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f76b878f94b7b2023-02-08 09:43:32.487root 11241100x8000000000000000263864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2167ff9483f70cd72023-02-08 09:43:32.487root 11241100x8000000000000000263863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd1c5a7f88d7bf2023-02-08 09:43:32.487root 11241100x8000000000000000263862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61734504cda859752023-02-08 09:43:32.487root 11241100x8000000000000000263861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f53de9a7830aeae2023-02-08 09:43:32.487root 11241100x8000000000000000263877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe401c72a21eec2023-02-08 09:43:32.488root 11241100x8000000000000000263876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c151df3664bac52023-02-08 09:43:32.488root 11241100x8000000000000000263875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b39eeb4994561ec2023-02-08 09:43:32.488root 11241100x8000000000000000263874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd64def66017c722023-02-08 09:43:32.488root 11241100x8000000000000000263873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea200879d5ca662023-02-08 09:43:32.488root 11241100x8000000000000000263872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50b296496a7ed892023-02-08 09:43:32.488root 11241100x8000000000000000263871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17453741bb42c882023-02-08 09:43:32.488root 11241100x8000000000000000263870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b03aff84e416cb2023-02-08 09:43:32.488root 11241100x8000000000000000263869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c3950f2ce0a19e2023-02-08 09:43:32.488root 11241100x8000000000000000263882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f209123b3fc041a2023-02-08 09:43:32.985root 11241100x8000000000000000263881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188a0405cba312fa2023-02-08 09:43:32.985root 11241100x8000000000000000263880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb6dd5df67ae86d2023-02-08 09:43:32.985root 11241100x8000000000000000263879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb9bc3661356bb52023-02-08 09:43:32.985root 11241100x8000000000000000263878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bb125cc242a0b42023-02-08 09:43:32.985root 11241100x8000000000000000263889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a356aae6fda7ed232023-02-08 09:43:32.986root 11241100x8000000000000000263888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5f9af0f299deb42023-02-08 09:43:32.986root 11241100x8000000000000000263887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ab371a697f9ed2023-02-08 09:43:32.986root 11241100x8000000000000000263886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78471894bc2acaa2023-02-08 09:43:32.986root 11241100x8000000000000000263885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15362ca9658ee9182023-02-08 09:43:32.986root 11241100x8000000000000000263884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c330460d21ceba2023-02-08 09:43:32.986root 11241100x8000000000000000263883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9795a64a875e2a62023-02-08 09:43:32.986root 11241100x8000000000000000263899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d72045a346b59712023-02-08 09:43:32.987root 11241100x8000000000000000263898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a483cec7fe2595c52023-02-08 09:43:32.987root 11241100x8000000000000000263897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ac72c3d567f5a52023-02-08 09:43:32.987root 11241100x8000000000000000263896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da11f1d719645bb22023-02-08 09:43:32.987root 11241100x8000000000000000263895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecf9971144218182023-02-08 09:43:32.987root 11241100x8000000000000000263894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34320a684e65f452023-02-08 09:43:32.987root 11241100x8000000000000000263893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5c9d49b8f7a2db2023-02-08 09:43:32.987root 11241100x8000000000000000263892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ab64ea13255b092023-02-08 09:43:32.987root 11241100x8000000000000000263891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc908f1b921c552023-02-08 09:43:32.987root 11241100x8000000000000000263890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a1fed490139fdd2023-02-08 09:43:32.987root 11241100x8000000000000000263909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc795b33bad5b892023-02-08 09:43:32.988root 11241100x8000000000000000263908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04bdd3e70f359d22023-02-08 09:43:32.988root 11241100x8000000000000000263907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e41536108b84a12023-02-08 09:43:32.988root 11241100x8000000000000000263906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbee4a7602fd0822023-02-08 09:43:32.988root 11241100x8000000000000000263905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43c79662fb7d8ab2023-02-08 09:43:32.988root 11241100x8000000000000000263904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6144d083fbfe00812023-02-08 09:43:32.988root 11241100x8000000000000000263903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf5fb86a3b319c2023-02-08 09:43:32.988root 11241100x8000000000000000263902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177b5d3331fcc1c22023-02-08 09:43:32.988root 11241100x8000000000000000263901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b396d66262d31e62023-02-08 09:43:32.988root 11241100x8000000000000000263900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f825b5c277ffc27f2023-02-08 09:43:32.988root 11241100x8000000000000000263913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d57060549bf1d202023-02-08 09:43:32.989root 11241100x8000000000000000263912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0771882ed1b58d4f2023-02-08 09:43:32.989root 11241100x8000000000000000263911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619676ab5972f3302023-02-08 09:43:32.989root 11241100x8000000000000000263910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:32.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684fd526f72f3daf2023-02-08 09:43:32.989root 354300x8000000000000000263914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.106{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-54628-false10.0.1.12-8000- 11241100x8000000000000000263915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a84fc0d400beb82023-02-08 09:43:33.484root 11241100x8000000000000000263917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54bf8f62278fd9e2023-02-08 09:43:33.485root 11241100x8000000000000000263916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d405c018d0e2bae2023-02-08 09:43:33.485root 11241100x8000000000000000263925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467afffa4cd8f2812023-02-08 09:43:33.486root 11241100x8000000000000000263924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85768efc3e6dbca2023-02-08 09:43:33.486root 11241100x8000000000000000263923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b494f3e9420492023-02-08 09:43:33.486root 11241100x8000000000000000263922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fec1b5380a3f912023-02-08 09:43:33.486root 11241100x8000000000000000263921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55da9fd9420a1d32023-02-08 09:43:33.486root 11241100x8000000000000000263920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfb797a8358bcc22023-02-08 09:43:33.486root 11241100x8000000000000000263919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4219fbb75db3af6a2023-02-08 09:43:33.486root 11241100x8000000000000000263918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf9164d31d2e1172023-02-08 09:43:33.486root 11241100x8000000000000000263933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca71e11b3b38fe242023-02-08 09:43:33.487root 11241100x8000000000000000263932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905c64230a9f2f802023-02-08 09:43:33.487root 11241100x8000000000000000263931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6d334be175983c2023-02-08 09:43:33.487root 11241100x8000000000000000263930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0b2664c06af5a2023-02-08 09:43:33.487root 11241100x8000000000000000263929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac2541d50eeea162023-02-08 09:43:33.487root 11241100x8000000000000000263928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b614b5e01c27e5782023-02-08 09:43:33.487root 11241100x8000000000000000263927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e45336f85e19572023-02-08 09:43:33.487root 11241100x8000000000000000263926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6a77fbdef62bbe2023-02-08 09:43:33.487root 11241100x8000000000000000263942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc501f3d851419952023-02-08 09:43:33.488root 11241100x8000000000000000263941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997269130e9678fd2023-02-08 09:43:33.488root 11241100x8000000000000000263940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a01f3a55b934e22023-02-08 09:43:33.488root 11241100x8000000000000000263939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f1474c753acf652023-02-08 09:43:33.488root 11241100x8000000000000000263938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576feb9a6e74203e2023-02-08 09:43:33.488root 11241100x8000000000000000263937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f0ca17d8b5522a2023-02-08 09:43:33.488root 11241100x8000000000000000263936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbeb9b7811a614d2023-02-08 09:43:33.488root 11241100x8000000000000000263935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb1aa634736dfa72023-02-08 09:43:33.488root 11241100x8000000000000000263934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.023c6861d7101bfe2023-02-08 09:43:33.488root 11241100x8000000000000000263949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699bcdd12d093192023-02-08 09:43:33.489root 11241100x8000000000000000263948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a88a5084d7f75862023-02-08 09:43:33.489root 11241100x8000000000000000263947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0dc06d44c95f26c2023-02-08 09:43:33.489root 11241100x8000000000000000263946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3046b754093a6d92023-02-08 09:43:33.489root 11241100x8000000000000000263945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2af9ca208eae572023-02-08 09:43:33.489root 11241100x8000000000000000263944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17739a9eef7176092023-02-08 09:43:33.489root 11241100x8000000000000000263943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b178a4d9e874f12023-02-08 09:43:33.489root 11241100x8000000000000000263952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cdb27c662a58392023-02-08 09:43:33.490root 11241100x8000000000000000263951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8aadcc4ecd84382023-02-08 09:43:33.490root 11241100x8000000000000000263950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc405435f396b3532023-02-08 09:43:33.490root 11241100x8000000000000000263958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e91ceaa8c7b6fa2023-02-08 09:43:33.984root 11241100x8000000000000000263957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2022fd6d6dabf9ac2023-02-08 09:43:33.984root 11241100x8000000000000000263956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de491ffd53a1eba2023-02-08 09:43:33.984root 11241100x8000000000000000263955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3c21fea10aa0f82023-02-08 09:43:33.984root 11241100x8000000000000000263954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b87867e6e92a7d2023-02-08 09:43:33.984root 11241100x8000000000000000263953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61e7df9d168e26d2023-02-08 09:43:33.984root 11241100x8000000000000000263962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0edf0cc3eb18df2023-02-08 09:43:33.985root 11241100x8000000000000000263961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2f89686cee80e82023-02-08 09:43:33.985root 11241100x8000000000000000263960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed632f9018e08a2023-02-08 09:43:33.985root 11241100x8000000000000000263959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9245d7a3c3efaf42023-02-08 09:43:33.985root 11241100x8000000000000000263966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0523e03b56cd452023-02-08 09:43:33.986root 11241100x8000000000000000263965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180778d73651b71f2023-02-08 09:43:33.986root 11241100x8000000000000000263964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad615b4f3339df1f2023-02-08 09:43:33.986root 11241100x8000000000000000263963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fb3729466394842023-02-08 09:43:33.986root 11241100x8000000000000000263978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efbccef8a6666d72023-02-08 09:43:33.987root 11241100x8000000000000000263977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8a5e45b5222a62023-02-08 09:43:33.987root 11241100x8000000000000000263976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11baf9c9cfaf9bbd2023-02-08 09:43:33.987root 11241100x8000000000000000263975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d142800f9d78f72023-02-08 09:43:33.987root 11241100x8000000000000000263974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc2d8d5a5fe8cf2023-02-08 09:43:33.987root 11241100x8000000000000000263973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fee4937d4b09182023-02-08 09:43:33.987root 11241100x8000000000000000263972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbe04d268a722e82023-02-08 09:43:33.987root 11241100x8000000000000000263971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b7eea6d00bf4c72023-02-08 09:43:33.987root 11241100x8000000000000000263970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03e12155f5c6b982023-02-08 09:43:33.987root 11241100x8000000000000000263969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd068c5b5a896a9e2023-02-08 09:43:33.987root 11241100x8000000000000000263968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d2048537ec259e2023-02-08 09:43:33.987root 11241100x8000000000000000263967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235fa6b3e6604feb2023-02-08 09:43:33.987root 11241100x8000000000000000263992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5ee6a7e7014a252023-02-08 09:43:33.988root 11241100x8000000000000000263991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e27c08f9ec7843d2023-02-08 09:43:33.988root 11241100x8000000000000000263990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a42360b3d5b183d2023-02-08 09:43:33.988root 11241100x8000000000000000263989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127e3ad716a657162023-02-08 09:43:33.988root 11241100x8000000000000000263988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa012b2e912d1442023-02-08 09:43:33.988root 11241100x8000000000000000263987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471598fa2bd52142023-02-08 09:43:33.988root 11241100x8000000000000000263986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6859e75b103c65742023-02-08 09:43:33.988root 11241100x8000000000000000263985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b809d662c124fb2023-02-08 09:43:33.988root 11241100x8000000000000000263984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09d56acdd03864e2023-02-08 09:43:33.988root 11241100x8000000000000000263983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62bb48edce17d172023-02-08 09:43:33.988root 11241100x8000000000000000263982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8318d206b74370ca2023-02-08 09:43:33.988root 11241100x8000000000000000263981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2552e9df20e61d5d2023-02-08 09:43:33.988root 11241100x8000000000000000263980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f33ab9903a328a2023-02-08 09:43:33.988root 11241100x8000000000000000263979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35859cd634b4f0e32023-02-08 09:43:33.988root 11241100x8000000000000000264003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0ca7b6e3830582023-02-08 09:43:33.989root 11241100x8000000000000000264002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f7df1cc4267e052023-02-08 09:43:33.989root 11241100x8000000000000000264001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d22f9d9577417c2023-02-08 09:43:33.989root 11241100x8000000000000000264000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4389f20d85b1cf962023-02-08 09:43:33.989root 11241100x8000000000000000263999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4ba40af2d3c8e2023-02-08 09:43:33.989root 11241100x8000000000000000263998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b29f030ffd18d2023-02-08 09:43:33.989root 11241100x8000000000000000263997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4097bf00142a6b692023-02-08 09:43:33.989root 11241100x8000000000000000263996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a125444aceb027e2023-02-08 09:43:33.989root 11241100x8000000000000000263995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da4fcbb562cff12023-02-08 09:43:33.989root 11241100x8000000000000000263994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf03de790ed2952023-02-08 09:43:33.989root 11241100x8000000000000000263993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d8ccd9c1d311692023-02-08 09:43:33.989root 11241100x8000000000000000264007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f23576acf1f3462023-02-08 09:43:33.990root 11241100x8000000000000000264006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f6797c7b19c4582023-02-08 09:43:33.990root 11241100x8000000000000000264005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c104685f5ced9f2023-02-08 09:43:33.990root 11241100x8000000000000000264004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ce48029682fc282023-02-08 09:43:33.990root 11241100x8000000000000000264016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56322ab5cbd784512023-02-08 09:43:33.991root 11241100x8000000000000000264015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157e01df5eab5a0f2023-02-08 09:43:33.991root 11241100x8000000000000000264014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f977b083380abd2023-02-08 09:43:33.991root 11241100x8000000000000000264013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b6d84c27e3a802023-02-08 09:43:33.991root 11241100x8000000000000000264012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b768fc8339963f2023-02-08 09:43:33.991root 11241100x8000000000000000264011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded2f533d817ed42023-02-08 09:43:33.991root 11241100x8000000000000000264010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7372d1642af0857d2023-02-08 09:43:33.991root 11241100x8000000000000000264009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb8dac68a0611672023-02-08 09:43:33.991root 11241100x8000000000000000264008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992c107b844813e52023-02-08 09:43:33.991root 11241100x8000000000000000264031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f5e9c94817d55a2023-02-08 09:43:33.992root 11241100x8000000000000000264030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dceea0eaf66a142023-02-08 09:43:33.992root 11241100x8000000000000000264029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9713f58054ce4a402023-02-08 09:43:33.992root 11241100x8000000000000000264028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd1881e43c22e72023-02-08 09:43:33.992root 11241100x8000000000000000264027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a9f79d15a7ee12023-02-08 09:43:33.992root 11241100x8000000000000000264026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612fd0ce627bbb462023-02-08 09:43:33.992root 11241100x8000000000000000264025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca8246ad4ae81e2023-02-08 09:43:33.992root 11241100x8000000000000000264024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbadcd64c1afaf372023-02-08 09:43:33.992root 11241100x8000000000000000264023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb257c6d25512632023-02-08 09:43:33.992root 11241100x8000000000000000264022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873ce4c00ed95cbb2023-02-08 09:43:33.992root 11241100x8000000000000000264021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d018471c7a1b749f2023-02-08 09:43:33.992root 11241100x8000000000000000264020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ad5aa797da68672023-02-08 09:43:33.992root 11241100x8000000000000000264019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffe99c876082cd22023-02-08 09:43:33.992root 11241100x8000000000000000264018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebee311339bfccd62023-02-08 09:43:33.992root 11241100x8000000000000000264017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8aa8c5cdff9c6b2023-02-08 09:43:33.992root 11241100x8000000000000000264038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631d685da9915ef72023-02-08 09:43:33.993root 11241100x8000000000000000264037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3b39e98c68883d2023-02-08 09:43:33.993root 11241100x8000000000000000264036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dd94162f80b4db2023-02-08 09:43:33.993root 11241100x8000000000000000264035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba06e3101215382023-02-08 09:43:33.993root 11241100x8000000000000000264034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebc6d33ad4968a52023-02-08 09:43:33.993root 11241100x8000000000000000264033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce4d190f4124cc2023-02-08 09:43:33.993root 11241100x8000000000000000264032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a1f3132e7be332023-02-08 09:43:33.993root 11241100x8000000000000000264044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173ed35d09798592023-02-08 09:43:33.994root 11241100x8000000000000000264043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dcda49aa36ccd12023-02-08 09:43:33.994root 11241100x8000000000000000264042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b741a050536ff72023-02-08 09:43:33.994root 11241100x8000000000000000264041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdce73867ad8d2b2023-02-08 09:43:33.994root 11241100x8000000000000000264040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f2b31d780f19482023-02-08 09:43:33.994root 11241100x8000000000000000264039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450aa4b4abcf8a32023-02-08 09:43:33.994root 11241100x8000000000000000264051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a425b892e62ace2023-02-08 09:43:33.995root 11241100x8000000000000000264050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0460f35de56b4a42023-02-08 09:43:33.995root 11241100x8000000000000000264049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6130a8b6237eba42023-02-08 09:43:33.995root 11241100x8000000000000000264048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a6b126eaae2caa2023-02-08 09:43:33.995root 11241100x8000000000000000264047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f4eb0a4fb192ba2023-02-08 09:43:33.995root 11241100x8000000000000000264046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c6e8e67efb03bf2023-02-08 09:43:33.995root 11241100x8000000000000000264045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50110042444e01ee2023-02-08 09:43:33.995root 11241100x8000000000000000264054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72809981740ab4ad2023-02-08 09:43:33.996root 11241100x8000000000000000264053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba3947a36d72da62023-02-08 09:43:33.996root 11241100x8000000000000000264052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1f7256f0a9ce732023-02-08 09:43:33.996root 11241100x8000000000000000264060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfc77f4b5a8a3192023-02-08 09:43:33.997root 11241100x8000000000000000264059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2906581e667dc872023-02-08 09:43:33.997root 11241100x8000000000000000264058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b68a2d1c3d9b4612023-02-08 09:43:33.997root 11241100x8000000000000000264057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2074542f1e5e45d2023-02-08 09:43:33.997root 11241100x8000000000000000264056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a333eb850a676c7b2023-02-08 09:43:33.997root 11241100x8000000000000000264055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d18406e3639e7132023-02-08 09:43:33.997root 11241100x8000000000000000264062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7ae91b5bd730a2023-02-08 09:43:33.998root 11241100x8000000000000000264061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:33.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9fa82b3648f5542023-02-08 09:43:33.998root 11241100x8000000000000000264064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0dfd0e41f119a32023-02-08 09:43:34.484root 11241100x8000000000000000264063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182b9a793a11ed002023-02-08 09:43:34.484root 11241100x8000000000000000264071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae144fb4694eda02023-02-08 09:43:34.485root 11241100x8000000000000000264070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e50aba08225f2b2023-02-08 09:43:34.485root 11241100x8000000000000000264069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc8086101fd85822023-02-08 09:43:34.485root 11241100x8000000000000000264068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41245edf66788fea2023-02-08 09:43:34.485root 11241100x8000000000000000264067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cccf05981a134be2023-02-08 09:43:34.485root 11241100x8000000000000000264066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3002fd27d5b0929e2023-02-08 09:43:34.485root 11241100x8000000000000000264065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ad8ffd8ec0637e2023-02-08 09:43:34.485root 11241100x8000000000000000264081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861c02c381b9a76e2023-02-08 09:43:34.486root 11241100x8000000000000000264080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b991acf350eb4a32023-02-08 09:43:34.486root 11241100x8000000000000000264079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab94d0a85d4a6e782023-02-08 09:43:34.486root 11241100x8000000000000000264078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c53575e423e3a82023-02-08 09:43:34.486root 11241100x8000000000000000264077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6190f32c8a97f732023-02-08 09:43:34.486root 11241100x8000000000000000264076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35d1ab742537ccc2023-02-08 09:43:34.486root 11241100x8000000000000000264075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afe0849c56924682023-02-08 09:43:34.486root 11241100x8000000000000000264074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa4efeb1f664bb2023-02-08 09:43:34.486root 11241100x8000000000000000264073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c6b73aef4c6a52023-02-08 09:43:34.486root 11241100x8000000000000000264072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977c4f352a1296b2023-02-08 09:43:34.486root 11241100x8000000000000000264093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e9f20c7ff279fb2023-02-08 09:43:34.487root 11241100x8000000000000000264092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b06592aff451362023-02-08 09:43:34.487root 11241100x8000000000000000264091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34965f50b08decd82023-02-08 09:43:34.487root 11241100x8000000000000000264090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5746a296adec4d72023-02-08 09:43:34.487root 11241100x8000000000000000264089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3c401a1692e7fb2023-02-08 09:43:34.487root 11241100x8000000000000000264088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb99b5ebec206cf2023-02-08 09:43:34.487root 11241100x8000000000000000264087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c7d060682e727c2023-02-08 09:43:34.487root 11241100x8000000000000000264086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1784ffae906cb032023-02-08 09:43:34.487root 11241100x8000000000000000264085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3536226db2ef8f472023-02-08 09:43:34.487root 11241100x8000000000000000264084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9c2a70eef3ebdd2023-02-08 09:43:34.487root 11241100x8000000000000000264083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8cee4a55088d8042023-02-08 09:43:34.487root 11241100x8000000000000000264082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d699d2bb56a90c62023-02-08 09:43:34.487root 11241100x8000000000000000264105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cce4e93cb878a32023-02-08 09:43:34.488root 11241100x8000000000000000264104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2338d2271e532802023-02-08 09:43:34.488root 11241100x8000000000000000264103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a400da276f83220b2023-02-08 09:43:34.488root 11241100x8000000000000000264102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b544b2479087fd02023-02-08 09:43:34.488root 11241100x8000000000000000264101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fd564b81d613522023-02-08 09:43:34.488root 11241100x8000000000000000264100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2cf38e8c31d282023-02-08 09:43:34.488root 11241100x8000000000000000264099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae0d747c8c4866b2023-02-08 09:43:34.488root 11241100x8000000000000000264098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca06a436b7bb0d2023-02-08 09:43:34.488root 11241100x8000000000000000264097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbde1340b0dc286b2023-02-08 09:43:34.488root 11241100x8000000000000000264096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732e7bfc1c67ddd62023-02-08 09:43:34.488root 11241100x8000000000000000264095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c31e20fbc93d192023-02-08 09:43:34.488root 11241100x8000000000000000264094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4ad2e15a3390002023-02-08 09:43:34.488root 11241100x8000000000000000264109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d41c47af423f972023-02-08 09:43:34.489root 11241100x8000000000000000264108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79ba40c5c14e22a2023-02-08 09:43:34.489root 11241100x8000000000000000264107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4490786b392a0032023-02-08 09:43:34.489root 11241100x8000000000000000264106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a75232832a71632023-02-08 09:43:34.489root 11241100x8000000000000000264112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f9684c9b0d96a2023-02-08 09:43:34.984root 11241100x8000000000000000264111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d03de5511cbb3492023-02-08 09:43:34.984root 11241100x8000000000000000264110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e1f2e9be7936652023-02-08 09:43:34.984root 11241100x8000000000000000264118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67521676dd4147442023-02-08 09:43:34.985root 11241100x8000000000000000264117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103d457ecb9a22fb2023-02-08 09:43:34.985root 11241100x8000000000000000264116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6858f3d5407b5692023-02-08 09:43:34.985root 11241100x8000000000000000264115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca249a05d98d3742023-02-08 09:43:34.985root 11241100x8000000000000000264114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629739e8407b6e772023-02-08 09:43:34.985root 11241100x8000000000000000264113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d190dd3138f9c0ce2023-02-08 09:43:34.985root 11241100x8000000000000000264128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a67d81818345b072023-02-08 09:43:34.986root 11241100x8000000000000000264127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed72d0633de446fb2023-02-08 09:43:34.986root 11241100x8000000000000000264126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb35655d9f305f2023-02-08 09:43:34.986root 11241100x8000000000000000264125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e3df8beb5efccf2023-02-08 09:43:34.986root 11241100x8000000000000000264124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cd4e02f2d5366c2023-02-08 09:43:34.986root 11241100x8000000000000000264123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac083cc2e1b6ce1a2023-02-08 09:43:34.986root 11241100x8000000000000000264122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc012e0395dc8bf2023-02-08 09:43:34.986root 11241100x8000000000000000264121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ee250c4f328d592023-02-08 09:43:34.986root 11241100x8000000000000000264120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b048d37f58ed0c2023-02-08 09:43:34.986root 11241100x8000000000000000264119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7aae68f26fbc67f2023-02-08 09:43:34.986root 11241100x8000000000000000264140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bf1427e1ddbe922023-02-08 09:43:34.987root 11241100x8000000000000000264139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70472881fecdf8572023-02-08 09:43:34.987root 11241100x8000000000000000264138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d47074c149906302023-02-08 09:43:34.987root 11241100x8000000000000000264137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18918300f4c52cbd2023-02-08 09:43:34.987root 11241100x8000000000000000264136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f464da64804ae5732023-02-08 09:43:34.987root 11241100x8000000000000000264135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803d07437a2fba92023-02-08 09:43:34.987root 11241100x8000000000000000264134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7347431e1a8c732023-02-08 09:43:34.987root 11241100x8000000000000000264133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d1db9937179ab32023-02-08 09:43:34.987root 11241100x8000000000000000264132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e419329ef15944f2023-02-08 09:43:34.987root 11241100x8000000000000000264131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed43e65fc9d9022023-02-08 09:43:34.987root 11241100x8000000000000000264130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de7950f6b3b65ad2023-02-08 09:43:34.987root 11241100x8000000000000000264129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7c4198a65fbc052023-02-08 09:43:34.987root 11241100x8000000000000000264151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163ca9f137c5df12023-02-08 09:43:34.988root 11241100x8000000000000000264150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192fc9f6008fdd72023-02-08 09:43:34.988root 11241100x8000000000000000264149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bec7d60cf2a6012023-02-08 09:43:34.988root 11241100x8000000000000000264148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d02850093de3edb2023-02-08 09:43:34.988root 11241100x8000000000000000264147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6688c87c55be03072023-02-08 09:43:34.988root 11241100x8000000000000000264146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac2758b0e8afd12023-02-08 09:43:34.988root 11241100x8000000000000000264145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ad00172a45b19f2023-02-08 09:43:34.988root 11241100x8000000000000000264144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db080a06bbc5e8cd2023-02-08 09:43:34.988root 11241100x8000000000000000264143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ccbaec5c91faf72023-02-08 09:43:34.988root 11241100x8000000000000000264142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb37f103a050026c2023-02-08 09:43:34.988root 11241100x8000000000000000264141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:34.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d516a5d2ba7b38662023-02-08 09:43:34.988root 11241100x8000000000000000264159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d211b64c463e8e22023-02-08 09:43:35.485root 11241100x8000000000000000264158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81e0aeabc9484362023-02-08 09:43:35.485root 11241100x8000000000000000264157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab261dc701a23fd52023-02-08 09:43:35.485root 11241100x8000000000000000264156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248d2b7aee6b4ad52023-02-08 09:43:35.485root 11241100x8000000000000000264155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06507064fe0b33812023-02-08 09:43:35.485root 11241100x8000000000000000264154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41762678f1d360a02023-02-08 09:43:35.485root 11241100x8000000000000000264153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106fc4f3e356e05c2023-02-08 09:43:35.485root 11241100x8000000000000000264152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b2e53d81f01a82023-02-08 09:43:35.485root 11241100x8000000000000000264166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02115a261e2bb1e82023-02-08 09:43:35.486root 11241100x8000000000000000264165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c5f5781766d5792023-02-08 09:43:35.486root 11241100x8000000000000000264164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5696e909b3b6a5c72023-02-08 09:43:35.486root 11241100x8000000000000000264163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe47b0bb540f09a2023-02-08 09:43:35.486root 11241100x8000000000000000264162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b194f1d7c3937f092023-02-08 09:43:35.486root 11241100x8000000000000000264161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a30658a6601d30d2023-02-08 09:43:35.486root 11241100x8000000000000000264160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0e2706a3851fa2023-02-08 09:43:35.486root 11241100x8000000000000000264175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6a1a17084b54ad2023-02-08 09:43:35.487root 11241100x8000000000000000264174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85fe6430022834c2023-02-08 09:43:35.487root 11241100x8000000000000000264173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84443a2b9d73e1222023-02-08 09:43:35.487root 11241100x8000000000000000264172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95920a0f3aa1e0df2023-02-08 09:43:35.487root 11241100x8000000000000000264171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ee717a48e5a96b2023-02-08 09:43:35.487root 11241100x8000000000000000264170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e2b1f8c854209c2023-02-08 09:43:35.487root 11241100x8000000000000000264169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9649fd5ed98bc92023-02-08 09:43:35.487root 11241100x8000000000000000264168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b3c259fd77e9fe2023-02-08 09:43:35.487root 11241100x8000000000000000264167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f522e3f35bd893dd2023-02-08 09:43:35.487root 11241100x8000000000000000264185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78354f82ff3e012023-02-08 09:43:35.488root 11241100x8000000000000000264184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d34eac6838a2fad2023-02-08 09:43:35.488root 11241100x8000000000000000264183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d717bc30a1db8c72023-02-08 09:43:35.488root 11241100x8000000000000000264182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f2f597906e835b2023-02-08 09:43:35.488root 11241100x8000000000000000264181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3cd4dcec7d7802023-02-08 09:43:35.488root 11241100x8000000000000000264180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49851cf7e5dbcd2023-02-08 09:43:35.488root 11241100x8000000000000000264179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6057a8d77730a22023-02-08 09:43:35.488root 11241100x8000000000000000264178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62726613310ff26f2023-02-08 09:43:35.488root 11241100x8000000000000000264177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91061d121e257c5c2023-02-08 09:43:35.488root 11241100x8000000000000000264176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198dea8a0fcff1bd2023-02-08 09:43:35.488root 11241100x8000000000000000264188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0f796b5f4fbd522023-02-08 09:43:35.489root 11241100x8000000000000000264187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da8207bb76bc2f62023-02-08 09:43:35.489root 11241100x8000000000000000264186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e904d0c6b918652023-02-08 09:43:35.489root 11241100x8000000000000000264193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f7568e85f66a92023-02-08 09:43:35.985root 11241100x8000000000000000264192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b19ae2ca1921b532023-02-08 09:43:35.985root 11241100x8000000000000000264191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5d8cfba816e6302023-02-08 09:43:35.985root 11241100x8000000000000000264190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03035a25f34dce2b2023-02-08 09:43:35.985root 11241100x8000000000000000264189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe06dd4d8032451a2023-02-08 09:43:35.985root 11241100x8000000000000000264194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d632752b966879c2023-02-08 09:43:35.986root 11241100x8000000000000000264200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e634b0803949c9c2023-02-08 09:43:35.987root 11241100x8000000000000000264199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efc3ace7d4a43322023-02-08 09:43:35.987root 11241100x8000000000000000264198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9c6599862c41262023-02-08 09:43:35.987root 11241100x8000000000000000264197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a806677ece001142023-02-08 09:43:35.987root 11241100x8000000000000000264196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dded699602ed48872023-02-08 09:43:35.987root 11241100x8000000000000000264195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545307cc365fb8ca2023-02-08 09:43:35.987root 11241100x8000000000000000264204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ca000b7b59fb82023-02-08 09:43:35.988root 11241100x8000000000000000264203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e889b8d50af6f3192023-02-08 09:43:35.988root 11241100x8000000000000000264202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.988{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journald/var/log/journal/ec2a060182cadf3cd7baac2774c29b92/system.journal2023-02-08 09:43:35.988root 11241100x8000000000000000264201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984606fd4608a55a2023-02-08 09:43:35.988root 11241100x8000000000000000264208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40aa704e94bef9bb2023-02-08 09:43:35.990root 11241100x8000000000000000264207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479bd9cbb2bae29f2023-02-08 09:43:35.990root 11241100x8000000000000000264206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5222af129574900f2023-02-08 09:43:35.990root 11241100x8000000000000000264205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e593c1abb4cb46ea2023-02-08 09:43:35.990root 11241100x8000000000000000264218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bde789f5711b922023-02-08 09:43:35.991root 11241100x8000000000000000264217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774ab960d52a8c22023-02-08 09:43:35.991root 11241100x8000000000000000264216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b434ea28e9b2f1f82023-02-08 09:43:35.991root 11241100x8000000000000000264215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5033995e2617e7c52023-02-08 09:43:35.991root 11241100x8000000000000000264214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17f53270df4bb572023-02-08 09:43:35.991root 11241100x8000000000000000264213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd8b58908f627ba2023-02-08 09:43:35.991root 11241100x8000000000000000264212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceef2896d4a27292023-02-08 09:43:35.991root 11241100x8000000000000000264211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18495a78b2f38e8a2023-02-08 09:43:35.991root 11241100x8000000000000000264210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb5b8fa94c48d32023-02-08 09:43:35.991root 11241100x8000000000000000264209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a31d4abbdf915132023-02-08 09:43:35.991root 11241100x8000000000000000264221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6f27d22d372a92023-02-08 09:43:35.992root 11241100x8000000000000000264220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b83a513c24b45b22023-02-08 09:43:35.992root 11241100x8000000000000000264219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2d3e7800f3ea812023-02-08 09:43:35.992root 11241100x8000000000000000264227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e505cf3a9d36d42023-02-08 09:43:35.993root 11241100x8000000000000000264226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c158beee90fdbcd2023-02-08 09:43:35.993root 11241100x8000000000000000264225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0673ad9427e0c6e2023-02-08 09:43:35.993root 11241100x8000000000000000264224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5fe76af07553982023-02-08 09:43:35.993root 11241100x8000000000000000264223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108e98978313c4e62023-02-08 09:43:35.993root 11241100x8000000000000000264222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:35.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddfb0307a1db3622023-02-08 09:43:35.993root 11241100x8000000000000000264228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.013{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journald/var/log/journal/ec2a060182cadf3cd7baac2774c29b92/user-1000.journal2023-02-08 09:43:36.013root 23542300x8000000000000000264229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.038{ec2a0601-5c38-63e3-c8ba-750834560000}466root/lib/systemd/systemd-journald/var/log/journal/ec2a060182cadf3cd7baac2774c29b92/user-1000@fec30078a2764e26bf76760a7940d95c-0000000000000000-0000000000000000.journal--- 11241100x8000000000000000264230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.039{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa54d28d4a228c0e2023-02-08 09:43:36.039root 534500x8000000000000000264231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.156{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journaldroot 11241100x8000000000000000264232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:43:36.363root 11241100x8000000000000000264240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0f2268f42670222023-02-08 09:43:36.364root 11241100x8000000000000000264239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f31e9cf1e5b9422023-02-08 09:43:36.364root 11241100x8000000000000000264238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90ef971394ebcc2023-02-08 09:43:36.364root 11241100x8000000000000000264237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea5216e3f0398d52023-02-08 09:43:36.364root 11241100x8000000000000000264236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c87bfe3f3ab5f32023-02-08 09:43:36.364root 11241100x8000000000000000264235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ecc235ce7b4a8f2023-02-08 09:43:36.364root 11241100x8000000000000000264234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2c1dceb21489952023-02-08 09:43:36.364root 11241100x8000000000000000264233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3159b1e5413dd0532023-02-08 09:43:36.364root 11241100x8000000000000000264247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04423ea7b78f6bc2023-02-08 09:43:36.365root 11241100x8000000000000000264246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d711b44e63558b362023-02-08 09:43:36.365root 11241100x8000000000000000264245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eef45dd4cf7c5e62023-02-08 09:43:36.365root 11241100x8000000000000000264244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc31f5a0e09caec62023-02-08 09:43:36.365root 11241100x8000000000000000264243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5063933087ab24c62023-02-08 09:43:36.365root 11241100x8000000000000000264242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668128f241ec0bab2023-02-08 09:43:36.365root 11241100x8000000000000000264241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6085767c423e0d2023-02-08 09:43:36.365root 11241100x8000000000000000264253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9981d264fefe4e32023-02-08 09:43:36.366root 11241100x8000000000000000264252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0748ea01060447ec2023-02-08 09:43:36.366root 11241100x8000000000000000264251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eb29438c9f3ccc2023-02-08 09:43:36.366root 11241100x8000000000000000264250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc145a37c2da53b42023-02-08 09:43:36.366root 11241100x8000000000000000264249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb1ecb6188ed6e2023-02-08 09:43:36.366root 11241100x8000000000000000264248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affedc555d907ef32023-02-08 09:43:36.366root 11241100x8000000000000000264254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212a84ee3dd7284a2023-02-08 09:43:36.367root 11241100x8000000000000000264260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14311dee341bcf512023-02-08 09:43:36.368root 11241100x8000000000000000264259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835062a100276dd82023-02-08 09:43:36.368root 11241100x8000000000000000264258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86bdbcb41f8a26a2023-02-08 09:43:36.368root 11241100x8000000000000000264257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6026dc7575f622023-02-08 09:43:36.368root 11241100x8000000000000000264256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b430e5de0634453d2023-02-08 09:43:36.368root 11241100x8000000000000000264255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5efdeaf4286d3d72023-02-08 09:43:36.368root 11241100x8000000000000000264265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62bdb559fc06af12023-02-08 09:43:36.369root 11241100x8000000000000000264264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160c717dc5a32caf2023-02-08 09:43:36.369root 11241100x8000000000000000264263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02aaaa84c0fbfcd2023-02-08 09:43:36.369root 11241100x8000000000000000264262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e70b52ce4922a2023-02-08 09:43:36.369root 11241100x8000000000000000264261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398d8617f798f1f2023-02-08 09:43:36.369root 11241100x8000000000000000264273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4ac6352cd0e4c2023-02-08 09:43:36.371root 11241100x8000000000000000264272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0501edda7c96c8a2023-02-08 09:43:36.371root 11241100x8000000000000000264271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1d9a797ea751742023-02-08 09:43:36.371root 11241100x8000000000000000264270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd127d76115f8ef52023-02-08 09:43:36.371root 11241100x8000000000000000264269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e619e8badd9cd6262023-02-08 09:43:36.371root 11241100x8000000000000000264268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ab2785eb7ee1332023-02-08 09:43:36.371root 11241100x8000000000000000264267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1aa16f1ad16c132023-02-08 09:43:36.371root 11241100x8000000000000000264266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abcd997ec1b0742023-02-08 09:43:36.371root 11241100x8000000000000000264280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7890ffae8f898862023-02-08 09:43:36.372root 11241100x8000000000000000264279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e675d40f07facf2023-02-08 09:43:36.372root 11241100x8000000000000000264278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af26b440737d51f2023-02-08 09:43:36.372root 11241100x8000000000000000264277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a249df19239e4c2023-02-08 09:43:36.372root 11241100x8000000000000000264276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a2064e99937b712023-02-08 09:43:36.372root 11241100x8000000000000000264275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f831fa3b533bf62023-02-08 09:43:36.372root 11241100x8000000000000000264274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b09a1ff89c8912023-02-08 09:43:36.372root 11241100x8000000000000000264284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.373{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acde63119cb7717c2023-02-08 09:43:36.373root 11241100x8000000000000000264283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.373{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816f09b3fc508b62023-02-08 09:43:36.373root 11241100x8000000000000000264282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.373{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79974a4e5634f78e2023-02-08 09:43:36.373root 11241100x8000000000000000264281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.373{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c5ac97293c13302023-02-08 09:43:36.373root 11241100x8000000000000000264294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a075cdbb60de74c02023-02-08 09:43:36.374root 11241100x8000000000000000264293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e533c93d1a64b55c2023-02-08 09:43:36.374root 11241100x8000000000000000264292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c489ecbca073b372023-02-08 09:43:36.374root 11241100x8000000000000000264291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7390d60e0a1e27b42023-02-08 09:43:36.374root 11241100x8000000000000000264290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5492c0bedaec63942023-02-08 09:43:36.374root 11241100x8000000000000000264289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97144bc197611a82023-02-08 09:43:36.374root 11241100x8000000000000000264288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995eb261ec6286cd2023-02-08 09:43:36.374root 11241100x8000000000000000264287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0963de6fcc1971eb2023-02-08 09:43:36.374root 11241100x8000000000000000264286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c586d8ebc5b3a9b32023-02-08 09:43:36.374root 11241100x8000000000000000264285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.374{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3df8a801577ebe2023-02-08 09:43:36.374root 11241100x8000000000000000264307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed4031c3fa44caf2023-02-08 09:43:36.375root 11241100x8000000000000000264306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d3668d3ecc95512023-02-08 09:43:36.375root 11241100x8000000000000000264305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc09dc37feef5242023-02-08 09:43:36.375root 11241100x8000000000000000264304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7375d0ea64a74cce2023-02-08 09:43:36.375root 11241100x8000000000000000264303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534cc4c681b25802023-02-08 09:43:36.375root 11241100x8000000000000000264302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd60d581f6b0cbb52023-02-08 09:43:36.375root 11241100x8000000000000000264301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3d91bcaa9b33e32023-02-08 09:43:36.375root 11241100x8000000000000000264300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b95a2f7095b5792023-02-08 09:43:36.375root 11241100x8000000000000000264299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efefb796cbddb7662023-02-08 09:43:36.375root 11241100x8000000000000000264298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c9b20d040d60f42023-02-08 09:43:36.375root 11241100x8000000000000000264297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d282834c45b3f6d2023-02-08 09:43:36.375root 11241100x8000000000000000264296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a0293c543b45aa2023-02-08 09:43:36.375root 11241100x8000000000000000264295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.375{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae134e23d7fe9ee2023-02-08 09:43:36.375root 11241100x8000000000000000264314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a812bfdfd8ee0c42023-02-08 09:43:36.734root 11241100x8000000000000000264313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d47b1e15198af702023-02-08 09:43:36.734root 11241100x8000000000000000264312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333939c47e77198f2023-02-08 09:43:36.734root 11241100x8000000000000000264311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210489a103f8b5e2023-02-08 09:43:36.734root 11241100x8000000000000000264310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443c619dd0d3cce92023-02-08 09:43:36.734root 11241100x8000000000000000264309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072f91985c4f63f22023-02-08 09:43:36.734root 11241100x8000000000000000264308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd387206d2e8f6512023-02-08 09:43:36.734root 11241100x8000000000000000264321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcf0c322d03f8a32023-02-08 09:43:36.735root 11241100x8000000000000000264320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb4d2ea804f54e22023-02-08 09:43:36.735root 11241100x8000000000000000264319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dda0cfd23754dc2023-02-08 09:43:36.735root 11241100x8000000000000000264318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e21275bbb3c7452023-02-08 09:43:36.735root 11241100x8000000000000000264317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ba8ff24393abe2023-02-08 09:43:36.735root 11241100x8000000000000000264316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ef10bd9be34c8a2023-02-08 09:43:36.735root 11241100x8000000000000000264315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69e860dceefa1542023-02-08 09:43:36.735root 11241100x8000000000000000264325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d3c6fb1fa2ef5d2023-02-08 09:43:36.736root 11241100x8000000000000000264324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cef49c4bc90b70f2023-02-08 09:43:36.736root 11241100x8000000000000000264323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b27544277542d2023-02-08 09:43:36.736root 11241100x8000000000000000264322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e54df8725989ee2023-02-08 09:43:36.736root 11241100x8000000000000000264327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740dfc47b66483fd2023-02-08 09:43:36.737root 11241100x8000000000000000264326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c454d2b6f8d3aaf2023-02-08 09:43:36.737root 11241100x8000000000000000264335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67a17b074d9a5f2023-02-08 09:43:36.738root 11241100x8000000000000000264334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e94e2b46bc95f2023-02-08 09:43:36.738root 11241100x8000000000000000264333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766adc55d934d47f2023-02-08 09:43:36.738root 11241100x8000000000000000264332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fbf81cff0edce72023-02-08 09:43:36.738root 11241100x8000000000000000264331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b84ec6191cd49c2023-02-08 09:43:36.738root 11241100x8000000000000000264330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43227c8ececdc292023-02-08 09:43:36.738root 11241100x8000000000000000264329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd4f0fe509cb81b2023-02-08 09:43:36.738root 11241100x8000000000000000264328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6040137110d9b19b2023-02-08 09:43:36.738root 11241100x8000000000000000264344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cb77a6886b83642023-02-08 09:43:36.739root 11241100x8000000000000000264343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f240a4a00201809a2023-02-08 09:43:36.739root 11241100x8000000000000000264342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a08dce83ffb252023-02-08 09:43:36.739root 11241100x8000000000000000264341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac88060a4ddef7a2023-02-08 09:43:36.739root 11241100x8000000000000000264340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13385a9da2930842023-02-08 09:43:36.739root 11241100x8000000000000000264339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51ccd79705b2f72023-02-08 09:43:36.739root 11241100x8000000000000000264338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606cd92f9e7906562023-02-08 09:43:36.739root 11241100x8000000000000000264337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edd8fdecbf8879b2023-02-08 09:43:36.739root 11241100x8000000000000000264336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871f1fd04e16473d2023-02-08 09:43:36.739root 11241100x8000000000000000264351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac086f16063122a02023-02-08 09:43:36.740root 11241100x8000000000000000264350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57756d62f040c83f2023-02-08 09:43:36.740root 11241100x8000000000000000264349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d972c6460b41f9c2023-02-08 09:43:36.740root 11241100x8000000000000000264348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cdf8309d07cbf72023-02-08 09:43:36.740root 11241100x8000000000000000264347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a93f1e0f1141ce2023-02-08 09:43:36.740root 11241100x8000000000000000264346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5572424ae793fee2023-02-08 09:43:36.740root 11241100x8000000000000000264345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb821f8935e5a212023-02-08 09:43:36.740root 11241100x8000000000000000264354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af41e33dfb0d1a972023-02-08 09:43:36.741root 11241100x8000000000000000264353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf239cee0d2d0372023-02-08 09:43:36.741root 11241100x8000000000000000264352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e8bb617ea9bcc32023-02-08 09:43:36.741root 11241100x8000000000000000264362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd8e195087468a2023-02-08 09:43:37.235root 11241100x8000000000000000264361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79d4581cf94fe0a2023-02-08 09:43:37.235root 11241100x8000000000000000264360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdc04b95333a1782023-02-08 09:43:37.235root 11241100x8000000000000000264359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0b4b22896756352023-02-08 09:43:37.235root 11241100x8000000000000000264358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f487b75df998e2023-02-08 09:43:37.235root 11241100x8000000000000000264357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90af64759469516e2023-02-08 09:43:37.235root 11241100x8000000000000000264356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35bd0c1d935d05b2023-02-08 09:43:37.235root 11241100x8000000000000000264355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dc1f34568beffc2023-02-08 09:43:37.235root 11241100x8000000000000000264371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1cb9d2b13e019b2023-02-08 09:43:37.236root 11241100x8000000000000000264370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51635ec7fc8286d2023-02-08 09:43:37.236root 11241100x8000000000000000264369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0513f081ff8cc8c82023-02-08 09:43:37.236root 11241100x8000000000000000264368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbff383ceb0c6852023-02-08 09:43:37.236root 11241100x8000000000000000264367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65777f0517e3d59c2023-02-08 09:43:37.236root 11241100x8000000000000000264366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae31563e5edab79c2023-02-08 09:43:37.236root 11241100x8000000000000000264365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb406eac76653562023-02-08 09:43:37.236root 11241100x8000000000000000264364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b21d88f435d804b2023-02-08 09:43:37.236root 11241100x8000000000000000264363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac0f8b46914c0ea2023-02-08 09:43:37.236root 11241100x8000000000000000264379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc67c93e29e00e142023-02-08 09:43:37.237root 11241100x8000000000000000264378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d07b5d6a5f18682023-02-08 09:43:37.237root 11241100x8000000000000000264377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ce46804e8384e42023-02-08 09:43:37.237root 11241100x8000000000000000264376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab0ae1d0def6d3c2023-02-08 09:43:37.237root 11241100x8000000000000000264375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e91026748afcf72023-02-08 09:43:37.237root 11241100x8000000000000000264374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52582b54e0ac7f042023-02-08 09:43:37.237root 11241100x8000000000000000264373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff98c18b2e8d652023-02-08 09:43:37.237root 11241100x8000000000000000264372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d09bc73847e94d2023-02-08 09:43:37.237root 11241100x8000000000000000264383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80fb77468f9a4142023-02-08 09:43:37.238root 11241100x8000000000000000264382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babd913c6c2522032023-02-08 09:43:37.238root 11241100x8000000000000000264381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5448a5135f2eb92023-02-08 09:43:37.238root 11241100x8000000000000000264380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0625d48be3840c9e2023-02-08 09:43:37.238root 11241100x8000000000000000264393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c71f139535fd62023-02-08 09:43:37.239root 11241100x8000000000000000264392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236ad76409e8a55e2023-02-08 09:43:37.239root 11241100x8000000000000000264391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee7fd7d6af546762023-02-08 09:43:37.239root 11241100x8000000000000000264390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba86e1979412d3f2023-02-08 09:43:37.239root 11241100x8000000000000000264389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139c8a15a55e5a442023-02-08 09:43:37.239root 11241100x8000000000000000264388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63121b35692b61412023-02-08 09:43:37.239root 11241100x8000000000000000264387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a30c9d2add5629f2023-02-08 09:43:37.239root 11241100x8000000000000000264386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60bf4f284c63f82023-02-08 09:43:37.239root 11241100x8000000000000000264385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad76d2be85b23f2023-02-08 09:43:37.239root 11241100x8000000000000000264384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a68a947f63eda12023-02-08 09:43:37.239root 11241100x8000000000000000264396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae3f3957f839fd2023-02-08 09:43:37.240root 11241100x8000000000000000264395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eeeb940a5c02b42023-02-08 09:43:37.240root 11241100x8000000000000000264394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63e62ead8d2a6f2023-02-08 09:43:37.240root 11241100x8000000000000000264397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231148fcb7cd8eca2023-02-08 09:43:37.734root 11241100x8000000000000000264412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a380e4172cbab7d2023-02-08 09:43:37.735root 11241100x8000000000000000264411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa43db3c476b95c2023-02-08 09:43:37.735root 11241100x8000000000000000264410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b36af23b214aec2023-02-08 09:43:37.735root 11241100x8000000000000000264409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac91cb031aa9bb2023-02-08 09:43:37.735root 11241100x8000000000000000264408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4dcfb4fd0bfdc2023-02-08 09:43:37.735root 11241100x8000000000000000264407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd5e091e0515fd2023-02-08 09:43:37.735root 11241100x8000000000000000264406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab6d1aaf9af67f2023-02-08 09:43:37.735root 11241100x8000000000000000264405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a5fe9afc49fb182023-02-08 09:43:37.735root 11241100x8000000000000000264404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8af97f9588a98e2023-02-08 09:43:37.735root 11241100x8000000000000000264403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9cdf7ad7438c9b2023-02-08 09:43:37.735root 11241100x8000000000000000264402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a660b3c441b6b3512023-02-08 09:43:37.735root 11241100x8000000000000000264401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d387e359a02259c82023-02-08 09:43:37.735root 11241100x8000000000000000264400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a43ebfeeee31b8b2023-02-08 09:43:37.735root 11241100x8000000000000000264399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8964c306e763aca2023-02-08 09:43:37.735root 11241100x8000000000000000264398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68458daa0ba426d82023-02-08 09:43:37.735root 11241100x8000000000000000264424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c80f2375bfb26d2023-02-08 09:43:37.736root 11241100x8000000000000000264423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9602f2228b092b952023-02-08 09:43:37.736root 11241100x8000000000000000264422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fa5b2cef9b7fb02023-02-08 09:43:37.736root 11241100x8000000000000000264421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c2276a7b30fade2023-02-08 09:43:37.736root 11241100x8000000000000000264420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d0c33624c96312023-02-08 09:43:37.736root 11241100x8000000000000000264419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfe1b5cbb9c00932023-02-08 09:43:37.736root 11241100x8000000000000000264418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344d38a8013150ea2023-02-08 09:43:37.736root 11241100x8000000000000000264417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4341a5dd6c60e2023-02-08 09:43:37.736root 11241100x8000000000000000264416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecfdc004417181d2023-02-08 09:43:37.736root 11241100x8000000000000000264415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f935db0b46add0e82023-02-08 09:43:37.736root 11241100x8000000000000000264414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc370b84b5bade02023-02-08 09:43:37.736root 11241100x8000000000000000264413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d251efbf7f8c20932023-02-08 09:43:37.736root 11241100x8000000000000000264433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85c0c733a96aae2023-02-08 09:43:37.737root 11241100x8000000000000000264432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9993d637f980555a2023-02-08 09:43:37.737root 11241100x8000000000000000264431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90145735ca243f452023-02-08 09:43:37.737root 11241100x8000000000000000264430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b95d7dfaed9752023-02-08 09:43:37.737root 11241100x8000000000000000264429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66562f3fc8ce8042023-02-08 09:43:37.737root 11241100x8000000000000000264428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a468d3cbd17052b2023-02-08 09:43:37.737root 11241100x8000000000000000264427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf708ec4825564722023-02-08 09:43:37.737root 11241100x8000000000000000264426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94272cf12d034f62023-02-08 09:43:37.737root 11241100x8000000000000000264425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5bbb550e8d00032023-02-08 09:43:37.737root 11241100x8000000000000000264438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9398cceb3c5f1772023-02-08 09:43:37.738root 11241100x8000000000000000264437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361eba607c0ccb072023-02-08 09:43:37.738root 11241100x8000000000000000264436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f0b85ef0e8ed8e2023-02-08 09:43:37.738root 11241100x8000000000000000264435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2590d6509781da282023-02-08 09:43:37.738root 11241100x8000000000000000264434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868ec1ef386e5fb52023-02-08 09:43:37.738root 354300x8000000000000000264439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.150{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50822-false10.0.1.12-8000- 11241100x8000000000000000264447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbe5d3d966380382023-02-08 09:43:38.151root 11241100x8000000000000000264446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c69c4d223eac4f2023-02-08 09:43:38.151root 11241100x8000000000000000264445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6d4cd2cc5e21822023-02-08 09:43:38.151root 11241100x8000000000000000264444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e50c2f035b616582023-02-08 09:43:38.151root 11241100x8000000000000000264443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f241944e484a1d2023-02-08 09:43:38.151root 11241100x8000000000000000264442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f503865456c91f42023-02-08 09:43:38.151root 11241100x8000000000000000264441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158e5722967da7a92023-02-08 09:43:38.151root 11241100x8000000000000000264440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6edeae08f537d42023-02-08 09:43:38.151root 11241100x8000000000000000264452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faff1f3c5b4290d22023-02-08 09:43:38.152root 11241100x8000000000000000264451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa10a76e55c53432023-02-08 09:43:38.152root 11241100x8000000000000000264450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6a294056078ab92023-02-08 09:43:38.152root 11241100x8000000000000000264449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfbe90b1a4990dc2023-02-08 09:43:38.152root 11241100x8000000000000000264448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ca14af8a12c42c2023-02-08 09:43:38.152root 11241100x8000000000000000264467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a930f9f2f3f628432023-02-08 09:43:38.153root 11241100x8000000000000000264466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e299f1630706f02023-02-08 09:43:38.153root 11241100x8000000000000000264465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634ee19a8ee486a72023-02-08 09:43:38.153root 11241100x8000000000000000264464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966bc53af0e72ba12023-02-08 09:43:38.153root 11241100x8000000000000000264463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c24d8046fcf9e152023-02-08 09:43:38.153root 11241100x8000000000000000264462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a0abbf75b14e5d2023-02-08 09:43:38.153root 11241100x8000000000000000264461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f49041ea27533d2023-02-08 09:43:38.153root 11241100x8000000000000000264460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62dc89159dfbf7f2023-02-08 09:43:38.153root 11241100x8000000000000000264459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bd36c43eb0fd862023-02-08 09:43:38.153root 11241100x8000000000000000264458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba612c93b9bc81c62023-02-08 09:43:38.153root 11241100x8000000000000000264457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166f3c082853f12d2023-02-08 09:43:38.153root 11241100x8000000000000000264456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8222f91619264fef2023-02-08 09:43:38.153root 11241100x8000000000000000264455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f32c6479ff60642023-02-08 09:43:38.153root 11241100x8000000000000000264454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fab9aaf0c86b2582023-02-08 09:43:38.153root 11241100x8000000000000000264453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccecc8ebd1d2ee72023-02-08 09:43:38.153root 11241100x8000000000000000264482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dd31c484edc1182023-02-08 09:43:38.154root 11241100x8000000000000000264481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e99658cc414ce992023-02-08 09:43:38.154root 11241100x8000000000000000264480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b99c14e00fd790f2023-02-08 09:43:38.154root 11241100x8000000000000000264479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a270ecc2329aaa52023-02-08 09:43:38.154root 11241100x8000000000000000264478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf08330e83db88b2023-02-08 09:43:38.154root 11241100x8000000000000000264477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d32f25b3d2ffe2023-02-08 09:43:38.154root 11241100x8000000000000000264476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea99348c06df5882023-02-08 09:43:38.154root 11241100x8000000000000000264475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9dc853eaf60c612023-02-08 09:43:38.154root 11241100x8000000000000000264474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d285fd6f95771a32023-02-08 09:43:38.154root 11241100x8000000000000000264473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d86d882236d47452023-02-08 09:43:38.154root 11241100x8000000000000000264472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d5f8c38e0546f2023-02-08 09:43:38.154root 11241100x8000000000000000264471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186174c199ed3c052023-02-08 09:43:38.154root 11241100x8000000000000000264470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29a0393ab8a83f52023-02-08 09:43:38.154root 11241100x8000000000000000264469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410e14734d0b55be2023-02-08 09:43:38.154root 11241100x8000000000000000264468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa7570cfc066ca42023-02-08 09:43:38.154root 11241100x8000000000000000264494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28efc1bdb2bf26e12023-02-08 09:43:38.155root 11241100x8000000000000000264493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6442cd3efca998cf2023-02-08 09:43:38.155root 11241100x8000000000000000264492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6650158a9280fa52023-02-08 09:43:38.155root 11241100x8000000000000000264491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1ee0a5782ca572023-02-08 09:43:38.155root 11241100x8000000000000000264490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b7ce06c276c3862023-02-08 09:43:38.155root 11241100x8000000000000000264489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d905033f3ca82c02023-02-08 09:43:38.155root 11241100x8000000000000000264488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b612b1cdbb24025f2023-02-08 09:43:38.155root 11241100x8000000000000000264487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54948b85de090a62023-02-08 09:43:38.155root 11241100x8000000000000000264486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f1dfd0604a117e2023-02-08 09:43:38.155root 11241100x8000000000000000264485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcadcca74a1d6552023-02-08 09:43:38.155root 11241100x8000000000000000264484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06213bd962f605d82023-02-08 09:43:38.155root 11241100x8000000000000000264483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02a6490fc7a3aa32023-02-08 09:43:38.155root 11241100x8000000000000000264498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9411260dc7080ed12023-02-08 09:43:38.484root 11241100x8000000000000000264497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3074903035f998d22023-02-08 09:43:38.484root 11241100x8000000000000000264496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19b4a38ff539df52023-02-08 09:43:38.484root 11241100x8000000000000000264495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f19504b30466af2023-02-08 09:43:38.484root 11241100x8000000000000000264509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b219d8a1030c2fdc2023-02-08 09:43:38.485root 11241100x8000000000000000264508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8933a2ffbf1d882023-02-08 09:43:38.485root 11241100x8000000000000000264507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761571aa810acbb92023-02-08 09:43:38.485root 11241100x8000000000000000264506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f705de54bbd10b2023-02-08 09:43:38.485root 11241100x8000000000000000264505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d520dbb8572ad3a2023-02-08 09:43:38.485root 11241100x8000000000000000264504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18570a2353fd4e512023-02-08 09:43:38.485root 11241100x8000000000000000264503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261b4ff6643aa33c2023-02-08 09:43:38.485root 11241100x8000000000000000264502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c2f61d2e9bda422023-02-08 09:43:38.485root 11241100x8000000000000000264501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d4237bcebae1af2023-02-08 09:43:38.485root 11241100x8000000000000000264500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b208ce4d58bc056a2023-02-08 09:43:38.485root 11241100x8000000000000000264499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd710137cc9c5cca2023-02-08 09:43:38.485root 11241100x8000000000000000264518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efeb12a4a1360aa2023-02-08 09:43:38.486root 11241100x8000000000000000264517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfecbe7339709b2023-02-08 09:43:38.486root 11241100x8000000000000000264516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f48c2958c11f5b2023-02-08 09:43:38.486root 11241100x8000000000000000264515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa5d0cd647562752023-02-08 09:43:38.486root 11241100x8000000000000000264514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e10cfc0fcb7112023-02-08 09:43:38.486root 11241100x8000000000000000264513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c9bdb2edee28a32023-02-08 09:43:38.486root 11241100x8000000000000000264512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f42aa4342322572023-02-08 09:43:38.486root 11241100x8000000000000000264511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870e7f8ca9a95bd12023-02-08 09:43:38.486root 11241100x8000000000000000264510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffd6a15365bc4c2023-02-08 09:43:38.486root 11241100x8000000000000000264527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee3eddf570e3ad02023-02-08 09:43:38.487root 11241100x8000000000000000264526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf384a6d3ba1ed8b2023-02-08 09:43:38.487root 11241100x8000000000000000264525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fb73c98e318cb2023-02-08 09:43:38.487root 11241100x8000000000000000264524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1436577a29c021f32023-02-08 09:43:38.487root 11241100x8000000000000000264523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc03f46fa63dc73e2023-02-08 09:43:38.487root 11241100x8000000000000000264522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcd6dbfe463fb962023-02-08 09:43:38.487root 11241100x8000000000000000264521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06e6cb2753a5f552023-02-08 09:43:38.487root 11241100x8000000000000000264520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799eaeefb5ecfa5b2023-02-08 09:43:38.487root 11241100x8000000000000000264519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6c17aca108b1312023-02-08 09:43:38.487root 11241100x8000000000000000264535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61f771ee86fc6a72023-02-08 09:43:38.488root 11241100x8000000000000000264534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29505c6ce7df2452023-02-08 09:43:38.488root 11241100x8000000000000000264533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f4671a0f8dcee42023-02-08 09:43:38.488root 11241100x8000000000000000264532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d509ce3d4157aa8d2023-02-08 09:43:38.488root 11241100x8000000000000000264531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6977024daacccd2023-02-08 09:43:38.488root 11241100x8000000000000000264530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd261a4a74ccecf82023-02-08 09:43:38.488root 11241100x8000000000000000264529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b586dbff0e0928482023-02-08 09:43:38.488root 11241100x8000000000000000264528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3dcfbff0140c272023-02-08 09:43:38.488root 11241100x8000000000000000264542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43288c50119403432023-02-08 09:43:38.489root 11241100x8000000000000000264541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62275207277b1ca72023-02-08 09:43:38.489root 11241100x8000000000000000264540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37f51828291e45b2023-02-08 09:43:38.489root 11241100x8000000000000000264539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916da80d80682a7f2023-02-08 09:43:38.489root 11241100x8000000000000000264538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9eb9d467bac7772023-02-08 09:43:38.489root 11241100x8000000000000000264537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298ab4daf58f1d22023-02-08 09:43:38.489root 11241100x8000000000000000264536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f90bd3f618f58822023-02-08 09:43:38.489root 11241100x8000000000000000264550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e886a9e2bfeefc2023-02-08 09:43:38.490root 11241100x8000000000000000264549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20257ea8e65ed292023-02-08 09:43:38.490root 11241100x8000000000000000264548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd20f5b2782630b2023-02-08 09:43:38.490root 11241100x8000000000000000264547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d0213caeda7c672023-02-08 09:43:38.490root 11241100x8000000000000000264546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622fc615fa06edcc2023-02-08 09:43:38.490root 11241100x8000000000000000264545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfd3d750553adb62023-02-08 09:43:38.490root 11241100x8000000000000000264544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f56273818c366702023-02-08 09:43:38.490root 11241100x8000000000000000264543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df839507e183f22023-02-08 09:43:38.490root 11241100x8000000000000000264558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcfce790e12fd1c2023-02-08 09:43:38.491root 11241100x8000000000000000264557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445eed4cd4c92c6e2023-02-08 09:43:38.491root 11241100x8000000000000000264556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6144700bbf5565832023-02-08 09:43:38.491root 11241100x8000000000000000264555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e144edf8a7b698302023-02-08 09:43:38.491root 11241100x8000000000000000264554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1399e35ed2ae08392023-02-08 09:43:38.491root 11241100x8000000000000000264553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067da2c8c9ba556c2023-02-08 09:43:38.491root 11241100x8000000000000000264552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d693253c5a76b1b2023-02-08 09:43:38.491root 11241100x8000000000000000264551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb89c92186c58112023-02-08 09:43:38.491root 11241100x8000000000000000264567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a1600ebbbad7d62023-02-08 09:43:38.492root 11241100x8000000000000000264566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a181fe4d669848a2023-02-08 09:43:38.492root 11241100x8000000000000000264565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47800fb2916c745a2023-02-08 09:43:38.492root 11241100x8000000000000000264564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7669c218b00b2572023-02-08 09:43:38.492root 11241100x8000000000000000264563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6647b81f2fd8bf92023-02-08 09:43:38.492root 11241100x8000000000000000264562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ea6fec77c1925a2023-02-08 09:43:38.492root 11241100x8000000000000000264561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ce475e06238ee82023-02-08 09:43:38.492root 11241100x8000000000000000264560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57b251117531652023-02-08 09:43:38.492root 11241100x8000000000000000264559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669c27fe0e8a517c2023-02-08 09:43:38.492root 11241100x8000000000000000264577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274671a8f7f438e22023-02-08 09:43:38.493root 11241100x8000000000000000264576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df88451e909bb7f22023-02-08 09:43:38.493root 11241100x8000000000000000264575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214ccdc329a942d62023-02-08 09:43:38.493root 11241100x8000000000000000264574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44126989570599d82023-02-08 09:43:38.493root 11241100x8000000000000000264573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53714fbf5c59d63b2023-02-08 09:43:38.493root 11241100x8000000000000000264572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d4ad1da0921f52023-02-08 09:43:38.493root 11241100x8000000000000000264571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946823f14c9b17472023-02-08 09:43:38.493root 11241100x8000000000000000264570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d705702689f79c2023-02-08 09:43:38.493root 11241100x8000000000000000264569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6f10a0103f609d2023-02-08 09:43:38.493root 11241100x8000000000000000264568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f22a44eb5c35ab02023-02-08 09:43:38.493root 11241100x8000000000000000264586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1f32f090d017792023-02-08 09:43:38.494root 11241100x8000000000000000264585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b200c63df5686382023-02-08 09:43:38.494root 11241100x8000000000000000264584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c919129b13e3a302023-02-08 09:43:38.494root 11241100x8000000000000000264583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a25c9eb98726922023-02-08 09:43:38.494root 11241100x8000000000000000264582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5760d9178aa443c2023-02-08 09:43:38.494root 11241100x8000000000000000264581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c972b544c43d04832023-02-08 09:43:38.494root 11241100x8000000000000000264580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d865e63990c2f22023-02-08 09:43:38.494root 11241100x8000000000000000264579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd95182303cefc8e2023-02-08 09:43:38.494root 11241100x8000000000000000264578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d9c588b49cdd862023-02-08 09:43:38.494root 11241100x8000000000000000264587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238554af6db7a8eb2023-02-08 09:43:38.495root 11241100x8000000000000000264588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa585798908f5b8f2023-02-08 09:43:38.984root 11241100x8000000000000000264596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da5b8ce600d35dc2023-02-08 09:43:38.985root 11241100x8000000000000000264595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0b1b7a892ef82a2023-02-08 09:43:38.985root 11241100x8000000000000000264594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb0daff545b1db02023-02-08 09:43:38.985root 11241100x8000000000000000264593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3178fcfa2a498f82023-02-08 09:43:38.985root 11241100x8000000000000000264592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d21e1e1aac11102023-02-08 09:43:38.985root 11241100x8000000000000000264591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3464d75f08f49b752023-02-08 09:43:38.985root 11241100x8000000000000000264590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778adfe4ba37af7b2023-02-08 09:43:38.985root 11241100x8000000000000000264589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b2874fcc7102b2023-02-08 09:43:38.985root 11241100x8000000000000000264604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b90f2d0b5dd6fc2023-02-08 09:43:38.986root 11241100x8000000000000000264603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a61d0a0d964ce92023-02-08 09:43:38.986root 11241100x8000000000000000264602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0e9e5ef329f4682023-02-08 09:43:38.986root 11241100x8000000000000000264601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd8a9e94a9501e2023-02-08 09:43:38.986root 11241100x8000000000000000264600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43322f4ffee7e712023-02-08 09:43:38.986root 11241100x8000000000000000264599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f99f9b7cd26b512023-02-08 09:43:38.986root 11241100x8000000000000000264598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03cec0539ecb8c42023-02-08 09:43:38.986root 11241100x8000000000000000264597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140b8eef660c5e442023-02-08 09:43:38.986root 11241100x8000000000000000264610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336e901364c1a30d2023-02-08 09:43:38.987root 11241100x8000000000000000264609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a708ef0ee43d512023-02-08 09:43:38.987root 11241100x8000000000000000264608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b1a3b4ef7dfcb12023-02-08 09:43:38.987root 11241100x8000000000000000264607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07040cd1a0c4bc12023-02-08 09:43:38.987root 11241100x8000000000000000264606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded0cb34e2c215352023-02-08 09:43:38.987root 11241100x8000000000000000264605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0336b590bd214fe52023-02-08 09:43:38.987root 11241100x8000000000000000264618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c96fc86d7f43892023-02-08 09:43:38.988root 11241100x8000000000000000264617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eac690ec1c869e2023-02-08 09:43:38.988root 11241100x8000000000000000264616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d45c51522372b92023-02-08 09:43:38.988root 11241100x8000000000000000264615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42421c3fa63b2ee02023-02-08 09:43:38.988root 11241100x8000000000000000264614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75599e26a63a61fe2023-02-08 09:43:38.988root 11241100x8000000000000000264613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafd565ce94aaf102023-02-08 09:43:38.988root 11241100x8000000000000000264612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2028151e6331cb92023-02-08 09:43:38.988root 11241100x8000000000000000264611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df88e004618560b2023-02-08 09:43:38.988root 11241100x8000000000000000264626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8038978c1a5e80d22023-02-08 09:43:38.989root 11241100x8000000000000000264625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ad17526d0fb1f82023-02-08 09:43:38.989root 11241100x8000000000000000264624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a2ae25f9b463962023-02-08 09:43:38.989root 11241100x8000000000000000264623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cd360fd711abd12023-02-08 09:43:38.989root 11241100x8000000000000000264622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635d0106dbdc3c842023-02-08 09:43:38.989root 11241100x8000000000000000264621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982217160cfc2e442023-02-08 09:43:38.989root 11241100x8000000000000000264620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e63255f653278a2023-02-08 09:43:38.989root 11241100x8000000000000000264619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2339b08b4d09f2023-02-08 09:43:38.989root 11241100x8000000000000000264632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ae701530f0eb512023-02-08 09:43:38.990root 11241100x8000000000000000264631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab05d89702a6c5e2023-02-08 09:43:38.990root 11241100x8000000000000000264630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893ba10f7975a0bd2023-02-08 09:43:38.990root 11241100x8000000000000000264629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fce2f295fddcf52023-02-08 09:43:38.990root 11241100x8000000000000000264628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6513afc94877a5a2023-02-08 09:43:38.990root 11241100x8000000000000000264627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a507d575902be2023-02-08 09:43:38.990root 11241100x8000000000000000264633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:38.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f38be1e7599a6ca2023-02-08 09:43:38.991root 23542300x8000000000000000264634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000264636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e9f20a8323fdfc2023-02-08 09:43:39.365root 11241100x8000000000000000264635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281d4123a76e7dfe2023-02-08 09:43:39.365root 11241100x8000000000000000264646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9d050f6a68c12b2023-02-08 09:43:39.366root 11241100x8000000000000000264645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb63f2526161a1502023-02-08 09:43:39.366root 11241100x8000000000000000264644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273b870af0fec1e82023-02-08 09:43:39.366root 11241100x8000000000000000264643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc15ecec71f61a0d2023-02-08 09:43:39.366root 11241100x8000000000000000264642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185b87867d20a352023-02-08 09:43:39.366root 11241100x8000000000000000264641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f61ea82cb739382023-02-08 09:43:39.366root 11241100x8000000000000000264640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a378cc9d9afaeda52023-02-08 09:43:39.366root 11241100x8000000000000000264639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac6d69a540c22e2023-02-08 09:43:39.366root 11241100x8000000000000000264638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c0d599415d1ed32023-02-08 09:43:39.366root 11241100x8000000000000000264637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e76637b13c81ec92023-02-08 09:43:39.366root 11241100x8000000000000000264655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ee903c3375fd7f2023-02-08 09:43:39.367root 11241100x8000000000000000264654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df09397c84976712023-02-08 09:43:39.367root 11241100x8000000000000000264653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc62898aa47140aa2023-02-08 09:43:39.367root 11241100x8000000000000000264652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cece3275843cd62023-02-08 09:43:39.367root 11241100x8000000000000000264651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab60c73af587dd92023-02-08 09:43:39.367root 11241100x8000000000000000264650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182060b5064986a52023-02-08 09:43:39.367root 11241100x8000000000000000264649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67db9c0e97e3945c2023-02-08 09:43:39.367root 11241100x8000000000000000264648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4c255ca7486a9e2023-02-08 09:43:39.367root 11241100x8000000000000000264647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc97b4b5da4324f2023-02-08 09:43:39.367root 11241100x8000000000000000264664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3b5e2a44f36f182023-02-08 09:43:39.368root 11241100x8000000000000000264663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c19239563b881ec2023-02-08 09:43:39.368root 11241100x8000000000000000264662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566937b218fad85d2023-02-08 09:43:39.368root 11241100x8000000000000000264661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b7f5c9b0785fbb2023-02-08 09:43:39.368root 11241100x8000000000000000264660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb40d976910062be2023-02-08 09:43:39.368root 11241100x8000000000000000264659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f5beba90163d2c2023-02-08 09:43:39.368root 11241100x8000000000000000264658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85392a8103f0291b2023-02-08 09:43:39.368root 11241100x8000000000000000264657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af274f5fc33b4572023-02-08 09:43:39.368root 11241100x8000000000000000264656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39873dfde320a7d2023-02-08 09:43:39.368root 11241100x8000000000000000264671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b6ffc054af19692023-02-08 09:43:39.369root 11241100x8000000000000000264670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628df6504bed94c2023-02-08 09:43:39.369root 11241100x8000000000000000264669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5422e5fb3cb482023-02-08 09:43:39.369root 11241100x8000000000000000264668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066ec342d8f97abf2023-02-08 09:43:39.369root 11241100x8000000000000000264667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ad259d0de34b22023-02-08 09:43:39.369root 11241100x8000000000000000264666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86baf6479814692023-02-08 09:43:39.369root 11241100x8000000000000000264665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667762341bfb30f32023-02-08 09:43:39.369root 11241100x8000000000000000264681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9829998d74bf205a2023-02-08 09:43:39.370root 11241100x8000000000000000264680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193edf7c2e510762023-02-08 09:43:39.370root 11241100x8000000000000000264679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14890a9adc8db4d2023-02-08 09:43:39.370root 11241100x8000000000000000264678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014f6cb9b4bd7f32023-02-08 09:43:39.370root 11241100x8000000000000000264677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb12949497107cc2023-02-08 09:43:39.370root 11241100x8000000000000000264676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093e753aeafa7a072023-02-08 09:43:39.370root 11241100x8000000000000000264675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ebe07dee4559e442023-02-08 09:43:39.370root 11241100x8000000000000000264674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd60eb3c7d683432023-02-08 09:43:39.370root 11241100x8000000000000000264673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f727e26b643c122023-02-08 09:43:39.370root 11241100x8000000000000000264672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f225a80e6a523f22023-02-08 09:43:39.370root 11241100x8000000000000000264691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26636751c1c94f12023-02-08 09:43:39.371root 11241100x8000000000000000264690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d46897f629b3372023-02-08 09:43:39.371root 11241100x8000000000000000264689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66b31e29e844e92023-02-08 09:43:39.371root 11241100x8000000000000000264688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4740e217a744dada2023-02-08 09:43:39.371root 11241100x8000000000000000264687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd5e5bd45162e8a2023-02-08 09:43:39.371root 11241100x8000000000000000264686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac6f2abd98117312023-02-08 09:43:39.371root 11241100x8000000000000000264685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad27cdd6cd641f02023-02-08 09:43:39.371root 11241100x8000000000000000264684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14efd309f6ee6a62023-02-08 09:43:39.371root 11241100x8000000000000000264683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b74e49bc07d7a2023-02-08 09:43:39.371root 11241100x8000000000000000264682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117dca3d02fedbc82023-02-08 09:43:39.371root 11241100x8000000000000000264692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe277b0797d76cb2023-02-08 09:43:39.372root 11241100x8000000000000000264693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d365930f1133bcd92023-02-08 09:43:39.734root 11241100x8000000000000000264703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559161e24b73a9cb2023-02-08 09:43:39.735root 11241100x8000000000000000264702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db83fd794de16872023-02-08 09:43:39.735root 11241100x8000000000000000264701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab46a03406fe5c6d2023-02-08 09:43:39.735root 11241100x8000000000000000264700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d067ebd9e86874f72023-02-08 09:43:39.735root 11241100x8000000000000000264699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81173d3fe730e5922023-02-08 09:43:39.735root 11241100x8000000000000000264698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731bcce06ebd9b482023-02-08 09:43:39.735root 11241100x8000000000000000264697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f8559cd6e1cca02023-02-08 09:43:39.735root 11241100x8000000000000000264696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9674cafc75adb4f2023-02-08 09:43:39.735root 11241100x8000000000000000264695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d46573553a51db2023-02-08 09:43:39.735root 11241100x8000000000000000264694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2f2ae6b8bbcaab2023-02-08 09:43:39.735root 11241100x8000000000000000264712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b5015827afb3602023-02-08 09:43:39.736root 11241100x8000000000000000264711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eac8780aa6508c82023-02-08 09:43:39.736root 11241100x8000000000000000264710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866ac41abd57bae32023-02-08 09:43:39.736root 11241100x8000000000000000264709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30644629a0c70e572023-02-08 09:43:39.736root 11241100x8000000000000000264708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66533d8de5be4e162023-02-08 09:43:39.736root 11241100x8000000000000000264707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b48977c70cceae22023-02-08 09:43:39.736root 11241100x8000000000000000264706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20c2f4a267d9182023-02-08 09:43:39.736root 11241100x8000000000000000264705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfc4b448d532cde2023-02-08 09:43:39.736root 11241100x8000000000000000264704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52835c2e82ffe8b52023-02-08 09:43:39.736root 11241100x8000000000000000264717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815c49d7b608ad742023-02-08 09:43:39.737root 11241100x8000000000000000264716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ec76fca1404c8e2023-02-08 09:43:39.737root 11241100x8000000000000000264715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5351edb14be9a2902023-02-08 09:43:39.737root 11241100x8000000000000000264714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a1357b142aa1e82023-02-08 09:43:39.737root 11241100x8000000000000000264713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7d394364309fd02023-02-08 09:43:39.737root 11241100x8000000000000000264720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197ba878f1e0db832023-02-08 09:43:39.738root 11241100x8000000000000000264719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ccb235a8fdf3bb2023-02-08 09:43:39.738root 11241100x8000000000000000264718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e500427b294ed9822023-02-08 09:43:39.738root 11241100x8000000000000000264726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c3af2e4f09a1302023-02-08 09:43:39.739root 11241100x8000000000000000264725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9c1eecea34d2f42023-02-08 09:43:39.739root 11241100x8000000000000000264724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1044e8c9e211d2023-02-08 09:43:39.739root 11241100x8000000000000000264723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902dc774162c76de2023-02-08 09:43:39.739root 11241100x8000000000000000264722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a94fd374293abfe2023-02-08 09:43:39.739root 11241100x8000000000000000264721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5824108a28b375cd2023-02-08 09:43:39.739root 11241100x8000000000000000264728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bd930102629e182023-02-08 09:43:39.740root 11241100x8000000000000000264727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d803b43d173372862023-02-08 09:43:39.740root 11241100x8000000000000000264733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680622f2a0bc11472023-02-08 09:43:39.741root 11241100x8000000000000000264732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747db8c0621198942023-02-08 09:43:39.741root 11241100x8000000000000000264731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415cb7ca92d3a6902023-02-08 09:43:39.741root 11241100x8000000000000000264730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f0ba15b25bf0452023-02-08 09:43:39.741root 11241100x8000000000000000264729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea49898806741c8a2023-02-08 09:43:39.741root 11241100x8000000000000000264740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08a2072e271170e2023-02-08 09:43:39.742root 11241100x8000000000000000264739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78a48f7251810722023-02-08 09:43:39.742root 11241100x8000000000000000264738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fef61c54b6143f52023-02-08 09:43:39.742root 11241100x8000000000000000264737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f36fb623871ae02023-02-08 09:43:39.742root 11241100x8000000000000000264736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f89b980304f8472023-02-08 09:43:39.742root 11241100x8000000000000000264735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02009e9ec2bf1592023-02-08 09:43:39.742root 11241100x8000000000000000264734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14449dcf031bd0292023-02-08 09:43:39.742root 11241100x8000000000000000264744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f417cc46b58a892023-02-08 09:43:39.743root 11241100x8000000000000000264743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6f249115a6eae82023-02-08 09:43:39.743root 11241100x8000000000000000264742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981f9895df284f6c2023-02-08 09:43:39.743root 11241100x8000000000000000264741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:39.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad0d56a2273bea22023-02-08 09:43:39.743root 11241100x8000000000000000264749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8174443a66bfec1a2023-02-08 09:43:40.234root 11241100x8000000000000000264748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74bba3d0a93db322023-02-08 09:43:40.234root 11241100x8000000000000000264747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d778fcc2f8fb13ae2023-02-08 09:43:40.234root 11241100x8000000000000000264746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cac126c10f7031b2023-02-08 09:43:40.234root 11241100x8000000000000000264745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50f021884a96fd62023-02-08 09:43:40.234root 11241100x8000000000000000264759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f2aa44a62e72d2023-02-08 09:43:40.235root 11241100x8000000000000000264758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eedad70f49f47d92023-02-08 09:43:40.235root 11241100x8000000000000000264757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019f296fe0ec9da02023-02-08 09:43:40.235root 11241100x8000000000000000264756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d87f16ff34eb12023-02-08 09:43:40.235root 11241100x8000000000000000264755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223333713abfc0ae2023-02-08 09:43:40.235root 11241100x8000000000000000264754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd21fc67dc7a096d2023-02-08 09:43:40.235root 11241100x8000000000000000264753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b255eef79dd7efb2023-02-08 09:43:40.235root 11241100x8000000000000000264752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54a81b05b8af622023-02-08 09:43:40.235root 11241100x8000000000000000264751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d1a1938e2b9a122023-02-08 09:43:40.235root 11241100x8000000000000000264750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3aaa3f2bcb5e1a2023-02-08 09:43:40.235root 11241100x8000000000000000264768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6232d2481f4cf442023-02-08 09:43:40.236root 11241100x8000000000000000264767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb92a6d83b040ed2023-02-08 09:43:40.236root 11241100x8000000000000000264766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4036b472164fc2002023-02-08 09:43:40.236root 11241100x8000000000000000264765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885850134705c442023-02-08 09:43:40.236root 11241100x8000000000000000264764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a68781990113bee2023-02-08 09:43:40.236root 11241100x8000000000000000264763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b35ec57c0cb4962023-02-08 09:43:40.236root 11241100x8000000000000000264762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfe358aed156af02023-02-08 09:43:40.236root 11241100x8000000000000000264761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e224a7dee81c19242023-02-08 09:43:40.236root 11241100x8000000000000000264760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7935d21199993fd02023-02-08 09:43:40.236root 11241100x8000000000000000264775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99094afeeb62d1932023-02-08 09:43:40.237root 11241100x8000000000000000264774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b193410dd6add2023-02-08 09:43:40.237root 11241100x8000000000000000264773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebeff10094853372023-02-08 09:43:40.237root 11241100x8000000000000000264772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79611b56aba0efae2023-02-08 09:43:40.237root 11241100x8000000000000000264771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b153fa3e67ff3b2023-02-08 09:43:40.237root 11241100x8000000000000000264770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4422beeae54bf1ca2023-02-08 09:43:40.237root 11241100x8000000000000000264769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88edcb1b5a553d2e2023-02-08 09:43:40.237root 11241100x8000000000000000264784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a5e52a54f7a56c2023-02-08 09:43:40.238root 11241100x8000000000000000264783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706eb8209d0113bd2023-02-08 09:43:40.238root 11241100x8000000000000000264782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2955ecdd3a559ce82023-02-08 09:43:40.238root 11241100x8000000000000000264781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70f12675740e7f52023-02-08 09:43:40.238root 11241100x8000000000000000264780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ae00ff1c493b452023-02-08 09:43:40.238root 11241100x8000000000000000264779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4d62fb6960a3372023-02-08 09:43:40.238root 11241100x8000000000000000264778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e93b481edbba2902023-02-08 09:43:40.238root 11241100x8000000000000000264777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c1539ebfdbbb82023-02-08 09:43:40.238root 11241100x8000000000000000264776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892148d4e48eb6832023-02-08 09:43:40.238root 11241100x8000000000000000264792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c185a112c5f6b202023-02-08 09:43:40.239root 11241100x8000000000000000264791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb19ab2926b6462023-02-08 09:43:40.239root 11241100x8000000000000000264790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699579acc69d2f752023-02-08 09:43:40.239root 11241100x8000000000000000264789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80560e61fd7b8bd92023-02-08 09:43:40.239root 11241100x8000000000000000264788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6de2ccfe5ab7fa2023-02-08 09:43:40.239root 11241100x8000000000000000264787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9526d68f16bc24542023-02-08 09:43:40.239root 11241100x8000000000000000264786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55075e64867598b02023-02-08 09:43:40.239root 11241100x8000000000000000264785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed36682a52819b82023-02-08 09:43:40.239root 11241100x8000000000000000264797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e19003808deb8572023-02-08 09:43:40.240root 11241100x8000000000000000264796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c239a7a57b09ce2023-02-08 09:43:40.240root 11241100x8000000000000000264795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a04f5d37489d2c82023-02-08 09:43:40.240root 11241100x8000000000000000264794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987451ec59f67ef12023-02-08 09:43:40.240root 11241100x8000000000000000264793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922675b9c9d536ad2023-02-08 09:43:40.240root 11241100x8000000000000000264798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0648191818c2825d2023-02-08 09:43:40.734root 11241100x8000000000000000264807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39599180e01dcdf22023-02-08 09:43:40.735root 11241100x8000000000000000264806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11524bd5fbdf96bd2023-02-08 09:43:40.735root 11241100x8000000000000000264805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729243f64dca9e5a2023-02-08 09:43:40.735root 11241100x8000000000000000264804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16d0dd11fa2fc0f2023-02-08 09:43:40.735root 11241100x8000000000000000264803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff1476fec2b5f42023-02-08 09:43:40.735root 11241100x8000000000000000264802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a176596950fa112023-02-08 09:43:40.735root 11241100x8000000000000000264801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9fc6379735e77f2023-02-08 09:43:40.735root 11241100x8000000000000000264800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b7d49ccaabfddb2023-02-08 09:43:40.735root 11241100x8000000000000000264799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece272e485b773bb2023-02-08 09:43:40.735root 11241100x8000000000000000264817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37884f11adb3b8db2023-02-08 09:43:40.736root 11241100x8000000000000000264816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4d34fb1cbc35432023-02-08 09:43:40.736root 11241100x8000000000000000264815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d93111818325d52023-02-08 09:43:40.736root 11241100x8000000000000000264814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1dc17e1be265eb2023-02-08 09:43:40.736root 11241100x8000000000000000264813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e70c0699a67d76e2023-02-08 09:43:40.736root 11241100x8000000000000000264812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682e2f189a8d7032023-02-08 09:43:40.736root 11241100x8000000000000000264811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d6e7cdfcbb8152023-02-08 09:43:40.736root 11241100x8000000000000000264810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c2936700c86b422023-02-08 09:43:40.736root 11241100x8000000000000000264809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e983c6868fb40a2b2023-02-08 09:43:40.736root 11241100x8000000000000000264808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28494dd6bf76dff2023-02-08 09:43:40.736root 11241100x8000000000000000264827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b02e412f61b07a2023-02-08 09:43:40.737root 11241100x8000000000000000264826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dd9bd68402b1602023-02-08 09:43:40.737root 11241100x8000000000000000264825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639452e8c757d4f22023-02-08 09:43:40.737root 11241100x8000000000000000264824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1411aa9848301c3c2023-02-08 09:43:40.737root 11241100x8000000000000000264823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe52879822ba3e8b2023-02-08 09:43:40.737root 11241100x8000000000000000264822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e06723cf83fb3882023-02-08 09:43:40.737root 11241100x8000000000000000264821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0690047024e7f42023-02-08 09:43:40.737root 11241100x8000000000000000264820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4ae997068c40742023-02-08 09:43:40.737root 11241100x8000000000000000264819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004222b5fa52d30d2023-02-08 09:43:40.737root 11241100x8000000000000000264818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575d92327ee524f22023-02-08 09:43:40.737root 11241100x8000000000000000264836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4290ac371ea28f682023-02-08 09:43:40.738root 11241100x8000000000000000264835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383167dff330c3a2023-02-08 09:43:40.738root 11241100x8000000000000000264834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b4ec61e36be31c2023-02-08 09:43:40.738root 11241100x8000000000000000264833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f728dd314fbbc2023-02-08 09:43:40.738root 11241100x8000000000000000264832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f1eebb65ddaec82023-02-08 09:43:40.738root 11241100x8000000000000000264831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aab0d7002bba4302023-02-08 09:43:40.738root 11241100x8000000000000000264830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74b9e92ba5bb6ee2023-02-08 09:43:40.738root 11241100x8000000000000000264829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436e46673158f9732023-02-08 09:43:40.738root 11241100x8000000000000000264828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8a4818af1cc1022023-02-08 09:43:40.738root 11241100x8000000000000000264845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec785c5353326bd2023-02-08 09:43:40.739root 11241100x8000000000000000264844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36816eab41cf1dd2023-02-08 09:43:40.739root 11241100x8000000000000000264843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886f6e221986be82023-02-08 09:43:40.739root 11241100x8000000000000000264842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f5960c1adceb682023-02-08 09:43:40.739root 11241100x8000000000000000264841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d88407261ba82e2023-02-08 09:43:40.739root 11241100x8000000000000000264840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47dd01991f11212023-02-08 09:43:40.739root 11241100x8000000000000000264839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53bf78dda826a122023-02-08 09:43:40.739root 11241100x8000000000000000264838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c886a456fd70718c2023-02-08 09:43:40.739root 11241100x8000000000000000264837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b13904e4f25892023-02-08 09:43:40.739root 11241100x8000000000000000264848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2d4e3eda454cc82023-02-08 09:43:40.740root 11241100x8000000000000000264847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e928b677ffc3ed092023-02-08 09:43:40.740root 11241100x8000000000000000264846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:40.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f567d1355c9395182023-02-08 09:43:40.740root 11241100x8000000000000000264851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ac45ebaf1e8cc2023-02-08 09:43:41.234root 11241100x8000000000000000264850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbaed2f37f5913b2023-02-08 09:43:41.234root 11241100x8000000000000000264849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805c6332faa978b12023-02-08 09:43:41.234root 11241100x8000000000000000264861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba4e62fa57467992023-02-08 09:43:41.235root 11241100x8000000000000000264860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf481744175697192023-02-08 09:43:41.235root 11241100x8000000000000000264859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8b386e4aeb74cd2023-02-08 09:43:41.235root 11241100x8000000000000000264858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e69c80f76e67c2023-02-08 09:43:41.235root 11241100x8000000000000000264857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b36e7b90df4d7892023-02-08 09:43:41.235root 11241100x8000000000000000264856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6625fff8d4669dc2023-02-08 09:43:41.235root 11241100x8000000000000000264855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934c3bb11d202fa52023-02-08 09:43:41.235root 11241100x8000000000000000264854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c529608ab430e47d2023-02-08 09:43:41.235root 11241100x8000000000000000264853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e8a0c7dce96c12023-02-08 09:43:41.235root 11241100x8000000000000000264852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ac062ead3350302023-02-08 09:43:41.235root 11241100x8000000000000000264871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186f4fee80a7a5b22023-02-08 09:43:41.236root 11241100x8000000000000000264870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44b4747a0eac682023-02-08 09:43:41.236root 11241100x8000000000000000264869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c9907085c626022023-02-08 09:43:41.236root 11241100x8000000000000000264868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65700372d05efe392023-02-08 09:43:41.236root 11241100x8000000000000000264867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853dc312035ffb912023-02-08 09:43:41.236root 11241100x8000000000000000264866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e7fbfafb08f672023-02-08 09:43:41.236root 11241100x8000000000000000264865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6dd9d6f0dfa7902023-02-08 09:43:41.236root 11241100x8000000000000000264864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0e238fef8cec9d2023-02-08 09:43:41.236root 11241100x8000000000000000264863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fb24fb71c9ef352023-02-08 09:43:41.236root 11241100x8000000000000000264862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a476d2f914698bc72023-02-08 09:43:41.236root 11241100x8000000000000000264880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9bc8c3c248fff92023-02-08 09:43:41.237root 11241100x8000000000000000264879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6899fa3a236755912023-02-08 09:43:41.237root 11241100x8000000000000000264878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd324b7dd1416fda2023-02-08 09:43:41.237root 11241100x8000000000000000264877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3457115635d37a8a2023-02-08 09:43:41.237root 11241100x8000000000000000264876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d6af51c0d258652023-02-08 09:43:41.237root 11241100x8000000000000000264875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c00f36db5d9dec2023-02-08 09:43:41.237root 11241100x8000000000000000264874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203238cd4371d1342023-02-08 09:43:41.237root 11241100x8000000000000000264873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956b1eeab23d22b12023-02-08 09:43:41.237root 11241100x8000000000000000264872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee843aa51c0d6c92023-02-08 09:43:41.237root 11241100x8000000000000000264885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d41770dc5883a2023-02-08 09:43:41.238root 11241100x8000000000000000264884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e769e314f7678b752023-02-08 09:43:41.238root 11241100x8000000000000000264883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18de0e46354a9b462023-02-08 09:43:41.238root 11241100x8000000000000000264882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6775483d60166582023-02-08 09:43:41.238root 11241100x8000000000000000264881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ee74eedba2f1df2023-02-08 09:43:41.238root 11241100x8000000000000000264894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b711987af83a7992023-02-08 09:43:41.239root 11241100x8000000000000000264893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80ae6fe2e7ce3632023-02-08 09:43:41.239root 11241100x8000000000000000264892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8589431416674c2023-02-08 09:43:41.239root 11241100x8000000000000000264891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af172b66affd26092023-02-08 09:43:41.239root 11241100x8000000000000000264890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a38bf33b2e6377f2023-02-08 09:43:41.239root 11241100x8000000000000000264889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433bd0bdda27fa482023-02-08 09:43:41.239root 11241100x8000000000000000264888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7207017321f323af2023-02-08 09:43:41.239root 11241100x8000000000000000264887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a1c8b8bae6f922023-02-08 09:43:41.239root 11241100x8000000000000000264886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885e2f1789a393492023-02-08 09:43:41.239root 11241100x8000000000000000264896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902942e44fedeebb2023-02-08 09:43:41.240root 11241100x8000000000000000264895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3191f17e9ce004a2023-02-08 09:43:41.240root 11241100x8000000000000000264899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d829fafe24a0e92023-02-08 09:43:41.734root 11241100x8000000000000000264898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb351881edec7d2023-02-08 09:43:41.734root 11241100x8000000000000000264897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5978325cf567f0202023-02-08 09:43:41.734root 11241100x8000000000000000264908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f5d09c126c42a2023-02-08 09:43:41.735root 11241100x8000000000000000264907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d297c4ee7bf3ee2023-02-08 09:43:41.735root 11241100x8000000000000000264906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793da475cfe4170f2023-02-08 09:43:41.735root 11241100x8000000000000000264905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef586afd51d8b52023-02-08 09:43:41.735root 11241100x8000000000000000264904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d33bf775a811002023-02-08 09:43:41.735root 11241100x8000000000000000264903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72e30c48fd6d2602023-02-08 09:43:41.735root 11241100x8000000000000000264902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28dae2457797cc62023-02-08 09:43:41.735root 11241100x8000000000000000264901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab8f3ca26acf9bc2023-02-08 09:43:41.735root 11241100x8000000000000000264900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c321e6907533a82023-02-08 09:43:41.735root 11241100x8000000000000000264918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01b56b0909938ad2023-02-08 09:43:41.736root 11241100x8000000000000000264917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b82dd2603ff90592023-02-08 09:43:41.736root 11241100x8000000000000000264916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e353d78504bf6792023-02-08 09:43:41.736root 11241100x8000000000000000264915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4aa99262896b4a2023-02-08 09:43:41.736root 11241100x8000000000000000264914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0370b9894a3d802b2023-02-08 09:43:41.736root 11241100x8000000000000000264913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152dbce1d638fb462023-02-08 09:43:41.736root 11241100x8000000000000000264912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29982ef85f935a6b2023-02-08 09:43:41.736root 11241100x8000000000000000264911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173b2223a6c90dbe2023-02-08 09:43:41.736root 11241100x8000000000000000264910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2096f4eb9163962023-02-08 09:43:41.736root 11241100x8000000000000000264909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37df008e37eab6af2023-02-08 09:43:41.736root 11241100x8000000000000000264922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fd0ec5da1c01802023-02-08 09:43:41.737root 11241100x8000000000000000264921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0bf3edd46c6e042023-02-08 09:43:41.737root 11241100x8000000000000000264920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd499620b20ba942023-02-08 09:43:41.737root 11241100x8000000000000000264919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3d1f9b3a8b53002023-02-08 09:43:41.737root 11241100x8000000000000000264929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e085c18fcab4dbfb2023-02-08 09:43:41.738root 11241100x8000000000000000264928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19502a0526c40c02023-02-08 09:43:41.738root 11241100x8000000000000000264927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7464c4d3d97e2d2023-02-08 09:43:41.738root 11241100x8000000000000000264926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1379df9ed417a172023-02-08 09:43:41.738root 11241100x8000000000000000264925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b63974711ddf402023-02-08 09:43:41.738root 11241100x8000000000000000264924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fed83c0058e4e8d2023-02-08 09:43:41.738root 11241100x8000000000000000264923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972afdb3cd7a0eea2023-02-08 09:43:41.738root 11241100x8000000000000000264937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea12c98a3b539bc2023-02-08 09:43:41.739root 11241100x8000000000000000264936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbb86f3478a3e142023-02-08 09:43:41.739root 11241100x8000000000000000264935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbcc684fc3873df2023-02-08 09:43:41.739root 11241100x8000000000000000264934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc20b5956a2a91f72023-02-08 09:43:41.739root 11241100x8000000000000000264933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65764ee6230791aa2023-02-08 09:43:41.739root 11241100x8000000000000000264932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db38097975343192023-02-08 09:43:41.739root 11241100x8000000000000000264931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de968f57ebd43ea52023-02-08 09:43:41.739root 11241100x8000000000000000264930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc6ff1db6ca01dc2023-02-08 09:43:41.739root 11241100x8000000000000000264942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315fe05ec2044b462023-02-08 09:43:41.740root 11241100x8000000000000000264941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd1114af079465d2023-02-08 09:43:41.740root 11241100x8000000000000000264940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f30cfb6627f0952023-02-08 09:43:41.740root 11241100x8000000000000000264939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ccc31830636dd32023-02-08 09:43:41.740root 11241100x8000000000000000264938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f9bfbda8acc192023-02-08 09:43:41.740root 11241100x8000000000000000264947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091ac979ce04211f2023-02-08 09:43:41.741root 11241100x8000000000000000264946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bcf2f08e12f5362023-02-08 09:43:41.741root 11241100x8000000000000000264945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41fb6ffb55fcdd2023-02-08 09:43:41.741root 11241100x8000000000000000264944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086a86b281a222182023-02-08 09:43:41.741root 11241100x8000000000000000264943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5df029e4f13d3c02023-02-08 09:43:41.741root 11241100x8000000000000000264951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec751ccb7fb59932023-02-08 09:43:41.742root 11241100x8000000000000000264950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f9f9972fd24752023-02-08 09:43:41.742root 11241100x8000000000000000264949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3e5e4ffb70ef782023-02-08 09:43:41.742root 11241100x8000000000000000264948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:41.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5f2346c712f6812023-02-08 09:43:41.742root 11241100x8000000000000000264953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97990ab62ec2b5912023-02-08 09:43:42.234root 11241100x8000000000000000264952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f7dfd7cb113bd52023-02-08 09:43:42.234root 11241100x8000000000000000264957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d34a3ab9e153bc2023-02-08 09:43:42.235root 11241100x8000000000000000264956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84192f42857a355e2023-02-08 09:43:42.235root 11241100x8000000000000000264955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f06c20b521107f2023-02-08 09:43:42.235root 11241100x8000000000000000264954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eadfa41660b923f2023-02-08 09:43:42.235root 11241100x8000000000000000264963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16853fc15062a4b42023-02-08 09:43:42.236root 11241100x8000000000000000264962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22321749a1bcc12023-02-08 09:43:42.236root 11241100x8000000000000000264961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2e14d7503f93e2023-02-08 09:43:42.236root 11241100x8000000000000000264960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f9da92644953d12023-02-08 09:43:42.236root 11241100x8000000000000000264959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613398a6599efba52023-02-08 09:43:42.236root 11241100x8000000000000000264958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124f20a0d651ee432023-02-08 09:43:42.236root 11241100x8000000000000000264970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408146f538a9f8692023-02-08 09:43:42.237root 11241100x8000000000000000264969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211a5e44344b438c2023-02-08 09:43:42.237root 11241100x8000000000000000264968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304b1b57bc72ee342023-02-08 09:43:42.237root 11241100x8000000000000000264967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6299ca7e66afeed92023-02-08 09:43:42.237root 11241100x8000000000000000264966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1768bd25685c132023-02-08 09:43:42.237root 11241100x8000000000000000264965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ec801d86adba82023-02-08 09:43:42.237root 11241100x8000000000000000264964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31009e842bd298e2023-02-08 09:43:42.237root 11241100x8000000000000000264983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b974f9611f3c1fd2023-02-08 09:43:42.238root 11241100x8000000000000000264982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bc89866a8901a62023-02-08 09:43:42.238root 11241100x8000000000000000264981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bfa60ed0808dc22023-02-08 09:43:42.238root 11241100x8000000000000000264980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d11bbd8e111c9c2023-02-08 09:43:42.238root 11241100x8000000000000000264979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a878f90dc04b3b2023-02-08 09:43:42.238root 11241100x8000000000000000264978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e056c0c915bf256a2023-02-08 09:43:42.238root 11241100x8000000000000000264977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222d39585bed70f12023-02-08 09:43:42.238root 11241100x8000000000000000264976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3786f5ef4dc7132023-02-08 09:43:42.238root 11241100x8000000000000000264975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64248c82555289452023-02-08 09:43:42.238root 11241100x8000000000000000264974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009e53ae3142fbcf2023-02-08 09:43:42.238root 11241100x8000000000000000264973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569f878148f82c42023-02-08 09:43:42.238root 11241100x8000000000000000264972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a25f5a4999db22023-02-08 09:43:42.238root 11241100x8000000000000000264971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7256e78f0d2b2772023-02-08 09:43:42.238root 11241100x8000000000000000264996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dceb2ba03be264e2023-02-08 09:43:42.239root 11241100x8000000000000000264995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e910e312030094d2023-02-08 09:43:42.239root 11241100x8000000000000000264994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96ec2ba10d1cc02023-02-08 09:43:42.239root 11241100x8000000000000000264993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87b8aace92644b62023-02-08 09:43:42.239root 11241100x8000000000000000264992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429dc502a70562522023-02-08 09:43:42.239root 11241100x8000000000000000264991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4cd3dfb4eaf54d2023-02-08 09:43:42.239root 11241100x8000000000000000264990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15addc31b8275ab02023-02-08 09:43:42.239root 11241100x8000000000000000264989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c050915e85a57ca82023-02-08 09:43:42.239root 11241100x8000000000000000264988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b985e5f35409cf2023-02-08 09:43:42.239root 11241100x8000000000000000264987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5a83e5153fea8d2023-02-08 09:43:42.239root 11241100x8000000000000000264986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68015b24100622ed2023-02-08 09:43:42.239root 11241100x8000000000000000264985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a308a07256863e432023-02-08 09:43:42.239root 11241100x8000000000000000264984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf61b2e542b5f5972023-02-08 09:43:42.239root 11241100x8000000000000000265001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d062b04e6fbaabce2023-02-08 09:43:42.240root 11241100x8000000000000000265000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84da09bd48f5bc72023-02-08 09:43:42.240root 11241100x8000000000000000264999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ed4ce03dbc13d02023-02-08 09:43:42.240root 11241100x8000000000000000264998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1356dfebf90453742023-02-08 09:43:42.240root 11241100x8000000000000000264997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5c279593aab1dc2023-02-08 09:43:42.240root 11241100x8000000000000000265003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdb52f3477a24212023-02-08 09:43:42.735root 11241100x8000000000000000265002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d43913e58d84e02023-02-08 09:43:42.735root 11241100x8000000000000000265012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f350c0c6c9e482023-02-08 09:43:42.736root 11241100x8000000000000000265011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c531c181b02a7d2023-02-08 09:43:42.736root 11241100x8000000000000000265010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ef0e3efabe4342023-02-08 09:43:42.736root 11241100x8000000000000000265009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd37fac0b8e162d72023-02-08 09:43:42.736root 11241100x8000000000000000265008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a816675ebcc4da42023-02-08 09:43:42.736root 11241100x8000000000000000265007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51920f8ac33fddc2023-02-08 09:43:42.736root 11241100x8000000000000000265006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45dcfd68e3139e92023-02-08 09:43:42.736root 11241100x8000000000000000265005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6876f351c4179ef82023-02-08 09:43:42.736root 11241100x8000000000000000265004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cf200ff1339c932023-02-08 09:43:42.736root 11241100x8000000000000000265024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba478050c7f0f852023-02-08 09:43:42.737root 11241100x8000000000000000265023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b863ea052225d222023-02-08 09:43:42.737root 11241100x8000000000000000265022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5629223b3f6152f92023-02-08 09:43:42.737root 11241100x8000000000000000265021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853c561535b5dbd2023-02-08 09:43:42.737root 11241100x8000000000000000265020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b8e9245a71aaeb2023-02-08 09:43:42.737root 11241100x8000000000000000265019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dc59eb403d01492023-02-08 09:43:42.737root 11241100x8000000000000000265018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f6cd154dcb5a6e2023-02-08 09:43:42.737root 11241100x8000000000000000265017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efb9d590679ccf22023-02-08 09:43:42.737root 11241100x8000000000000000265016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3743a8e06518e0bd2023-02-08 09:43:42.737root 11241100x8000000000000000265015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3c28c844778522023-02-08 09:43:42.737root 11241100x8000000000000000265014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffebbaec19346b52023-02-08 09:43:42.737root 11241100x8000000000000000265013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cdad757788c5432023-02-08 09:43:42.737root 11241100x8000000000000000265033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf6b46fd0ddc522023-02-08 09:43:42.738root 11241100x8000000000000000265032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4703fc7342ff81842023-02-08 09:43:42.738root 11241100x8000000000000000265031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecefcdb506f5e0752023-02-08 09:43:42.738root 11241100x8000000000000000265030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b3667644f412052023-02-08 09:43:42.738root 11241100x8000000000000000265029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e17ba7b8e201ae2023-02-08 09:43:42.738root 11241100x8000000000000000265028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7464013d15a1ca2023-02-08 09:43:42.738root 11241100x8000000000000000265027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6affb06e8070b7352023-02-08 09:43:42.738root 11241100x8000000000000000265026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fb82b5d9bbd2fe2023-02-08 09:43:42.738root 11241100x8000000000000000265025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bddec7d87cf88d2023-02-08 09:43:42.738root 11241100x8000000000000000265041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0629bf348dca62502023-02-08 09:43:42.739root 11241100x8000000000000000265040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfee8402aa869d52023-02-08 09:43:42.739root 11241100x8000000000000000265039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb24230f03bd29c2023-02-08 09:43:42.739root 11241100x8000000000000000265038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b207557a73b8542023-02-08 09:43:42.739root 11241100x8000000000000000265037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156e73116e1de1b12023-02-08 09:43:42.739root 11241100x8000000000000000265036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9b82a1cbad3d2c2023-02-08 09:43:42.739root 11241100x8000000000000000265035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe35a6f6ee6ab72f2023-02-08 09:43:42.739root 11241100x8000000000000000265034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848970a57e6916cd2023-02-08 09:43:42.739root 11241100x8000000000000000265045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319fd5e9cbc1f50c2023-02-08 09:43:42.740root 11241100x8000000000000000265044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e1952e2f73c532023-02-08 09:43:42.740root 11241100x8000000000000000265043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa8be779d76c7e42023-02-08 09:43:42.740root 11241100x8000000000000000265042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:42.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d111532c33f792023-02-08 09:43:42.740root 354300x8000000000000000265046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.162{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50832-false10.0.1.12-8000- 11241100x8000000000000000265051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2ca41ce4e863aa2023-02-08 09:43:43.163root 11241100x8000000000000000265050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce24176ebe262012023-02-08 09:43:43.163root 11241100x8000000000000000265049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4691198f218609532023-02-08 09:43:43.163root 11241100x8000000000000000265048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1697df00fb25cc2023-02-08 09:43:43.163root 11241100x8000000000000000265047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff48c4acad6777f2023-02-08 09:43:43.163root 11241100x8000000000000000265060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9268cb1bb350fd72023-02-08 09:43:43.164root 11241100x8000000000000000265059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d944db156d70482023-02-08 09:43:43.164root 11241100x8000000000000000265058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e42cdab9a41b5752023-02-08 09:43:43.164root 11241100x8000000000000000265057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a97c9d5a0576992023-02-08 09:43:43.164root 11241100x8000000000000000265056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9610866ec0e66b12023-02-08 09:43:43.164root 11241100x8000000000000000265055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709615c69094f2912023-02-08 09:43:43.164root 11241100x8000000000000000265054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28c2848b59b1662023-02-08 09:43:43.164root 11241100x8000000000000000265053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f7c73ebe0e3d7a2023-02-08 09:43:43.164root 11241100x8000000000000000265052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddf92431a4daf672023-02-08 09:43:43.164root 11241100x8000000000000000265066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7904df9f32253a1e2023-02-08 09:43:43.165root 11241100x8000000000000000265065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a83e4075d0064b2023-02-08 09:43:43.165root 11241100x8000000000000000265064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2813170532af1212023-02-08 09:43:43.165root 11241100x8000000000000000265063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7271c82a466bad2023-02-08 09:43:43.165root 11241100x8000000000000000265062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07e15cb4bea75802023-02-08 09:43:43.165root 11241100x8000000000000000265061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61815caeb4479d722023-02-08 09:43:43.165root 11241100x8000000000000000265076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c78378fb1ac85c2023-02-08 09:43:43.166root 11241100x8000000000000000265075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2e15d53367ede12023-02-08 09:43:43.166root 11241100x8000000000000000265074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3809bb0dd3f12e2023-02-08 09:43:43.166root 11241100x8000000000000000265073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39f01de1c9fad12023-02-08 09:43:43.166root 11241100x8000000000000000265072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce1f0928ed4b5dc2023-02-08 09:43:43.166root 11241100x8000000000000000265071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d485f45a2ee002e2023-02-08 09:43:43.166root 11241100x8000000000000000265070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafebd1c127a221e2023-02-08 09:43:43.166root 11241100x8000000000000000265069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba809b4f6e713ac82023-02-08 09:43:43.166root 11241100x8000000000000000265068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e4b98c549248be2023-02-08 09:43:43.166root 11241100x8000000000000000265067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51371f013d40fd8d2023-02-08 09:43:43.166root 11241100x8000000000000000265084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb468d1d6f4e5c2023-02-08 09:43:43.167root 11241100x8000000000000000265083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2b854d1223a1662023-02-08 09:43:43.167root 11241100x8000000000000000265082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333b068ea467ef892023-02-08 09:43:43.167root 11241100x8000000000000000265081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c04796b6d0d382023-02-08 09:43:43.167root 11241100x8000000000000000265080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccafa6f270e637972023-02-08 09:43:43.167root 11241100x8000000000000000265079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b390074c5e70de692023-02-08 09:43:43.167root 11241100x8000000000000000265078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fe862d4d38bc042023-02-08 09:43:43.167root 11241100x8000000000000000265077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87efaa1ff5ce3cd52023-02-08 09:43:43.167root 11241100x8000000000000000265093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce9cd6e85df7f212023-02-08 09:43:43.168root 11241100x8000000000000000265092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5409450fef8e6c62023-02-08 09:43:43.168root 11241100x8000000000000000265091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b961eb43814a9a312023-02-08 09:43:43.168root 11241100x8000000000000000265090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eff5689d2366ed12023-02-08 09:43:43.168root 11241100x8000000000000000265089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce035fd041a0f8d2023-02-08 09:43:43.168root 11241100x8000000000000000265088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae3f37bc189610e2023-02-08 09:43:43.168root 11241100x8000000000000000265087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50a0f3985ba52b12023-02-08 09:43:43.168root 11241100x8000000000000000265086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f1813c3e790082023-02-08 09:43:43.168root 11241100x8000000000000000265085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.168{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36ed10f73fa1f02023-02-08 09:43:43.168root 11241100x8000000000000000265102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0724ccd25022d2023-02-08 09:43:43.169root 11241100x8000000000000000265101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb8f8c1ddd2eb512023-02-08 09:43:43.169root 11241100x8000000000000000265100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e412ac9f28ceeae2023-02-08 09:43:43.169root 11241100x8000000000000000265099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691fd8408e84b69c2023-02-08 09:43:43.169root 11241100x8000000000000000265098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572e9c588fd4ad672023-02-08 09:43:43.169root 11241100x8000000000000000265097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05171ec5fe365ced2023-02-08 09:43:43.169root 11241100x8000000000000000265096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5964562e6dc5ed2023-02-08 09:43:43.169root 11241100x8000000000000000265095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafc2de652e60fa92023-02-08 09:43:43.169root 11241100x8000000000000000265094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.169{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd4c8e30151b922023-02-08 09:43:43.169root 11241100x8000000000000000265110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9e15467ddc2afa2023-02-08 09:43:43.170root 11241100x8000000000000000265109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e6408f3a4dfea82023-02-08 09:43:43.170root 11241100x8000000000000000265108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd230f13526c895c2023-02-08 09:43:43.170root 11241100x8000000000000000265107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415a61212277eb602023-02-08 09:43:43.170root 11241100x8000000000000000265106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fbc7dc4cb09fef2023-02-08 09:43:43.170root 11241100x8000000000000000265105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071ce08cb97affb32023-02-08 09:43:43.170root 11241100x8000000000000000265104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499192f6f1b203482023-02-08 09:43:43.170root 11241100x8000000000000000265103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.170{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59de6edd607f89602023-02-08 09:43:43.170root 11241100x8000000000000000265119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aa27ef911306862023-02-08 09:43:43.171root 11241100x8000000000000000265118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9f8267c17dec692023-02-08 09:43:43.171root 11241100x8000000000000000265117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53411131b837e0652023-02-08 09:43:43.171root 11241100x8000000000000000265116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc2abe8fc9607d2023-02-08 09:43:43.171root 11241100x8000000000000000265115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434e9d0f75a1fbc32023-02-08 09:43:43.171root 11241100x8000000000000000265114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b095de3d4d21e2023-02-08 09:43:43.171root 11241100x8000000000000000265113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cc3dd8189894f72023-02-08 09:43:43.171root 11241100x8000000000000000265112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43985d43a412e602023-02-08 09:43:43.171root 11241100x8000000000000000265111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bc1c69730eb0f72023-02-08 09:43:43.171root 11241100x8000000000000000265128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f12c0b6c7d8f3782023-02-08 09:43:43.172root 11241100x8000000000000000265127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e741c69953ad748d2023-02-08 09:43:43.172root 11241100x8000000000000000265126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc15d9e4624b7b2023-02-08 09:43:43.172root 11241100x8000000000000000265125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d77928299603402023-02-08 09:43:43.172root 11241100x8000000000000000265124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d439e30a200de3c2023-02-08 09:43:43.172root 11241100x8000000000000000265123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53e5dea865d6f612023-02-08 09:43:43.172root 11241100x8000000000000000265122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4ef4c07f886a462023-02-08 09:43:43.172root 11241100x8000000000000000265121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ebf9f7b86707cf2023-02-08 09:43:43.172root 11241100x8000000000000000265120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1300ddc894b32f2023-02-08 09:43:43.172root 11241100x8000000000000000265133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387172bd50bba69d2023-02-08 09:43:43.173root 11241100x8000000000000000265132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34552a5b3bc7743f2023-02-08 09:43:43.173root 11241100x8000000000000000265131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327492dfd156b7aa2023-02-08 09:43:43.173root 11241100x8000000000000000265130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e25866a0d542bb2023-02-08 09:43:43.173root 11241100x8000000000000000265129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.173{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04845c86ef65acce2023-02-08 09:43:43.173root 11241100x8000000000000000265135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ed0dfc0a941d62023-02-08 09:43:43.484root 11241100x8000000000000000265134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd2a9e08619f122023-02-08 09:43:43.484root 11241100x8000000000000000265142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5461e83a22d325722023-02-08 09:43:43.485root 11241100x8000000000000000265141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9347b7e69d770a12023-02-08 09:43:43.485root 11241100x8000000000000000265140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f5a6854b22ac402023-02-08 09:43:43.485root 11241100x8000000000000000265139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f914579911e70ba72023-02-08 09:43:43.485root 11241100x8000000000000000265138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f67278ded6210fb2023-02-08 09:43:43.485root 11241100x8000000000000000265137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f2265b3febb46d2023-02-08 09:43:43.485root 11241100x8000000000000000265136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e58eff770e7c5f2023-02-08 09:43:43.485root 11241100x8000000000000000265150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444732f95d8e2b342023-02-08 09:43:43.486root 11241100x8000000000000000265149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee1d053a1919e912023-02-08 09:43:43.486root 11241100x8000000000000000265148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fe7b0d3c7a3dc92023-02-08 09:43:43.486root 11241100x8000000000000000265147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701966a87202b6e02023-02-08 09:43:43.486root 11241100x8000000000000000265146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe7858b3864a5042023-02-08 09:43:43.486root 11241100x8000000000000000265145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca5bd3e5e14f57f2023-02-08 09:43:43.486root 11241100x8000000000000000265144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6e4791ec8da662023-02-08 09:43:43.486root 11241100x8000000000000000265143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebb03bbcdd3f3b2023-02-08 09:43:43.486root 11241100x8000000000000000265160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa822a1fd35434352023-02-08 09:43:43.487root 11241100x8000000000000000265159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a60ef508d6775a32023-02-08 09:43:43.487root 11241100x8000000000000000265158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33bd8cd305f10f2023-02-08 09:43:43.487root 11241100x8000000000000000265157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c7745a279f44d2023-02-08 09:43:43.487root 11241100x8000000000000000265156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656f004ee7c936b2023-02-08 09:43:43.487root 11241100x8000000000000000265155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286bf5c5c2d669b72023-02-08 09:43:43.487root 11241100x8000000000000000265154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0212931c62817b2023-02-08 09:43:43.487root 11241100x8000000000000000265153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d46ea2bfa979de2023-02-08 09:43:43.487root 11241100x8000000000000000265152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc92e63470ed9c02023-02-08 09:43:43.487root 11241100x8000000000000000265151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7c51ecbe7f04d82023-02-08 09:43:43.487root 11241100x8000000000000000265166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2ae729086a9c402023-02-08 09:43:43.488root 11241100x8000000000000000265165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e1558419c4390b2023-02-08 09:43:43.488root 11241100x8000000000000000265164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133061e7ecc1b6e32023-02-08 09:43:43.488root 11241100x8000000000000000265163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a262af0b29bee4c82023-02-08 09:43:43.488root 11241100x8000000000000000265162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446f30f18cfc7c72023-02-08 09:43:43.488root 11241100x8000000000000000265161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01502aa358a6e92e2023-02-08 09:43:43.488root 11241100x8000000000000000265172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fad97eae9212072023-02-08 09:43:43.489root 11241100x8000000000000000265171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf46302f9deaa852023-02-08 09:43:43.489root 11241100x8000000000000000265170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f657e14591a252023-02-08 09:43:43.489root 11241100x8000000000000000265169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335fbfe4521602102023-02-08 09:43:43.489root 11241100x8000000000000000265168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe87acd7fc1de2062023-02-08 09:43:43.489root 11241100x8000000000000000265167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bce32f8bcb6f642023-02-08 09:43:43.489root 11241100x8000000000000000265179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287c36c7b16be5ee2023-02-08 09:43:43.490root 11241100x8000000000000000265178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437335e304fa38fe2023-02-08 09:43:43.490root 11241100x8000000000000000265177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2766869b40c35a92023-02-08 09:43:43.490root 11241100x8000000000000000265176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742efe30edca71d42023-02-08 09:43:43.490root 11241100x8000000000000000265175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017bec16684b615a2023-02-08 09:43:43.490root 11241100x8000000000000000265174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13d2ce4b1dc9a812023-02-08 09:43:43.490root 11241100x8000000000000000265173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab479ae166b6e3d62023-02-08 09:43:43.490root 11241100x8000000000000000265181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4541ef95c4aaa9c72023-02-08 09:43:43.491root 11241100x8000000000000000265180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245c1fb5d8f0acdc2023-02-08 09:43:43.491root 11241100x8000000000000000265185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b1ec051fe439892023-02-08 09:43:43.984root 11241100x8000000000000000265184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750917369667789e2023-02-08 09:43:43.984root 11241100x8000000000000000265183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca5055771bda61b2023-02-08 09:43:43.984root 11241100x8000000000000000265182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc27a0a48af7f7e2023-02-08 09:43:43.984root 11241100x8000000000000000265195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c54e9d0cbfab1d2023-02-08 09:43:43.985root 11241100x8000000000000000265194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1e7644e8efc122023-02-08 09:43:43.985root 11241100x8000000000000000265193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acb9ed9806487602023-02-08 09:43:43.985root 11241100x8000000000000000265192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294f9554e95561742023-02-08 09:43:43.985root 11241100x8000000000000000265191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a801515c2c1be72023-02-08 09:43:43.985root 11241100x8000000000000000265190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eabaca90c5371012023-02-08 09:43:43.985root 11241100x8000000000000000265189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2666e1d88e6ec3772023-02-08 09:43:43.985root 11241100x8000000000000000265188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bced137ac31e04b42023-02-08 09:43:43.985root 11241100x8000000000000000265187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968b00f72a71c7f2023-02-08 09:43:43.985root 11241100x8000000000000000265186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0334838a4234b8d12023-02-08 09:43:43.985root 11241100x8000000000000000265204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf315f1a5dd95e32023-02-08 09:43:43.986root 11241100x8000000000000000265203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9d70e4f6bed4cb2023-02-08 09:43:43.986root 11241100x8000000000000000265202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600e412db6cb15f92023-02-08 09:43:43.986root 11241100x8000000000000000265201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba27bcf7fc273c082023-02-08 09:43:43.986root 11241100x8000000000000000265200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a9bf311cb0bb742023-02-08 09:43:43.986root 11241100x8000000000000000265199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d154b0cecdf38b2023-02-08 09:43:43.986root 11241100x8000000000000000265198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f39414074d5e1c2023-02-08 09:43:43.986root 11241100x8000000000000000265197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dcce0d821e1d8e2023-02-08 09:43:43.986root 11241100x8000000000000000265196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76060f45066dc2692023-02-08 09:43:43.986root 11241100x8000000000000000265210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac806bc9060e9a92023-02-08 09:43:43.987root 11241100x8000000000000000265209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb429bf25374035c2023-02-08 09:43:43.987root 11241100x8000000000000000265208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef255e2e8e133cbb2023-02-08 09:43:43.987root 11241100x8000000000000000265207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b03733ba1e265c42023-02-08 09:43:43.987root 11241100x8000000000000000265206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c891a415d7732a3e2023-02-08 09:43:43.987root 11241100x8000000000000000265205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11987c5fab39014c2023-02-08 09:43:43.987root 11241100x8000000000000000265218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368c4237a7d3e0ef2023-02-08 09:43:43.988root 11241100x8000000000000000265217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390199076e6f767c2023-02-08 09:43:43.988root 11241100x8000000000000000265216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282d5ce556e7ff322023-02-08 09:43:43.988root 11241100x8000000000000000265215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbf23924b9669562023-02-08 09:43:43.988root 11241100x8000000000000000265214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e047c5199c13bba2023-02-08 09:43:43.988root 11241100x8000000000000000265213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f064c8a952373d362023-02-08 09:43:43.988root 11241100x8000000000000000265212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aac4df417ff3e6f2023-02-08 09:43:43.988root 11241100x8000000000000000265211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22ad0084ba103392023-02-08 09:43:43.988root 11241100x8000000000000000265227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61921fb8c77aad992023-02-08 09:43:43.989root 11241100x8000000000000000265226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72c9fe4c84d9462023-02-08 09:43:43.989root 11241100x8000000000000000265225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95eb485b49d94fe2023-02-08 09:43:43.989root 11241100x8000000000000000265224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f76e00b241b0962023-02-08 09:43:43.989root 11241100x8000000000000000265223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af610656aa6ab2aa2023-02-08 09:43:43.989root 11241100x8000000000000000265222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5b9285e2b75f8e2023-02-08 09:43:43.989root 11241100x8000000000000000265221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e39dc187e0cac2023-02-08 09:43:43.989root 11241100x8000000000000000265220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0632d890c28d7692023-02-08 09:43:43.989root 11241100x8000000000000000265219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319389a26ec83812023-02-08 09:43:43.989root 11241100x8000000000000000265230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e162badc476dadfb2023-02-08 09:43:43.990root 11241100x8000000000000000265229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55575e43664c44b92023-02-08 09:43:43.990root 11241100x8000000000000000265228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22263673c909deda2023-02-08 09:43:43.990root 11241100x8000000000000000265233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f587eb21cdde54e2023-02-08 09:43:44.484root 11241100x8000000000000000265232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134a3267b2d46d192023-02-08 09:43:44.484root 11241100x8000000000000000265231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51f22f37fa56e4d2023-02-08 09:43:44.484root 11241100x8000000000000000265242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c24c12a57f9b5a2023-02-08 09:43:44.485root 11241100x8000000000000000265241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b974d14be1d8354d2023-02-08 09:43:44.485root 11241100x8000000000000000265240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b763b002389e95bc2023-02-08 09:43:44.485root 11241100x8000000000000000265239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e197cf4b9b1452552023-02-08 09:43:44.485root 11241100x8000000000000000265238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3422434d295a298e2023-02-08 09:43:44.485root 11241100x8000000000000000265237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2f7f3942685ba22023-02-08 09:43:44.485root 11241100x8000000000000000265236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4152f8831001b8a2023-02-08 09:43:44.485root 11241100x8000000000000000265235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6367908901bfb0dd2023-02-08 09:43:44.485root 11241100x8000000000000000265234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a83885416bf9642023-02-08 09:43:44.485root 11241100x8000000000000000265252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b22d2a0f40928252023-02-08 09:43:44.486root 11241100x8000000000000000265251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644914d1853c32f2023-02-08 09:43:44.486root 11241100x8000000000000000265250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a29a2b0be566302023-02-08 09:43:44.486root 11241100x8000000000000000265249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d333577845492b52023-02-08 09:43:44.486root 11241100x8000000000000000265248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24244bf749590ec62023-02-08 09:43:44.486root 11241100x8000000000000000265247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c70fd1900c3f922023-02-08 09:43:44.486root 11241100x8000000000000000265246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad13c6aec64866c32023-02-08 09:43:44.486root 11241100x8000000000000000265245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90012f0bb4cdca02023-02-08 09:43:44.486root 11241100x8000000000000000265244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9806cedf9c1df12023-02-08 09:43:44.486root 11241100x8000000000000000265243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2209dedffe0f5552023-02-08 09:43:44.486root 11241100x8000000000000000265261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c7fef1f8d75792023-02-08 09:43:44.487root 11241100x8000000000000000265260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f74bc7558cda0a2023-02-08 09:43:44.487root 11241100x8000000000000000265259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b62a99289cbdf82023-02-08 09:43:44.487root 11241100x8000000000000000265258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c499ecbdfe311d2023-02-08 09:43:44.487root 11241100x8000000000000000265257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93622df0867695f2023-02-08 09:43:44.487root 11241100x8000000000000000265256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf4832a34d2ee22023-02-08 09:43:44.487root 11241100x8000000000000000265255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaf160757a881122023-02-08 09:43:44.487root 11241100x8000000000000000265254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074198abee486fbb2023-02-08 09:43:44.487root 11241100x8000000000000000265253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5f229b86916a22023-02-08 09:43:44.487root 11241100x8000000000000000265269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e69a1a1f1b7e07d2023-02-08 09:43:44.488root 11241100x8000000000000000265268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732549464734c70e2023-02-08 09:43:44.488root 11241100x8000000000000000265267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0400271fe1d6f2023-02-08 09:43:44.488root 11241100x8000000000000000265266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057cb1999d9aac6b2023-02-08 09:43:44.488root 11241100x8000000000000000265265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d5363fe6646e62023-02-08 09:43:44.488root 11241100x8000000000000000265264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d23dd338a796e82023-02-08 09:43:44.488root 11241100x8000000000000000265263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b202dc5c774a1cfe2023-02-08 09:43:44.488root 11241100x8000000000000000265262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f035cd6e06e5992023-02-08 09:43:44.488root 11241100x8000000000000000265278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eb2ae1b9374bbc2023-02-08 09:43:44.489root 11241100x8000000000000000265277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d916d0df612f5cf32023-02-08 09:43:44.489root 11241100x8000000000000000265276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c56bedc5d5df1c12023-02-08 09:43:44.489root 11241100x8000000000000000265275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd24062c347cf692023-02-08 09:43:44.489root 11241100x8000000000000000265274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d8516007e3d43b2023-02-08 09:43:44.489root 11241100x8000000000000000265273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01b92cb3746e6942023-02-08 09:43:44.489root 11241100x8000000000000000265272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16660a924a63f972023-02-08 09:43:44.489root 11241100x8000000000000000265271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db89537fee2f7ada2023-02-08 09:43:44.489root 11241100x8000000000000000265270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d6fbf95213a9a52023-02-08 09:43:44.489root 11241100x8000000000000000265280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fe4db634bde7462023-02-08 09:43:44.984root 11241100x8000000000000000265279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412693a5505254ec2023-02-08 09:43:44.984root 11241100x8000000000000000265289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9050a09bd643af2023-02-08 09:43:44.985root 11241100x8000000000000000265288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0443b0d5e585702023-02-08 09:43:44.985root 11241100x8000000000000000265287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f679a6a477fae6eb2023-02-08 09:43:44.985root 11241100x8000000000000000265286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2afd6972c318a72023-02-08 09:43:44.985root 11241100x8000000000000000265285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c397768c882ce7822023-02-08 09:43:44.985root 11241100x8000000000000000265284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57cfcda2621d3612023-02-08 09:43:44.985root 11241100x8000000000000000265283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80462636e58d785b2023-02-08 09:43:44.985root 11241100x8000000000000000265282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ee07fb4af2c772023-02-08 09:43:44.985root 11241100x8000000000000000265281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41641b7a249925ed2023-02-08 09:43:44.985root 11241100x8000000000000000265297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f92139ede8e2352023-02-08 09:43:44.986root 11241100x8000000000000000265296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7aed160d79fc2b2023-02-08 09:43:44.986root 11241100x8000000000000000265295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6ba732cfb0a5922023-02-08 09:43:44.986root 11241100x8000000000000000265294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35273d69136c71be2023-02-08 09:43:44.986root 11241100x8000000000000000265293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945aed932f8e87a32023-02-08 09:43:44.986root 11241100x8000000000000000265292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcd28dfb48b3a202023-02-08 09:43:44.986root 11241100x8000000000000000265291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbe3768759a16fb2023-02-08 09:43:44.986root 11241100x8000000000000000265290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4df74b81bd0a3bb2023-02-08 09:43:44.986root 11241100x8000000000000000265306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0bac62ff4b9fd72023-02-08 09:43:44.987root 11241100x8000000000000000265305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06709b46c3e13b5c2023-02-08 09:43:44.987root 11241100x8000000000000000265304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4a1844d41a03062023-02-08 09:43:44.987root 11241100x8000000000000000265303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829eb07a323ce0172023-02-08 09:43:44.987root 11241100x8000000000000000265302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ca2b4484d5c7662023-02-08 09:43:44.987root 11241100x8000000000000000265301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e81b7a1dd8c3a72023-02-08 09:43:44.987root 11241100x8000000000000000265300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7673aff98c6ae4f32023-02-08 09:43:44.987root 11241100x8000000000000000265299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e527da218d558a252023-02-08 09:43:44.987root 11241100x8000000000000000265298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5467729b98ce7f2023-02-08 09:43:44.987root 11241100x8000000000000000265315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4901b46ca4e21ac62023-02-08 09:43:44.988root 11241100x8000000000000000265314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e54ec2fe46aa692023-02-08 09:43:44.988root 11241100x8000000000000000265313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969de5a78877fda82023-02-08 09:43:44.988root 11241100x8000000000000000265312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133263ee52c688622023-02-08 09:43:44.988root 11241100x8000000000000000265311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a887f549c25de2023-02-08 09:43:44.988root 11241100x8000000000000000265310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8090e2f3d0a4e52023-02-08 09:43:44.988root 11241100x8000000000000000265309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce97deb3b9e4dfc2023-02-08 09:43:44.988root 11241100x8000000000000000265308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49865d33dd9ddec62023-02-08 09:43:44.988root 11241100x8000000000000000265307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511fbc9e98cf8f5a2023-02-08 09:43:44.988root 11241100x8000000000000000265323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f358d0fecc47a2023-02-08 09:43:44.989root 11241100x8000000000000000265322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ec598acded24952023-02-08 09:43:44.989root 11241100x8000000000000000265321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e0860ce3e598432023-02-08 09:43:44.989root 11241100x8000000000000000265320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3529f12db9a3e0192023-02-08 09:43:44.989root 11241100x8000000000000000265319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb88dd964796ff7a2023-02-08 09:43:44.989root 11241100x8000000000000000265318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e944e44f8f12ecf82023-02-08 09:43:44.989root 11241100x8000000000000000265317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3884dcb3614d0a2023-02-08 09:43:44.989root 11241100x8000000000000000265316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e8aae67e303a5d2023-02-08 09:43:44.989root 11241100x8000000000000000265327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee43fc4f98bc5e2023-02-08 09:43:44.990root 11241100x8000000000000000265326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf5e2cc53a67f652023-02-08 09:43:44.990root 11241100x8000000000000000265325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f292faaf1a47266a2023-02-08 09:43:44.990root 11241100x8000000000000000265324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e60490788ab55fd2023-02-08 09:43:44.990root 11241100x8000000000000000265329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4ffe6748f84b4c2023-02-08 09:43:45.484root 11241100x8000000000000000265328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910398811d123e6b2023-02-08 09:43:45.484root 11241100x8000000000000000265339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb61aa214c7199ba2023-02-08 09:43:45.485root 11241100x8000000000000000265338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e78d44b119b9c2023-02-08 09:43:45.485root 11241100x8000000000000000265337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055bb45e20c6bf892023-02-08 09:43:45.485root 11241100x8000000000000000265336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367fa9834f23f72b2023-02-08 09:43:45.485root 11241100x8000000000000000265335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77962d59c3ff28e32023-02-08 09:43:45.485root 11241100x8000000000000000265334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bcc0c891c67cfc2023-02-08 09:43:45.485root 11241100x8000000000000000265333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589ae9ba481def792023-02-08 09:43:45.485root 11241100x8000000000000000265332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665c1e45810aa0b2023-02-08 09:43:45.485root 11241100x8000000000000000265331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349a5ee3af3bfb712023-02-08 09:43:45.485root 11241100x8000000000000000265330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff0c8e1da0966ed2023-02-08 09:43:45.485root 11241100x8000000000000000265348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe190921bad31f2023-02-08 09:43:45.486root 11241100x8000000000000000265347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3601cfaade07cac02023-02-08 09:43:45.486root 11241100x8000000000000000265346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bd99ad3be162a02023-02-08 09:43:45.486root 11241100x8000000000000000265345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c33212a78be2d32023-02-08 09:43:45.486root 11241100x8000000000000000265344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655d9901c40b6fc92023-02-08 09:43:45.486root 11241100x8000000000000000265343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8261fc1fe9b2ac2023-02-08 09:43:45.486root 11241100x8000000000000000265342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e05f88b7798ad72023-02-08 09:43:45.486root 11241100x8000000000000000265341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ce74ffa6c2ec792023-02-08 09:43:45.486root 11241100x8000000000000000265340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801cfaccf06dd8832023-02-08 09:43:45.486root 11241100x8000000000000000265356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8150232858a5abb2023-02-08 09:43:45.487root 11241100x8000000000000000265355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9650c829e9fa1622023-02-08 09:43:45.487root 11241100x8000000000000000265354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a00d44c4d0cd8122023-02-08 09:43:45.487root 11241100x8000000000000000265353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b513505bae4c64d2023-02-08 09:43:45.487root 11241100x8000000000000000265352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16406854e1070e962023-02-08 09:43:45.487root 11241100x8000000000000000265351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4d80de7cd924b42023-02-08 09:43:45.487root 11241100x8000000000000000265350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e716b4c7aa1a4ba2023-02-08 09:43:45.487root 11241100x8000000000000000265349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ce3932985bcbc42023-02-08 09:43:45.487root 11241100x8000000000000000265359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af80dbc9371128c2023-02-08 09:43:45.488root 11241100x8000000000000000265358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed16260d960c2e82023-02-08 09:43:45.488root 11241100x8000000000000000265357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b16b6fc232e3c2023-02-08 09:43:45.488root 11241100x8000000000000000265368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8240042bf20be962023-02-08 09:43:45.489root 11241100x8000000000000000265367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133347f283804a652023-02-08 09:43:45.489root 11241100x8000000000000000265366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a376307212796f2023-02-08 09:43:45.489root 11241100x8000000000000000265365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0416da6676a72f2023-02-08 09:43:45.489root 11241100x8000000000000000265364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6627421f9ca5580f2023-02-08 09:43:45.489root 11241100x8000000000000000265363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14129dfee48430802023-02-08 09:43:45.489root 11241100x8000000000000000265362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dc60337f84b6302023-02-08 09:43:45.489root 11241100x8000000000000000265361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec1a843b20b04102023-02-08 09:43:45.489root 11241100x8000000000000000265360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9596361a97e548292023-02-08 09:43:45.489root 11241100x8000000000000000265373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e7334a1c9367d62023-02-08 09:43:45.490root 11241100x8000000000000000265372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b66f52a919aa95e2023-02-08 09:43:45.490root 11241100x8000000000000000265371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa036ba717fc7582023-02-08 09:43:45.490root 11241100x8000000000000000265370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd63368b47858ccf2023-02-08 09:43:45.490root 11241100x8000000000000000265369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e67e62a880cd892023-02-08 09:43:45.490root 11241100x8000000000000000265383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3534456deb4474282023-02-08 09:43:45.985root 11241100x8000000000000000265382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99be58bee9de8d952023-02-08 09:43:45.985root 11241100x8000000000000000265381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1220dc522e74f82023-02-08 09:43:45.985root 11241100x8000000000000000265380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f486b7d66256252023-02-08 09:43:45.985root 11241100x8000000000000000265379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f953eda04325f4a2023-02-08 09:43:45.985root 11241100x8000000000000000265378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330a824f590a7ce2023-02-08 09:43:45.985root 11241100x8000000000000000265377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b675a6a1bde2942023-02-08 09:43:45.985root 11241100x8000000000000000265376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24ad1b896d77fc22023-02-08 09:43:45.985root 11241100x8000000000000000265375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5990956c1bade9d02023-02-08 09:43:45.985root 11241100x8000000000000000265374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e55a7088710204d2023-02-08 09:43:45.985root 11241100x8000000000000000265392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c69a0a2d8fd8f82023-02-08 09:43:45.986root 11241100x8000000000000000265391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad734e173392e902023-02-08 09:43:45.986root 11241100x8000000000000000265390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd23d5e8d3ae26d2023-02-08 09:43:45.986root 11241100x8000000000000000265389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943f1cbfea1052d62023-02-08 09:43:45.986root 11241100x8000000000000000265388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1ce5217bcb3ea92023-02-08 09:43:45.986root 11241100x8000000000000000265387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1045d8ff4d3655c2023-02-08 09:43:45.986root 11241100x8000000000000000265386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4ca7397ecd3e302023-02-08 09:43:45.986root 11241100x8000000000000000265385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfbddb86ab381d2023-02-08 09:43:45.986root 11241100x8000000000000000265384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f5fc5752df551f2023-02-08 09:43:45.986root 11241100x8000000000000000265402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1461f5d768926b2023-02-08 09:43:45.987root 11241100x8000000000000000265401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a1aab7df479ef62023-02-08 09:43:45.987root 11241100x8000000000000000265400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c262cf8b023c52023-02-08 09:43:45.987root 11241100x8000000000000000265399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01b723351e73d612023-02-08 09:43:45.987root 11241100x8000000000000000265398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ce80881f61bc0d2023-02-08 09:43:45.987root 11241100x8000000000000000265397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f2421b59b97f682023-02-08 09:43:45.987root 11241100x8000000000000000265396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d7b47c8ef096ae2023-02-08 09:43:45.987root 11241100x8000000000000000265395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd24ee32037b092023-02-08 09:43:45.987root 11241100x8000000000000000265394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558dc344d5266f482023-02-08 09:43:45.987root 11241100x8000000000000000265393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ae3cd51eee5d932023-02-08 09:43:45.987root 11241100x8000000000000000265412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09e7b09d94b68f72023-02-08 09:43:45.988root 11241100x8000000000000000265411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aae7e9206cee01c2023-02-08 09:43:45.988root 11241100x8000000000000000265410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8ebcd4222bbcac2023-02-08 09:43:45.988root 11241100x8000000000000000265409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c678cade831d39702023-02-08 09:43:45.988root 11241100x8000000000000000265408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ff60b2227c56782023-02-08 09:43:45.988root 11241100x8000000000000000265407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f2f551cd84155a2023-02-08 09:43:45.988root 11241100x8000000000000000265406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58010bb73e6014d22023-02-08 09:43:45.988root 11241100x8000000000000000265405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929777077e18cf242023-02-08 09:43:45.988root 11241100x8000000000000000265404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4325092308a2252023-02-08 09:43:45.988root 11241100x8000000000000000265403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eb2ca6f7c728b72023-02-08 09:43:45.988root 11241100x8000000000000000265418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88865d1c81e727d02023-02-08 09:43:45.989root 11241100x8000000000000000265417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3decf1e5fdece1c82023-02-08 09:43:45.989root 11241100x8000000000000000265416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbe0c642de8f7382023-02-08 09:43:45.989root 11241100x8000000000000000265415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfce4407ace52a92023-02-08 09:43:45.989root 11241100x8000000000000000265414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c42a47e2b56e4c2023-02-08 09:43:45.989root 11241100x8000000000000000265413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455f13df7ccc463a2023-02-08 09:43:45.989root 11241100x8000000000000000265420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f666dcf06667a7862023-02-08 09:43:45.990root 11241100x8000000000000000265419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:45.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b18f20e59bb6b102023-02-08 09:43:45.990root 11241100x8000000000000000265425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d2dfcaac9f605b2023-02-08 09:43:46.484root 11241100x8000000000000000265424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2fa6472651352a2023-02-08 09:43:46.484root 11241100x8000000000000000265423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7947c47e6780a3cf2023-02-08 09:43:46.484root 11241100x8000000000000000265422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca86c46226a0626e2023-02-08 09:43:46.484root 11241100x8000000000000000265421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae33b0d34b8e4782023-02-08 09:43:46.484root 11241100x8000000000000000265434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361d2452cc9d3cc12023-02-08 09:43:46.485root 11241100x8000000000000000265433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b05ba3e96d16ca22023-02-08 09:43:46.485root 11241100x8000000000000000265432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f800dddf486e082023-02-08 09:43:46.485root 11241100x8000000000000000265431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c10749c1b245aac2023-02-08 09:43:46.485root 11241100x8000000000000000265430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77eb69b9f65b9f42023-02-08 09:43:46.485root 11241100x8000000000000000265429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b909b5d588eeb4522023-02-08 09:43:46.485root 11241100x8000000000000000265428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f85fcbc774bf72023-02-08 09:43:46.485root 11241100x8000000000000000265427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2f40e22afeec812023-02-08 09:43:46.485root 11241100x8000000000000000265426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9c2a260b7753e32023-02-08 09:43:46.485root 11241100x8000000000000000265443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853851702c20d7592023-02-08 09:43:46.486root 11241100x8000000000000000265442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e55cec39ba2eb2023-02-08 09:43:46.486root 11241100x8000000000000000265441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbf457bfc4c0f092023-02-08 09:43:46.486root 11241100x8000000000000000265440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c6121d2c3cfa642023-02-08 09:43:46.486root 11241100x8000000000000000265439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96737209ae58005f2023-02-08 09:43:46.486root 11241100x8000000000000000265438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ad11944a5cedc72023-02-08 09:43:46.486root 11241100x8000000000000000265437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab0cf4894ea54302023-02-08 09:43:46.486root 11241100x8000000000000000265436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d91dae0a3dad692023-02-08 09:43:46.486root 11241100x8000000000000000265435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba980a5574a1472c2023-02-08 09:43:46.486root 11241100x8000000000000000265453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4bafd5c80000422023-02-08 09:43:46.487root 11241100x8000000000000000265452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5857e5e0c5b5cd2023-02-08 09:43:46.487root 11241100x8000000000000000265451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1fb9a3efe8d302023-02-08 09:43:46.487root 11241100x8000000000000000265450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d439851775284e942023-02-08 09:43:46.487root 11241100x8000000000000000265449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98760e62ae4b185b2023-02-08 09:43:46.487root 11241100x8000000000000000265448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016254a4f4a210072023-02-08 09:43:46.487root 11241100x8000000000000000265447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd20278c56c6f452023-02-08 09:43:46.487root 11241100x8000000000000000265446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0754f21fdf3e3112023-02-08 09:43:46.487root 11241100x8000000000000000265445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4da58fa9175db2023-02-08 09:43:46.487root 11241100x8000000000000000265444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9a2c25069f943a2023-02-08 09:43:46.487root 11241100x8000000000000000265463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8369d99ef28dd02023-02-08 09:43:46.488root 11241100x8000000000000000265462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a678fc215ef49dcf2023-02-08 09:43:46.488root 11241100x8000000000000000265461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cab1b0805a55b32023-02-08 09:43:46.488root 11241100x8000000000000000265460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924042bc003df8032023-02-08 09:43:46.488root 11241100x8000000000000000265459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e81db3e9179a112023-02-08 09:43:46.488root 11241100x8000000000000000265458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934fdf10ff4eb0412023-02-08 09:43:46.488root 11241100x8000000000000000265457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d67be5577dbbba2023-02-08 09:43:46.488root 11241100x8000000000000000265456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de58d1619707fffd2023-02-08 09:43:46.488root 11241100x8000000000000000265455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f3051fa379d2ab2023-02-08 09:43:46.488root 11241100x8000000000000000265454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a56fd09f2b3e1db2023-02-08 09:43:46.488root 11241100x8000000000000000265470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77e8f3a4573a52e2023-02-08 09:43:46.489root 11241100x8000000000000000265469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da5eca4c4fcbb72023-02-08 09:43:46.489root 11241100x8000000000000000265468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207403109327592e2023-02-08 09:43:46.489root 11241100x8000000000000000265467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7283b7a56375d92023-02-08 09:43:46.489root 11241100x8000000000000000265466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c25b32bc1b39bc2023-02-08 09:43:46.489root 11241100x8000000000000000265465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18632fc5af51a7c52023-02-08 09:43:46.489root 11241100x8000000000000000265464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadbe80a433ece162023-02-08 09:43:46.489root 11241100x8000000000000000265479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f2378c91055f022023-02-08 09:43:46.985root 11241100x8000000000000000265478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee70bd903fd036dc2023-02-08 09:43:46.985root 11241100x8000000000000000265477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58601830c8a25672023-02-08 09:43:46.985root 11241100x8000000000000000265476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a79815e17974feb2023-02-08 09:43:46.985root 11241100x8000000000000000265475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f25cd29b44614dc2023-02-08 09:43:46.985root 11241100x8000000000000000265474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a59280a61547e5f2023-02-08 09:43:46.985root 11241100x8000000000000000265473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd33b6126f6c97f2023-02-08 09:43:46.985root 11241100x8000000000000000265472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc7c97a62842972023-02-08 09:43:46.985root 11241100x8000000000000000265471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d258148e33f9602023-02-08 09:43:46.985root 11241100x8000000000000000265489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d499d20c90b98a22023-02-08 09:43:46.986root 11241100x8000000000000000265488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344a427b5d7444962023-02-08 09:43:46.986root 11241100x8000000000000000265487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ef85678122c8ec2023-02-08 09:43:46.986root 11241100x8000000000000000265486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dafd918bb739ca2023-02-08 09:43:46.986root 11241100x8000000000000000265485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a724010cff79892023-02-08 09:43:46.986root 11241100x8000000000000000265484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9070b90ce02da22023-02-08 09:43:46.986root 11241100x8000000000000000265483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c87acfc20973222023-02-08 09:43:46.986root 11241100x8000000000000000265482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e7ac9ead2bbe782023-02-08 09:43:46.986root 11241100x8000000000000000265481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87443fd11c765a9d2023-02-08 09:43:46.986root 11241100x8000000000000000265480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b183fa9a5d252d02023-02-08 09:43:46.986root 11241100x8000000000000000265498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b807ebf9f63a16ec2023-02-08 09:43:46.987root 11241100x8000000000000000265497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8a122241d0a1682023-02-08 09:43:46.987root 11241100x8000000000000000265496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726a686a8aa802e02023-02-08 09:43:46.987root 11241100x8000000000000000265495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e4fb16cc0dc8d2023-02-08 09:43:46.987root 11241100x8000000000000000265494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8eca7d6066b6d22023-02-08 09:43:46.987root 11241100x8000000000000000265493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcc67b9646002862023-02-08 09:43:46.987root 11241100x8000000000000000265492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc674707cb304212023-02-08 09:43:46.987root 11241100x8000000000000000265491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b21409fc767da32023-02-08 09:43:46.987root 11241100x8000000000000000265490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3295c835eb04f22023-02-08 09:43:46.987root 11241100x8000000000000000265508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa8ea8e6e847a12023-02-08 09:43:46.988root 11241100x8000000000000000265507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914458d74f0b5272023-02-08 09:43:46.988root 11241100x8000000000000000265506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc143125869716f12023-02-08 09:43:46.988root 11241100x8000000000000000265505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c358af68c78dd672023-02-08 09:43:46.988root 11241100x8000000000000000265504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c15fe69b075dca2023-02-08 09:43:46.988root 11241100x8000000000000000265503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ccd1261fcc7a62023-02-08 09:43:46.988root 11241100x8000000000000000265502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a6c7bfe0bb2fb92023-02-08 09:43:46.988root 11241100x8000000000000000265501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ca2db29001821d2023-02-08 09:43:46.988root 11241100x8000000000000000265500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7dc180117512f42023-02-08 09:43:46.988root 11241100x8000000000000000265499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f188bd93063561ea2023-02-08 09:43:46.988root 11241100x8000000000000000265517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398354133b57d9242023-02-08 09:43:46.989root 11241100x8000000000000000265516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d12e71454ec38b2023-02-08 09:43:46.989root 11241100x8000000000000000265515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a87c00ffc84f2072023-02-08 09:43:46.989root 11241100x8000000000000000265514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ce3da2855bcd92023-02-08 09:43:46.989root 11241100x8000000000000000265513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b41f8969f6a7fb2023-02-08 09:43:46.989root 11241100x8000000000000000265512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b063bda7c60f5a9a2023-02-08 09:43:46.989root 11241100x8000000000000000265511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4984919956c3c1912023-02-08 09:43:46.989root 11241100x8000000000000000265510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a7f74aa9cdf7d12023-02-08 09:43:46.989root 11241100x8000000000000000265509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ff7ca9471cd2a82023-02-08 09:43:46.989root 11241100x8000000000000000265518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:46.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9b59492206e802023-02-08 09:43:46.990root 11241100x8000000000000000265524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c59d14a00584b02023-02-08 09:43:47.484root 11241100x8000000000000000265523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a061e997a728982023-02-08 09:43:47.484root 11241100x8000000000000000265522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56ff28911468cde2023-02-08 09:43:47.484root 11241100x8000000000000000265521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be34b907f246e3a2023-02-08 09:43:47.484root 11241100x8000000000000000265520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29c3ce5502c615a2023-02-08 09:43:47.484root 11241100x8000000000000000265519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39154cf2219126572023-02-08 09:43:47.484root 11241100x8000000000000000265533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2696ec2ce44c28c2023-02-08 09:43:47.485root 11241100x8000000000000000265532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58f88159a1189762023-02-08 09:43:47.485root 11241100x8000000000000000265531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5b1dba91097ae32023-02-08 09:43:47.485root 11241100x8000000000000000265530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222d7b73e04196b92023-02-08 09:43:47.485root 11241100x8000000000000000265529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e712649ee6fa2b12023-02-08 09:43:47.485root 11241100x8000000000000000265528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19b32478b8e028d2023-02-08 09:43:47.485root 11241100x8000000000000000265527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eb1b7d261a2c8e2023-02-08 09:43:47.485root 11241100x8000000000000000265526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c6a6e5876f89302023-02-08 09:43:47.485root 11241100x8000000000000000265525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2026a88f15658b742023-02-08 09:43:47.485root 11241100x8000000000000000265540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e834eeeddde19b2023-02-08 09:43:47.486root 11241100x8000000000000000265539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375f8da94a3390e92023-02-08 09:43:47.486root 11241100x8000000000000000265538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a107d0ec63c202023-02-08 09:43:47.486root 11241100x8000000000000000265537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b36c3bcd54d8d252023-02-08 09:43:47.486root 11241100x8000000000000000265536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0713a64d33bf84cf2023-02-08 09:43:47.486root 11241100x8000000000000000265535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555ef2ba5f071c2d2023-02-08 09:43:47.486root 11241100x8000000000000000265534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9860397cbe6630042023-02-08 09:43:47.486root 11241100x8000000000000000265544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c45526967362a2023-02-08 09:43:47.487root 11241100x8000000000000000265543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb174a291f505362023-02-08 09:43:47.487root 11241100x8000000000000000265542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f784a4f60e6ad2023-02-08 09:43:47.487root 11241100x8000000000000000265541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be7c5781aad9bc2023-02-08 09:43:47.487root 11241100x8000000000000000265552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84bec8ac3bc9a62023-02-08 09:43:47.488root 11241100x8000000000000000265551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fe5e623fdcecd22023-02-08 09:43:47.488root 11241100x8000000000000000265550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabb2c098091a3612023-02-08 09:43:47.488root 11241100x8000000000000000265549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb91530da6f713842023-02-08 09:43:47.488root 11241100x8000000000000000265548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1575e94270b3ed3c2023-02-08 09:43:47.488root 11241100x8000000000000000265547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46ae88be0756952023-02-08 09:43:47.488root 11241100x8000000000000000265546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc52ac6c5ecc6f22023-02-08 09:43:47.488root 11241100x8000000000000000265545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff22e37822c31382023-02-08 09:43:47.488root 11241100x8000000000000000265561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d731afbb3b6ee40a2023-02-08 09:43:47.489root 11241100x8000000000000000265560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8348246cff11912d2023-02-08 09:43:47.489root 11241100x8000000000000000265559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4cf1ea218875932023-02-08 09:43:47.489root 11241100x8000000000000000265558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0165f6b124802f82023-02-08 09:43:47.489root 11241100x8000000000000000265557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2ac001a84a20d82023-02-08 09:43:47.489root 11241100x8000000000000000265556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764300b2f14a46bd2023-02-08 09:43:47.489root 11241100x8000000000000000265555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be113b64647e532023-02-08 09:43:47.489root 11241100x8000000000000000265554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a45208d55279be62023-02-08 09:43:47.489root 11241100x8000000000000000265553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a219e127eaabc5e2023-02-08 09:43:47.489root 11241100x8000000000000000265569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e549f978210632023-02-08 09:43:47.490root 11241100x8000000000000000265568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8891a6f98992e8f2023-02-08 09:43:47.490root 11241100x8000000000000000265567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bca435d42df0b12023-02-08 09:43:47.490root 11241100x8000000000000000265566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c47069215bc3032023-02-08 09:43:47.490root 11241100x8000000000000000265565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76253cef52dcd222023-02-08 09:43:47.490root 11241100x8000000000000000265564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba076e2d19fdaf942023-02-08 09:43:47.490root 11241100x8000000000000000265563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeaa3fdcc850af32023-02-08 09:43:47.490root 11241100x8000000000000000265562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb8b9f54933db522023-02-08 09:43:47.490root 11241100x8000000000000000265577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160f292c544e57802023-02-08 09:43:47.491root 11241100x8000000000000000265576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d86204d24a63f742023-02-08 09:43:47.491root 11241100x8000000000000000265575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cc6be9b6e79c4d2023-02-08 09:43:47.491root 11241100x8000000000000000265574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e339549374fbd02023-02-08 09:43:47.491root 11241100x8000000000000000265573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6809863b87df8162023-02-08 09:43:47.491root 11241100x8000000000000000265572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0ad684becf10c82023-02-08 09:43:47.491root 11241100x8000000000000000265571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cddcce90a02c05c2023-02-08 09:43:47.491root 11241100x8000000000000000265570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526eaeb7aa4b69682023-02-08 09:43:47.491root 11241100x8000000000000000265586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cef5e624298e7b2023-02-08 09:43:47.492root 11241100x8000000000000000265585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529ed5297b67fb342023-02-08 09:43:47.492root 11241100x8000000000000000265584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ddf3d5b3f0a0012023-02-08 09:43:47.492root 11241100x8000000000000000265583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f512ba2eef445fb2023-02-08 09:43:47.492root 11241100x8000000000000000265582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2a66afd4fded212023-02-08 09:43:47.492root 11241100x8000000000000000265581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0778f04b896a20d2023-02-08 09:43:47.492root 11241100x8000000000000000265580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07a6732f81f49f32023-02-08 09:43:47.492root 11241100x8000000000000000265579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfa89d20b64d992023-02-08 09:43:47.492root 11241100x8000000000000000265578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c29bebf169ac5e2023-02-08 09:43:47.492root 11241100x8000000000000000265589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24630d3803970a232023-02-08 09:43:47.493root 11241100x8000000000000000265588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ec5ae3cb7c4e102023-02-08 09:43:47.493root 11241100x8000000000000000265587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f04ba24471e3792023-02-08 09:43:47.493root 11241100x8000000000000000265590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a0beb36d9e0432023-02-08 09:43:47.984root 11241100x8000000000000000265599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016e82cde5829b872023-02-08 09:43:47.985root 11241100x8000000000000000265598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c8e91818a5a522023-02-08 09:43:47.985root 11241100x8000000000000000265597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1fd276cd0364692023-02-08 09:43:47.985root 11241100x8000000000000000265596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c5ed1dd67292c62023-02-08 09:43:47.985root 11241100x8000000000000000265595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3188a18b3c9f562023-02-08 09:43:47.985root 11241100x8000000000000000265594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68dfc922faa02242023-02-08 09:43:47.985root 11241100x8000000000000000265593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5719b853480837ed2023-02-08 09:43:47.985root 11241100x8000000000000000265592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eee156520dbd762023-02-08 09:43:47.985root 11241100x8000000000000000265591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20eeb2ac92195032023-02-08 09:43:47.985root 11241100x8000000000000000265608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86456163b7d228c02023-02-08 09:43:47.986root 11241100x8000000000000000265607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f752672236b972023-02-08 09:43:47.986root 11241100x8000000000000000265606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc26495000a17c202023-02-08 09:43:47.986root 11241100x8000000000000000265605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f938ad7b63b52fdc2023-02-08 09:43:47.986root 11241100x8000000000000000265604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daccaa0ff71029a42023-02-08 09:43:47.986root 11241100x8000000000000000265603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239ff3c9d51fca2a2023-02-08 09:43:47.986root 11241100x8000000000000000265602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf58dfd725a487982023-02-08 09:43:47.986root 11241100x8000000000000000265601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36d0b7f5cde70342023-02-08 09:43:47.986root 11241100x8000000000000000265600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9ff4209ee175182023-02-08 09:43:47.986root 11241100x8000000000000000265617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5167291f86ee6b192023-02-08 09:43:47.987root 11241100x8000000000000000265616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f29257f5527962023-02-08 09:43:47.987root 11241100x8000000000000000265615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4a1c0af2c042f92023-02-08 09:43:47.987root 11241100x8000000000000000265614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92bb75803d0fd642023-02-08 09:43:47.987root 11241100x8000000000000000265613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9589493cc84e22d2023-02-08 09:43:47.987root 11241100x8000000000000000265612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6f68c5a042d8572023-02-08 09:43:47.987root 11241100x8000000000000000265611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab75aaf9b534bd2023-02-08 09:43:47.987root 11241100x8000000000000000265610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756d5f00ba3bc02b2023-02-08 09:43:47.987root 11241100x8000000000000000265609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4b81aed7063ba2023-02-08 09:43:47.987root 11241100x8000000000000000265625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196bcb0fddc9e0dc2023-02-08 09:43:47.988root 11241100x8000000000000000265624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74c8755f1896a7a2023-02-08 09:43:47.988root 11241100x8000000000000000265623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca431e53f0271482023-02-08 09:43:47.988root 11241100x8000000000000000265622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cf3ba99217a8b12023-02-08 09:43:47.988root 11241100x8000000000000000265621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50911a808447e472023-02-08 09:43:47.988root 11241100x8000000000000000265620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c883a5f279cdf2023-02-08 09:43:47.988root 11241100x8000000000000000265619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e47dca782621f322023-02-08 09:43:47.988root 11241100x8000000000000000265618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd691a5d8b49a472023-02-08 09:43:47.988root 11241100x8000000000000000265634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb8154f413dea92023-02-08 09:43:47.989root 11241100x8000000000000000265633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb643830284513cc2023-02-08 09:43:47.989root 11241100x8000000000000000265632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d310474c07c0b92023-02-08 09:43:47.989root 11241100x8000000000000000265631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce188074ecead892023-02-08 09:43:47.989root 11241100x8000000000000000265630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d814f7d20e4e112023-02-08 09:43:47.989root 11241100x8000000000000000265629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cb59b6754b8ec2023-02-08 09:43:47.989root 11241100x8000000000000000265628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eaeedbcf2da0c72023-02-08 09:43:47.989root 11241100x8000000000000000265627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e5b4ed39866672023-02-08 09:43:47.989root 11241100x8000000000000000265626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8080a12aa6100bf2023-02-08 09:43:47.989root 11241100x8000000000000000265636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ba09e5bf7798b72023-02-08 09:43:47.990root 11241100x8000000000000000265635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a3d02866728cb32023-02-08 09:43:47.990root 11241100x8000000000000000265638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b52c6ed462f6a72023-02-08 09:43:48.484root 11241100x8000000000000000265637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248d984c9835e79e2023-02-08 09:43:48.484root 11241100x8000000000000000265647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fa3fc235b3d0b52023-02-08 09:43:48.485root 11241100x8000000000000000265646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0476cdba2dd12b082023-02-08 09:43:48.485root 11241100x8000000000000000265645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7966d4d7df00684a2023-02-08 09:43:48.485root 11241100x8000000000000000265644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de7fb51376a395a2023-02-08 09:43:48.485root 11241100x8000000000000000265643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d25028a5d1389e2023-02-08 09:43:48.485root 11241100x8000000000000000265642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b32f89e2bd89a632023-02-08 09:43:48.485root 11241100x8000000000000000265641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f6afb8ff84a34d2023-02-08 09:43:48.485root 11241100x8000000000000000265640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc9094398fd6a032023-02-08 09:43:48.485root 11241100x8000000000000000265639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585c344a80ed24372023-02-08 09:43:48.485root 11241100x8000000000000000265656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38ff29a19f602ee2023-02-08 09:43:48.486root 11241100x8000000000000000265655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e888e1d5c38682023-02-08 09:43:48.486root 11241100x8000000000000000265654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94140be7437858042023-02-08 09:43:48.486root 11241100x8000000000000000265653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d385c42d2b310f42023-02-08 09:43:48.486root 11241100x8000000000000000265652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e88d6f4e1140f342023-02-08 09:43:48.486root 11241100x8000000000000000265651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819da3622b827e102023-02-08 09:43:48.486root 11241100x8000000000000000265650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6af64968689ff72023-02-08 09:43:48.486root 11241100x8000000000000000265649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b89350d7f839402023-02-08 09:43:48.486root 11241100x8000000000000000265648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834589e4915b578c2023-02-08 09:43:48.486root 11241100x8000000000000000265663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3045056978497cb22023-02-08 09:43:48.487root 11241100x8000000000000000265662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d964e9925844132a2023-02-08 09:43:48.487root 11241100x8000000000000000265661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942196b533594ad62023-02-08 09:43:48.487root 11241100x8000000000000000265660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d382190c0560278c2023-02-08 09:43:48.487root 11241100x8000000000000000265659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af51d490639ae1652023-02-08 09:43:48.487root 11241100x8000000000000000265658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa396f158095e67a2023-02-08 09:43:48.487root 11241100x8000000000000000265657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a536394b4cb95f862023-02-08 09:43:48.487root 11241100x8000000000000000265667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab6893278bca082023-02-08 09:43:48.488root 11241100x8000000000000000265666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb32dde998c06a72023-02-08 09:43:48.488root 11241100x8000000000000000265665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b9ef50db34bedd2023-02-08 09:43:48.488root 11241100x8000000000000000265664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2150fd73884047c72023-02-08 09:43:48.488root 11241100x8000000000000000265673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3872e2204777dec02023-02-08 09:43:48.489root 11241100x8000000000000000265672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017cf73e140242622023-02-08 09:43:48.489root 11241100x8000000000000000265671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ce4dda7db4ae7f2023-02-08 09:43:48.489root 11241100x8000000000000000265670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee6458199ce55a22023-02-08 09:43:48.489root 11241100x8000000000000000265669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f735c7defc1082023-02-08 09:43:48.489root 11241100x8000000000000000265668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f89bac61146b9f2023-02-08 09:43:48.489root 11241100x8000000000000000265680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a664d1a59e45b2023-02-08 09:43:48.490root 11241100x8000000000000000265679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9ddd5161e1f3542023-02-08 09:43:48.490root 11241100x8000000000000000265678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79361fd90b2344cd2023-02-08 09:43:48.490root 11241100x8000000000000000265677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0de4cb52b6034242023-02-08 09:43:48.490root 11241100x8000000000000000265676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6b6dafa37535f42023-02-08 09:43:48.490root 11241100x8000000000000000265675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075a9cd7b335d5822023-02-08 09:43:48.490root 11241100x8000000000000000265674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8be4e774f5b5942023-02-08 09:43:48.490root 11241100x8000000000000000265684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d067fe0a65cf922023-02-08 09:43:48.491root 11241100x8000000000000000265683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ac9501d60e3d042023-02-08 09:43:48.491root 11241100x8000000000000000265682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f91a49c3465b3de2023-02-08 09:43:48.491root 11241100x8000000000000000265681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c50f05921e4c842023-02-08 09:43:48.491root 11241100x8000000000000000265691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bf77f2141470c72023-02-08 09:43:48.984root 11241100x8000000000000000265690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a95d3779edfe592023-02-08 09:43:48.984root 11241100x8000000000000000265689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410ddda359fdfb112023-02-08 09:43:48.984root 11241100x8000000000000000265688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84105ba038519fd32023-02-08 09:43:48.984root 11241100x8000000000000000265687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481e55eec7302012023-02-08 09:43:48.984root 11241100x8000000000000000265686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3834b0f9741051602023-02-08 09:43:48.984root 11241100x8000000000000000265685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b1065155eccbf22023-02-08 09:43:48.984root 11241100x8000000000000000265700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a29a76dbf156262023-02-08 09:43:48.985root 11241100x8000000000000000265699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a7806b6f698d02023-02-08 09:43:48.985root 11241100x8000000000000000265698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba45cde5dc6820b2023-02-08 09:43:48.985root 11241100x8000000000000000265697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5842d22e04f4bf792023-02-08 09:43:48.985root 11241100x8000000000000000265696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9d42e85d9985662023-02-08 09:43:48.985root 11241100x8000000000000000265695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49ea33defb77cd2023-02-08 09:43:48.985root 11241100x8000000000000000265694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffec632e050a2932023-02-08 09:43:48.985root 11241100x8000000000000000265693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19824f1ca6f52e72023-02-08 09:43:48.985root 11241100x8000000000000000265692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a06d761f821162e2023-02-08 09:43:48.985root 11241100x8000000000000000265709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47f907e5dada2a2023-02-08 09:43:48.986root 11241100x8000000000000000265708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03777af40640c972023-02-08 09:43:48.986root 11241100x8000000000000000265707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098be9d01ee6780c2023-02-08 09:43:48.986root 11241100x8000000000000000265706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c36c6a88e9b57d2023-02-08 09:43:48.986root 11241100x8000000000000000265705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657332c24970ff9c2023-02-08 09:43:48.986root 11241100x8000000000000000265704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260c219f805620632023-02-08 09:43:48.986root 11241100x8000000000000000265703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff8e3710e727762023-02-08 09:43:48.986root 11241100x8000000000000000265702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e81863fdcac09a2023-02-08 09:43:48.986root 11241100x8000000000000000265701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a47d609f9bcf1d62023-02-08 09:43:48.986root 11241100x8000000000000000265716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905630a8a3cbc9312023-02-08 09:43:48.987root 11241100x8000000000000000265715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4658e45e09f831ce2023-02-08 09:43:48.987root 11241100x8000000000000000265714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e213b08abae8c2023-02-08 09:43:48.987root 11241100x8000000000000000265713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c9864c3924ac022023-02-08 09:43:48.987root 11241100x8000000000000000265712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40a5e6a71da29ed2023-02-08 09:43:48.987root 11241100x8000000000000000265711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268bf45223a745ad2023-02-08 09:43:48.987root 11241100x8000000000000000265710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8d06774874ca5d2023-02-08 09:43:48.987root 11241100x8000000000000000265723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c077fa4021d98d32023-02-08 09:43:48.988root 11241100x8000000000000000265722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76d768c51bff9382023-02-08 09:43:48.988root 11241100x8000000000000000265721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f963180d244322852023-02-08 09:43:48.988root 11241100x8000000000000000265720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5706274cc3f454d2023-02-08 09:43:48.988root 11241100x8000000000000000265719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0140c7508822f3f2023-02-08 09:43:48.988root 11241100x8000000000000000265718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2aa92921b977162023-02-08 09:43:48.988root 11241100x8000000000000000265717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b67cf178cfd271d2023-02-08 09:43:48.988root 11241100x8000000000000000265731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9f5cf1695ae8cb2023-02-08 09:43:48.989root 11241100x8000000000000000265730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77a0315bf4be1b42023-02-08 09:43:48.989root 11241100x8000000000000000265729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c684f781ac547f422023-02-08 09:43:48.989root 11241100x8000000000000000265728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f202183ad03a0e8a2023-02-08 09:43:48.989root 11241100x8000000000000000265727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e7a52757011d002023-02-08 09:43:48.989root 11241100x8000000000000000265726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970bc6d99de454542023-02-08 09:43:48.989root 11241100x8000000000000000265725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6123aeddf397a0352023-02-08 09:43:48.989root 11241100x8000000000000000265724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37da92f1ae488522023-02-08 09:43:48.989root 11241100x8000000000000000265736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a371d1298d2eeada2023-02-08 09:43:48.990root 11241100x8000000000000000265735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48399aceb4767602023-02-08 09:43:48.990root 11241100x8000000000000000265734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8b7b685881e1f52023-02-08 09:43:48.990root 11241100x8000000000000000265733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cad8b403e0ed582023-02-08 09:43:48.990root 11241100x8000000000000000265732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220abadc0f3896772023-02-08 09:43:48.990root 11241100x8000000000000000265740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296865bbceceb8a72023-02-08 09:43:48.991root 11241100x8000000000000000265739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7fcd8cfca979ff2023-02-08 09:43:48.991root 11241100x8000000000000000265738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9573afc3b5abc562023-02-08 09:43:48.991root 11241100x8000000000000000265737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:48.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc938ab777ba3582023-02-08 09:43:48.991root 354300x8000000000000000265741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.158{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47884-false10.0.1.12-8000- 11241100x8000000000000000265742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420d4c98fb0c95c2023-02-08 09:43:49.484root 11241100x8000000000000000265750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e4b774f011178e2023-02-08 09:43:49.485root 11241100x8000000000000000265749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b90647c09380d992023-02-08 09:43:49.485root 11241100x8000000000000000265748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ec107cff23e30b2023-02-08 09:43:49.485root 11241100x8000000000000000265747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027dc7e472cc50d22023-02-08 09:43:49.485root 11241100x8000000000000000265746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d83797cdd0b08212023-02-08 09:43:49.485root 11241100x8000000000000000265745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e580021b8074bdf2023-02-08 09:43:49.485root 11241100x8000000000000000265744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee38107067071f62023-02-08 09:43:49.485root 11241100x8000000000000000265743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317947fe56ed92672023-02-08 09:43:49.485root 11241100x8000000000000000265762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ea114ed655abb42023-02-08 09:43:49.486root 11241100x8000000000000000265761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e00553454ffc4c52023-02-08 09:43:49.486root 11241100x8000000000000000265760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c70504cf82bae32023-02-08 09:43:49.486root 11241100x8000000000000000265759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b6e807166aadf62023-02-08 09:43:49.486root 11241100x8000000000000000265758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec82644bbfa455312023-02-08 09:43:49.486root 11241100x8000000000000000265757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd86b1033dd85032023-02-08 09:43:49.486root 11241100x8000000000000000265756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6206416018c7f85c2023-02-08 09:43:49.486root 11241100x8000000000000000265755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7201173fe986292023-02-08 09:43:49.486root 11241100x8000000000000000265754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8c5a77041879a2023-02-08 09:43:49.486root 11241100x8000000000000000265753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efbfb98372fc29f2023-02-08 09:43:49.486root 11241100x8000000000000000265752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52e7e01b431e7822023-02-08 09:43:49.486root 11241100x8000000000000000265751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae5fdfc90206ca32023-02-08 09:43:49.486root 11241100x8000000000000000265775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48170e86185b25242023-02-08 09:43:49.487root 11241100x8000000000000000265774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ffd5e5548fbc4b2023-02-08 09:43:49.487root 11241100x8000000000000000265773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce8fcc5c8d1ed42023-02-08 09:43:49.487root 11241100x8000000000000000265772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4113cc65a1d92102023-02-08 09:43:49.487root 11241100x8000000000000000265771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f8534502aac49f2023-02-08 09:43:49.487root 11241100x8000000000000000265770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ff993f444ea702023-02-08 09:43:49.487root 11241100x8000000000000000265769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b812ff6c437de632023-02-08 09:43:49.487root 11241100x8000000000000000265768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b508b9bfdf8a6a2023-02-08 09:43:49.487root 11241100x8000000000000000265767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8404cf24109e3ce42023-02-08 09:43:49.487root 11241100x8000000000000000265766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586b5bb10d0fb3d92023-02-08 09:43:49.487root 11241100x8000000000000000265765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a36a0ebab05942023-02-08 09:43:49.487root 11241100x8000000000000000265764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7729633b797c05c2023-02-08 09:43:49.487root 11241100x8000000000000000265763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c1911f835915032023-02-08 09:43:49.487root 11241100x8000000000000000265788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e15388d0925ebf62023-02-08 09:43:49.488root 11241100x8000000000000000265787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda50c567f82acc42023-02-08 09:43:49.488root 11241100x8000000000000000265786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b2e385d614f7932023-02-08 09:43:49.488root 11241100x8000000000000000265785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a11d0baedf392002023-02-08 09:43:49.488root 11241100x8000000000000000265784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0105fadab4f742932023-02-08 09:43:49.488root 11241100x8000000000000000265783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ddc411f6b51b72023-02-08 09:43:49.488root 11241100x8000000000000000265782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad0810ef2ad0e12023-02-08 09:43:49.488root 11241100x8000000000000000265781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d432e9842d4027f2023-02-08 09:43:49.488root 11241100x8000000000000000265780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b4c386adb9b232023-02-08 09:43:49.488root 11241100x8000000000000000265779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529cadafd52835b32023-02-08 09:43:49.488root 11241100x8000000000000000265778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed0b5ee58eea99b2023-02-08 09:43:49.488root 11241100x8000000000000000265777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa7bca3211702b42023-02-08 09:43:49.488root 11241100x8000000000000000265776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ec6772bbf8ada12023-02-08 09:43:49.488root 11241100x8000000000000000265791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9837eefe8451ae8a2023-02-08 09:43:49.985root 11241100x8000000000000000265790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a695447128ca3072023-02-08 09:43:49.985root 11241100x8000000000000000265789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae00157a632a0ea2023-02-08 09:43:49.985root 11241100x8000000000000000265796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8979b172c1ff1c2023-02-08 09:43:49.986root 11241100x8000000000000000265795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a028c70f989f473e2023-02-08 09:43:49.986root 11241100x8000000000000000265794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4341fc08dfdb442023-02-08 09:43:49.986root 11241100x8000000000000000265793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ae3e38053fd63a2023-02-08 09:43:49.986root 11241100x8000000000000000265792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d244c6040fd19a2023-02-08 09:43:49.986root 11241100x8000000000000000265802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b777e1dc07a55b72023-02-08 09:43:49.987root 11241100x8000000000000000265801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21803ff7133c0202023-02-08 09:43:49.987root 11241100x8000000000000000265800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944f4b202ee023272023-02-08 09:43:49.987root 11241100x8000000000000000265799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ac7263c6de4202023-02-08 09:43:49.987root 11241100x8000000000000000265798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570874e1cfabe41a2023-02-08 09:43:49.987root 11241100x8000000000000000265797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29b38e344e1c37c2023-02-08 09:43:49.987root 11241100x8000000000000000265809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b75e6105f371232023-02-08 09:43:49.988root 11241100x8000000000000000265808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048fa6eb69ae89b92023-02-08 09:43:49.988root 11241100x8000000000000000265807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050362a542ab69d92023-02-08 09:43:49.988root 11241100x8000000000000000265806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dcc10f8655364c2023-02-08 09:43:49.988root 11241100x8000000000000000265805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a108be9371d6ffb2023-02-08 09:43:49.988root 11241100x8000000000000000265804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eefbd69af1ff3632023-02-08 09:43:49.988root 11241100x8000000000000000265803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cbe5b36c2969bb2023-02-08 09:43:49.988root 11241100x8000000000000000265814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05605bf96ce562f2023-02-08 09:43:49.989root 11241100x8000000000000000265813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fadb07eff861e82023-02-08 09:43:49.989root 11241100x8000000000000000265812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c361c97a7c24a402023-02-08 09:43:49.989root 11241100x8000000000000000265811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af70289984188042023-02-08 09:43:49.989root 11241100x8000000000000000265810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557720080d9830a2023-02-08 09:43:49.989root 11241100x8000000000000000265825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1569a4ea4b32822023-02-08 09:43:49.990root 11241100x8000000000000000265824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ef061ee77a12692023-02-08 09:43:49.990root 11241100x8000000000000000265823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6eab45f7fbb2e2023-02-08 09:43:49.990root 11241100x8000000000000000265822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba73ba9b5f3ea3ab2023-02-08 09:43:49.990root 11241100x8000000000000000265821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018c704abb04c3262023-02-08 09:43:49.990root 11241100x8000000000000000265820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e207cecb9ed76062023-02-08 09:43:49.990root 11241100x8000000000000000265819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993edf779fa79bc2023-02-08 09:43:49.990root 11241100x8000000000000000265818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8284f5dc89b04e402023-02-08 09:43:49.990root 11241100x8000000000000000265817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da82f0b79b4d32122023-02-08 09:43:49.990root 11241100x8000000000000000265816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac9660f3fad3d942023-02-08 09:43:49.990root 11241100x8000000000000000265815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159aba0d1ae1eb992023-02-08 09:43:49.990root 11241100x8000000000000000265836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7987aae414f5c7b22023-02-08 09:43:49.991root 11241100x8000000000000000265835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f5871473157e92023-02-08 09:43:49.991root 11241100x8000000000000000265834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141b05069d8347282023-02-08 09:43:49.991root 11241100x8000000000000000265833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc71cb8229a6de532023-02-08 09:43:49.991root 11241100x8000000000000000265832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb54a2c56bfc8c442023-02-08 09:43:49.991root 11241100x8000000000000000265831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d0ece4619768832023-02-08 09:43:49.991root 11241100x8000000000000000265830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebf85d1cfa8119d2023-02-08 09:43:49.991root 11241100x8000000000000000265829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5d2a416e4a7bd42023-02-08 09:43:49.991root 11241100x8000000000000000265828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9f6449be17034a2023-02-08 09:43:49.991root 11241100x8000000000000000265827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec4f2976e6dc4832023-02-08 09:43:49.991root 11241100x8000000000000000265826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9c51d506c64d72023-02-08 09:43:49.991root 534500x8000000000000000265837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.253{00000000-0000-0000-0000-000000000000}5746<unknown process>root 11241100x8000000000000000265840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b990cf1683e714792023-02-08 09:43:50.254root 11241100x8000000000000000265839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a559fa0b330ada22023-02-08 09:43:50.254root 11241100x8000000000000000265838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79201e34ba8e4a852023-02-08 09:43:50.254root 11241100x8000000000000000265844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deda49fe5d91db472023-02-08 09:43:50.255root 11241100x8000000000000000265843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49332046893cc6982023-02-08 09:43:50.255root 11241100x8000000000000000265842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1431ebcc5073f1c92023-02-08 09:43:50.255root 11241100x8000000000000000265841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addcbd67b4335c432023-02-08 09:43:50.255root 11241100x8000000000000000265851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe6144b56a1db2c2023-02-08 09:43:50.256root 11241100x8000000000000000265850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e71ba7bf44cb052023-02-08 09:43:50.256root 11241100x8000000000000000265849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b3289c6afa5a742023-02-08 09:43:50.256root 11241100x8000000000000000265848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193fa18a5ba44d722023-02-08 09:43:50.256root 11241100x8000000000000000265847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6f507b16a71deb2023-02-08 09:43:50.256root 11241100x8000000000000000265846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b33235203eccb6c2023-02-08 09:43:50.256root 11241100x8000000000000000265845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bbf51ef3c05a0c2023-02-08 09:43:50.256root 11241100x8000000000000000265855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32dd16e7ba7a66b2023-02-08 09:43:50.257root 11241100x8000000000000000265854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067b14667b50cbd02023-02-08 09:43:50.257root 11241100x8000000000000000265853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d52c43e614cdec2023-02-08 09:43:50.257root 11241100x8000000000000000265852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545bc263f9d859d92023-02-08 09:43:50.257root 11241100x8000000000000000265858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792b0bc55ccdabbd2023-02-08 09:43:50.258root 11241100x8000000000000000265857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b47eea51d5fc42023-02-08 09:43:50.258root 11241100x8000000000000000265856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ef44a2a1643c292023-02-08 09:43:50.258root 11241100x8000000000000000265867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e971d6079f550a02023-02-08 09:43:50.259root 11241100x8000000000000000265866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa39c7ed9aade9f92023-02-08 09:43:50.259root 11241100x8000000000000000265865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16630ff37fa08c062023-02-08 09:43:50.259root 11241100x8000000000000000265864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635d328ca398bb682023-02-08 09:43:50.259root 11241100x8000000000000000265863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b1b8e4b4b34b002023-02-08 09:43:50.259root 11241100x8000000000000000265862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88284ab79ac7f4852023-02-08 09:43:50.259root 11241100x8000000000000000265861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750828486bd302722023-02-08 09:43:50.259root 11241100x8000000000000000265860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789e1e3bafa5150e2023-02-08 09:43:50.259root 11241100x8000000000000000265859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.259{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3786b9853ed22c4d2023-02-08 09:43:50.259root 11241100x8000000000000000265878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d84eb806c479b22023-02-08 09:43:50.260root 11241100x8000000000000000265877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd6eba4c5d8ab72023-02-08 09:43:50.260root 11241100x8000000000000000265876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a33ef8af04c6bda2023-02-08 09:43:50.260root 11241100x8000000000000000265875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882e040f6fc8574b2023-02-08 09:43:50.260root 11241100x8000000000000000265874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974687002949c40b2023-02-08 09:43:50.260root 11241100x8000000000000000265873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3251fc04c270f1832023-02-08 09:43:50.260root 11241100x8000000000000000265872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94647f336ab49dab2023-02-08 09:43:50.260root 11241100x8000000000000000265871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29c543bb55e40f22023-02-08 09:43:50.260root 11241100x8000000000000000265870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cd0238ecb942a32023-02-08 09:43:50.260root 11241100x8000000000000000265869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569ef55d76b3c042023-02-08 09:43:50.260root 11241100x8000000000000000265868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.260{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2239c5d3a833a2d12023-02-08 09:43:50.260root 11241100x8000000000000000265883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.261{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269d090d8e3741562023-02-08 09:43:50.261root 11241100x8000000000000000265882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.261{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30992d0b2bcf2de22023-02-08 09:43:50.261root 11241100x8000000000000000265881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.261{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0555aaa85cd07fe2023-02-08 09:43:50.261root 11241100x8000000000000000265880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.261{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6465bd402b62ceb52023-02-08 09:43:50.261root 11241100x8000000000000000265879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.261{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455815e5885db09d2023-02-08 09:43:50.261root 11241100x8000000000000000265884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.265{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5c0ec5860ec6372023-02-08 09:43:50.265root 11241100x8000000000000000265888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.266{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd8e827f8604b562023-02-08 09:43:50.266root 11241100x8000000000000000265887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.266{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b1c5a5e20b58352023-02-08 09:43:50.266root 11241100x8000000000000000265886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.266{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779d8ba3c6c6b8842023-02-08 09:43:50.266root 11241100x8000000000000000265885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.266{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64bf9ce0e8118db2023-02-08 09:43:50.266root 11241100x8000000000000000265893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.267{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f505db57d56a452023-02-08 09:43:50.267root 11241100x8000000000000000265892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.267{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059afeb182f5df0d2023-02-08 09:43:50.267root 11241100x8000000000000000265891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.267{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ac794ea9b981c2023-02-08 09:43:50.267root 11241100x8000000000000000265890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.267{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129525244af13d182023-02-08 09:43:50.267root 11241100x8000000000000000265889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.267{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d0d898ecc881232023-02-08 09:43:50.267root 11241100x8000000000000000265901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c2eedff3b390602023-02-08 09:43:50.734root 11241100x8000000000000000265900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef97662058f5f3fe2023-02-08 09:43:50.734root 11241100x8000000000000000265899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995d0ba55f08f98f2023-02-08 09:43:50.734root 11241100x8000000000000000265898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4f4a1ef6abb9302023-02-08 09:43:50.734root 11241100x8000000000000000265897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76859e9cc98150d12023-02-08 09:43:50.734root 11241100x8000000000000000265896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b076e5e34bd3f35e2023-02-08 09:43:50.734root 11241100x8000000000000000265895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edcaadf25644ad82023-02-08 09:43:50.734root 11241100x8000000000000000265894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bffb51c231505022023-02-08 09:43:50.734root 11241100x8000000000000000265906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f775147dee7d492023-02-08 09:43:50.735root 11241100x8000000000000000265905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b19a9e27733581d2023-02-08 09:43:50.735root 11241100x8000000000000000265904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8298691233223302023-02-08 09:43:50.735root 11241100x8000000000000000265903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38632a0de961562023-02-08 09:43:50.735root 11241100x8000000000000000265902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddff0e01c9a6ce302023-02-08 09:43:50.735root 11241100x8000000000000000265915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918c8b26f4b634ee2023-02-08 09:43:50.736root 11241100x8000000000000000265914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf53f15092b76b52023-02-08 09:43:50.736root 11241100x8000000000000000265913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb31da72783c66722023-02-08 09:43:50.736root 11241100x8000000000000000265912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5fa0bd3797af2f2023-02-08 09:43:50.736root 11241100x8000000000000000265911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53e0533f54c64b72023-02-08 09:43:50.736root 11241100x8000000000000000265910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08048812cbb32722023-02-08 09:43:50.736root 11241100x8000000000000000265909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30830e75a3aa7102023-02-08 09:43:50.736root 11241100x8000000000000000265908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7039c58274bf2dff2023-02-08 09:43:50.736root 11241100x8000000000000000265907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8aad97fdb676d42023-02-08 09:43:50.736root 11241100x8000000000000000265925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35bbe9e2d159a292023-02-08 09:43:50.737root 11241100x8000000000000000265924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770dc57d21b6fa782023-02-08 09:43:50.737root 11241100x8000000000000000265923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b732cf3caf2fb622023-02-08 09:43:50.737root 11241100x8000000000000000265922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1a64b114e87ea22023-02-08 09:43:50.737root 11241100x8000000000000000265921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e28e4389e9caf52023-02-08 09:43:50.737root 11241100x8000000000000000265920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfa0afa801ac2f92023-02-08 09:43:50.737root 11241100x8000000000000000265919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a365e9aa5fefb232023-02-08 09:43:50.737root 11241100x8000000000000000265918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c961153c788e1842023-02-08 09:43:50.737root 11241100x8000000000000000265917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddbd6689904a8bf2023-02-08 09:43:50.737root 11241100x8000000000000000265916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e224e75737d1b5d2023-02-08 09:43:50.737root 11241100x8000000000000000265930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aad39903f2d20262023-02-08 09:43:50.740root 11241100x8000000000000000265929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887bce9a474e4bb52023-02-08 09:43:50.740root 11241100x8000000000000000265928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e610b1ada4e7ed2023-02-08 09:43:50.740root 11241100x8000000000000000265927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da11236a197e060a2023-02-08 09:43:50.740root 11241100x8000000000000000265926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13daf570e9517e92023-02-08 09:43:50.740root 11241100x8000000000000000265936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdfc70533bc3b602023-02-08 09:43:50.741root 11241100x8000000000000000265935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84e1e6c937807ee2023-02-08 09:43:50.741root 11241100x8000000000000000265934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46da97bd7612f3d2023-02-08 09:43:50.741root 11241100x8000000000000000265933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb17cb2ed45743d2023-02-08 09:43:50.741root 11241100x8000000000000000265932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceac75e0dd772c192023-02-08 09:43:50.741root 11241100x8000000000000000265931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3f8c72fe03fde2023-02-08 09:43:50.741root 11241100x8000000000000000265939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6590f63a57b756692023-02-08 09:43:50.742root 11241100x8000000000000000265938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d45e7d62dfb8f62023-02-08 09:43:50.742root 11241100x8000000000000000265937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3922d5e22a07f2023-02-08 09:43:50.742root 11241100x8000000000000000265943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c734d68dd76a54d2023-02-08 09:43:50.743root 11241100x8000000000000000265942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861a64729b7d90152023-02-08 09:43:50.743root 11241100x8000000000000000265941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fb1afd87a8be602023-02-08 09:43:50.743root 11241100x8000000000000000265940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:50.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae905cf3913ad62023-02-08 09:43:50.743root 11241100x8000000000000000265944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152d5dde24a04dc72023-02-08 09:43:51.235root 11241100x8000000000000000265958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4857f3625d47c62023-02-08 09:43:51.236root 11241100x8000000000000000265957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18efbe0e24dd7d1d2023-02-08 09:43:51.236root 11241100x8000000000000000265956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28bfb96396b7b162023-02-08 09:43:51.236root 11241100x8000000000000000265955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa035126e8df70d2023-02-08 09:43:51.236root 11241100x8000000000000000265954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcfccec74c8ed142023-02-08 09:43:51.236root 11241100x8000000000000000265953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b5f0832fcd6152023-02-08 09:43:51.236root 11241100x8000000000000000265952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630cea8616e6904c2023-02-08 09:43:51.236root 11241100x8000000000000000265951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bae55ef4c71aba2023-02-08 09:43:51.236root 11241100x8000000000000000265950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d162a9ab0b94e22023-02-08 09:43:51.236root 11241100x8000000000000000265949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18834fe737b8459b2023-02-08 09:43:51.236root 11241100x8000000000000000265948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ea6d97421e880f2023-02-08 09:43:51.236root 11241100x8000000000000000265947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7156234b5a8aa882023-02-08 09:43:51.236root 11241100x8000000000000000265946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4f8e467721628d2023-02-08 09:43:51.236root 11241100x8000000000000000265945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39426574c5517f6f2023-02-08 09:43:51.236root 11241100x8000000000000000265970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0d00b7a8b0160e2023-02-08 09:43:51.237root 11241100x8000000000000000265969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229682d227025d7f2023-02-08 09:43:51.237root 11241100x8000000000000000265968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1868ccd9016d8ad2023-02-08 09:43:51.237root 11241100x8000000000000000265967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c90044731f4faa12023-02-08 09:43:51.237root 11241100x8000000000000000265966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4de4f89308bd962023-02-08 09:43:51.237root 11241100x8000000000000000265965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c8cdce869f48f2023-02-08 09:43:51.237root 11241100x8000000000000000265964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61421e447e994bae2023-02-08 09:43:51.237root 11241100x8000000000000000265963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af545a0dd615f2972023-02-08 09:43:51.237root 11241100x8000000000000000265962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b781263aacd31a52023-02-08 09:43:51.237root 11241100x8000000000000000265961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dae2c9265d38ce2023-02-08 09:43:51.237root 11241100x8000000000000000265960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9718a5258efeb712023-02-08 09:43:51.237root 11241100x8000000000000000265959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261036c990ab07ba2023-02-08 09:43:51.237root 11241100x8000000000000000265985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f82342638d4702023-02-08 09:43:51.238root 11241100x8000000000000000265984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c311b5ac3677343e2023-02-08 09:43:51.238root 11241100x8000000000000000265983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19707b003b40aed92023-02-08 09:43:51.238root 11241100x8000000000000000265982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdca584725ebcd462023-02-08 09:43:51.238root 11241100x8000000000000000265981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b35d7d026c5db82023-02-08 09:43:51.238root 11241100x8000000000000000265980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7f591254323cdb2023-02-08 09:43:51.238root 11241100x8000000000000000265979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53952ff822bdce602023-02-08 09:43:51.238root 11241100x8000000000000000265978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884fbe13ae7979cd2023-02-08 09:43:51.238root 11241100x8000000000000000265977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2368660fdbf7eeb02023-02-08 09:43:51.238root 11241100x8000000000000000265976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb934e262c6a08c42023-02-08 09:43:51.238root 11241100x8000000000000000265975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d564370e4fd1ac22023-02-08 09:43:51.238root 11241100x8000000000000000265974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9674f8f8f62d780b2023-02-08 09:43:51.238root 11241100x8000000000000000265973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4bc9ed92cdd3ef2023-02-08 09:43:51.238root 11241100x8000000000000000265972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8854bc3ae27b62062023-02-08 09:43:51.238root 11241100x8000000000000000265971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd9ac8191e0c1952023-02-08 09:43:51.238root 11241100x8000000000000000266000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70cc84913340aa12023-02-08 09:43:51.239root 11241100x8000000000000000265999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696d04e4345c2d3a2023-02-08 09:43:51.239root 11241100x8000000000000000265998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9849007cd2db39e2023-02-08 09:43:51.239root 11241100x8000000000000000265997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab1c3a81341faea2023-02-08 09:43:51.239root 11241100x8000000000000000265996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989da1a29ba1d3532023-02-08 09:43:51.239root 11241100x8000000000000000265995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30975f36d69b6cac2023-02-08 09:43:51.239root 11241100x8000000000000000265994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649f7174f89567992023-02-08 09:43:51.239root 11241100x8000000000000000265993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8392d33f9226f752023-02-08 09:43:51.239root 11241100x8000000000000000265992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c938af1c209139f02023-02-08 09:43:51.239root 11241100x8000000000000000265991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9526a61cb1bbfbb42023-02-08 09:43:51.239root 11241100x8000000000000000265990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b078aaf9446672023-02-08 09:43:51.239root 11241100x8000000000000000265989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971a65de6d0116d22023-02-08 09:43:51.239root 11241100x8000000000000000265988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2782de32cb5c127c2023-02-08 09:43:51.239root 11241100x8000000000000000265987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a1e3c36263f57f2023-02-08 09:43:51.239root 11241100x8000000000000000265986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf81e4a1e12df202023-02-08 09:43:51.239root 11241100x8000000000000000266012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761b1834c908ab562023-02-08 09:43:51.240root 11241100x8000000000000000266011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36416e54e9201872023-02-08 09:43:51.240root 11241100x8000000000000000266010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f883c2bdd70ad97e2023-02-08 09:43:51.240root 11241100x8000000000000000266009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07adfbf05da82442023-02-08 09:43:51.240root 11241100x8000000000000000266008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854ad106af9c2d8a2023-02-08 09:43:51.240root 11241100x8000000000000000266007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1e4e6218e7af8b2023-02-08 09:43:51.240root 11241100x8000000000000000266006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be38ba8d98014362023-02-08 09:43:51.240root 11241100x8000000000000000266005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e93b073b665d8a2023-02-08 09:43:51.240root 11241100x8000000000000000266004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab8fe00bee1d642023-02-08 09:43:51.240root 11241100x8000000000000000266003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30acd637309ed4db2023-02-08 09:43:51.240root 11241100x8000000000000000266002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6650a92b6cc204de2023-02-08 09:43:51.240root 11241100x8000000000000000266001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3112b9cdd2641b382023-02-08 09:43:51.240root 11241100x8000000000000000266013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880f1d4e56c62a92023-02-08 09:43:51.241root 11241100x8000000000000000266014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8543ffb425496ec32023-02-08 09:43:51.735root 11241100x8000000000000000266020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef20f8c70eef9e72023-02-08 09:43:51.736root 11241100x8000000000000000266019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c5e33388bf6bb12023-02-08 09:43:51.736root 11241100x8000000000000000266018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10562962e89201972023-02-08 09:43:51.736root 11241100x8000000000000000266017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36488975fd8f72292023-02-08 09:43:51.736root 11241100x8000000000000000266016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba329c04d8b19f582023-02-08 09:43:51.736root 11241100x8000000000000000266015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b8aa5bfad2dd0a2023-02-08 09:43:51.736root 11241100x8000000000000000266029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdbaf7ef64212e62023-02-08 09:43:51.737root 11241100x8000000000000000266028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d89c892ada72272023-02-08 09:43:51.737root 11241100x8000000000000000266027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0e6f6e7b42d2112023-02-08 09:43:51.737root 11241100x8000000000000000266026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a7e458e2488682023-02-08 09:43:51.737root 11241100x8000000000000000266025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b801e6d9628f6ae2023-02-08 09:43:51.737root 11241100x8000000000000000266024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb42b99973971282023-02-08 09:43:51.737root 11241100x8000000000000000266023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3ef87c310513842023-02-08 09:43:51.737root 11241100x8000000000000000266022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22646e745f48c1542023-02-08 09:43:51.737root 11241100x8000000000000000266021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd05e78616e7a6792023-02-08 09:43:51.737root 11241100x8000000000000000266041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cceec9181bbf9f2023-02-08 09:43:51.738root 11241100x8000000000000000266040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aad7273f1f203e2023-02-08 09:43:51.738root 11241100x8000000000000000266039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943af1a697590a72023-02-08 09:43:51.738root 11241100x8000000000000000266038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a81d263543d372023-02-08 09:43:51.738root 11241100x8000000000000000266037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e7f480dcbc6d962023-02-08 09:43:51.738root 11241100x8000000000000000266036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea00aff125803402023-02-08 09:43:51.738root 11241100x8000000000000000266035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039cb9ff5f9ea4332023-02-08 09:43:51.738root 11241100x8000000000000000266034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1935b5c462533d2023-02-08 09:43:51.738root 11241100x8000000000000000266033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c314a073a5f762023-02-08 09:43:51.738root 11241100x8000000000000000266032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a92a9c76ed88cd02023-02-08 09:43:51.738root 11241100x8000000000000000266031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c786609bfc70bf72023-02-08 09:43:51.738root 11241100x8000000000000000266030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dde9146072e8cf2023-02-08 09:43:51.738root 11241100x8000000000000000266054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee103f300ccd7e62023-02-08 09:43:51.739root 11241100x8000000000000000266053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f68be34daa43922023-02-08 09:43:51.739root 11241100x8000000000000000266052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bc0685212a5c5e2023-02-08 09:43:51.739root 11241100x8000000000000000266051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5011c03f9138cc2023-02-08 09:43:51.739root 11241100x8000000000000000266050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca75473b72a20d2023-02-08 09:43:51.739root 11241100x8000000000000000266049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cee393cc53b7cf22023-02-08 09:43:51.739root 11241100x8000000000000000266048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b16dabd9b47899a2023-02-08 09:43:51.739root 11241100x8000000000000000266047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2970dbe175ad79762023-02-08 09:43:51.739root 11241100x8000000000000000266046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2730fa1826515e2023-02-08 09:43:51.739root 11241100x8000000000000000266045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d347748cab2f3f242023-02-08 09:43:51.739root 11241100x8000000000000000266044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d28c1260b9b620d2023-02-08 09:43:51.739root 11241100x8000000000000000266043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0a134241b3ff092023-02-08 09:43:51.739root 11241100x8000000000000000266042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102bbef74f91334c2023-02-08 09:43:51.739root 11241100x8000000000000000266060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a2a10efdccfa02023-02-08 09:43:51.740root 11241100x8000000000000000266059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffdc6f13337e0eb2023-02-08 09:43:51.740root 11241100x8000000000000000266058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38aea2e0984cef2023-02-08 09:43:51.740root 11241100x8000000000000000266057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff63ab79e9f1f78c2023-02-08 09:43:51.740root 11241100x8000000000000000266056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b99972c46aeb6482023-02-08 09:43:51.740root 11241100x8000000000000000266055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:51.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7411a3669efcffb22023-02-08 09:43:51.740root 11241100x8000000000000000266062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f219a7cce4b3fee2023-02-08 09:43:52.235root 11241100x8000000000000000266061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba94a8a332329f2023-02-08 09:43:52.235root 11241100x8000000000000000266068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1e99f50374bc22023-02-08 09:43:52.236root 11241100x8000000000000000266067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9fa37b0cc670a62023-02-08 09:43:52.236root 11241100x8000000000000000266066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f819e1e4df6c9e72023-02-08 09:43:52.236root 11241100x8000000000000000266065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db27b595250d5242023-02-08 09:43:52.236root 11241100x8000000000000000266064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e73a88c22231e52023-02-08 09:43:52.236root 11241100x8000000000000000266063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80db615eb25528372023-02-08 09:43:52.236root 11241100x8000000000000000266072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbd8e8d289c0a692023-02-08 09:43:52.237root 11241100x8000000000000000266071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01e5b71344ce8242023-02-08 09:43:52.237root 11241100x8000000000000000266070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd99ce50425ce4a2023-02-08 09:43:52.237root 11241100x8000000000000000266069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422c1cc0277b3ac22023-02-08 09:43:52.237root 11241100x8000000000000000266085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3e3d78b5047f1c2023-02-08 09:43:52.238root 11241100x8000000000000000266084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889d064800a875e42023-02-08 09:43:52.238root 11241100x8000000000000000266083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce69d9b596044aa12023-02-08 09:43:52.238root 11241100x8000000000000000266082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e721630ffdf8f2023-02-08 09:43:52.238root 11241100x8000000000000000266081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11743ea0a6ab987f2023-02-08 09:43:52.238root 11241100x8000000000000000266080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ead0b3e4b9029e2023-02-08 09:43:52.238root 11241100x8000000000000000266079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1677da56599c7b672023-02-08 09:43:52.238root 11241100x8000000000000000266078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d00ad97cb10c772023-02-08 09:43:52.238root 11241100x8000000000000000266077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcac9c10146ed242023-02-08 09:43:52.238root 11241100x8000000000000000266076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1467bb09e66180ce2023-02-08 09:43:52.238root 11241100x8000000000000000266075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4a419292e782ab2023-02-08 09:43:52.238root 11241100x8000000000000000266074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ec7e478135a9572023-02-08 09:43:52.238root 11241100x8000000000000000266073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea009908c4881ae02023-02-08 09:43:52.238root 11241100x8000000000000000266096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61186074a48ae83e2023-02-08 09:43:52.239root 11241100x8000000000000000266095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a8426a771f4e22023-02-08 09:43:52.239root 11241100x8000000000000000266094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b92922853ea2752023-02-08 09:43:52.239root 11241100x8000000000000000266093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a0fb71713e808c2023-02-08 09:43:52.239root 11241100x8000000000000000266092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0033af17fbe61c22023-02-08 09:43:52.239root 11241100x8000000000000000266091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6100323c3e001c2023-02-08 09:43:52.239root 11241100x8000000000000000266090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70768cdfa345db42023-02-08 09:43:52.239root 11241100x8000000000000000266089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5597a09db1ad912023-02-08 09:43:52.239root 11241100x8000000000000000266088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf388d385e4d4122023-02-08 09:43:52.239root 11241100x8000000000000000266087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f748c60c7a73f8dc2023-02-08 09:43:52.239root 11241100x8000000000000000266086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf32d9d392d77bce2023-02-08 09:43:52.239root 11241100x8000000000000000266104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd2185015a94bc82023-02-08 09:43:52.240root 11241100x8000000000000000266103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20c220a941afefd2023-02-08 09:43:52.240root 11241100x8000000000000000266102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e20a05230c87cdf2023-02-08 09:43:52.240root 11241100x8000000000000000266101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d85db1a8ec7f7aa2023-02-08 09:43:52.240root 11241100x8000000000000000266100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb3e7153ccb5c702023-02-08 09:43:52.240root 11241100x8000000000000000266099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d1c71895c06d3f2023-02-08 09:43:52.240root 11241100x8000000000000000266098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdce22d0c60172752023-02-08 09:43:52.240root 11241100x8000000000000000266097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b08432342b150812023-02-08 09:43:52.240root 11241100x8000000000000000266109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a405620fa62076562023-02-08 09:43:52.241root 11241100x8000000000000000266108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099af59d6908e0382023-02-08 09:43:52.241root 11241100x8000000000000000266107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f912c3817db1242023-02-08 09:43:52.241root 11241100x8000000000000000266106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7df1efa89b64ac2023-02-08 09:43:52.241root 11241100x8000000000000000266105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dff63535af172d2023-02-08 09:43:52.241root 11241100x8000000000000000266113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf59fb460a107f422023-02-08 09:43:52.242root 11241100x8000000000000000266112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f3972f761581e22023-02-08 09:43:52.242root 11241100x8000000000000000266111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f39ca984ff7a02023-02-08 09:43:52.242root 11241100x8000000000000000266110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304213824ff44c0f2023-02-08 09:43:52.242root 11241100x8000000000000000266114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c3e3a923922662023-02-08 09:43:52.734root 11241100x8000000000000000266121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bff46a6888628e2023-02-08 09:43:52.735root 11241100x8000000000000000266120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a4fd4669b4cec2023-02-08 09:43:52.735root 11241100x8000000000000000266119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f4749232697e472023-02-08 09:43:52.735root 11241100x8000000000000000266118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd016a9a039d03ea2023-02-08 09:43:52.735root 11241100x8000000000000000266117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a6bc6712addfe2023-02-08 09:43:52.735root 11241100x8000000000000000266116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3fd8ab20c9bb082023-02-08 09:43:52.735root 11241100x8000000000000000266115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba9e41b710795d12023-02-08 09:43:52.735root 11241100x8000000000000000266130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d421873f1445c07b2023-02-08 09:43:52.736root 11241100x8000000000000000266129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba20508898577fc2023-02-08 09:43:52.736root 11241100x8000000000000000266128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad29937e213a7592023-02-08 09:43:52.736root 11241100x8000000000000000266127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163de5a7e6a722ab2023-02-08 09:43:52.736root 11241100x8000000000000000266126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fd93e7d736b1522023-02-08 09:43:52.736root 11241100x8000000000000000266125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e60e4c4e47a0d32023-02-08 09:43:52.736root 11241100x8000000000000000266124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cf6fa654fd72d72023-02-08 09:43:52.736root 11241100x8000000000000000266123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c70e201b90465c2023-02-08 09:43:52.736root 11241100x8000000000000000266122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70f13977c5202482023-02-08 09:43:52.736root 11241100x8000000000000000266134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbd99016cb767e22023-02-08 09:43:52.737root 11241100x8000000000000000266133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e7f66b369a68cb2023-02-08 09:43:52.737root 11241100x8000000000000000266132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98c33196034895d2023-02-08 09:43:52.737root 11241100x8000000000000000266131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730b1a3930ac28b22023-02-08 09:43:52.737root 11241100x8000000000000000266138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1288625caca3b2023-02-08 09:43:52.738root 11241100x8000000000000000266137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fa4f5838eee1f82023-02-08 09:43:52.738root 11241100x8000000000000000266136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231d4d8df5874f272023-02-08 09:43:52.738root 11241100x8000000000000000266135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9d3c1b6eaebbba2023-02-08 09:43:52.738root 11241100x8000000000000000266146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9502f71af02727912023-02-08 09:43:52.739root 11241100x8000000000000000266145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9b370272b672e2023-02-08 09:43:52.739root 11241100x8000000000000000266144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4643bfb128785a3b2023-02-08 09:43:52.739root 11241100x8000000000000000266143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdd49878aa236bc2023-02-08 09:43:52.739root 11241100x8000000000000000266142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8aefe777f4a26d2023-02-08 09:43:52.739root 11241100x8000000000000000266141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e20b546121077e72023-02-08 09:43:52.739root 11241100x8000000000000000266140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f1065a48099bf32023-02-08 09:43:52.739root 11241100x8000000000000000266139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e7693e56af13d62023-02-08 09:43:52.739root 11241100x8000000000000000266150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a2ca4027c856e72023-02-08 09:43:52.740root 11241100x8000000000000000266149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d4eba3c7cd9b72023-02-08 09:43:52.740root 11241100x8000000000000000266148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4210600e335dfb72023-02-08 09:43:52.740root 11241100x8000000000000000266147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973636306813cf9f2023-02-08 09:43:52.740root 11241100x8000000000000000266157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e2232deef495dc2023-02-08 09:43:52.741root 11241100x8000000000000000266156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074b2dc2ea90910c2023-02-08 09:43:52.741root 11241100x8000000000000000266155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96425d08f6321e962023-02-08 09:43:52.741root 11241100x8000000000000000266154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b53bf774a3de28e2023-02-08 09:43:52.741root 11241100x8000000000000000266153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739a95201f3c2292023-02-08 09:43:52.741root 11241100x8000000000000000266152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cef1fd3a224809e2023-02-08 09:43:52.741root 11241100x8000000000000000266151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb6de7fc6c3cd942023-02-08 09:43:52.741root 11241100x8000000000000000266161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc27ea9cba19ca292023-02-08 09:43:52.742root 11241100x8000000000000000266160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c0d6d0e57a33912023-02-08 09:43:52.742root 11241100x8000000000000000266159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5346d94154d9bd7f2023-02-08 09:43:52.742root 11241100x8000000000000000266158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508016352f13cb962023-02-08 09:43:52.742root 11241100x8000000000000000266166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947f51ff804f60832023-02-08 09:43:52.743root 11241100x8000000000000000266165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee07796ad01dc7ce2023-02-08 09:43:52.743root 11241100x8000000000000000266164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bfaad7b12f57f62023-02-08 09:43:52.743root 11241100x8000000000000000266163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ed4963d584b0102023-02-08 09:43:52.743root 11241100x8000000000000000266162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33228356e23d10d2023-02-08 09:43:52.743root 11241100x8000000000000000266169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ece11400f7f222023-02-08 09:43:52.744root 11241100x8000000000000000266168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfc46a14981383d2023-02-08 09:43:52.744root 11241100x8000000000000000266167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4b1ac1a32d33e32023-02-08 09:43:52.744root 11241100x8000000000000000266178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862aa04e64e065312023-02-08 09:43:52.746root 11241100x8000000000000000266177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68098d8433b7de282023-02-08 09:43:52.746root 11241100x8000000000000000266176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe955ef346efbab2023-02-08 09:43:52.746root 11241100x8000000000000000266175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac39546bfd408ee2023-02-08 09:43:52.746root 11241100x8000000000000000266174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a04b4d003bdd132023-02-08 09:43:52.746root 11241100x8000000000000000266173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06623e834d5c65572023-02-08 09:43:52.746root 11241100x8000000000000000266172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4e0fbe93114f8d2023-02-08 09:43:52.746root 11241100x8000000000000000266171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03533ec3d7f7de872023-02-08 09:43:52.746root 11241100x8000000000000000266170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557c41a479ddd0952023-02-08 09:43:52.746root 11241100x8000000000000000266184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70334327940efdb22023-02-08 09:43:52.747root 11241100x8000000000000000266183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88048c8d9ee5937a2023-02-08 09:43:52.747root 11241100x8000000000000000266182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e28c24398848272023-02-08 09:43:52.747root 11241100x8000000000000000266181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d04999f5681fac2023-02-08 09:43:52.747root 11241100x8000000000000000266180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd283c21a0221242023-02-08 09:43:52.747root 11241100x8000000000000000266179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3fc9701a205ce02023-02-08 09:43:52.747root 11241100x8000000000000000266187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52479793956cee02023-02-08 09:43:52.748root 11241100x8000000000000000266186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f07a3b91c4683f2023-02-08 09:43:52.748root 11241100x8000000000000000266185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:52.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fbb1f6c4a7fe882023-02-08 09:43:52.748root 11241100x8000000000000000266195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95db60f5bc7714e22023-02-08 09:43:53.235root 11241100x8000000000000000266194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1906b3f4c7f778212023-02-08 09:43:53.235root 11241100x8000000000000000266193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ddd1447de63ae82023-02-08 09:43:53.235root 11241100x8000000000000000266192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8d95cc3994b4972023-02-08 09:43:53.235root 11241100x8000000000000000266191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce23d01e6e4b2a0b2023-02-08 09:43:53.235root 11241100x8000000000000000266190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbc3279bd4353d22023-02-08 09:43:53.235root 11241100x8000000000000000266189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e2bf5318549b0a2023-02-08 09:43:53.235root 11241100x8000000000000000266188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab25c138ea8326542023-02-08 09:43:53.235root 11241100x8000000000000000266203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53890f88934d40602023-02-08 09:43:53.236root 11241100x8000000000000000266202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1da84939c7c1612023-02-08 09:43:53.236root 11241100x8000000000000000266201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801344566a6ea6102023-02-08 09:43:53.236root 11241100x8000000000000000266200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102841ce30d773ab2023-02-08 09:43:53.236root 11241100x8000000000000000266199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc01181620345352023-02-08 09:43:53.236root 11241100x8000000000000000266198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb414ae3b1d5f8f22023-02-08 09:43:53.236root 11241100x8000000000000000266197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c65fb1253dc39a2023-02-08 09:43:53.236root 11241100x8000000000000000266196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6578c5630eb943bd2023-02-08 09:43:53.236root 11241100x8000000000000000266206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62139ae9521522562023-02-08 09:43:53.237root 11241100x8000000000000000266205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8cf7988b2512fc2023-02-08 09:43:53.237root 11241100x8000000000000000266204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9734b5270959c8102023-02-08 09:43:53.237root 11241100x8000000000000000266215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a484d106eed9842023-02-08 09:43:53.238root 11241100x8000000000000000266214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06c7dfe47f71c452023-02-08 09:43:53.238root 11241100x8000000000000000266213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9721d59b78acb362023-02-08 09:43:53.238root 11241100x8000000000000000266212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc032f4ff1357092023-02-08 09:43:53.238root 11241100x8000000000000000266211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e1643221c535bc2023-02-08 09:43:53.238root 11241100x8000000000000000266210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bacdcbe6c042baf2023-02-08 09:43:53.238root 11241100x8000000000000000266209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b71775d3d323f52023-02-08 09:43:53.238root 11241100x8000000000000000266208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79361ac687215d722023-02-08 09:43:53.238root 11241100x8000000000000000266207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0773dcdaef83fc412023-02-08 09:43:53.238root 11241100x8000000000000000266229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a205497b0a20522023-02-08 09:43:53.239root 11241100x8000000000000000266228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f83fc8934da4242023-02-08 09:43:53.239root 11241100x8000000000000000266227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78288a6f45847ccd2023-02-08 09:43:53.239root 11241100x8000000000000000266226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5068d0682c0c6d2023-02-08 09:43:53.239root 11241100x8000000000000000266225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f51dde2bb9bedf2023-02-08 09:43:53.239root 11241100x8000000000000000266224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f41c6cb62563a22023-02-08 09:43:53.239root 11241100x8000000000000000266223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaf8058491dcf902023-02-08 09:43:53.239root 11241100x8000000000000000266222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc06b8a9851f46e2023-02-08 09:43:53.239root 11241100x8000000000000000266221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0675950fdea57a2023-02-08 09:43:53.239root 11241100x8000000000000000266220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6d7f77ab3fa4c32023-02-08 09:43:53.239root 11241100x8000000000000000266219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f9b9822c255fe42023-02-08 09:43:53.239root 11241100x8000000000000000266218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263db3cac7d9a3172023-02-08 09:43:53.239root 11241100x8000000000000000266217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78394fdadac130fa2023-02-08 09:43:53.239root 11241100x8000000000000000266216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4b22b1ff155ae12023-02-08 09:43:53.239root 11241100x8000000000000000266241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bec684dccc953ae2023-02-08 09:43:53.240root 11241100x8000000000000000266240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99326243bac6bd3b2023-02-08 09:43:53.240root 11241100x8000000000000000266239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73eeff25774e09962023-02-08 09:43:53.240root 11241100x8000000000000000266238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b02f3b67bc359762023-02-08 09:43:53.240root 11241100x8000000000000000266237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338868ced06b82b62023-02-08 09:43:53.240root 11241100x8000000000000000266236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914872207297beb52023-02-08 09:43:53.240root 11241100x8000000000000000266235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2d7e23b8f5397a2023-02-08 09:43:53.240root 11241100x8000000000000000266234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce62641fe8739b1d2023-02-08 09:43:53.240root 11241100x8000000000000000266233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefeee1d93ce92902023-02-08 09:43:53.240root 11241100x8000000000000000266232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6ae8f4a9e4f2312023-02-08 09:43:53.240root 11241100x8000000000000000266231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7fc5f72c4907692023-02-08 09:43:53.240root 11241100x8000000000000000266230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92a17ed1a2726cb2023-02-08 09:43:53.240root 11241100x8000000000000000266255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156a489233bc2c012023-02-08 09:43:53.241root 11241100x8000000000000000266254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83419147f1a35542023-02-08 09:43:53.241root 11241100x8000000000000000266253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f642c65a8a550602023-02-08 09:43:53.241root 11241100x8000000000000000266252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49afdee3d9a57c82023-02-08 09:43:53.241root 11241100x8000000000000000266251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64105147a49231462023-02-08 09:43:53.241root 11241100x8000000000000000266250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fb2751d9a25ebc2023-02-08 09:43:53.241root 11241100x8000000000000000266249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c96636b4727b6f2023-02-08 09:43:53.241root 11241100x8000000000000000266248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5d19f5c50075f2023-02-08 09:43:53.241root 11241100x8000000000000000266247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fcc733361db8c92023-02-08 09:43:53.241root 11241100x8000000000000000266246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17872e4c470802e2023-02-08 09:43:53.241root 11241100x8000000000000000266245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d14e30912022ef22023-02-08 09:43:53.241root 11241100x8000000000000000266244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c09877ef6a09c812023-02-08 09:43:53.241root 11241100x8000000000000000266243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8183a3dc49db2d522023-02-08 09:43:53.241root 11241100x8000000000000000266242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d26d1623f8e0d12023-02-08 09:43:53.241root 11241100x8000000000000000266258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2942cfe2f48f27202023-02-08 09:43:53.242root 11241100x8000000000000000266257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424e5c795a3198b02023-02-08 09:43:53.242root 11241100x8000000000000000266256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca39b655f0972dd52023-02-08 09:43:53.242root 11241100x8000000000000000266267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da4d108ed3445f2023-02-08 09:43:53.735root 11241100x8000000000000000266266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cc1aeefba5ad2a2023-02-08 09:43:53.735root 11241100x8000000000000000266265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b833bad3f646962023-02-08 09:43:53.735root 11241100x8000000000000000266264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22de3eae2df8082023-02-08 09:43:53.735root 11241100x8000000000000000266263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb124c960c48bbc2023-02-08 09:43:53.735root 11241100x8000000000000000266262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c96e9c76a75b92023-02-08 09:43:53.735root 11241100x8000000000000000266261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f52206c74d28a992023-02-08 09:43:53.735root 11241100x8000000000000000266260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf2e81a03403072023-02-08 09:43:53.735root 11241100x8000000000000000266259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6144cd576d90172023-02-08 09:43:53.735root 11241100x8000000000000000266272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c9932ac5b669b62023-02-08 09:43:53.736root 11241100x8000000000000000266271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3d4ce7ada2cacc2023-02-08 09:43:53.736root 11241100x8000000000000000266270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7863ed6509d5eae42023-02-08 09:43:53.736root 11241100x8000000000000000266269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6def1a520ab9e6562023-02-08 09:43:53.736root 11241100x8000000000000000266268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d350db8dc412ca2023-02-08 09:43:53.736root 11241100x8000000000000000266276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e40e98f1145dcf2023-02-08 09:43:53.737root 11241100x8000000000000000266275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e0a518097cb7852023-02-08 09:43:53.737root 11241100x8000000000000000266274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b42be484a2914e62023-02-08 09:43:53.737root 11241100x8000000000000000266273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3886cf62546032023-02-08 09:43:53.737root 11241100x8000000000000000266283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40910d978783edfb2023-02-08 09:43:53.738root 11241100x8000000000000000266282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a9e014127069392023-02-08 09:43:53.738root 11241100x8000000000000000266281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b9a38060ba6c552023-02-08 09:43:53.738root 11241100x8000000000000000266280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd714bf1a83d2612023-02-08 09:43:53.738root 11241100x8000000000000000266279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a171fd397173a22d2023-02-08 09:43:53.738root 11241100x8000000000000000266278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503834a6ed3152f2023-02-08 09:43:53.738root 11241100x8000000000000000266277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e565996892dbfa2023-02-08 09:43:53.738root 11241100x8000000000000000266293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7fddf44c3877e72023-02-08 09:43:53.739root 11241100x8000000000000000266292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c57f7e0213ec6c2023-02-08 09:43:53.739root 11241100x8000000000000000266291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c8118563c9f5762023-02-08 09:43:53.739root 11241100x8000000000000000266290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd92ae1c6c7b0f92023-02-08 09:43:53.739root 11241100x8000000000000000266289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2fbd9c67371df02023-02-08 09:43:53.739root 11241100x8000000000000000266288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3907639476187bbd2023-02-08 09:43:53.739root 11241100x8000000000000000266287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86b83633d7c2c52023-02-08 09:43:53.739root 11241100x8000000000000000266286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56a32e050c6c7a62023-02-08 09:43:53.739root 11241100x8000000000000000266285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04410f8c2c8badd92023-02-08 09:43:53.739root 11241100x8000000000000000266284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c57ba710c95fe62023-02-08 09:43:53.739root 11241100x8000000000000000266307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a0872bb020a4ef2023-02-08 09:43:53.740root 11241100x8000000000000000266306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab519f7a478190ea2023-02-08 09:43:53.740root 11241100x8000000000000000266305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b663c6d32b59c6b72023-02-08 09:43:53.740root 11241100x8000000000000000266304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8620904ba757e3e62023-02-08 09:43:53.740root 11241100x8000000000000000266303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372caf63f421bd9f2023-02-08 09:43:53.740root 11241100x8000000000000000266302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e36b79609eaf39f2023-02-08 09:43:53.740root 11241100x8000000000000000266301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c92e5dd533d7d652023-02-08 09:43:53.740root 11241100x8000000000000000266300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2498a3ddf32051de2023-02-08 09:43:53.740root 11241100x8000000000000000266299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1becd47eead0772023-02-08 09:43:53.740root 11241100x8000000000000000266298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f6925e1162043a2023-02-08 09:43:53.740root 11241100x8000000000000000266297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014b8a0c78b6f8c62023-02-08 09:43:53.740root 11241100x8000000000000000266296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed94d089877f5d72023-02-08 09:43:53.740root 11241100x8000000000000000266295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8301f5ff78e690f52023-02-08 09:43:53.740root 11241100x8000000000000000266294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce896157081e6a712023-02-08 09:43:53.740root 11241100x8000000000000000266318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eade14a374320ac2023-02-08 09:43:53.741root 11241100x8000000000000000266317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c809bd9d5d91cb1d2023-02-08 09:43:53.741root 11241100x8000000000000000266316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255d28dee85e9e72023-02-08 09:43:53.741root 11241100x8000000000000000266315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc5cf46aacff7422023-02-08 09:43:53.741root 11241100x8000000000000000266314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d87055e7d894242023-02-08 09:43:53.741root 11241100x8000000000000000266313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1898bedd072f1842023-02-08 09:43:53.741root 11241100x8000000000000000266312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f44172752f6232023-02-08 09:43:53.741root 11241100x8000000000000000266311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68d6404fcc7802c2023-02-08 09:43:53.741root 11241100x8000000000000000266310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ab37ad89e653732023-02-08 09:43:53.741root 11241100x8000000000000000266309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2ccb82a70b7e312023-02-08 09:43:53.741root 11241100x8000000000000000266308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66221833872ec9532023-02-08 09:43:53.741root 11241100x8000000000000000266321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3e081c6ad391372023-02-08 09:43:53.742root 11241100x8000000000000000266320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cecd9432ae9fda2023-02-08 09:43:53.742root 11241100x8000000000000000266319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfab98fbd37f88c2023-02-08 09:43:53.742root 11241100x8000000000000000266330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea682717a27e3e562023-02-08 09:43:53.743root 11241100x8000000000000000266329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e706afad08f5392023-02-08 09:43:53.743root 11241100x8000000000000000266328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d547c254abed8c2023-02-08 09:43:53.743root 11241100x8000000000000000266327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b0d563f596bf292023-02-08 09:43:53.743root 11241100x8000000000000000266326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71f7bda7d05becc2023-02-08 09:43:53.743root 11241100x8000000000000000266325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66472add3015ed402023-02-08 09:43:53.743root 11241100x8000000000000000266324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f41f3d5a9a0602023-02-08 09:43:53.743root 11241100x8000000000000000266323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae73d37a4d318c22023-02-08 09:43:53.743root 11241100x8000000000000000266322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6080001fad188ba2023-02-08 09:43:53.743root 11241100x8000000000000000266331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:53.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cf52c57ee960a92023-02-08 09:43:53.744root 11241100x8000000000000000266343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97460c72e29634982023-02-08 09:43:54.236root 11241100x8000000000000000266342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7acc6302e38ab42023-02-08 09:43:54.236root 11241100x8000000000000000266341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849c3468efd75402023-02-08 09:43:54.236root 11241100x8000000000000000266340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec49d37f7bdfaf9e2023-02-08 09:43:54.236root 11241100x8000000000000000266339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0b71846aac61092023-02-08 09:43:54.236root 11241100x8000000000000000266338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94edfd855050120f2023-02-08 09:43:54.236root 11241100x8000000000000000266337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a70415af03cd652023-02-08 09:43:54.236root 11241100x8000000000000000266336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f276a850b86d2432023-02-08 09:43:54.236root 11241100x8000000000000000266335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37771187a34af02023-02-08 09:43:54.236root 11241100x8000000000000000266334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bbb8a8011964042023-02-08 09:43:54.236root 11241100x8000000000000000266333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc9197fc5744fdb2023-02-08 09:43:54.236root 11241100x8000000000000000266332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746e018b4e8381612023-02-08 09:43:54.236root 11241100x8000000000000000266346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392e2995c8225f3b2023-02-08 09:43:54.237root 11241100x8000000000000000266345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b6c2a49cb179a2023-02-08 09:43:54.237root 11241100x8000000000000000266344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e30185a1b3ea6b2023-02-08 09:43:54.237root 11241100x8000000000000000266358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b063cdff86eae87a2023-02-08 09:43:54.238root 11241100x8000000000000000266357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a6f9b560544482023-02-08 09:43:54.238root 11241100x8000000000000000266356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008d90dd30d8202c2023-02-08 09:43:54.238root 11241100x8000000000000000266355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ee5d232716d192023-02-08 09:43:54.238root 11241100x8000000000000000266354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1270f8fe20e8b3052023-02-08 09:43:54.238root 11241100x8000000000000000266353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba23187b69f93142023-02-08 09:43:54.238root 11241100x8000000000000000266352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec57d5f7c8f0310b2023-02-08 09:43:54.238root 11241100x8000000000000000266351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9743a0683918662023-02-08 09:43:54.238root 11241100x8000000000000000266350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ff9737c52db2a72023-02-08 09:43:54.238root 11241100x8000000000000000266349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cc02506b9a93eb2023-02-08 09:43:54.238root 11241100x8000000000000000266348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd62249067a5262023-02-08 09:43:54.238root 11241100x8000000000000000266347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1d7baee8519d2f2023-02-08 09:43:54.238root 11241100x8000000000000000266374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5c0e4e548bc4222023-02-08 09:43:54.239root 11241100x8000000000000000266373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa61827eba2e2cd2023-02-08 09:43:54.239root 11241100x8000000000000000266372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375d2114c6f842eb2023-02-08 09:43:54.239root 11241100x8000000000000000266371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98942f0b3ec95f02023-02-08 09:43:54.239root 11241100x8000000000000000266370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b836887bd30a202023-02-08 09:43:54.239root 11241100x8000000000000000266369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e74e10a04753732023-02-08 09:43:54.239root 11241100x8000000000000000266368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b283e52b678b353b2023-02-08 09:43:54.239root 11241100x8000000000000000266367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b83fa25067ba90c2023-02-08 09:43:54.239root 11241100x8000000000000000266366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6339810362017c1b2023-02-08 09:43:54.239root 11241100x8000000000000000266365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d6bc3933baec72023-02-08 09:43:54.239root 11241100x8000000000000000266364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1579b4c7de14edf12023-02-08 09:43:54.239root 11241100x8000000000000000266363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8021a5dd0e563b2023-02-08 09:43:54.239root 11241100x8000000000000000266362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27f5b66755ac8922023-02-08 09:43:54.239root 11241100x8000000000000000266361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6efb72f22d365c2023-02-08 09:43:54.239root 11241100x8000000000000000266360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48df6948369e7a02023-02-08 09:43:54.239root 11241100x8000000000000000266359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c888170dfb9d9fc82023-02-08 09:43:54.239root 11241100x8000000000000000266384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdd5ca7e9ab41172023-02-08 09:43:54.240root 11241100x8000000000000000266383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab82da17f4a1c3e62023-02-08 09:43:54.240root 11241100x8000000000000000266382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9657669c92f93d2023-02-08 09:43:54.240root 11241100x8000000000000000266381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5756e69359bc0d12023-02-08 09:43:54.240root 11241100x8000000000000000266380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8262dee3ea2c9e002023-02-08 09:43:54.240root 11241100x8000000000000000266379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b537fb6e579fa22023-02-08 09:43:54.240root 11241100x8000000000000000266378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed5a5c3046cca2a2023-02-08 09:43:54.240root 11241100x8000000000000000266377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9150eba5fe8e342023-02-08 09:43:54.240root 11241100x8000000000000000266376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0c244e492c5a372023-02-08 09:43:54.240root 11241100x8000000000000000266375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9cb8a6b08348922023-02-08 09:43:54.240root 11241100x8000000000000000266392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1a65ebf1538f72023-02-08 09:43:54.241root 11241100x8000000000000000266391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd980b81d8c85aa2023-02-08 09:43:54.241root 11241100x8000000000000000266390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63305ec7cc9be4b92023-02-08 09:43:54.241root 11241100x8000000000000000266389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05e8e446068d8ff2023-02-08 09:43:54.241root 11241100x8000000000000000266388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1658731ffc3ac38b2023-02-08 09:43:54.241root 11241100x8000000000000000266387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbfc7056643c64b2023-02-08 09:43:54.241root 11241100x8000000000000000266386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef746cb2a5dee82023-02-08 09:43:54.241root 11241100x8000000000000000266385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695a9c071796b0fd2023-02-08 09:43:54.241root 11241100x8000000000000000266393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af829be1080eb1342023-02-08 09:43:54.735root 11241100x8000000000000000266400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c2d301dcb3afd12023-02-08 09:43:54.736root 11241100x8000000000000000266399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aa3c591c6bf3f72023-02-08 09:43:54.736root 11241100x8000000000000000266398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5e2f3d9dc3a5312023-02-08 09:43:54.736root 11241100x8000000000000000266397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515c32c649c22baf2023-02-08 09:43:54.736root 11241100x8000000000000000266396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f52e4604d46af022023-02-08 09:43:54.736root 11241100x8000000000000000266395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e889a27c3ca009952023-02-08 09:43:54.736root 11241100x8000000000000000266394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359c2d002c99e8882023-02-08 09:43:54.736root 11241100x8000000000000000266406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735e74e3f859d3972023-02-08 09:43:54.738root 11241100x8000000000000000266405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4067c8ab051f67e92023-02-08 09:43:54.738root 11241100x8000000000000000266404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abb31d3e8290e792023-02-08 09:43:54.738root 11241100x8000000000000000266403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceca52d24ed10142023-02-08 09:43:54.738root 11241100x8000000000000000266402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f217b0c2f443b492023-02-08 09:43:54.738root 11241100x8000000000000000266401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bd05948db513022023-02-08 09:43:54.738root 11241100x8000000000000000266412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd85ba2d5ee6a9b2023-02-08 09:43:54.739root 11241100x8000000000000000266411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6431e9b65c12ab62023-02-08 09:43:54.739root 11241100x8000000000000000266410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3014024c518d02352023-02-08 09:43:54.739root 11241100x8000000000000000266409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bdf26b6745e5d52023-02-08 09:43:54.739root 11241100x8000000000000000266408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4036e1c63deb09ce2023-02-08 09:43:54.739root 11241100x8000000000000000266407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fee4bb997deee02023-02-08 09:43:54.739root 11241100x8000000000000000266414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e4c7f37de219852023-02-08 09:43:54.740root 11241100x8000000000000000266413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e920218a5bdc2bf2023-02-08 09:43:54.740root 11241100x8000000000000000266417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20da863331d88522023-02-08 09:43:54.741root 11241100x8000000000000000266416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963624be1053ad922023-02-08 09:43:54.741root 11241100x8000000000000000266415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910f98fb75b6b7c82023-02-08 09:43:54.741root 11241100x8000000000000000266427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c85352b35c5cbee2023-02-08 09:43:54.742root 11241100x8000000000000000266426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b59afd3083eecd2023-02-08 09:43:54.742root 11241100x8000000000000000266425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2d51573699afe2023-02-08 09:43:54.742root 11241100x8000000000000000266424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e6be72b7fd5b962023-02-08 09:43:54.742root 11241100x8000000000000000266423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7bbdcd9e53097d2023-02-08 09:43:54.742root 11241100x8000000000000000266422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f105220c3ec7b0dd2023-02-08 09:43:54.742root 11241100x8000000000000000266421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62673b902f03b7b2023-02-08 09:43:54.742root 11241100x8000000000000000266420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdadb49d311294ea2023-02-08 09:43:54.742root 11241100x8000000000000000266419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702537816c06871b2023-02-08 09:43:54.742root 11241100x8000000000000000266418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95aeb56fbe61353a2023-02-08 09:43:54.742root 11241100x8000000000000000266438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8745c48d92adbf992023-02-08 09:43:54.743root 11241100x8000000000000000266437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3393c502f18e4812023-02-08 09:43:54.743root 11241100x8000000000000000266436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c2f426bb0f2a842023-02-08 09:43:54.743root 11241100x8000000000000000266435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a415b527acbac24f2023-02-08 09:43:54.743root 11241100x8000000000000000266434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2a4e7be172e412023-02-08 09:43:54.743root 11241100x8000000000000000266433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700ebf93e7aaec42023-02-08 09:43:54.743root 11241100x8000000000000000266432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d3682da1b4e91d2023-02-08 09:43:54.743root 11241100x8000000000000000266431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcfa5fe6195bbe82023-02-08 09:43:54.743root 11241100x8000000000000000266430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781f9ba1435cae932023-02-08 09:43:54.743root 11241100x8000000000000000266429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc08b3e72fd2513e2023-02-08 09:43:54.743root 11241100x8000000000000000266428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4a3c0c6a179072023-02-08 09:43:54.743root 11241100x8000000000000000266440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71713f1131d026a2023-02-08 09:43:54.744root 11241100x8000000000000000266439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:54.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908c22def33529cc2023-02-08 09:43:54.744root 11241100x8000000000000000266443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36009742e47f712023-02-08 09:43:55.138root 11241100x8000000000000000266442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1949939b541b732023-02-08 09:43:55.138root 354300x8000000000000000266441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.138{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47888-false10.0.1.12-8000- 11241100x8000000000000000266453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c2dba215d70d372023-02-08 09:43:55.139root 11241100x8000000000000000266452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f3ab102864fac82023-02-08 09:43:55.139root 11241100x8000000000000000266451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc1e59b4fb98a72023-02-08 09:43:55.139root 11241100x8000000000000000266450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa516463761f7162023-02-08 09:43:55.139root 11241100x8000000000000000266449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1428e9f54a62ffe32023-02-08 09:43:55.139root 11241100x8000000000000000266448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a27edcc0ab579d2023-02-08 09:43:55.139root 11241100x8000000000000000266447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df44757992082fc52023-02-08 09:43:55.139root 11241100x8000000000000000266446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904fd8d5dc4df45b2023-02-08 09:43:55.139root 11241100x8000000000000000266445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14419f46e83328362023-02-08 09:43:55.139root 11241100x8000000000000000266444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168bcfd513c0944a2023-02-08 09:43:55.139root 11241100x8000000000000000266462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795231e6a6be502c2023-02-08 09:43:55.140root 11241100x8000000000000000266461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8b34737f57430b2023-02-08 09:43:55.140root 11241100x8000000000000000266460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb6e9c6344fed922023-02-08 09:43:55.140root 11241100x8000000000000000266459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68c0549be5b02e32023-02-08 09:43:55.140root 11241100x8000000000000000266458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252f8dc0d59b48d2023-02-08 09:43:55.140root 11241100x8000000000000000266457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a733b313e6a8342023-02-08 09:43:55.140root 11241100x8000000000000000266456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a840a9c4141b097d2023-02-08 09:43:55.140root 11241100x8000000000000000266455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b298e4539d69dca2023-02-08 09:43:55.140root 11241100x8000000000000000266454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c8b3f72b331ecb2023-02-08 09:43:55.140root 11241100x8000000000000000266471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021cb8c576d911872023-02-08 09:43:55.141root 11241100x8000000000000000266470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9ceec2c9b7be292023-02-08 09:43:55.141root 11241100x8000000000000000266469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6120a467c6879bed2023-02-08 09:43:55.141root 11241100x8000000000000000266468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc579a06df39cdf92023-02-08 09:43:55.141root 11241100x8000000000000000266467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2da396c2f31bf2023-02-08 09:43:55.141root 11241100x8000000000000000266466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd753b05713067992023-02-08 09:43:55.141root 11241100x8000000000000000266465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6523f20581aa2b2023-02-08 09:43:55.141root 11241100x8000000000000000266464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b6bda582fa39222023-02-08 09:43:55.141root 11241100x8000000000000000266463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f481fbdd20585d72023-02-08 09:43:55.141root 11241100x8000000000000000266481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5172e98f3abe742e2023-02-08 09:43:55.142root 11241100x8000000000000000266480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae72702bccb6822023-02-08 09:43:55.142root 11241100x8000000000000000266479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4d81fb009755e2023-02-08 09:43:55.142root 11241100x8000000000000000266478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c0e3427f973b0e2023-02-08 09:43:55.142root 11241100x8000000000000000266477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87299d2aeeda9f3f2023-02-08 09:43:55.142root 11241100x8000000000000000266476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ae3f27632a84962023-02-08 09:43:55.142root 11241100x8000000000000000266475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bd1843bc86c1072023-02-08 09:43:55.142root 11241100x8000000000000000266474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4c8d0f9c9019862023-02-08 09:43:55.142root 11241100x8000000000000000266473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b86f868434f2e372023-02-08 09:43:55.142root 11241100x8000000000000000266472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84479db350b25ffb2023-02-08 09:43:55.142root 11241100x8000000000000000266491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df18424c999679d2023-02-08 09:43:55.143root 11241100x8000000000000000266490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c768c98f5eb3d42023-02-08 09:43:55.143root 11241100x8000000000000000266489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4f861870c5ef072023-02-08 09:43:55.143root 11241100x8000000000000000266488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443ac5dfbfb88e502023-02-08 09:43:55.143root 11241100x8000000000000000266487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906ae33d1a76867c2023-02-08 09:43:55.143root 11241100x8000000000000000266486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a589464d991a1782023-02-08 09:43:55.143root 11241100x8000000000000000266485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc30563a4c4f7db92023-02-08 09:43:55.143root 11241100x8000000000000000266484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e548db4bd2c6602023-02-08 09:43:55.143root 11241100x8000000000000000266483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55db4085327934e2023-02-08 09:43:55.143root 11241100x8000000000000000266482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad0a303aa7f58882023-02-08 09:43:55.143root 11241100x8000000000000000266495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43aef84b24264e42023-02-08 09:43:55.486root 11241100x8000000000000000266494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a03c704d4f277f2023-02-08 09:43:55.486root 11241100x8000000000000000266493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c929f710a7d4f82023-02-08 09:43:55.486root 11241100x8000000000000000266492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25fa47efcc44b572023-02-08 09:43:55.486root 11241100x8000000000000000266500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6237d1b8287db72023-02-08 09:43:55.487root 11241100x8000000000000000266499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f495e50c8ca03d082023-02-08 09:43:55.487root 11241100x8000000000000000266498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a3baddcb4447c12023-02-08 09:43:55.487root 11241100x8000000000000000266497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b944f4a22a8f03112023-02-08 09:43:55.487root 11241100x8000000000000000266496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f5ccc4f54884852023-02-08 09:43:55.487root 11241100x8000000000000000266506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f114b4a12168786e2023-02-08 09:43:55.488root 11241100x8000000000000000266505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf82645a809c55c2023-02-08 09:43:55.488root 11241100x8000000000000000266504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c4647c388dd372023-02-08 09:43:55.488root 11241100x8000000000000000266503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29e39c8f9a463112023-02-08 09:43:55.488root 11241100x8000000000000000266502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cf380a3fcaab382023-02-08 09:43:55.488root 11241100x8000000000000000266501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641bd7bb1655259d2023-02-08 09:43:55.488root 11241100x8000000000000000266519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d4b4cbfd793522023-02-08 09:43:55.490root 11241100x8000000000000000266518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db840840af373ac2023-02-08 09:43:55.490root 11241100x8000000000000000266517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4e97759b12ece2023-02-08 09:43:55.490root 11241100x8000000000000000266516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84233fd4b3524bc72023-02-08 09:43:55.490root 11241100x8000000000000000266515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeae0fc48299ebc2023-02-08 09:43:55.490root 11241100x8000000000000000266514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1f2c33330a2aa82023-02-08 09:43:55.490root 11241100x8000000000000000266513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7613319c871d82023-02-08 09:43:55.490root 11241100x8000000000000000266512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d1f4f75059678c2023-02-08 09:43:55.490root 11241100x8000000000000000266511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14567989b70c4822023-02-08 09:43:55.490root 11241100x8000000000000000266510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bd983438c8a54b2023-02-08 09:43:55.490root 11241100x8000000000000000266509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c773262e614baaa2023-02-08 09:43:55.490root 11241100x8000000000000000266508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ca4e90bc5a4ccb2023-02-08 09:43:55.490root 11241100x8000000000000000266507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a3f538805b79f2023-02-08 09:43:55.490root 11241100x8000000000000000266529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d50cb3bc0376f9e2023-02-08 09:43:55.491root 11241100x8000000000000000266528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e029832f5048f4dc2023-02-08 09:43:55.491root 11241100x8000000000000000266527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc85e6a42e8273a2023-02-08 09:43:55.491root 11241100x8000000000000000266526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8f4e4efcd094d42023-02-08 09:43:55.491root 11241100x8000000000000000266525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a017dc09781c1e52023-02-08 09:43:55.491root 11241100x8000000000000000266524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3576bd6a1c4b172023-02-08 09:43:55.491root 11241100x8000000000000000266523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cba41ef5c1780f52023-02-08 09:43:55.491root 11241100x8000000000000000266522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaac48ad89e92f8d2023-02-08 09:43:55.491root 11241100x8000000000000000266521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864c4ba93d57ebef2023-02-08 09:43:55.491root 11241100x8000000000000000266520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e8045675241d262023-02-08 09:43:55.491root 11241100x8000000000000000266543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a5638b7c17be7b2023-02-08 09:43:55.492root 11241100x8000000000000000266542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaf3d243138909e2023-02-08 09:43:55.492root 11241100x8000000000000000266541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a245c33d3245412023-02-08 09:43:55.492root 11241100x8000000000000000266540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9542fe870901e6b2023-02-08 09:43:55.492root 11241100x8000000000000000266539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4823ac08f2953af2023-02-08 09:43:55.492root 11241100x8000000000000000266538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330ee6a38e456182023-02-08 09:43:55.492root 11241100x8000000000000000266537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e30b1b440edc52023-02-08 09:43:55.492root 11241100x8000000000000000266536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15bc417df0579f2023-02-08 09:43:55.492root 11241100x8000000000000000266535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294a3b23256b97bb2023-02-08 09:43:55.492root 11241100x8000000000000000266534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f7b0110c472e62023-02-08 09:43:55.492root 11241100x8000000000000000266533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039db843c8ce58b32023-02-08 09:43:55.492root 11241100x8000000000000000266532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b328e6f3f53225fb2023-02-08 09:43:55.492root 11241100x8000000000000000266531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee4dcc745cf94d82023-02-08 09:43:55.492root 11241100x8000000000000000266530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ba731e628fac82023-02-08 09:43:55.492root 11241100x8000000000000000266558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897e402a256a97102023-02-08 09:43:55.493root 11241100x8000000000000000266557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61557ad32b371ddc2023-02-08 09:43:55.493root 11241100x8000000000000000266556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b3aaa6ad8a99de2023-02-08 09:43:55.493root 11241100x8000000000000000266555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e9a44d40822c22023-02-08 09:43:55.493root 11241100x8000000000000000266554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb351896000a4022023-02-08 09:43:55.493root 11241100x8000000000000000266553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6073b16a22e834eb2023-02-08 09:43:55.493root 11241100x8000000000000000266552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0482ffa37413f5242023-02-08 09:43:55.493root 11241100x8000000000000000266551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a185429b51635da52023-02-08 09:43:55.493root 11241100x8000000000000000266550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b8c0b90cdd3742023-02-08 09:43:55.493root 11241100x8000000000000000266549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b1917cb1bef3772023-02-08 09:43:55.493root 11241100x8000000000000000266548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cffc0917fe7b9d12023-02-08 09:43:55.493root 11241100x8000000000000000266547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260ad700368713652023-02-08 09:43:55.493root 11241100x8000000000000000266546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9525c518a71b70612023-02-08 09:43:55.493root 11241100x8000000000000000266545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12039c9ad509bf6a2023-02-08 09:43:55.493root 11241100x8000000000000000266544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce5c587fd2f3ee32023-02-08 09:43:55.493root 11241100x8000000000000000266573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b05b3c07a8dcf2023-02-08 09:43:55.494root 11241100x8000000000000000266572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994cf60eed72b2a2023-02-08 09:43:55.494root 11241100x8000000000000000266571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5b5bd8ab4bc6f2023-02-08 09:43:55.494root 11241100x8000000000000000266570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432d7948927487b2023-02-08 09:43:55.494root 11241100x8000000000000000266569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200ddb58c252b5dc2023-02-08 09:43:55.494root 11241100x8000000000000000266568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52541700090ad152023-02-08 09:43:55.494root 11241100x8000000000000000266567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b26943519d2b0fb2023-02-08 09:43:55.494root 11241100x8000000000000000266566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6dcecb6f2ce4572023-02-08 09:43:55.494root 11241100x8000000000000000266565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085bed42a692a30c2023-02-08 09:43:55.494root 11241100x8000000000000000266564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4476a37b09fa573c2023-02-08 09:43:55.494root 11241100x8000000000000000266563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbad2cc52b13f17e2023-02-08 09:43:55.494root 11241100x8000000000000000266562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5d4b27540363112023-02-08 09:43:55.494root 11241100x8000000000000000266561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db491785f3d262792023-02-08 09:43:55.494root 11241100x8000000000000000266560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd27d95e0c3f6462023-02-08 09:43:55.494root 11241100x8000000000000000266559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9ffb853479e3e52023-02-08 09:43:55.494root 11241100x8000000000000000266577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff7e16ad9627d3b2023-02-08 09:43:55.495root 11241100x8000000000000000266576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f313011bbc50cb172023-02-08 09:43:55.495root 11241100x8000000000000000266575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371905800d1738782023-02-08 09:43:55.495root 11241100x8000000000000000266574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b32cc82fa646962023-02-08 09:43:55.495root 11241100x8000000000000000266578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364a6e626a3c2ec2023-02-08 09:43:55.985root 11241100x8000000000000000266585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44d8270b480d792023-02-08 09:43:55.986root 11241100x8000000000000000266584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2685a268e80bf7512023-02-08 09:43:55.986root 11241100x8000000000000000266583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37497f36fd5627b2023-02-08 09:43:55.986root 11241100x8000000000000000266582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5cc8607715e9ff2023-02-08 09:43:55.986root 11241100x8000000000000000266581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5a571f6978d582023-02-08 09:43:55.986root 11241100x8000000000000000266580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5786e60fce0171aa2023-02-08 09:43:55.986root 11241100x8000000000000000266579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3baf4a806d49a22023-02-08 09:43:55.986root 11241100x8000000000000000266591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73f5f6bdb48590a2023-02-08 09:43:55.987root 11241100x8000000000000000266590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e60894b1f461312023-02-08 09:43:55.987root 11241100x8000000000000000266589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb0a6878ebbe462023-02-08 09:43:55.987root 11241100x8000000000000000266588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e246713544511d52023-02-08 09:43:55.987root 11241100x8000000000000000266587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df38f04b12f9d4012023-02-08 09:43:55.987root 11241100x8000000000000000266586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f153915ff7cacd2023-02-08 09:43:55.987root 11241100x8000000000000000266595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574d6087f5b2f702023-02-08 09:43:55.988root 11241100x8000000000000000266594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb59833aa2a0c10c2023-02-08 09:43:55.988root 11241100x8000000000000000266593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55696b8cfebd65fa2023-02-08 09:43:55.988root 11241100x8000000000000000266592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11c84485bb95b1a2023-02-08 09:43:55.988root 11241100x8000000000000000266608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350786d4c422fec62023-02-08 09:43:55.989root 11241100x8000000000000000266607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017f754ac0b6cbf92023-02-08 09:43:55.989root 11241100x8000000000000000266606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf2794d50e4cf572023-02-08 09:43:55.989root 11241100x8000000000000000266605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef8f6728d908e9a2023-02-08 09:43:55.989root 11241100x8000000000000000266604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bb18a2d95054bf2023-02-08 09:43:55.989root 11241100x8000000000000000266603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770a3d9123777a032023-02-08 09:43:55.989root 11241100x8000000000000000266602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070a2276d76704c22023-02-08 09:43:55.989root 11241100x8000000000000000266601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0755093e4c3a02023-02-08 09:43:55.989root 11241100x8000000000000000266600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a247f10272c590a02023-02-08 09:43:55.989root 11241100x8000000000000000266599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a583d0393b62e2023-02-08 09:43:55.989root 11241100x8000000000000000266598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a11e1caab06b4562023-02-08 09:43:55.989root 11241100x8000000000000000266597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5e24a9cfaa11b12023-02-08 09:43:55.989root 11241100x8000000000000000266596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a3356baca4713c2023-02-08 09:43:55.989root 11241100x8000000000000000266616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439e38a71a7eb8872023-02-08 09:43:55.990root 11241100x8000000000000000266615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79cb54b0933d2a92023-02-08 09:43:55.990root 11241100x8000000000000000266614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282f9d52284d789f2023-02-08 09:43:55.990root 11241100x8000000000000000266613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44109deaab0596502023-02-08 09:43:55.990root 11241100x8000000000000000266612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0b9d4c8288fcf72023-02-08 09:43:55.990root 11241100x8000000000000000266611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c03a82fbfc81a8c2023-02-08 09:43:55.990root 11241100x8000000000000000266610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d665616eed757c72023-02-08 09:43:55.990root 11241100x8000000000000000266609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcfdfce02d7ef5e2023-02-08 09:43:55.990root 11241100x8000000000000000266623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9eb2427d021842023-02-08 09:43:55.991root 11241100x8000000000000000266622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe77185e02678582023-02-08 09:43:55.991root 11241100x8000000000000000266621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c2ca873bfe15262023-02-08 09:43:55.991root 11241100x8000000000000000266620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ed7ecc0e6437502023-02-08 09:43:55.991root 11241100x8000000000000000266619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce0825cf7df8cf2023-02-08 09:43:55.991root 11241100x8000000000000000266618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d5ee9340fb07c2023-02-08 09:43:55.991root 11241100x8000000000000000266617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad0d41e35ce4712023-02-08 09:43:55.991root 11241100x8000000000000000266625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2758aef46eaf162023-02-08 09:43:55.992root 11241100x8000000000000000266624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:55.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e270b54faacccbfb2023-02-08 09:43:55.992root 11241100x8000000000000000266633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54721799966f7b42023-02-08 09:43:56.485root 11241100x8000000000000000266632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519e66b3f290a0b82023-02-08 09:43:56.485root 11241100x8000000000000000266631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307878bbbf90a2ec2023-02-08 09:43:56.485root 11241100x8000000000000000266630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9771a388157b79422023-02-08 09:43:56.485root 11241100x8000000000000000266629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29091de6f967f15e2023-02-08 09:43:56.485root 11241100x8000000000000000266628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdc39bf6638959a2023-02-08 09:43:56.485root 11241100x8000000000000000266627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264471ffff261ed82023-02-08 09:43:56.485root 11241100x8000000000000000266626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1368b1b151ff3f82023-02-08 09:43:56.485root 11241100x8000000000000000266637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920be92da4b90882023-02-08 09:43:56.486root 11241100x8000000000000000266636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74084cd611eea542023-02-08 09:43:56.486root 11241100x8000000000000000266635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7983818ce9b4212023-02-08 09:43:56.486root 11241100x8000000000000000266634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44071a775a2a4fd72023-02-08 09:43:56.486root 11241100x8000000000000000266645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4ce1493a4421fb2023-02-08 09:43:56.487root 11241100x8000000000000000266644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b8f8873aeea822023-02-08 09:43:56.487root 11241100x8000000000000000266643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c6e998be75a61c2023-02-08 09:43:56.487root 11241100x8000000000000000266642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209e35f8291963b2023-02-08 09:43:56.487root 11241100x8000000000000000266641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181b01342820000b2023-02-08 09:43:56.487root 11241100x8000000000000000266640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8af012459a1a992023-02-08 09:43:56.487root 11241100x8000000000000000266639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a850a13a0f1c5942023-02-08 09:43:56.487root 11241100x8000000000000000266638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c5e8a2e3dcf3282023-02-08 09:43:56.487root 11241100x8000000000000000266658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471275815f455a672023-02-08 09:43:56.488root 11241100x8000000000000000266657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29be84fdf9f336c2023-02-08 09:43:56.488root 11241100x8000000000000000266656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7552f5fd1226e702023-02-08 09:43:56.488root 11241100x8000000000000000266655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae9885754ade01c2023-02-08 09:43:56.488root 11241100x8000000000000000266654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695d5e9100bc2f22023-02-08 09:43:56.488root 11241100x8000000000000000266653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec395f54646bd3fc2023-02-08 09:43:56.488root 11241100x8000000000000000266652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98453a96606ef5ac2023-02-08 09:43:56.488root 11241100x8000000000000000266651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ca397736e7a1e62023-02-08 09:43:56.488root 11241100x8000000000000000266650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0253c2a81736e4c52023-02-08 09:43:56.488root 11241100x8000000000000000266649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45de8433f1f12732023-02-08 09:43:56.488root 11241100x8000000000000000266648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a820b4cf5d8db2023-02-08 09:43:56.488root 11241100x8000000000000000266647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f6223f04e00d22023-02-08 09:43:56.488root 11241100x8000000000000000266646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fa789dcfdb707e2023-02-08 09:43:56.488root 11241100x8000000000000000266662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f19697e8b88b252023-02-08 09:43:56.489root 11241100x8000000000000000266661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4150f692b6247c82023-02-08 09:43:56.489root 11241100x8000000000000000266660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee52cd22c1625e772023-02-08 09:43:56.489root 11241100x8000000000000000266659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645cb605795ec8482023-02-08 09:43:56.489root 11241100x8000000000000000266665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1df3c2fe66461852023-02-08 09:43:56.490root 11241100x8000000000000000266664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d881a8449db98b2023-02-08 09:43:56.490root 11241100x8000000000000000266663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c18e257d5b2934d2023-02-08 09:43:56.490root 11241100x8000000000000000266669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529168761b1f17102023-02-08 09:43:56.491root 11241100x8000000000000000266668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa231ffa543b08d2023-02-08 09:43:56.491root 11241100x8000000000000000266667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d4101e16e3acb42023-02-08 09:43:56.491root 11241100x8000000000000000266666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714bebdf5d9d6e322023-02-08 09:43:56.491root 11241100x8000000000000000266680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1376782c6474b22023-02-08 09:43:56.492root 11241100x8000000000000000266679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb703e9a082f4132023-02-08 09:43:56.492root 11241100x8000000000000000266678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0431370a9863ab472023-02-08 09:43:56.492root 11241100x8000000000000000266677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86e8a68b469da6e2023-02-08 09:43:56.492root 11241100x8000000000000000266676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1318c4324b6c21272023-02-08 09:43:56.492root 11241100x8000000000000000266675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dd32268238897c2023-02-08 09:43:56.492root 11241100x8000000000000000266674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3615096a4051efd2023-02-08 09:43:56.492root 11241100x8000000000000000266673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d1792967fabec72023-02-08 09:43:56.492root 11241100x8000000000000000266672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07869458942d072023-02-08 09:43:56.492root 11241100x8000000000000000266671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df0ed5c1b330da2023-02-08 09:43:56.492root 11241100x8000000000000000266670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6067858e164d76f2023-02-08 09:43:56.492root 11241100x8000000000000000266686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a71cb8c8dff9912023-02-08 09:43:56.493root 11241100x8000000000000000266685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc2bb68b8e2beaf2023-02-08 09:43:56.493root 11241100x8000000000000000266684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991757c6a9c525fa2023-02-08 09:43:56.493root 11241100x8000000000000000266683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514520c2d7ef22192023-02-08 09:43:56.493root 11241100x8000000000000000266682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9069c8df862cf8732023-02-08 09:43:56.493root 11241100x8000000000000000266681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1316937eb75e4ec2023-02-08 09:43:56.493root 11241100x8000000000000000266687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12d63df40a9a2502023-02-08 09:43:56.984root 11241100x8000000000000000266696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c710e0f3dc8d84742023-02-08 09:43:56.985root 11241100x8000000000000000266695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97564f7c2f857e42023-02-08 09:43:56.985root 11241100x8000000000000000266694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b773b4cdc5157d972023-02-08 09:43:56.985root 11241100x8000000000000000266693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f1b37bacf8b2b42023-02-08 09:43:56.985root 11241100x8000000000000000266692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010f2a39e0fc25e62023-02-08 09:43:56.985root 11241100x8000000000000000266691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5129548f6ab25b22023-02-08 09:43:56.985root 11241100x8000000000000000266690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d341a0534cddec7d2023-02-08 09:43:56.985root 11241100x8000000000000000266689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622277ab9fe64872023-02-08 09:43:56.985root 11241100x8000000000000000266688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e9a3cfc46eceb72023-02-08 09:43:56.985root 11241100x8000000000000000266704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260d30c821064402023-02-08 09:43:56.986root 11241100x8000000000000000266703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ac3e1afce0bd92023-02-08 09:43:56.986root 11241100x8000000000000000266702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be2e2894d3c29d2023-02-08 09:43:56.986root 11241100x8000000000000000266701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b578d7d7559cd32023-02-08 09:43:56.986root 11241100x8000000000000000266700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d480b9f08bcc42023-02-08 09:43:56.986root 11241100x8000000000000000266699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb1e13997c087cc2023-02-08 09:43:56.986root 11241100x8000000000000000266698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81efeab62d5fcd632023-02-08 09:43:56.986root 11241100x8000000000000000266697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f06a23292eee5e2023-02-08 09:43:56.986root 11241100x8000000000000000266711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885f58adc7700f942023-02-08 09:43:56.987root 11241100x8000000000000000266710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e804132a35aee6ff2023-02-08 09:43:56.987root 11241100x8000000000000000266709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933a4dd4f7176d892023-02-08 09:43:56.987root 11241100x8000000000000000266708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2134a0c8fa472e852023-02-08 09:43:56.987root 11241100x8000000000000000266707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a623052841b53a2023-02-08 09:43:56.987root 11241100x8000000000000000266706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c8f8fef39d855a2023-02-08 09:43:56.987root 11241100x8000000000000000266705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582a7c908eec46ae2023-02-08 09:43:56.987root 11241100x8000000000000000266722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a881890a1bf0e1c92023-02-08 09:43:56.988root 11241100x8000000000000000266721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208e6f0e82e060172023-02-08 09:43:56.988root 11241100x8000000000000000266720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93f4e6af2748e8e2023-02-08 09:43:56.988root 11241100x8000000000000000266719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048f5b000fc35a7d2023-02-08 09:43:56.988root 11241100x8000000000000000266718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec9e139a308730f2023-02-08 09:43:56.988root 11241100x8000000000000000266717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38b82276049dc842023-02-08 09:43:56.988root 11241100x8000000000000000266716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4c4dc18c324792023-02-08 09:43:56.988root 11241100x8000000000000000266715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e71cd56cad0c402023-02-08 09:43:56.988root 11241100x8000000000000000266714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afa9e35c1aedc82023-02-08 09:43:56.988root 11241100x8000000000000000266713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cacfae9d5cfd662023-02-08 09:43:56.988root 11241100x8000000000000000266712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a914ba63501ef22023-02-08 09:43:56.988root 11241100x8000000000000000266730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5d16a9ec8b8a72023-02-08 09:43:56.989root 11241100x8000000000000000266729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd8a99d931cf4902023-02-08 09:43:56.989root 11241100x8000000000000000266728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcebef10b4ca0272023-02-08 09:43:56.989root 11241100x8000000000000000266727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9a68a2be16ac7e2023-02-08 09:43:56.989root 11241100x8000000000000000266726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c415ea91be77dfb2023-02-08 09:43:56.989root 11241100x8000000000000000266725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0177c5563ae25f8f2023-02-08 09:43:56.989root 11241100x8000000000000000266724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6401795648c362023-02-08 09:43:56.989root 11241100x8000000000000000266723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923408a1639ac66d2023-02-08 09:43:56.989root 11241100x8000000000000000266738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596220ef77c78562023-02-08 09:43:56.990root 11241100x8000000000000000266737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b5430495ccb89d2023-02-08 09:43:56.990root 11241100x8000000000000000266736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f10bdbbd335e92023-02-08 09:43:56.990root 11241100x8000000000000000266735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b457c19a0cd505982023-02-08 09:43:56.990root 11241100x8000000000000000266734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1924d63772d5ea6f2023-02-08 09:43:56.990root 11241100x8000000000000000266733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f035fd0bfd599e2023-02-08 09:43:56.990root 11241100x8000000000000000266732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abca9759d01daadb2023-02-08 09:43:56.990root 11241100x8000000000000000266731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f78980bab260172023-02-08 09:43:56.990root 11241100x8000000000000000266750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b7fc24b225a09e2023-02-08 09:43:56.991root 11241100x8000000000000000266749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d51c64397f9ceb2023-02-08 09:43:56.991root 11241100x8000000000000000266748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735bd235aef8edb22023-02-08 09:43:56.991root 11241100x8000000000000000266747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590b13d3a8ae79112023-02-08 09:43:56.991root 11241100x8000000000000000266746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a857bdea5326edff2023-02-08 09:43:56.991root 11241100x8000000000000000266745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe55e52abe5530b2023-02-08 09:43:56.991root 11241100x8000000000000000266744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d70b7e6f865d702023-02-08 09:43:56.991root 11241100x8000000000000000266743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdd104c6c39f2b12023-02-08 09:43:56.991root 11241100x8000000000000000266742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5556a0afeaa85cdd2023-02-08 09:43:56.991root 11241100x8000000000000000266741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291c69ac04c4f712023-02-08 09:43:56.991root 11241100x8000000000000000266740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb101148aeff632023-02-08 09:43:56.991root 11241100x8000000000000000266739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7e225335fe727a2023-02-08 09:43:56.991root 11241100x8000000000000000266766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf13b777c51e2752023-02-08 09:43:56.992root 11241100x8000000000000000266765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18352986a8eeab122023-02-08 09:43:56.992root 11241100x8000000000000000266764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0015e7b273614d912023-02-08 09:43:56.992root 11241100x8000000000000000266763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e81e556fed77062023-02-08 09:43:56.992root 11241100x8000000000000000266762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869b7791e311c3302023-02-08 09:43:56.992root 11241100x8000000000000000266761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b153ed7910487bbe2023-02-08 09:43:56.992root 11241100x8000000000000000266760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc595c8db2cbeae2023-02-08 09:43:56.992root 11241100x8000000000000000266759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fc7a2b10afa39c2023-02-08 09:43:56.992root 11241100x8000000000000000266758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb9ecc25af1c322023-02-08 09:43:56.992root 11241100x8000000000000000266757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047fac18de4e1fa2023-02-08 09:43:56.992root 11241100x8000000000000000266756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e4c1ff19ff51662023-02-08 09:43:56.992root 11241100x8000000000000000266755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff4837e672359aa2023-02-08 09:43:56.992root 11241100x8000000000000000266754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43ae2f380911c4f2023-02-08 09:43:56.992root 11241100x8000000000000000266753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c40b96bf9f5e5b2023-02-08 09:43:56.992root 11241100x8000000000000000266752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fdfbe38c0edbb2023-02-08 09:43:56.992root 11241100x8000000000000000266751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a23d2464066db02023-02-08 09:43:56.992root 11241100x8000000000000000266777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3b7871b9105dbb2023-02-08 09:43:56.993root 11241100x8000000000000000266776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c00a47b5401004b2023-02-08 09:43:56.993root 11241100x8000000000000000266775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa7c64915a3d1ba2023-02-08 09:43:56.993root 11241100x8000000000000000266774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a83fbc600837b2023-02-08 09:43:56.993root 11241100x8000000000000000266773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa8cf34bd7618c82023-02-08 09:43:56.993root 11241100x8000000000000000266772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a1805b60b8d3a2023-02-08 09:43:56.993root 11241100x8000000000000000266771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77b285da3d904b42023-02-08 09:43:56.993root 11241100x8000000000000000266770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff987d6c88764c22023-02-08 09:43:56.993root 11241100x8000000000000000266769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d9da207628d5772023-02-08 09:43:56.993root 11241100x8000000000000000266768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fcd4872ab5908d2023-02-08 09:43:56.993root 11241100x8000000000000000266767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceac77a0340036412023-02-08 09:43:56.993root 11241100x8000000000000000266786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e29584644e97be22023-02-08 09:43:57.486root 11241100x8000000000000000266785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d77ec4c95e24232023-02-08 09:43:57.486root 11241100x8000000000000000266784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c68ceebc348aabd2023-02-08 09:43:57.486root 11241100x8000000000000000266783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a04344248fa9ac92023-02-08 09:43:57.486root 11241100x8000000000000000266782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52551c1dbf82d9692023-02-08 09:43:57.486root 11241100x8000000000000000266781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f16cbfbe3c60372023-02-08 09:43:57.486root 11241100x8000000000000000266780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffba214895f3aa22023-02-08 09:43:57.486root 11241100x8000000000000000266779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f75562a09bbac92023-02-08 09:43:57.486root 11241100x8000000000000000266778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9678a02a95b1d2023-02-08 09:43:57.486root 11241100x8000000000000000266790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e077c8ffc2ce7e502023-02-08 09:43:57.487root 11241100x8000000000000000266789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0662910b4816642023-02-08 09:43:57.487root 11241100x8000000000000000266788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb725c5e03f03f232023-02-08 09:43:57.487root 11241100x8000000000000000266787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca1854e0c18dc82023-02-08 09:43:57.487root 11241100x8000000000000000266799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7864d0e6c667aa2023-02-08 09:43:57.488root 11241100x8000000000000000266798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9db24b2d07f2bc2023-02-08 09:43:57.488root 11241100x8000000000000000266797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884e0a3c2409f352023-02-08 09:43:57.488root 11241100x8000000000000000266796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173a7d58337d37e02023-02-08 09:43:57.488root 11241100x8000000000000000266795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1137251d08c09802023-02-08 09:43:57.488root 11241100x8000000000000000266794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c23a14796fe7632023-02-08 09:43:57.488root 11241100x8000000000000000266793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed663d168cd805802023-02-08 09:43:57.488root 11241100x8000000000000000266792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5000fdf0e025082b2023-02-08 09:43:57.488root 11241100x8000000000000000266791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf1abe43677c1b2023-02-08 09:43:57.488root 11241100x8000000000000000266808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4eb6e0d7b7b5a52023-02-08 09:43:57.489root 11241100x8000000000000000266807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c1c296071963bb2023-02-08 09:43:57.489root 11241100x8000000000000000266806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7994c4e456ceafc82023-02-08 09:43:57.489root 11241100x8000000000000000266805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9bcfddfa3b22d2023-02-08 09:43:57.489root 11241100x8000000000000000266804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828dc68aa60317312023-02-08 09:43:57.489root 11241100x8000000000000000266803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbba91dbf6696592023-02-08 09:43:57.489root 11241100x8000000000000000266802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61265e9dc23aa3b2023-02-08 09:43:57.489root 11241100x8000000000000000266801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b5a735c4925a9a2023-02-08 09:43:57.489root 11241100x8000000000000000266800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4003980e252afe862023-02-08 09:43:57.489root 11241100x8000000000000000266814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd063ec432c22372023-02-08 09:43:57.490root 11241100x8000000000000000266813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb9dfb4c4f3c7a52023-02-08 09:43:57.490root 11241100x8000000000000000266812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f99c4cd97053b92023-02-08 09:43:57.490root 11241100x8000000000000000266811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87dd06297429a752023-02-08 09:43:57.490root 11241100x8000000000000000266810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c632e266ca79002023-02-08 09:43:57.490root 11241100x8000000000000000266809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a451e17b0fd7d2023-02-08 09:43:57.490root 11241100x8000000000000000266826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff390dfd18adb082023-02-08 09:43:57.491root 11241100x8000000000000000266825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559fd5d1289527ce2023-02-08 09:43:57.491root 11241100x8000000000000000266824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aea9de1d2a9abb2023-02-08 09:43:57.491root 11241100x8000000000000000266823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0561284f060752023-02-08 09:43:57.491root 11241100x8000000000000000266822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0a70b118a992b92023-02-08 09:43:57.491root 11241100x8000000000000000266821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1282ba1e3548ff62023-02-08 09:43:57.491root 11241100x8000000000000000266820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125905e51b98e09a2023-02-08 09:43:57.491root 11241100x8000000000000000266819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc13d37a528b60b2023-02-08 09:43:57.491root 11241100x8000000000000000266818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ecc6f345487c882023-02-08 09:43:57.491root 11241100x8000000000000000266817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5313c0bc080abc12023-02-08 09:43:57.491root 11241100x8000000000000000266816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f439e113351aba032023-02-08 09:43:57.491root 11241100x8000000000000000266815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3188673e9261b70e2023-02-08 09:43:57.491root 11241100x8000000000000000266836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92a1f6548398a72023-02-08 09:43:57.492root 11241100x8000000000000000266835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55a1cdb1f73e72c2023-02-08 09:43:57.492root 11241100x8000000000000000266834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e43129e9f4ae632023-02-08 09:43:57.492root 11241100x8000000000000000266833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01ade7e0757d2fb2023-02-08 09:43:57.492root 11241100x8000000000000000266832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af4cafb05f4dc4e2023-02-08 09:43:57.492root 11241100x8000000000000000266831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce9787d4d50ac5f2023-02-08 09:43:57.492root 11241100x8000000000000000266830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b1e606f3b448562023-02-08 09:43:57.492root 11241100x8000000000000000266829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdd01f8861a580b2023-02-08 09:43:57.492root 11241100x8000000000000000266828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955103ce799f6fa92023-02-08 09:43:57.492root 11241100x8000000000000000266827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940d8831dec4b212023-02-08 09:43:57.492root 11241100x8000000000000000266838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77752ed835e0f6842023-02-08 09:43:57.985root 11241100x8000000000000000266837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5c7600ee8aa6062023-02-08 09:43:57.985root 11241100x8000000000000000266845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979717e0955278e62023-02-08 09:43:57.986root 11241100x8000000000000000266844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c40cfbdfb877d9b2023-02-08 09:43:57.986root 11241100x8000000000000000266843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e5808e76b34a282023-02-08 09:43:57.986root 11241100x8000000000000000266842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add645784cb7af972023-02-08 09:43:57.986root 11241100x8000000000000000266841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644c3b3cffdc43532023-02-08 09:43:57.986root 11241100x8000000000000000266840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfc8f1c7f28dfe72023-02-08 09:43:57.986root 11241100x8000000000000000266839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7338059c75e073962023-02-08 09:43:57.986root 11241100x8000000000000000266846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b35e9e528f89012023-02-08 09:43:57.988root 11241100x8000000000000000266856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d06f232e70b44d02023-02-08 09:43:57.989root 11241100x8000000000000000266855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc579a5cfa125df12023-02-08 09:43:57.989root 11241100x8000000000000000266854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adc13f5d9dbabf32023-02-08 09:43:57.989root 11241100x8000000000000000266853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f870ce6693b2b52023-02-08 09:43:57.989root 11241100x8000000000000000266852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075784879978b2c72023-02-08 09:43:57.989root 11241100x8000000000000000266851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b243f873212c2582023-02-08 09:43:57.989root 11241100x8000000000000000266850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08ceb8c2ddb59c62023-02-08 09:43:57.989root 11241100x8000000000000000266849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac180a5ef9a7a6e82023-02-08 09:43:57.989root 11241100x8000000000000000266848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95421473440d1d3c2023-02-08 09:43:57.989root 11241100x8000000000000000266847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21616d7ef6938872023-02-08 09:43:57.989root 11241100x8000000000000000266862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47160994f60af5512023-02-08 09:43:57.990root 11241100x8000000000000000266861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdb7eabc5c8a45e2023-02-08 09:43:57.990root 11241100x8000000000000000266860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e06e8c1b622e8312023-02-08 09:43:57.990root 11241100x8000000000000000266859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676420949d0a95e92023-02-08 09:43:57.990root 11241100x8000000000000000266858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb6a68a61b10beb2023-02-08 09:43:57.990root 11241100x8000000000000000266857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a063f252f0e28e3d2023-02-08 09:43:57.990root 11241100x8000000000000000266864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25984479492a54652023-02-08 09:43:57.991root 11241100x8000000000000000266863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4afb2220bb1c72023-02-08 09:43:57.991root 11241100x8000000000000000266873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446340009d128a502023-02-08 09:43:57.992root 11241100x8000000000000000266872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c6b65d65786b562023-02-08 09:43:57.992root 11241100x8000000000000000266871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615055e94db357ee2023-02-08 09:43:57.992root 11241100x8000000000000000266870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1498fcc95e27022023-02-08 09:43:57.992root 11241100x8000000000000000266869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580d4e32fca364f2023-02-08 09:43:57.992root 11241100x8000000000000000266868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f935e83583e3bc02023-02-08 09:43:57.992root 11241100x8000000000000000266867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c18fc4a95d5c44e2023-02-08 09:43:57.992root 11241100x8000000000000000266866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980401a61798c2452023-02-08 09:43:57.992root 11241100x8000000000000000266865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cb11ca6b786ffc2023-02-08 09:43:57.992root 11241100x8000000000000000266878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6254f33c7269e1fa2023-02-08 09:43:57.993root 11241100x8000000000000000266877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63f1114b8ef17442023-02-08 09:43:57.993root 11241100x8000000000000000266876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e88baa9fd3b81ba2023-02-08 09:43:57.993root 11241100x8000000000000000266875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a94f7d2c718012023-02-08 09:43:57.993root 11241100x8000000000000000266874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac98d7ee645e63e2023-02-08 09:43:57.993root 11241100x8000000000000000266881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4788ec79ad28d02023-02-08 09:43:57.994root 11241100x8000000000000000266880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d26a11e29208dc02023-02-08 09:43:57.994root 11241100x8000000000000000266879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5a988afbdee5ff2023-02-08 09:43:57.994root 11241100x8000000000000000266887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac89ef5905d47072023-02-08 09:43:57.995root 11241100x8000000000000000266886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f143c3244f10e282023-02-08 09:43:57.995root 11241100x8000000000000000266885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9454a8d9af31292023-02-08 09:43:57.995root 11241100x8000000000000000266884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d53f06184e1c02023-02-08 09:43:57.995root 11241100x8000000000000000266883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbd899cda528a5a2023-02-08 09:43:57.995root 11241100x8000000000000000266882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e25aa31f6886a2c2023-02-08 09:43:57.995root 11241100x8000000000000000266900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95389ac8b8d9660e2023-02-08 09:43:57.996root 11241100x8000000000000000266899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109578ea37e7d49e2023-02-08 09:43:57.996root 11241100x8000000000000000266898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf5f7ce92898fb82023-02-08 09:43:57.996root 11241100x8000000000000000266897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1af4c678739d3132023-02-08 09:43:57.996root 11241100x8000000000000000266896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4a7881efa8148e2023-02-08 09:43:57.996root 11241100x8000000000000000266895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c5f6b1e917ad42023-02-08 09:43:57.996root 11241100x8000000000000000266894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403e4039b72fa6d32023-02-08 09:43:57.996root 11241100x8000000000000000266893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187e6055e63e8a6c2023-02-08 09:43:57.996root 11241100x8000000000000000266892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982b2725b7b6dfe92023-02-08 09:43:57.996root 11241100x8000000000000000266891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b2825ce431ca1f2023-02-08 09:43:57.996root 11241100x8000000000000000266890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0f0f58a847d9d72023-02-08 09:43:57.996root 11241100x8000000000000000266889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41dbcd132072a682023-02-08 09:43:57.996root 11241100x8000000000000000266888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34d489c4913fdc2023-02-08 09:43:57.996root 11241100x8000000000000000266904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0bdcdeb80e4e492023-02-08 09:43:57.997root 11241100x8000000000000000266903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf15fdedde7e9332023-02-08 09:43:57.997root 11241100x8000000000000000266902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed4b22e92876bc2023-02-08 09:43:57.997root 11241100x8000000000000000266901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:57.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b6127e5ff98462023-02-08 09:43:57.997root 11241100x8000000000000000266905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b821eaa368a56b2023-02-08 09:43:58.485root 11241100x8000000000000000266915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedd05bb82482a562023-02-08 09:43:58.486root 11241100x8000000000000000266914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16848bb2c66796702023-02-08 09:43:58.486root 11241100x8000000000000000266913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07617be6779e2c522023-02-08 09:43:58.486root 11241100x8000000000000000266912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0885a2344907482023-02-08 09:43:58.486root 11241100x8000000000000000266911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d657bd1af951cb72023-02-08 09:43:58.486root 11241100x8000000000000000266910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ca1b2404e51b692023-02-08 09:43:58.486root 11241100x8000000000000000266909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d30750c06653f22023-02-08 09:43:58.486root 11241100x8000000000000000266908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832abdcd2e56efa2023-02-08 09:43:58.486root 11241100x8000000000000000266907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416b75644fe7423c2023-02-08 09:43:58.486root 11241100x8000000000000000266906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5170bbd870163bb62023-02-08 09:43:58.486root 11241100x8000000000000000266931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4988e2116e4e54222023-02-08 09:43:58.487root 11241100x8000000000000000266930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b53611a013f6b72023-02-08 09:43:58.487root 11241100x8000000000000000266929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091323611ca0d31e2023-02-08 09:43:58.487root 11241100x8000000000000000266928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64548e159e953c82023-02-08 09:43:58.487root 11241100x8000000000000000266927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8983db4413b1e6a2023-02-08 09:43:58.487root 11241100x8000000000000000266926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8ff40dd86e91862023-02-08 09:43:58.487root 11241100x8000000000000000266925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4513df2abed4482023-02-08 09:43:58.487root 11241100x8000000000000000266924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b15dd26bd639af2023-02-08 09:43:58.487root 11241100x8000000000000000266923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f5ceb4c6cf14942023-02-08 09:43:58.487root 11241100x8000000000000000266922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa43064e0102c5452023-02-08 09:43:58.487root 11241100x8000000000000000266921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64664327ed96db502023-02-08 09:43:58.487root 11241100x8000000000000000266920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2a8bd325220f062023-02-08 09:43:58.487root 11241100x8000000000000000266919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9360aa21770eee2023-02-08 09:43:58.487root 11241100x8000000000000000266918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4857070b87f85342023-02-08 09:43:58.487root 11241100x8000000000000000266917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ccfe11623978202023-02-08 09:43:58.487root 11241100x8000000000000000266916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dbcb03ed52d8a52023-02-08 09:43:58.487root 11241100x8000000000000000266944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87793b5c6dcc55ef2023-02-08 09:43:58.488root 11241100x8000000000000000266943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7b5410173112bd2023-02-08 09:43:58.488root 11241100x8000000000000000266942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c8a7da39cbabdf2023-02-08 09:43:58.488root 11241100x8000000000000000266941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5302ddec211e60942023-02-08 09:43:58.488root 11241100x8000000000000000266940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7926740e51c81b2c2023-02-08 09:43:58.488root 11241100x8000000000000000266939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74203df17deb67282023-02-08 09:43:58.488root 11241100x8000000000000000266938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca16a09a15308bcb2023-02-08 09:43:58.488root 11241100x8000000000000000266937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c282e57e5c354b92023-02-08 09:43:58.488root 11241100x8000000000000000266936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b9c021db03a8092023-02-08 09:43:58.488root 11241100x8000000000000000266935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fb05873f2d071f2023-02-08 09:43:58.488root 11241100x8000000000000000266934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87868fed37c5d54a2023-02-08 09:43:58.488root 11241100x8000000000000000266933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208c7dd771fe89582023-02-08 09:43:58.488root 11241100x8000000000000000266932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074d2aafbc89cf452023-02-08 09:43:58.488root 11241100x8000000000000000266952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f89aebde92a4f62023-02-08 09:43:58.489root 11241100x8000000000000000266951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5473abf3b1f9e62023-02-08 09:43:58.489root 11241100x8000000000000000266950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cbc9689b9300b52023-02-08 09:43:58.489root 11241100x8000000000000000266949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7a0addb479ca7c2023-02-08 09:43:58.489root 11241100x8000000000000000266948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f362c4a5697e212023-02-08 09:43:58.489root 11241100x8000000000000000266947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9a5e27451af1ce2023-02-08 09:43:58.489root 11241100x8000000000000000266946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6231e89cb6ce7b2023-02-08 09:43:58.489root 11241100x8000000000000000266945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35577ee0e48c2f2023-02-08 09:43:58.489root 11241100x8000000000000000266954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e036ac0cb5d259412023-02-08 09:43:58.985root 11241100x8000000000000000266953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40a00b3bafe22302023-02-08 09:43:58.985root 11241100x8000000000000000266968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026f7d3be5e31e882023-02-08 09:43:58.986root 11241100x8000000000000000266967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214fc0ffd5c4914b2023-02-08 09:43:58.986root 11241100x8000000000000000266966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f457cf8405854322023-02-08 09:43:58.986root 11241100x8000000000000000266965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ddc7269c1fa2862023-02-08 09:43:58.986root 11241100x8000000000000000266964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e09e5aa0f3dd4e2023-02-08 09:43:58.986root 11241100x8000000000000000266963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16e584d052a1f062023-02-08 09:43:58.986root 11241100x8000000000000000266962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf42fc85ee565452023-02-08 09:43:58.986root 11241100x8000000000000000266961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6cef004764f7242023-02-08 09:43:58.986root 11241100x8000000000000000266960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41d7f80601823dc2023-02-08 09:43:58.986root 11241100x8000000000000000266959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fee91a20c54ca62023-02-08 09:43:58.986root 11241100x8000000000000000266958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8c6a5fd68c8b02023-02-08 09:43:58.986root 11241100x8000000000000000266957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6effa9fe2ec75d282023-02-08 09:43:58.986root 11241100x8000000000000000266956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533e9a3cfb7d01ad2023-02-08 09:43:58.986root 11241100x8000000000000000266955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7122dfc80a8b882023-02-08 09:43:58.986root 11241100x8000000000000000266973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3f41727f268df2023-02-08 09:43:58.987root 11241100x8000000000000000266972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff94f5fca717a4412023-02-08 09:43:58.987root 11241100x8000000000000000266971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1caea357c8123bf2023-02-08 09:43:58.987root 11241100x8000000000000000266970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e4056e54929bf02023-02-08 09:43:58.987root 11241100x8000000000000000266969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0b1746ba410d2f2023-02-08 09:43:58.987root 11241100x8000000000000000266977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dc42419a526f662023-02-08 09:43:58.988root 11241100x8000000000000000266976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73afa61c678e27b2023-02-08 09:43:58.988root 11241100x8000000000000000266975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d99bcddda421922023-02-08 09:43:58.988root 11241100x8000000000000000266974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be18a1e0729879b42023-02-08 09:43:58.988root 11241100x8000000000000000266980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2845708d10280be2023-02-08 09:43:58.989root 11241100x8000000000000000266979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05027f80fd067f762023-02-08 09:43:58.989root 11241100x8000000000000000266978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70d34b56894eae52023-02-08 09:43:58.989root 11241100x8000000000000000266982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27bf3f93fcdba2d2023-02-08 09:43:58.990root 11241100x8000000000000000266981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e309f3d922c88732023-02-08 09:43:58.990root 11241100x8000000000000000266986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db994046a6f7a5db2023-02-08 09:43:58.991root 11241100x8000000000000000266985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a329de5b45c07be2023-02-08 09:43:58.991root 11241100x8000000000000000266984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c0403d92d0f2ef2023-02-08 09:43:58.991root 11241100x8000000000000000266983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a7d8f515bb3202023-02-08 09:43:58.991root 11241100x8000000000000000266990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71d7c92123e51022023-02-08 09:43:58.992root 11241100x8000000000000000266989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9691e9b3582e2abf2023-02-08 09:43:58.992root 11241100x8000000000000000266988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c3e5bb5fb039a92023-02-08 09:43:58.992root 11241100x8000000000000000266987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a07407e1cc9138d2023-02-08 09:43:58.992root 11241100x8000000000000000266994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b02fe527c796912023-02-08 09:43:58.993root 11241100x8000000000000000266993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86d23a1348ad14f2023-02-08 09:43:58.993root 11241100x8000000000000000266992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c0c23635f9e7c12023-02-08 09:43:58.993root 11241100x8000000000000000266991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c435e9e14add4bd2023-02-08 09:43:58.993root 11241100x8000000000000000266999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c5e7c9de06391f2023-02-08 09:43:58.994root 11241100x8000000000000000266998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a6e87d6535fa3a2023-02-08 09:43:58.994root 11241100x8000000000000000266997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b5c89d65419c922023-02-08 09:43:58.994root 11241100x8000000000000000266996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dc2fc9bbd649f72023-02-08 09:43:58.994root 11241100x8000000000000000266995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6311bbe9a267cbb2023-02-08 09:43:58.994root 11241100x8000000000000000267003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a5b88ce4e487b32023-02-08 09:43:58.995root 11241100x8000000000000000267002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfc94e7d0cc44662023-02-08 09:43:58.995root 11241100x8000000000000000267001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8217d98ced82258d2023-02-08 09:43:58.995root 11241100x8000000000000000267000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf782a8bee2b4d42023-02-08 09:43:58.995root 11241100x8000000000000000267007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99dc7a67d8698fa2023-02-08 09:43:58.996root 11241100x8000000000000000267006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb7148521f6513c2023-02-08 09:43:58.996root 11241100x8000000000000000267005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05260e40ae6bc9432023-02-08 09:43:58.996root 11241100x8000000000000000267004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9133617ef3a7296d2023-02-08 09:43:58.996root 11241100x8000000000000000267012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d896cf375284d0c92023-02-08 09:43:58.997root 11241100x8000000000000000267011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2882bf9934f6e0b92023-02-08 09:43:58.997root 11241100x8000000000000000267010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921c05cf5ebceaa02023-02-08 09:43:58.997root 11241100x8000000000000000267009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370c01bed30c19e2023-02-08 09:43:58.997root 11241100x8000000000000000267008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fe668ea8ea5f912023-02-08 09:43:58.997root 11241100x8000000000000000267017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873c69994a48f1682023-02-08 09:43:58.998root 11241100x8000000000000000267016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da45ffb3051ee4b2023-02-08 09:43:58.998root 11241100x8000000000000000267015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b819c923ad73dd2023-02-08 09:43:58.998root 11241100x8000000000000000267014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88af9ff467c707e22023-02-08 09:43:58.998root 11241100x8000000000000000267013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d371f280e0b68c182023-02-08 09:43:58.998root 11241100x8000000000000000267022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ce21f2bff04e922023-02-08 09:43:58.999root 11241100x8000000000000000267021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3f4d8f210359a22023-02-08 09:43:58.999root 11241100x8000000000000000267020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664335b719c8b7af2023-02-08 09:43:58.999root 11241100x8000000000000000267019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7478049422f0396b2023-02-08 09:43:58.999root 11241100x8000000000000000267018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:58.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52b9b15548806e72023-02-08 09:43:58.999root 11241100x8000000000000000267026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e773dfad985919242023-02-08 09:43:59.000root 11241100x8000000000000000267025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ab22e57b7099022023-02-08 09:43:59.000root 11241100x8000000000000000267024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b63697efabdcb2023-02-08 09:43:59.000root 11241100x8000000000000000267023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5462fd03b3f522023-02-08 09:43:59.000root 11241100x8000000000000000267037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485a6a1ff9773a0c2023-02-08 09:43:59.484root 11241100x8000000000000000267036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f974019cf2c479242023-02-08 09:43:59.484root 11241100x8000000000000000267035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca11abcf16abae942023-02-08 09:43:59.484root 11241100x8000000000000000267034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a61c04dd7e917e2023-02-08 09:43:59.484root 11241100x8000000000000000267033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596edd512b625b372023-02-08 09:43:59.484root 11241100x8000000000000000267032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a7e06360ee6e52023-02-08 09:43:59.484root 11241100x8000000000000000267031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf7f6091ce9d5c32023-02-08 09:43:59.484root 11241100x8000000000000000267030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3cf09f8e1f27332023-02-08 09:43:59.484root 11241100x8000000000000000267029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aa896c06f2b9122023-02-08 09:43:59.484root 11241100x8000000000000000267028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09152abd8e9e2f22023-02-08 09:43:59.484root 11241100x8000000000000000267027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c8f270b9b9c74e2023-02-08 09:43:59.484root 11241100x8000000000000000267041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b30369be732a9412023-02-08 09:43:59.485root 11241100x8000000000000000267040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf4dedf061a46c72023-02-08 09:43:59.485root 11241100x8000000000000000267039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c15cee1181680f2023-02-08 09:43:59.485root 11241100x8000000000000000267038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21045c5a7077e62023-02-08 09:43:59.485root 11241100x8000000000000000267049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5a7ecfa527d1602023-02-08 09:43:59.486root 11241100x8000000000000000267048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5c8a67b2e5e8b32023-02-08 09:43:59.486root 11241100x8000000000000000267047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8afdd9fc3b34d22023-02-08 09:43:59.486root 11241100x8000000000000000267046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2b2ad0a1790092023-02-08 09:43:59.486root 11241100x8000000000000000267045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3679fddd7108c692023-02-08 09:43:59.486root 11241100x8000000000000000267044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5893776169e32d512023-02-08 09:43:59.486root 11241100x8000000000000000267043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b033f071da7bc4de2023-02-08 09:43:59.486root 11241100x8000000000000000267042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b606f24b0ea97c8e2023-02-08 09:43:59.486root 11241100x8000000000000000267057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886ef5c16fe24772023-02-08 09:43:59.487root 11241100x8000000000000000267056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc1cafa9e85c8712023-02-08 09:43:59.487root 11241100x8000000000000000267055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ff1463e6a7ea592023-02-08 09:43:59.487root 11241100x8000000000000000267054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8e98ac30d69aac2023-02-08 09:43:59.487root 11241100x8000000000000000267053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e20615ed09b63b2023-02-08 09:43:59.487root 11241100x8000000000000000267052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d59aafe9a14d962023-02-08 09:43:59.487root 11241100x8000000000000000267051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f41034514bd18c52023-02-08 09:43:59.487root 11241100x8000000000000000267050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90144f45a306f0d2023-02-08 09:43:59.487root 11241100x8000000000000000267063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b85046be1a7332023-02-08 09:43:59.488root 11241100x8000000000000000267062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e07ce62320b6ee82023-02-08 09:43:59.488root 11241100x8000000000000000267061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cddfca915110a762023-02-08 09:43:59.488root 11241100x8000000000000000267060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88af8646139d02a72023-02-08 09:43:59.488root 11241100x8000000000000000267059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d4e6211fe558d82023-02-08 09:43:59.488root 11241100x8000000000000000267058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ce6a00bdf662142023-02-08 09:43:59.488root 11241100x8000000000000000267070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb626ecd31ed2922023-02-08 09:43:59.489root 11241100x8000000000000000267069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a2169aedc6b1082023-02-08 09:43:59.489root 11241100x8000000000000000267068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb75c35ec9929642023-02-08 09:43:59.489root 11241100x8000000000000000267067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ea33a94aba8cd22023-02-08 09:43:59.489root 11241100x8000000000000000267066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc59754ec62ce42023-02-08 09:43:59.489root 11241100x8000000000000000267065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4263975a96657dfa2023-02-08 09:43:59.489root 11241100x8000000000000000267064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f099fcede5ecf62023-02-08 09:43:59.489root 11241100x8000000000000000267076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e8fff119aa1d42023-02-08 09:43:59.490root 11241100x8000000000000000267075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dcdf29888529ac2023-02-08 09:43:59.490root 11241100x8000000000000000267074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f23666c13d0ee052023-02-08 09:43:59.490root 11241100x8000000000000000267073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744b02cb5f40fb2b2023-02-08 09:43:59.490root 11241100x8000000000000000267072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e65cc14a8046252023-02-08 09:43:59.490root 11241100x8000000000000000267071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda58cca3d96455c2023-02-08 09:43:59.490root 11241100x8000000000000000267080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f88815e9d20e46c2023-02-08 09:43:59.491root 11241100x8000000000000000267079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97358f03d028e912023-02-08 09:43:59.491root 11241100x8000000000000000267078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94b040863fb65bc2023-02-08 09:43:59.491root 11241100x8000000000000000267077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d620978a60b6f7f2023-02-08 09:43:59.491root 11241100x8000000000000000267085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e49b226ba7b4b92023-02-08 09:43:59.492root 11241100x8000000000000000267084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae5f448022a2d52023-02-08 09:43:59.492root 11241100x8000000000000000267083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425e6d475da1f5d12023-02-08 09:43:59.492root 11241100x8000000000000000267082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ccada3a6a5d01d2023-02-08 09:43:59.492root 11241100x8000000000000000267081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cafa1d47ac47e2023-02-08 09:43:59.492root 11241100x8000000000000000267091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a14de1eefc29b52023-02-08 09:43:59.493root 11241100x8000000000000000267090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7624522256c812023-02-08 09:43:59.493root 11241100x8000000000000000267089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383d00036043efa2023-02-08 09:43:59.493root 11241100x8000000000000000267088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7718296fff98862023-02-08 09:43:59.493root 11241100x8000000000000000267087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac62b81ad2955032023-02-08 09:43:59.493root 11241100x8000000000000000267086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f540bd5863829e92023-02-08 09:43:59.493root 11241100x8000000000000000267097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1583d65657ca3222023-02-08 09:43:59.494root 11241100x8000000000000000267096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ecd4f80c06597c2023-02-08 09:43:59.494root 11241100x8000000000000000267095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db177759b70ecf2d2023-02-08 09:43:59.494root 11241100x8000000000000000267094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b631466301a6c5e2023-02-08 09:43:59.494root 11241100x8000000000000000267093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19382d9bb3359302023-02-08 09:43:59.494root 11241100x8000000000000000267092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e80543a9ab96032023-02-08 09:43:59.494root 11241100x8000000000000000267103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b1573e9c2741d2023-02-08 09:43:59.495root 11241100x8000000000000000267102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb8c4086f7452042023-02-08 09:43:59.495root 11241100x8000000000000000267101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8df969c22c35e2023-02-08 09:43:59.495root 11241100x8000000000000000267100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6a95dcde55187d2023-02-08 09:43:59.495root 11241100x8000000000000000267099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32594f4445c9c882023-02-08 09:43:59.495root 11241100x8000000000000000267098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74201136118821a2023-02-08 09:43:59.495root 11241100x8000000000000000267109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8773a4f015864fe82023-02-08 09:43:59.496root 11241100x8000000000000000267108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818556e44beab9ac2023-02-08 09:43:59.496root 11241100x8000000000000000267107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dffd2244418bc1a2023-02-08 09:43:59.496root 11241100x8000000000000000267106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac29fe255a224322023-02-08 09:43:59.496root 11241100x8000000000000000267105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f057c95730b324fc2023-02-08 09:43:59.496root 11241100x8000000000000000267104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041e6b62c3ca15d2023-02-08 09:43:59.496root 11241100x8000000000000000267110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ee49d08da98b782023-02-08 09:43:59.985root 11241100x8000000000000000267118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c865a200b8eb22023-02-08 09:43:59.986root 11241100x8000000000000000267117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d418d76ca27aef2023-02-08 09:43:59.986root 11241100x8000000000000000267116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71856860c44a3f662023-02-08 09:43:59.986root 11241100x8000000000000000267115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f2112e0a84788c2023-02-08 09:43:59.986root 11241100x8000000000000000267114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94c49d505ec0e832023-02-08 09:43:59.986root 11241100x8000000000000000267113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f34d42cefaef512023-02-08 09:43:59.986root 11241100x8000000000000000267112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365bb7d269a84cf92023-02-08 09:43:59.986root 11241100x8000000000000000267111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263f18009c1562e42023-02-08 09:43:59.986root 11241100x8000000000000000267126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877bd9f662d640ce2023-02-08 09:43:59.987root 11241100x8000000000000000267125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cbe84c23e2e8032023-02-08 09:43:59.987root 11241100x8000000000000000267124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b008b7e30ecdd7242023-02-08 09:43:59.987root 11241100x8000000000000000267123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d527ecf0778dcc942023-02-08 09:43:59.987root 11241100x8000000000000000267122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed4cdbf57769c822023-02-08 09:43:59.987root 11241100x8000000000000000267121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09cf4924c4c61582023-02-08 09:43:59.987root 11241100x8000000000000000267120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bc8b9d0ee20f492023-02-08 09:43:59.987root 11241100x8000000000000000267119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f309ed1921a4a0dc2023-02-08 09:43:59.987root 11241100x8000000000000000267128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e2088fd23337372023-02-08 09:43:59.988root 11241100x8000000000000000267127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f263f5272e792972023-02-08 09:43:59.988root 11241100x8000000000000000267135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb934ea8b865f02023-02-08 09:43:59.989root 11241100x8000000000000000267134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594df45b837224112023-02-08 09:43:59.989root 11241100x8000000000000000267133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1574804074a6ce662023-02-08 09:43:59.989root 11241100x8000000000000000267132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959dcd712fcc805f2023-02-08 09:43:59.989root 11241100x8000000000000000267131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06266956caee9f2d2023-02-08 09:43:59.989root 11241100x8000000000000000267130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1272a67371ca22f2023-02-08 09:43:59.989root 11241100x8000000000000000267129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45fe15761948d242023-02-08 09:43:59.989root 11241100x8000000000000000267144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3600a3089099f02023-02-08 09:43:59.990root 11241100x8000000000000000267143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b31fdb1283701c22023-02-08 09:43:59.990root 11241100x8000000000000000267142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec965467bc693202023-02-08 09:43:59.990root 11241100x8000000000000000267141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5379df62938b3662023-02-08 09:43:59.990root 11241100x8000000000000000267140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28edce67e981016d2023-02-08 09:43:59.990root 11241100x8000000000000000267139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb09126a077b7d22023-02-08 09:43:59.990root 11241100x8000000000000000267138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfd44dce7ded6502023-02-08 09:43:59.990root 11241100x8000000000000000267137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c052d4fba890f392023-02-08 09:43:59.990root 11241100x8000000000000000267136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c28350ac3cb94aa2023-02-08 09:43:59.990root 11241100x8000000000000000267151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe064da490b44d2023-02-08 09:43:59.991root 11241100x8000000000000000267150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e810e288c775012023-02-08 09:43:59.991root 11241100x8000000000000000267149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac289a62fee39052023-02-08 09:43:59.991root 11241100x8000000000000000267148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d32b73179d0de92023-02-08 09:43:59.991root 11241100x8000000000000000267147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792f20fb4aa136042023-02-08 09:43:59.991root 11241100x8000000000000000267146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6579c0c5ad6e91a52023-02-08 09:43:59.991root 11241100x8000000000000000267145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:43:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ea4a4ecc01e2952023-02-08 09:43:59.991root 11241100x8000000000000000267203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:06.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:44:06.363root 354300x8000000000000000267204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:06.713{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-35372-false10.0.1.12-8089- 11241100x8000000000000000267205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:06.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26402de0c8a93bd32023-02-08 09:44:06.714root 11241100x8000000000000000267207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416db279ade62882023-02-08 09:44:06.984root 11241100x8000000000000000267206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1154f91f4b1982ca2023-02-08 09:44:06.984root 354300x8000000000000000267208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.016{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46914-false10.0.1.12-8000- 11241100x8000000000000000267211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7861f8fb3bd7772023-02-08 09:44:07.484root 11241100x8000000000000000267210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa194171c426aae92023-02-08 09:44:07.484root 11241100x8000000000000000267209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058f9912e10abc7f2023-02-08 09:44:07.484root 11241100x8000000000000000267214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28e55994838e8a42023-02-08 09:44:07.984root 11241100x8000000000000000267213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4a8c3feddbc202023-02-08 09:44:07.984root 11241100x8000000000000000267212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eda41c55059ecc2023-02-08 09:44:07.984root 11241100x8000000000000000267217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdc67a8918b746e2023-02-08 09:44:08.484root 11241100x8000000000000000267216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf7c642e69b2dea2023-02-08 09:44:08.484root 11241100x8000000000000000267215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670188f1e6b7324c2023-02-08 09:44:08.484root 11241100x8000000000000000267220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4309744677bd7f612023-02-08 09:44:08.984root 11241100x8000000000000000267219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafb668e764f4ceb2023-02-08 09:44:08.984root 11241100x8000000000000000267218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b3abec9aa9e9352023-02-08 09:44:08.984root 23542300x8000000000000000267221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000267225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b2e93f8ca446732023-02-08 09:44:09.366root 11241100x8000000000000000267224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7100df3a6a40440e2023-02-08 09:44:09.366root 11241100x8000000000000000267223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00065f4e376adea52023-02-08 09:44:09.366root 11241100x8000000000000000267222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e838a9fcefec0c2023-02-08 09:44:09.366root 11241100x8000000000000000267229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9a94fb2114ca4f2023-02-08 09:44:09.734root 11241100x8000000000000000267228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09002510483412b42023-02-08 09:44:09.734root 11241100x8000000000000000267227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a033bfa1dcdf3f2023-02-08 09:44:09.734root 11241100x8000000000000000267226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08d7070b7ac4b032023-02-08 09:44:09.734root 11241100x8000000000000000267233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e769f13eb559592023-02-08 09:44:10.234root 11241100x8000000000000000267232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae848e5e9cc7682023-02-08 09:44:10.234root 11241100x8000000000000000267231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4564134afd4cf7612023-02-08 09:44:10.234root 11241100x8000000000000000267230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b5b1e0fca7fec32023-02-08 09:44:10.234root 11241100x8000000000000000267237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9184352144c1142023-02-08 09:44:10.734root 11241100x8000000000000000267236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9887399df11ee1262023-02-08 09:44:10.734root 11241100x8000000000000000267235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e7aa2064bbefd62023-02-08 09:44:10.734root 11241100x8000000000000000267234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c662ac7363e8f4802023-02-08 09:44:10.734root 11241100x8000000000000000267241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b91de7117ec39c2023-02-08 09:44:11.234root 11241100x8000000000000000267240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbc7fc4367354eb2023-02-08 09:44:11.234root 11241100x8000000000000000267239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d59c1ec2b771e432023-02-08 09:44:11.234root 11241100x8000000000000000267238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35deb7da428420d72023-02-08 09:44:11.234root 11241100x8000000000000000267245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7cb4f2d083f0be2023-02-08 09:44:11.734root 11241100x8000000000000000267244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5880f70df65f35d2023-02-08 09:44:11.734root 11241100x8000000000000000267243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62264cfb2077dbc32023-02-08 09:44:11.734root 11241100x8000000000000000267242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff1a99a99c0121e2023-02-08 09:44:11.734root 11241100x8000000000000000267249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290ef47d6fbca4542023-02-08 09:44:12.234root 11241100x8000000000000000267248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9f620fb07cff2d2023-02-08 09:44:12.234root 11241100x8000000000000000267247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de590a96b4e00e202023-02-08 09:44:12.234root 11241100x8000000000000000267246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f00f6ddff67f4d2023-02-08 09:44:12.234root 354300x8000000000000000267250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.245{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42770-false10.0.1.12-8000- 11241100x8000000000000000267254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1851970efdfae72023-02-08 09:44:12.734root 11241100x8000000000000000267253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3891376995dbf2dc2023-02-08 09:44:12.734root 11241100x8000000000000000267252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccb4ae0b819a1292023-02-08 09:44:12.734root 11241100x8000000000000000267251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac23e5ecfcd2c572023-02-08 09:44:12.734root 11241100x8000000000000000267255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4c42e5b70d7a402023-02-08 09:44:12.735root 11241100x8000000000000000267260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30429328814b23dc2023-02-08 09:44:13.234root 11241100x8000000000000000267259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe17dca68f91bf2023-02-08 09:44:13.234root 11241100x8000000000000000267258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bf7f3bd1ff09e72023-02-08 09:44:13.234root 11241100x8000000000000000267257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e76f8a53a0bbf42023-02-08 09:44:13.234root 11241100x8000000000000000267256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c14bbf05755c02023-02-08 09:44:13.234root 11241100x8000000000000000267265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e68b03f5c208f12023-02-08 09:44:13.734root 11241100x8000000000000000267264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a384ac8926e7e52023-02-08 09:44:13.734root 11241100x8000000000000000267263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60a52f9e66a6da52023-02-08 09:44:13.734root 11241100x8000000000000000267262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957d7f00a75c28d02023-02-08 09:44:13.734root 11241100x8000000000000000267261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:13.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8a53e7f24e6c502023-02-08 09:44:13.734root 11241100x8000000000000000267270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69c0a7629a9a8242023-02-08 09:44:14.234root 11241100x8000000000000000267269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8fdfc18c04f562023-02-08 09:44:14.234root 11241100x8000000000000000267268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ec8a50eb1db8a12023-02-08 09:44:14.234root 11241100x8000000000000000267267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9249dc3c0d31bb22023-02-08 09:44:14.234root 11241100x8000000000000000267266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe54625dff7791b2023-02-08 09:44:14.234root 11241100x8000000000000000267273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc438cfde2060332023-02-08 09:44:14.734root 11241100x8000000000000000267272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ff6856be509fea2023-02-08 09:44:14.734root 11241100x8000000000000000267271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5dfdb6b20c66642023-02-08 09:44:14.734root 11241100x8000000000000000267275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3263d2dab0a7e052023-02-08 09:44:14.735root 11241100x8000000000000000267274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1a897f556e20992023-02-08 09:44:14.735root 11241100x8000000000000000267280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0e70b0cb10a7872023-02-08 09:44:15.234root 11241100x8000000000000000267279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7318636e76bd42d52023-02-08 09:44:15.234root 11241100x8000000000000000267278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56503a4909fa6672023-02-08 09:44:15.234root 11241100x8000000000000000267277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497e1324def3a44d2023-02-08 09:44:15.234root 11241100x8000000000000000267276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c4e2a6e6d2f7d22023-02-08 09:44:15.234root 11241100x8000000000000000267285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff40b265f337edd2023-02-08 09:44:15.734root 11241100x8000000000000000267284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c041a2ba0103ff72023-02-08 09:44:15.734root 11241100x8000000000000000267283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1055ac0fe4d8b0522023-02-08 09:44:15.734root 11241100x8000000000000000267282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec7c45f9fbb4762023-02-08 09:44:15.734root 11241100x8000000000000000267281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d81ee09fa7fd202023-02-08 09:44:15.734root 11241100x8000000000000000267290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1496ab3b669bccda2023-02-08 09:44:16.234root 11241100x8000000000000000267289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64618c72982361f62023-02-08 09:44:16.234root 11241100x8000000000000000267288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4de517b12c07e82023-02-08 09:44:16.234root 11241100x8000000000000000267287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbae28073f71a8d2023-02-08 09:44:16.234root 11241100x8000000000000000267286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18d2f0d775f627a2023-02-08 09:44:16.234root 11241100x8000000000000000267295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f2924a4ee2ccf82023-02-08 09:44:16.734root 11241100x8000000000000000267294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920d7d0417ac2d572023-02-08 09:44:16.734root 11241100x8000000000000000267293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a62844dd1b2a432023-02-08 09:44:16.734root 11241100x8000000000000000267292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9270757baded0682023-02-08 09:44:16.734root 11241100x8000000000000000267291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:16.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8368cb8d8353969f2023-02-08 09:44:16.734root 11241100x8000000000000000267300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897c179a173ccd692023-02-08 09:44:17.234root 11241100x8000000000000000267299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62705d75fb72e0062023-02-08 09:44:17.234root 11241100x8000000000000000267298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b07bbaeba4fe30f2023-02-08 09:44:17.234root 11241100x8000000000000000267297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d62854e54087b42023-02-08 09:44:17.234root 11241100x8000000000000000267296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc6054e4c66c77c2023-02-08 09:44:17.234root 11241100x8000000000000000267305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69257be699fe431e2023-02-08 09:44:17.734root 11241100x8000000000000000267304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871802106ccdbf2c2023-02-08 09:44:17.734root 11241100x8000000000000000267303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c20864d61dc36ec2023-02-08 09:44:17.734root 11241100x8000000000000000267302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fe4f0461b20b602023-02-08 09:44:17.734root 11241100x8000000000000000267301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:17.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d8833449ae6362023-02-08 09:44:17.734root 354300x8000000000000000267306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.233{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53330-false10.0.1.12-8000- 11241100x8000000000000000267309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918cbe855f4362c2023-02-08 09:44:18.234root 11241100x8000000000000000267308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cf2a17c9a8114c2023-02-08 09:44:18.234root 11241100x8000000000000000267307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc76277598e60fa52023-02-08 09:44:18.234root 11241100x8000000000000000267312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da53a969978e8f02023-02-08 09:44:18.235root 11241100x8000000000000000267311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b5c73fe61af3682023-02-08 09:44:18.235root 11241100x8000000000000000267310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afabae326315d2d2023-02-08 09:44:18.235root 11241100x8000000000000000267318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebee4fb857b494d2023-02-08 09:44:18.734root 11241100x8000000000000000267317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2173248dbcdad94d2023-02-08 09:44:18.734root 11241100x8000000000000000267316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd2ca8749ded10b2023-02-08 09:44:18.734root 11241100x8000000000000000267315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea8c5b1e3d09ad2023-02-08 09:44:18.734root 11241100x8000000000000000267314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb638342ee82ec02023-02-08 09:44:18.734root 11241100x8000000000000000267313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:18.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7942d35c662ee2702023-02-08 09:44:18.734root 11241100x8000000000000000267324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77aa39c1e5f905a2023-02-08 09:44:19.234root 11241100x8000000000000000267323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c198d5bbc6fb237b2023-02-08 09:44:19.234root 11241100x8000000000000000267322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256bc30570fb54432023-02-08 09:44:19.234root 11241100x8000000000000000267321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d153451f37a9472023-02-08 09:44:19.234root 11241100x8000000000000000267320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e214e61473a92b2023-02-08 09:44:19.234root 11241100x8000000000000000267319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fcb4e5c436cc0e2023-02-08 09:44:19.234root 11241100x8000000000000000267330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b738abe10aa976b2023-02-08 09:44:19.734root 11241100x8000000000000000267329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feab7d959978fa72023-02-08 09:44:19.734root 11241100x8000000000000000267328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2b7c673cca2b2e2023-02-08 09:44:19.734root 11241100x8000000000000000267327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960ece4c97fa8f252023-02-08 09:44:19.734root 11241100x8000000000000000267326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcafa864b58c5512023-02-08 09:44:19.734root 11241100x8000000000000000267325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:19.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d7134d74e4ed712023-02-08 09:44:19.734root 11241100x8000000000000000267336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064c8728456ecc8d2023-02-08 09:44:20.234root 11241100x8000000000000000267335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0fa2abafd694b82023-02-08 09:44:20.234root 11241100x8000000000000000267334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0847f7969c49514e2023-02-08 09:44:20.234root 11241100x8000000000000000267333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bfe7b475e21e2f2023-02-08 09:44:20.234root 11241100x8000000000000000267332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f2b73f2bdb699c2023-02-08 09:44:20.234root 11241100x8000000000000000267331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d0ffbbbe845f362023-02-08 09:44:20.234root 11241100x8000000000000000267342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7408e4c2bc2e14e92023-02-08 09:44:20.734root 11241100x8000000000000000267341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fabc257c393a2b02023-02-08 09:44:20.734root 11241100x8000000000000000267340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf885704a52c7792023-02-08 09:44:20.734root 11241100x8000000000000000267339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fba4ff0050b6822023-02-08 09:44:20.734root 11241100x8000000000000000267338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1d27cb360bbee72023-02-08 09:44:20.734root 11241100x8000000000000000267337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:20.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f2cd67c699480b2023-02-08 09:44:20.734root 11241100x8000000000000000267348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fff05a2f5d8b4062023-02-08 09:44:21.234root 11241100x8000000000000000267347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c2cce0aa06b7a02023-02-08 09:44:21.234root 11241100x8000000000000000267346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97639565a38b6452023-02-08 09:44:21.234root 11241100x8000000000000000267345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62c8eff609055f2023-02-08 09:44:21.234root 11241100x8000000000000000267344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792284daf94d0ad32023-02-08 09:44:21.234root 11241100x8000000000000000267343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63070bc1b92c17802023-02-08 09:44:21.234root 11241100x8000000000000000267354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716d0a20601c3df42023-02-08 09:44:21.734root 11241100x8000000000000000267353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714ccc907608adeb2023-02-08 09:44:21.734root 11241100x8000000000000000267352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639bbde34e3b433d2023-02-08 09:44:21.734root 11241100x8000000000000000267351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d45065a93af74a02023-02-08 09:44:21.734root 11241100x8000000000000000267350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a05a0183094b7392023-02-08 09:44:21.734root 11241100x8000000000000000267349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:21.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c293b9c596dd52023-02-08 09:44:21.734root 11241100x8000000000000000267360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd1e40169473282023-02-08 09:44:22.234root 11241100x8000000000000000267359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c433b87fd73d55c2023-02-08 09:44:22.234root 11241100x8000000000000000267358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7edde0bd7ca1d82023-02-08 09:44:22.234root 11241100x8000000000000000267357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec7ec68ec6481232023-02-08 09:44:22.234root 11241100x8000000000000000267356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980a5f3a87f2a2032023-02-08 09:44:22.234root 11241100x8000000000000000267355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1184c0f5ddb61d72023-02-08 09:44:22.234root 11241100x8000000000000000267366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e026bb24e4e76e92023-02-08 09:44:22.734root 11241100x8000000000000000267365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121c1e0ebc16a5532023-02-08 09:44:22.734root 11241100x8000000000000000267364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938196a8ecd3bb242023-02-08 09:44:22.734root 11241100x8000000000000000267363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d84e5ad33eb7e2023-02-08 09:44:22.734root 11241100x8000000000000000267362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff1fba673b3e0ce2023-02-08 09:44:22.734root 11241100x8000000000000000267361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:22.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70af84f8f9948a052023-02-08 09:44:22.734root 11241100x8000000000000000267372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd6512e699d1af62023-02-08 09:44:23.234root 11241100x8000000000000000267371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805c20b7533311452023-02-08 09:44:23.234root 11241100x8000000000000000267370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd99656c150efe02023-02-08 09:44:23.234root 11241100x8000000000000000267369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513402e729ec28432023-02-08 09:44:23.234root 11241100x8000000000000000267368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642628102347a72c2023-02-08 09:44:23.234root 11241100x8000000000000000267367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c272c76200c76ea62023-02-08 09:44:23.234root 11241100x8000000000000000267378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b4d86c563a52492023-02-08 09:44:23.734root 11241100x8000000000000000267377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d26571d7540d6cc2023-02-08 09:44:23.734root 11241100x8000000000000000267376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28676c73aa383f72023-02-08 09:44:23.734root 11241100x8000000000000000267375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292d23fecb45e5782023-02-08 09:44:23.734root 11241100x8000000000000000267374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d628584326875732023-02-08 09:44:23.734root 11241100x8000000000000000267373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:23.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ddd006d40a94d2023-02-08 09:44:23.734root 354300x8000000000000000267379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.218{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53336-false10.0.1.12-8000- 11241100x8000000000000000267386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae920bbc54235f182023-02-08 09:44:24.219root 11241100x8000000000000000267385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e27e5e56a185352023-02-08 09:44:24.219root 11241100x8000000000000000267384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718fbc6cca4d8d5a2023-02-08 09:44:24.219root 11241100x8000000000000000267383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e82096704d55f922023-02-08 09:44:24.219root 11241100x8000000000000000267382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571bccebebe0ea5d2023-02-08 09:44:24.219root 11241100x8000000000000000267381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf5fdebd48048902023-02-08 09:44:24.219root 11241100x8000000000000000267380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa1d2a040552202023-02-08 09:44:24.219root 11241100x8000000000000000267393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea52a8ff3c24bdc2023-02-08 09:44:24.484root 11241100x8000000000000000267392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f33ed63e1972bc62023-02-08 09:44:24.484root 11241100x8000000000000000267391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55da1d44e92879012023-02-08 09:44:24.484root 11241100x8000000000000000267390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad3b397e083932c2023-02-08 09:44:24.484root 11241100x8000000000000000267389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b811de7a4ced402023-02-08 09:44:24.484root 11241100x8000000000000000267388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c234155314f85492023-02-08 09:44:24.484root 11241100x8000000000000000267387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002f20810ebf42e72023-02-08 09:44:24.484root 11241100x8000000000000000267399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc6fcf84d3882772023-02-08 09:44:24.984root 11241100x8000000000000000267398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73b1d8551a2e4e2023-02-08 09:44:24.984root 11241100x8000000000000000267397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15323eed3067397b2023-02-08 09:44:24.984root 11241100x8000000000000000267396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffe89a5d0c30b3c2023-02-08 09:44:24.984root 11241100x8000000000000000267395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9bde7de6b6d3a72023-02-08 09:44:24.984root 11241100x8000000000000000267394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541b7c90c365e8582023-02-08 09:44:24.984root 11241100x8000000000000000267400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac137a72bf6a79682023-02-08 09:44:24.985root 11241100x8000000000000000267402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122ab5b4a4f189742023-02-08 09:44:24.986root 11241100x8000000000000000267401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e366116db32b1b72023-02-08 09:44:24.986root 11241100x8000000000000000267407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e12ce1ddcee8e062023-02-08 09:44:24.987root 11241100x8000000000000000267406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b90ce9a9efb5ce2023-02-08 09:44:24.987root 11241100x8000000000000000267405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3fc1a7c1dc8fb12023-02-08 09:44:24.987root 11241100x8000000000000000267404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e54eb19c8b9fa02023-02-08 09:44:24.987root 11241100x8000000000000000267403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12029a8d8cb340c2023-02-08 09:44:24.987root 11241100x8000000000000000267414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56960eba912fb4dd2023-02-08 09:44:25.484root 11241100x8000000000000000267413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2f9fc2de1738732023-02-08 09:44:25.484root 11241100x8000000000000000267412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094bd7357e8a6a102023-02-08 09:44:25.484root 11241100x8000000000000000267411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19009fc1a90a26a2023-02-08 09:44:25.484root 11241100x8000000000000000267410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311c210ae33901572023-02-08 09:44:25.484root 11241100x8000000000000000267409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b38e9fb0d767bb2023-02-08 09:44:25.484root 11241100x8000000000000000267408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6eb8f9601f2c0b2023-02-08 09:44:25.484root 11241100x8000000000000000267421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4420f3ba4bc060cb2023-02-08 09:44:25.984root 11241100x8000000000000000267420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae02b5844d36bef92023-02-08 09:44:25.984root 11241100x8000000000000000267419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fbf056f1949cdc2023-02-08 09:44:25.984root 11241100x8000000000000000267418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78bcb7ce7d052842023-02-08 09:44:25.984root 11241100x8000000000000000267417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e5be86b5956442023-02-08 09:44:25.984root 11241100x8000000000000000267416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3725a88c6941075b2023-02-08 09:44:25.984root 11241100x8000000000000000267415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2e1991dc002f262023-02-08 09:44:25.984root 11241100x8000000000000000267428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a11e4bb647599f52023-02-08 09:44:26.484root 11241100x8000000000000000267427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aead48132c143f2023-02-08 09:44:26.484root 11241100x8000000000000000267426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e29fb8a2306491c2023-02-08 09:44:26.484root 11241100x8000000000000000267425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b296d25ff03a22023-02-08 09:44:26.484root 11241100x8000000000000000267424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e28be547081cba52023-02-08 09:44:26.484root 11241100x8000000000000000267423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22529366a148d8352023-02-08 09:44:26.484root 11241100x8000000000000000267422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5d600a5f065d772023-02-08 09:44:26.484root 11241100x8000000000000000267435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437f1447d44a170b2023-02-08 09:44:26.984root 11241100x8000000000000000267434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76646f1d23a81a192023-02-08 09:44:26.984root 11241100x8000000000000000267433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a556ba7d3a5ca72023-02-08 09:44:26.984root 11241100x8000000000000000267432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98acf43e9c502032023-02-08 09:44:26.984root 11241100x8000000000000000267431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c511e24f2a645d2023-02-08 09:44:26.984root 11241100x8000000000000000267430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c669f03ec4eb1f42023-02-08 09:44:26.984root 11241100x8000000000000000267429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10aa0901ac8da8fb2023-02-08 09:44:26.984root 534500x8000000000000000267436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.004{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journaldroot 534500x8000000000000000267437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.021{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journaldroot 11241100x8000000000000000267445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7345c6695f8d23b2023-02-08 09:44:27.485root 11241100x8000000000000000267444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8224780186eef2023-02-08 09:44:27.485root 11241100x8000000000000000267443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f489049d5ba062122023-02-08 09:44:27.485root 11241100x8000000000000000267442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85a8df2cd666772023-02-08 09:44:27.485root 11241100x8000000000000000267441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822d8a4d3281eab2023-02-08 09:44:27.485root 11241100x8000000000000000267440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e09388fa8a59552023-02-08 09:44:27.485root 11241100x8000000000000000267439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd39754b7ea6f542023-02-08 09:44:27.485root 11241100x8000000000000000267438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78815d07b6376a382023-02-08 09:44:27.485root 11241100x8000000000000000267446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d21e8c0f7a4c922023-02-08 09:44:27.486root 11241100x8000000000000000267453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d43f599b9f052bf2023-02-08 09:44:27.984root 11241100x8000000000000000267452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d63af5cad3ed8162023-02-08 09:44:27.984root 11241100x8000000000000000267451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fad5bafcaf39ba2023-02-08 09:44:27.984root 11241100x8000000000000000267450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a9c487a4ab120c2023-02-08 09:44:27.984root 11241100x8000000000000000267449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8e5b1c5626dd262023-02-08 09:44:27.984root 11241100x8000000000000000267448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb233ea3f718c2c2023-02-08 09:44:27.984root 11241100x8000000000000000267447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354453e2193831e22023-02-08 09:44:27.984root 11241100x8000000000000000267455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96719aa3f598aea72023-02-08 09:44:27.985root 11241100x8000000000000000267454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636cc03f389f34c52023-02-08 09:44:27.985root 11241100x8000000000000000267463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abe985609e6a46c2023-02-08 09:44:28.484root 11241100x8000000000000000267462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643db69936e3b0652023-02-08 09:44:28.484root 11241100x8000000000000000267461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23747402947b7b92023-02-08 09:44:28.484root 11241100x8000000000000000267460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4a0bb9a766dc02023-02-08 09:44:28.484root 11241100x8000000000000000267459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83576bb17d7a1072023-02-08 09:44:28.484root 11241100x8000000000000000267458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7ed470d260ed7d2023-02-08 09:44:28.484root 11241100x8000000000000000267457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea112d7c151078fd2023-02-08 09:44:28.484root 11241100x8000000000000000267456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ed670b67e736d42023-02-08 09:44:28.484root 11241100x8000000000000000267464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cfa95cbd8b81bb2023-02-08 09:44:28.485root 11241100x8000000000000000267469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2a1df15884d7532023-02-08 09:44:28.984root 11241100x8000000000000000267468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496db3d2212a148f2023-02-08 09:44:28.984root 11241100x8000000000000000267467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b715e0c45cbb20682023-02-08 09:44:28.984root 11241100x8000000000000000267466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e5fd1d112dcb6e2023-02-08 09:44:28.984root 11241100x8000000000000000267465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0c454285d7912f2023-02-08 09:44:28.984root 11241100x8000000000000000267473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6db6b26002222a2023-02-08 09:44:28.985root 11241100x8000000000000000267472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab40bdca148472392023-02-08 09:44:28.985root 11241100x8000000000000000267471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ba1215edbdfbd2023-02-08 09:44:28.985root 11241100x8000000000000000267470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2334c9b52eb841252023-02-08 09:44:28.985root 11241100x8000000000000000267481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab457c05ff86e0a2023-02-08 09:44:29.484root 11241100x8000000000000000267480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c324f7cbe8a33e2023-02-08 09:44:29.484root 11241100x8000000000000000267479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92642f71953a81b22023-02-08 09:44:29.484root 11241100x8000000000000000267478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0674ba1cde353e2023-02-08 09:44:29.484root 11241100x8000000000000000267477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7789929a2e8475922023-02-08 09:44:29.484root 11241100x8000000000000000267476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979d4ca27d54ad222023-02-08 09:44:29.484root 11241100x8000000000000000267475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ba0fad6ce17a62023-02-08 09:44:29.484root 11241100x8000000000000000267474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd27e3aef1b01e52023-02-08 09:44:29.484root 11241100x8000000000000000267482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681d1db6467230142023-02-08 09:44:29.485root 11241100x8000000000000000267485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931aa4d492dbd4462023-02-08 09:44:29.984root 11241100x8000000000000000267484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b835b81480ce08e2023-02-08 09:44:29.984root 11241100x8000000000000000267483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7997cd055f9ddf42023-02-08 09:44:29.984root 11241100x8000000000000000267491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d3efaf85156bb2023-02-08 09:44:29.985root 11241100x8000000000000000267490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f04e6bc9f181f722023-02-08 09:44:29.985root 11241100x8000000000000000267489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d5815f03de71c22023-02-08 09:44:29.985root 11241100x8000000000000000267488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5620da10abdb602023-02-08 09:44:29.985root 11241100x8000000000000000267487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1792516b9af826b2023-02-08 09:44:29.985root 11241100x8000000000000000267486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bf001ae7c5196e2023-02-08 09:44:29.985root 354300x8000000000000000267492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.214{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34310-false10.0.1.12-8000- 11241100x8000000000000000267499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ce875e90ae547e2023-02-08 09:44:30.484root 11241100x8000000000000000267498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fdb4b80158d88d2023-02-08 09:44:30.484root 11241100x8000000000000000267497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a4f002ce33e502023-02-08 09:44:30.484root 11241100x8000000000000000267496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb773d3c3c3e3082023-02-08 09:44:30.484root 11241100x8000000000000000267495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e792dba1c21c762023-02-08 09:44:30.484root 11241100x8000000000000000267494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c3669310dd25702023-02-08 09:44:30.484root 11241100x8000000000000000267493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430a5a4e5e30fdf72023-02-08 09:44:30.484root 11241100x8000000000000000267502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300a60adc151f0882023-02-08 09:44:30.485root 11241100x8000000000000000267501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d51e1b86c0b072023-02-08 09:44:30.485root 11241100x8000000000000000267500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e277e9879b18aa2023-02-08 09:44:30.485root 11241100x8000000000000000267510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b35cf03b5153f1b2023-02-08 09:44:30.984root 11241100x8000000000000000267509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d0db5cbac2fed42023-02-08 09:44:30.984root 11241100x8000000000000000267508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2137b2857b714bff2023-02-08 09:44:30.984root 11241100x8000000000000000267507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5904c83caeb865932023-02-08 09:44:30.984root 11241100x8000000000000000267506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264050289ee1b2212023-02-08 09:44:30.984root 11241100x8000000000000000267505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa9e689dbe341c2023-02-08 09:44:30.984root 11241100x8000000000000000267504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0193ab1540096722023-02-08 09:44:30.984root 11241100x8000000000000000267503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d00421bdbe351892023-02-08 09:44:30.984root 11241100x8000000000000000267512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9de41fd2b0cd5602023-02-08 09:44:30.985root 11241100x8000000000000000267511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83005a41316a94872023-02-08 09:44:30.985root 11241100x8000000000000000267520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296c8b3325b79aa32023-02-08 09:44:31.484root 11241100x8000000000000000267519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade7d139330f4b0e2023-02-08 09:44:31.484root 11241100x8000000000000000267518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7956b975057c8f902023-02-08 09:44:31.484root 11241100x8000000000000000267517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e66eaad0270535f2023-02-08 09:44:31.484root 11241100x8000000000000000267516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c6eae346e53e3e2023-02-08 09:44:31.484root 11241100x8000000000000000267515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af7da0eb186c60f2023-02-08 09:44:31.484root 11241100x8000000000000000267514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10034506bfcfcc1a2023-02-08 09:44:31.484root 11241100x8000000000000000267513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47152113fecaae502023-02-08 09:44:31.484root 11241100x8000000000000000267522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0416942350e623c2023-02-08 09:44:31.485root 11241100x8000000000000000267521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430c0818543a27622023-02-08 09:44:31.485root 11241100x8000000000000000267528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e9a48f16fc310d2023-02-08 09:44:31.984root 11241100x8000000000000000267527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7513eed1180394e22023-02-08 09:44:31.984root 11241100x8000000000000000267526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8978724947eabb2023-02-08 09:44:31.984root 11241100x8000000000000000267525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cf684efa11aff82023-02-08 09:44:31.984root 11241100x8000000000000000267524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff373d2e85f5362023-02-08 09:44:31.984root 11241100x8000000000000000267523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8f4f2bc2f64492023-02-08 09:44:31.984root 11241100x8000000000000000267532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87ad8c810b3602e2023-02-08 09:44:31.985root 11241100x8000000000000000267531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2c6e354bd169fc2023-02-08 09:44:31.985root 11241100x8000000000000000267530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb6fdb3ef9de492023-02-08 09:44:31.985root 11241100x8000000000000000267529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526b70ad958c81602023-02-08 09:44:31.985root 11241100x8000000000000000267539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dd9db8d5720bbe2023-02-08 09:44:32.484root 11241100x8000000000000000267538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69ef90c91ccfe642023-02-08 09:44:32.484root 11241100x8000000000000000267537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843e49a2758390c82023-02-08 09:44:32.484root 11241100x8000000000000000267536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dee1f3fec98ce502023-02-08 09:44:32.484root 11241100x8000000000000000267535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c85e85cf56783e42023-02-08 09:44:32.484root 11241100x8000000000000000267534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fe4296f752ed132023-02-08 09:44:32.484root 11241100x8000000000000000267533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f6679fb23720662023-02-08 09:44:32.484root 11241100x8000000000000000267542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82946498e380aaa2023-02-08 09:44:32.485root 11241100x8000000000000000267541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed3648294324f72023-02-08 09:44:32.485root 11241100x8000000000000000267540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d86b05044a7b672023-02-08 09:44:32.485root 11241100x8000000000000000267549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44337b786d5f4bee2023-02-08 09:44:32.984root 11241100x8000000000000000267548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617f7fb62a8c2412023-02-08 09:44:32.984root 11241100x8000000000000000267547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48714e5204c330202023-02-08 09:44:32.984root 11241100x8000000000000000267546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c14538bbb4d3c722023-02-08 09:44:32.984root 11241100x8000000000000000267545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22718f3c70e30d292023-02-08 09:44:32.984root 11241100x8000000000000000267544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4bae249d33695f2023-02-08 09:44:32.984root 11241100x8000000000000000267543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6354f113ca9a05ec2023-02-08 09:44:32.984root 11241100x8000000000000000267552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5e475d48103bf2023-02-08 09:44:32.985root 11241100x8000000000000000267551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e50c1c6f9494e9d2023-02-08 09:44:32.985root 11241100x8000000000000000267550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592ed8b87b30db4a2023-02-08 09:44:32.985root 11241100x8000000000000000267558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4e241b043d72862023-02-08 09:44:33.484root 11241100x8000000000000000267557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a223a3ea684c5ad2023-02-08 09:44:33.484root 11241100x8000000000000000267556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5328482696f8decb2023-02-08 09:44:33.484root 11241100x8000000000000000267555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d78a8ad886e3e02023-02-08 09:44:33.484root 11241100x8000000000000000267554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dde37149e7ffdb2023-02-08 09:44:33.484root 11241100x8000000000000000267553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6fbf322207af42023-02-08 09:44:33.484root 11241100x8000000000000000267562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518fd72fcaf8bea52023-02-08 09:44:33.485root 11241100x8000000000000000267561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f91d5e1f56d662023-02-08 09:44:33.485root 11241100x8000000000000000267560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbddc7a314353922023-02-08 09:44:33.485root 11241100x8000000000000000267559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6827f44db73f5c4a2023-02-08 09:44:33.485root 11241100x8000000000000000267569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3138f91d8e1e67e2023-02-08 09:44:33.984root 11241100x8000000000000000267568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ccbe6561cc74942023-02-08 09:44:33.984root 11241100x8000000000000000267567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5a53da6891fde02023-02-08 09:44:33.984root 11241100x8000000000000000267566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee6a8ce0940100e2023-02-08 09:44:33.984root 11241100x8000000000000000267565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b8ce0f12874f332023-02-08 09:44:33.984root 11241100x8000000000000000267564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a16d7f5eed2ecdf2023-02-08 09:44:33.984root 11241100x8000000000000000267563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726e87d0a429d7e2023-02-08 09:44:33.984root 11241100x8000000000000000267572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fba15ed9a09cde2023-02-08 09:44:33.985root 11241100x8000000000000000267571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9da79070999e682023-02-08 09:44:33.985root 11241100x8000000000000000267570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea1aebbd6f6b3e42023-02-08 09:44:33.985root 11241100x8000000000000000267579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8e89a2ac434d32023-02-08 09:44:34.484root 11241100x8000000000000000267578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add4db4270dbc292023-02-08 09:44:34.484root 11241100x8000000000000000267577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e166103c482b2e672023-02-08 09:44:34.484root 11241100x8000000000000000267576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313ee8c08ee07f5f2023-02-08 09:44:34.484root 11241100x8000000000000000267575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a984b07ececc522023-02-08 09:44:34.484root 11241100x8000000000000000267574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1a99ff3495b05c2023-02-08 09:44:34.484root 11241100x8000000000000000267573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f310948480407c3b2023-02-08 09:44:34.484root 11241100x8000000000000000267582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eaebc0337632ef2023-02-08 09:44:34.485root 11241100x8000000000000000267581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e65dbf9bb95262023-02-08 09:44:34.485root 11241100x8000000000000000267580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab879761a82482fe2023-02-08 09:44:34.485root 11241100x8000000000000000267589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b241fcdc835a37be2023-02-08 09:44:34.984root 11241100x8000000000000000267588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a2e6bc5a1cff552023-02-08 09:44:34.984root 11241100x8000000000000000267587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e6bc3079acdb862023-02-08 09:44:34.984root 11241100x8000000000000000267586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e147e42379f9f12023-02-08 09:44:34.984root 11241100x8000000000000000267585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071b8ef9f18d2132023-02-08 09:44:34.984root 11241100x8000000000000000267584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf54f72a92b2ea02023-02-08 09:44:34.984root 11241100x8000000000000000267583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67459dabd81614312023-02-08 09:44:34.984root 11241100x8000000000000000267592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cf7da5ace50f192023-02-08 09:44:34.985root 11241100x8000000000000000267591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016aa36816f561642023-02-08 09:44:34.985root 11241100x8000000000000000267590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede1132da6cf656c2023-02-08 09:44:34.985root 11241100x8000000000000000267599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9280696cb1725cb12023-02-08 09:44:35.484root 11241100x8000000000000000267598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090c6c56b758c05d2023-02-08 09:44:35.484root 11241100x8000000000000000267597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1e5dea5a3bd4b2023-02-08 09:44:35.484root 11241100x8000000000000000267596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50268d82091491672023-02-08 09:44:35.484root 11241100x8000000000000000267595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c37cd9528c566882023-02-08 09:44:35.484root 11241100x8000000000000000267594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d342aa7256df362023-02-08 09:44:35.484root 11241100x8000000000000000267593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c42c1beac4aaa12023-02-08 09:44:35.484root 11241100x8000000000000000267602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f33af633de54c2023-02-08 09:44:35.485root 11241100x8000000000000000267601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f368c1556009d2023-02-08 09:44:35.485root 11241100x8000000000000000267600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faf75f0f52f5e462023-02-08 09:44:35.485root 11241100x8000000000000000267609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efd908ab3c88dc32023-02-08 09:44:35.984root 11241100x8000000000000000267608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e0b86e233684622023-02-08 09:44:35.984root 11241100x8000000000000000267607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1affbe3b144760b82023-02-08 09:44:35.984root 11241100x8000000000000000267606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e5bd4669893d292023-02-08 09:44:35.984root 11241100x8000000000000000267605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7be88658f8605fd2023-02-08 09:44:35.984root 11241100x8000000000000000267604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25782deca1873d52023-02-08 09:44:35.984root 11241100x8000000000000000267603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72259e800d29b132023-02-08 09:44:35.984root 11241100x8000000000000000267612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381d4a0aeb299b302023-02-08 09:44:35.985root 11241100x8000000000000000267611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dc41e1eb8435512023-02-08 09:44:35.985root 11241100x8000000000000000267610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c971a46684b95c2023-02-08 09:44:35.985root 354300x8000000000000000267613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.200{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34318-false10.0.1.12-8000- 11241100x8000000000000000267614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:44:36.363root 11241100x8000000000000000267624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46e38594e9722a2023-02-08 09:44:36.365root 11241100x8000000000000000267623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9683fb1bc83269432023-02-08 09:44:36.365root 11241100x8000000000000000267622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01e03847e88e6df2023-02-08 09:44:36.365root 11241100x8000000000000000267621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1caf4bddb1cb6b2023-02-08 09:44:36.365root 11241100x8000000000000000267620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efce9be58efb73a12023-02-08 09:44:36.365root 11241100x8000000000000000267619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52b8d57feaf5fbc2023-02-08 09:44:36.365root 11241100x8000000000000000267618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56a1a6eed30ee582023-02-08 09:44:36.365root 11241100x8000000000000000267617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210dd297b65edf832023-02-08 09:44:36.365root 11241100x8000000000000000267616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2adf5430c953bd2023-02-08 09:44:36.365root 11241100x8000000000000000267615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d6f9241d0421b02023-02-08 09:44:36.365root 11241100x8000000000000000267626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad57b2c4678774a2023-02-08 09:44:36.366root 11241100x8000000000000000267625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad79b14a39af4ea52023-02-08 09:44:36.366root 11241100x8000000000000000267630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d8ed07c9e492e72023-02-08 09:44:36.734root 11241100x8000000000000000267629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205be2449a8a15562023-02-08 09:44:36.734root 11241100x8000000000000000267628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a52b1a03603ea4d2023-02-08 09:44:36.734root 11241100x8000000000000000267627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4b165be3c00922023-02-08 09:44:36.734root 11241100x8000000000000000267638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33406a911880b5fa2023-02-08 09:44:36.735root 11241100x8000000000000000267637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3113b2cd68fcf2932023-02-08 09:44:36.735root 11241100x8000000000000000267636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7374f8391a5c53542023-02-08 09:44:36.735root 11241100x8000000000000000267635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac01e2b12e174622023-02-08 09:44:36.735root 11241100x8000000000000000267634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22256435a0a425a2023-02-08 09:44:36.735root 11241100x8000000000000000267633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed04358357131a62023-02-08 09:44:36.735root 11241100x8000000000000000267632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d9c709070283ba2023-02-08 09:44:36.735root 11241100x8000000000000000267631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f375b353224dc7142023-02-08 09:44:36.735root 11241100x8000000000000000267641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a978808c69b5a2023-02-08 09:44:37.234root 11241100x8000000000000000267640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99db1a05eac675292023-02-08 09:44:37.234root 11241100x8000000000000000267639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82751fb07a2be64f2023-02-08 09:44:37.234root 11241100x8000000000000000267650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415b0dc60033ac9d2023-02-08 09:44:37.235root 11241100x8000000000000000267649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429bc563a94e19132023-02-08 09:44:37.235root 11241100x8000000000000000267648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297aa4fef09f6b172023-02-08 09:44:37.235root 11241100x8000000000000000267647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a623c699c041a7142023-02-08 09:44:37.235root 11241100x8000000000000000267646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382483450227a012023-02-08 09:44:37.235root 11241100x8000000000000000267645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e1a527faff92a62023-02-08 09:44:37.235root 11241100x8000000000000000267644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbdeff5f98c9ed22023-02-08 09:44:37.235root 11241100x8000000000000000267643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201cf48a108d3692023-02-08 09:44:37.235root 11241100x8000000000000000267642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9c8cddcb9d2922023-02-08 09:44:37.235root 11241100x8000000000000000267654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e5cdc2b667c71a2023-02-08 09:44:37.734root 11241100x8000000000000000267653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bf1c8541445b762023-02-08 09:44:37.734root 11241100x8000000000000000267652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26645e89e8140d5e2023-02-08 09:44:37.734root 11241100x8000000000000000267651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a62c8c47fbae44c2023-02-08 09:44:37.734root 11241100x8000000000000000267662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994c5191353b27182023-02-08 09:44:37.735root 11241100x8000000000000000267661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc17a25e64bb76f2023-02-08 09:44:37.735root 11241100x8000000000000000267660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaf2eb0fcec3adc2023-02-08 09:44:37.735root 11241100x8000000000000000267659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894a390c29d6700d2023-02-08 09:44:37.735root 11241100x8000000000000000267658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132cc2aebc1f715c2023-02-08 09:44:37.735root 11241100x8000000000000000267657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008131ee1afd8a942023-02-08 09:44:37.735root 11241100x8000000000000000267656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4c7859c51c150e2023-02-08 09:44:37.735root 11241100x8000000000000000267655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd24eebc5f19ee022023-02-08 09:44:37.735root 11241100x8000000000000000267666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a1c77d6e69f17f2023-02-08 09:44:38.234root 11241100x8000000000000000267665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c6322dc5ad99042023-02-08 09:44:38.234root 11241100x8000000000000000267664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e83bb0e709ef1e2023-02-08 09:44:38.234root 11241100x8000000000000000267663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b6291fc6fdfe422023-02-08 09:44:38.234root 11241100x8000000000000000267672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b702599bc026d62023-02-08 09:44:38.235root 11241100x8000000000000000267671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84026370c0bceddd2023-02-08 09:44:38.235root 11241100x8000000000000000267670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b990d2611002abb92023-02-08 09:44:38.235root 11241100x8000000000000000267669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247c2c437ee67c92023-02-08 09:44:38.235root 11241100x8000000000000000267668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7dce91ef89ce652023-02-08 09:44:38.235root 11241100x8000000000000000267667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32977e618b692e442023-02-08 09:44:38.235root 11241100x8000000000000000267674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c04d0a994b872782023-02-08 09:44:38.236root 11241100x8000000000000000267673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a9a8fc64eef08b2023-02-08 09:44:38.236root 11241100x8000000000000000267676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e9b46711925c3f2023-02-08 09:44:38.734root 11241100x8000000000000000267675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46869d389131ab432023-02-08 09:44:38.734root 11241100x8000000000000000267684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce516b016772afb02023-02-08 09:44:38.735root 11241100x8000000000000000267683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8454b26265e2e81c2023-02-08 09:44:38.735root 11241100x8000000000000000267682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e045a525616dbc042023-02-08 09:44:38.735root 11241100x8000000000000000267681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e5e8b42d2585cf2023-02-08 09:44:38.735root 11241100x8000000000000000267680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a171dbdfcfe4a732023-02-08 09:44:38.735root 11241100x8000000000000000267679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca39fce4af7836b2023-02-08 09:44:38.735root 11241100x8000000000000000267678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7820100a9d32c602023-02-08 09:44:38.735root 11241100x8000000000000000267677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bffb6982c746e52023-02-08 09:44:38.735root 11241100x8000000000000000267686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c802877f11e6fe052023-02-08 09:44:38.736root 11241100x8000000000000000267685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0575eb5dd4822442023-02-08 09:44:38.736root 11241100x8000000000000000267690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29720fc260747a2023-02-08 09:44:39.234root 11241100x8000000000000000267689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da06853723f33f592023-02-08 09:44:39.234root 11241100x8000000000000000267688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc71aad712abaff2023-02-08 09:44:39.234root 11241100x8000000000000000267687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e61b567ace37832023-02-08 09:44:39.234root 11241100x8000000000000000267698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d970e25c689af2023-02-08 09:44:39.235root 11241100x8000000000000000267697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736243cd3f8d91542023-02-08 09:44:39.235root 11241100x8000000000000000267696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c55a2e74117f442023-02-08 09:44:39.235root 11241100x8000000000000000267695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35969f6705d668332023-02-08 09:44:39.235root 11241100x8000000000000000267694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db208f345f7f191b2023-02-08 09:44:39.235root 11241100x8000000000000000267693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d4714c25b717a2023-02-08 09:44:39.235root 11241100x8000000000000000267692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52de19031f9ac572023-02-08 09:44:39.235root 11241100x8000000000000000267691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4047e4a6f3014ae2023-02-08 09:44:39.235root 23542300x8000000000000000267699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.365{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000267702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09de8ef40f610dd22023-02-08 09:44:39.734root 11241100x8000000000000000267701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754179949ea0634e2023-02-08 09:44:39.734root 11241100x8000000000000000267700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025e92c457028532023-02-08 09:44:39.734root 11241100x8000000000000000267708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c74fa7495502ec2023-02-08 09:44:39.735root 11241100x8000000000000000267707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce6757c18debf02023-02-08 09:44:39.735root 11241100x8000000000000000267706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee941b864d5cbce02023-02-08 09:44:39.735root 11241100x8000000000000000267705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0cdbc2d2e55ab2023-02-08 09:44:39.735root 11241100x8000000000000000267704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad509c74b8a1deac2023-02-08 09:44:39.735root 11241100x8000000000000000267703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b32c3bea464b83f2023-02-08 09:44:39.735root 11241100x8000000000000000267712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2798aa354e945cf02023-02-08 09:44:39.736root 11241100x8000000000000000267711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2964ff3bd69550f2023-02-08 09:44:39.736root 11241100x8000000000000000267710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406baaf07769f9fe2023-02-08 09:44:39.736root 11241100x8000000000000000267709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebdfceb253aa2092023-02-08 09:44:39.736root 11241100x8000000000000000267716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986beb6676dfa172023-02-08 09:44:40.234root 11241100x8000000000000000267715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93908ac12f5c60ad2023-02-08 09:44:40.234root 11241100x8000000000000000267714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64997f01ca29f7d52023-02-08 09:44:40.234root 11241100x8000000000000000267713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115df3272d4beede2023-02-08 09:44:40.234root 11241100x8000000000000000267724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c9c7c1ac9a8e712023-02-08 09:44:40.235root 11241100x8000000000000000267723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0889776005cbf52023-02-08 09:44:40.235root 11241100x8000000000000000267722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41d3c6b8514fd902023-02-08 09:44:40.235root 11241100x8000000000000000267721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb72cf59e635d7e2023-02-08 09:44:40.235root 11241100x8000000000000000267720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44308e278d4b2b002023-02-08 09:44:40.235root 11241100x8000000000000000267719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcf8c45bd6373f42023-02-08 09:44:40.235root 11241100x8000000000000000267718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331c6a257251f5cf2023-02-08 09:44:40.235root 11241100x8000000000000000267717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d719f5556cadb172023-02-08 09:44:40.235root 11241100x8000000000000000267725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90bd22d7ec7511e2023-02-08 09:44:40.236root 11241100x8000000000000000267727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4019de4ad822e41d2023-02-08 09:44:40.734root 11241100x8000000000000000267726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2284609e5b2d182023-02-08 09:44:40.734root 11241100x8000000000000000267738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84204da943a01392023-02-08 09:44:40.735root 11241100x8000000000000000267737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df98ad1a3203f58a2023-02-08 09:44:40.735root 11241100x8000000000000000267736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c238fe07341c12023-02-08 09:44:40.735root 11241100x8000000000000000267735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bcfb5528ccf5b72023-02-08 09:44:40.735root 11241100x8000000000000000267734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bb7faa9f8832e92023-02-08 09:44:40.735root 11241100x8000000000000000267733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acac9a37668ddb282023-02-08 09:44:40.735root 11241100x8000000000000000267732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686bd79c50b5e1772023-02-08 09:44:40.735root 11241100x8000000000000000267731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c6f62cfba4e6492023-02-08 09:44:40.735root 11241100x8000000000000000267730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cf86802966d9932023-02-08 09:44:40.735root 11241100x8000000000000000267729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aaf38ab422373f2023-02-08 09:44:40.735root 11241100x8000000000000000267728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686c6fa14ad994422023-02-08 09:44:40.735root 354300x8000000000000000267739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.224{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49734-false10.0.1.12-8000- 11241100x8000000000000000267747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723972814057193b2023-02-08 09:44:41.225root 11241100x8000000000000000267746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48ae8f0bedf10f2023-02-08 09:44:41.225root 11241100x8000000000000000267745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488a516f9a1399902023-02-08 09:44:41.225root 11241100x8000000000000000267744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b117a6ef1490b862023-02-08 09:44:41.225root 11241100x8000000000000000267743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9df6278f23db022023-02-08 09:44:41.225root 11241100x8000000000000000267742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c2e02a13c834ce2023-02-08 09:44:41.225root 11241100x8000000000000000267741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48107ec702d9836e2023-02-08 09:44:41.225root 11241100x8000000000000000267740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c83197025c2f8b2023-02-08 09:44:41.225root 11241100x8000000000000000267753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651484b0ef71578f2023-02-08 09:44:41.226root 11241100x8000000000000000267752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2346ca8db105cd282023-02-08 09:44:41.226root 11241100x8000000000000000267751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ab42f79ebaf05c2023-02-08 09:44:41.226root 11241100x8000000000000000267750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05e93b122b567992023-02-08 09:44:41.226root 11241100x8000000000000000267749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a72ee7aece02032023-02-08 09:44:41.226root 11241100x8000000000000000267748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e0d378d90b43242023-02-08 09:44:41.226root 11241100x8000000000000000267757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb15173d71458d2023-02-08 09:44:41.484root 11241100x8000000000000000267756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c14de5a6873f3c12023-02-08 09:44:41.484root 11241100x8000000000000000267755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d6b8394bcc52332023-02-08 09:44:41.484root 11241100x8000000000000000267754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1972b2518f33b8412023-02-08 09:44:41.484root 11241100x8000000000000000267767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d3a72a5db7a6d32023-02-08 09:44:41.485root 11241100x8000000000000000267766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724cc93e5f722b6a2023-02-08 09:44:41.485root 11241100x8000000000000000267765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84452e54bc46d322023-02-08 09:44:41.485root 11241100x8000000000000000267764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069e5a3b2f6e3882023-02-08 09:44:41.485root 11241100x8000000000000000267763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da531322732ed622023-02-08 09:44:41.485root 11241100x8000000000000000267762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115b2b1988150112023-02-08 09:44:41.485root 11241100x8000000000000000267761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bab269a17e1ada2023-02-08 09:44:41.485root 11241100x8000000000000000267760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c806b23999b6792e2023-02-08 09:44:41.485root 11241100x8000000000000000267759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843b5b337943f62b2023-02-08 09:44:41.485root 11241100x8000000000000000267758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f549cddc97cc4c2023-02-08 09:44:41.485root 11241100x8000000000000000267772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f366c6c608dda4702023-02-08 09:44:41.984root 11241100x8000000000000000267771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ed3aff49e3df02023-02-08 09:44:41.984root 11241100x8000000000000000267770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef174af38049ce82023-02-08 09:44:41.984root 11241100x8000000000000000267769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7135c4c3e7746f2a2023-02-08 09:44:41.984root 11241100x8000000000000000267768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d140ec589d315312023-02-08 09:44:41.984root 11241100x8000000000000000267781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e437de22bb7e22023-02-08 09:44:41.985root 11241100x8000000000000000267780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1b1a195e8c6e652023-02-08 09:44:41.985root 11241100x8000000000000000267779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fcb110215efa132023-02-08 09:44:41.985root 11241100x8000000000000000267778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b838664e9c30872023-02-08 09:44:41.985root 11241100x8000000000000000267777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4f9be50685b2622023-02-08 09:44:41.985root 11241100x8000000000000000267776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c247b817cda7e952023-02-08 09:44:41.985root 11241100x8000000000000000267775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7054a6497242a72023-02-08 09:44:41.985root 11241100x8000000000000000267774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1011fe7698cf3992023-02-08 09:44:41.985root 11241100x8000000000000000267773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad20b169e0488e6e2023-02-08 09:44:41.985root 11241100x8000000000000000267783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaafb973b2442732023-02-08 09:44:42.485root 11241100x8000000000000000267782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e84d00ffa241762023-02-08 09:44:42.485root 11241100x8000000000000000267792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de220fbf7763c7d32023-02-08 09:44:42.486root 11241100x8000000000000000267791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e474685b85cf482023-02-08 09:44:42.486root 11241100x8000000000000000267790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d28e198a0956d742023-02-08 09:44:42.486root 11241100x8000000000000000267789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03338f3458fc59112023-02-08 09:44:42.486root 11241100x8000000000000000267788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ded7d0446994aad2023-02-08 09:44:42.486root 11241100x8000000000000000267787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eacda7219aef752023-02-08 09:44:42.486root 11241100x8000000000000000267786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c4faf7da96478d2023-02-08 09:44:42.486root 11241100x8000000000000000267785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f343ed4964278172023-02-08 09:44:42.486root 11241100x8000000000000000267784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e12bd3f31e978e2023-02-08 09:44:42.486root 11241100x8000000000000000267794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836d87cae19bfcd2023-02-08 09:44:42.487root 11241100x8000000000000000267793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0d0a970dbc92592023-02-08 09:44:42.487root 11241100x8000000000000000267795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab65515fa58c067b2023-02-08 09:44:42.488root 11241100x8000000000000000267798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83b95c9e08a33f12023-02-08 09:44:42.984root 11241100x8000000000000000267797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b38c8d39d961422023-02-08 09:44:42.984root 11241100x8000000000000000267796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3b6fe6d8290bd42023-02-08 09:44:42.984root 11241100x8000000000000000267808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc03358faf2640882023-02-08 09:44:42.985root 11241100x8000000000000000267807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a68abb73edc8ae22023-02-08 09:44:42.985root 11241100x8000000000000000267806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3a0a3d7f7c7bdd2023-02-08 09:44:42.985root 11241100x8000000000000000267805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869795a90c0efd242023-02-08 09:44:42.985root 11241100x8000000000000000267804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f2731c116b30102023-02-08 09:44:42.985root 11241100x8000000000000000267803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0815d60457424b242023-02-08 09:44:42.985root 11241100x8000000000000000267802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f9e885f7b5ea62023-02-08 09:44:42.985root 11241100x8000000000000000267801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927ac4a0601a2b8b2023-02-08 09:44:42.985root 11241100x8000000000000000267800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1dbe1419dcddc72023-02-08 09:44:42.985root 11241100x8000000000000000267799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560e229cf3e1b2e62023-02-08 09:44:42.985root 11241100x8000000000000000267809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6cd712af578ff2023-02-08 09:44:42.986root 11241100x8000000000000000267810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf515e2365a8c62023-02-08 09:44:43.484root 11241100x8000000000000000267821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a21d49cc027fa692023-02-08 09:44:43.485root 11241100x8000000000000000267820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8528b7fff6f7882023-02-08 09:44:43.485root 11241100x8000000000000000267819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2fd9cfe45492822023-02-08 09:44:43.485root 11241100x8000000000000000267818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8831c870a7a6eb7f2023-02-08 09:44:43.485root 11241100x8000000000000000267817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122535b8d99828552023-02-08 09:44:43.485root 11241100x8000000000000000267816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d380246b8f57d22023-02-08 09:44:43.485root 11241100x8000000000000000267815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4b8ee9c2d95cd2023-02-08 09:44:43.485root 11241100x8000000000000000267814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831342e666eca9022023-02-08 09:44:43.485root 11241100x8000000000000000267813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6f53c4ed4f72132023-02-08 09:44:43.485root 11241100x8000000000000000267812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbb44ef500ffe172023-02-08 09:44:43.485root 11241100x8000000000000000267811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053257bc7582bf272023-02-08 09:44:43.485root 11241100x8000000000000000267823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366fe567539bcd932023-02-08 09:44:43.486root 11241100x8000000000000000267822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bed3cbe1a8599472023-02-08 09:44:43.486root 11241100x8000000000000000267827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690355b8e69938a92023-02-08 09:44:43.984root 11241100x8000000000000000267826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfcec116c8de5552023-02-08 09:44:43.984root 11241100x8000000000000000267825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e658f5fd10b43b2023-02-08 09:44:43.984root 11241100x8000000000000000267824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3cd5528726efa02023-02-08 09:44:43.984root 11241100x8000000000000000267837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cd5865ed670b002023-02-08 09:44:43.985root 11241100x8000000000000000267836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffb78802b5d959d2023-02-08 09:44:43.985root 11241100x8000000000000000267835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02126613be0988cc2023-02-08 09:44:43.985root 11241100x8000000000000000267834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bbcde4d79e15762023-02-08 09:44:43.985root 11241100x8000000000000000267833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734e4c5f26cd91d02023-02-08 09:44:43.985root 11241100x8000000000000000267832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f39360389255b4b2023-02-08 09:44:43.985root 11241100x8000000000000000267831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9b076c4c8b037b2023-02-08 09:44:43.985root 11241100x8000000000000000267830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d43ea1ffe92f36c2023-02-08 09:44:43.985root 11241100x8000000000000000267829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbbffe70aeec9082023-02-08 09:44:43.985root 11241100x8000000000000000267828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf64862b845bc542023-02-08 09:44:43.985root 11241100x8000000000000000267840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b640ea8d5bfdc62023-02-08 09:44:44.484root 11241100x8000000000000000267839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5109f764f6cf322023-02-08 09:44:44.484root 11241100x8000000000000000267838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e577e54ddd530b12023-02-08 09:44:44.484root 11241100x8000000000000000267844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525d71e431d3cfe32023-02-08 09:44:44.485root 11241100x8000000000000000267843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4477223c890dff42023-02-08 09:44:44.485root 11241100x8000000000000000267842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0487e14ee0822f652023-02-08 09:44:44.485root 11241100x8000000000000000267841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36fdefb0146a0ab2023-02-08 09:44:44.485root 11241100x8000000000000000267848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74d29a24eb7bd9a2023-02-08 09:44:44.489root 11241100x8000000000000000267847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83db64a8751594c2023-02-08 09:44:44.489root 11241100x8000000000000000267846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303d3f67c07bbe432023-02-08 09:44:44.489root 11241100x8000000000000000267845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03df7ba88c6c0bb52023-02-08 09:44:44.489root 11241100x8000000000000000267850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00f1af42e80ae322023-02-08 09:44:44.491root 11241100x8000000000000000267849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e9baf5698636552023-02-08 09:44:44.491root 11241100x8000000000000000267851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5478102bd65ca35a2023-02-08 09:44:44.492root 11241100x8000000000000000267856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a82fa5cee67b3cf2023-02-08 09:44:44.984root 11241100x8000000000000000267855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214db2fc6d5ba0602023-02-08 09:44:44.984root 11241100x8000000000000000267854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62fd82b927f2382023-02-08 09:44:44.984root 11241100x8000000000000000267853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710cf6cca9431a362023-02-08 09:44:44.984root 11241100x8000000000000000267852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c97df39851203302023-02-08 09:44:44.984root 11241100x8000000000000000267865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735545f97ef475262023-02-08 09:44:44.985root 11241100x8000000000000000267864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bdc6a41c4cb6502023-02-08 09:44:44.985root 11241100x8000000000000000267863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5fe4d206cf602b2023-02-08 09:44:44.985root 11241100x8000000000000000267862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73464664cda11312023-02-08 09:44:44.985root 11241100x8000000000000000267861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b3b656425da2832023-02-08 09:44:44.985root 11241100x8000000000000000267860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d404021d1b43d0212023-02-08 09:44:44.985root 11241100x8000000000000000267859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4018b948378df9d52023-02-08 09:44:44.985root 11241100x8000000000000000267858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e7dbf8b013d8cd2023-02-08 09:44:44.985root 11241100x8000000000000000267857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e85117a5857f32023-02-08 09:44:44.985root 11241100x8000000000000000267869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684772a2317169a32023-02-08 09:44:45.484root 11241100x8000000000000000267868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf7caa25f3d4b4d2023-02-08 09:44:45.484root 11241100x8000000000000000267867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908fedf074fbb64c2023-02-08 09:44:45.484root 11241100x8000000000000000267866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64dfa8eb61172bd2023-02-08 09:44:45.484root 11241100x8000000000000000267878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9d859af77fb3172023-02-08 09:44:45.485root 11241100x8000000000000000267877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996b17ca845f6a142023-02-08 09:44:45.485root 11241100x8000000000000000267876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728a02ea381f35022023-02-08 09:44:45.485root 11241100x8000000000000000267875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd18532b29a0845d2023-02-08 09:44:45.485root 11241100x8000000000000000267874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035e6b75d1c003c12023-02-08 09:44:45.485root 11241100x8000000000000000267873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068356058c6aee5e2023-02-08 09:44:45.485root 11241100x8000000000000000267872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c288a406a736c82023-02-08 09:44:45.485root 11241100x8000000000000000267871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1dcefa2b5584902023-02-08 09:44:45.485root 11241100x8000000000000000267870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e331dcb2ebf0e2023-02-08 09:44:45.485root 11241100x8000000000000000267879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576ae8a2c87c02c32023-02-08 09:44:45.486root 11241100x8000000000000000267880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd27b718ac803ec32023-02-08 09:44:45.984root 11241100x8000000000000000267892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb3dfc52f57d8022023-02-08 09:44:45.985root 11241100x8000000000000000267891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fe8cde0be49f732023-02-08 09:44:45.985root 11241100x8000000000000000267890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d7ac02f1f9fe82023-02-08 09:44:45.985root 11241100x8000000000000000267889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c690f6532a01402023-02-08 09:44:45.985root 11241100x8000000000000000267888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1122d5f086f551602023-02-08 09:44:45.985root 11241100x8000000000000000267887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53856b03bae0cfc2023-02-08 09:44:45.985root 11241100x8000000000000000267886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80405e48d2d6cf9d2023-02-08 09:44:45.985root 11241100x8000000000000000267885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b278d2940a64b7d72023-02-08 09:44:45.985root 11241100x8000000000000000267884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb05f776291ca5452023-02-08 09:44:45.985root 11241100x8000000000000000267883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953168b3c3d32f662023-02-08 09:44:45.985root 11241100x8000000000000000267882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032f432757ab43292023-02-08 09:44:45.985root 11241100x8000000000000000267881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c09a8893d9f3f42023-02-08 09:44:45.985root 11241100x8000000000000000267893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bb05170bef91092023-02-08 09:44:45.986root 11241100x8000000000000000267897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b259e983ada75682023-02-08 09:44:46.484root 11241100x8000000000000000267896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9d36180f0f73742023-02-08 09:44:46.484root 11241100x8000000000000000267895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e653a2c34e52765b2023-02-08 09:44:46.484root 11241100x8000000000000000267894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb538765adb1edf2023-02-08 09:44:46.484root 11241100x8000000000000000267907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d948ef1b49c5ac152023-02-08 09:44:46.485root 11241100x8000000000000000267906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69c63128f2664202023-02-08 09:44:46.485root 11241100x8000000000000000267905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497f005266c295022023-02-08 09:44:46.485root 11241100x8000000000000000267904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea391d39eb5538e2023-02-08 09:44:46.485root 11241100x8000000000000000267903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adb601691505cd92023-02-08 09:44:46.485root 11241100x8000000000000000267902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b6d3333a99e892023-02-08 09:44:46.485root 11241100x8000000000000000267901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8392534c307ea6fe2023-02-08 09:44:46.485root 11241100x8000000000000000267900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aea7c196d242cd72023-02-08 09:44:46.485root 11241100x8000000000000000267899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83f270f470f60ed2023-02-08 09:44:46.485root 11241100x8000000000000000267898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e2e08a35b488c2023-02-08 09:44:46.485root 11241100x8000000000000000267912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e9aff2aed4a9f52023-02-08 09:44:46.984root 11241100x8000000000000000267911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c431e3fe549263462023-02-08 09:44:46.984root 11241100x8000000000000000267910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f14908c9db478572023-02-08 09:44:46.984root 11241100x8000000000000000267909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4743dd2fd20ba2023-02-08 09:44:46.984root 11241100x8000000000000000267908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30338e107c6ad3db2023-02-08 09:44:46.984root 11241100x8000000000000000267921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa48cf1f9422ddf2023-02-08 09:44:46.985root 11241100x8000000000000000267920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee12f20ccb73ff82023-02-08 09:44:46.985root 11241100x8000000000000000267919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97cb53160f8dde82023-02-08 09:44:46.985root 11241100x8000000000000000267918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6dad840e9dadd32023-02-08 09:44:46.985root 11241100x8000000000000000267917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54980f7333a12fdc2023-02-08 09:44:46.985root 11241100x8000000000000000267916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71df462f6a9a48d2023-02-08 09:44:46.985root 11241100x8000000000000000267915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35fd4301b3edcc42023-02-08 09:44:46.985root 11241100x8000000000000000267914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f8286b9fd366ea2023-02-08 09:44:46.985root 11241100x8000000000000000267913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2266d469fcfdb822023-02-08 09:44:46.985root 354300x8000000000000000267922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.190{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49750-false10.0.1.12-8000- 11241100x8000000000000000267926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1472a0eed186369a2023-02-08 09:44:47.484root 11241100x8000000000000000267925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d661a1dfb61142302023-02-08 09:44:47.484root 11241100x8000000000000000267924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbfb00f9349baa72023-02-08 09:44:47.484root 11241100x8000000000000000267923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b425b5e08392302023-02-08 09:44:47.484root 11241100x8000000000000000267936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf4ba4687c932722023-02-08 09:44:47.485root 11241100x8000000000000000267935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce55f31c5f064dae2023-02-08 09:44:47.485root 11241100x8000000000000000267934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf74dd9c3c8bee2023-02-08 09:44:47.485root 11241100x8000000000000000267933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579f12af6b8d6e72023-02-08 09:44:47.485root 11241100x8000000000000000267932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8cb709a36325a42023-02-08 09:44:47.485root 11241100x8000000000000000267931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b16b9bbc2a7032023-02-08 09:44:47.485root 11241100x8000000000000000267930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a17e8dc79a01bce2023-02-08 09:44:47.485root 11241100x8000000000000000267929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed27430ffcc12702023-02-08 09:44:47.485root 11241100x8000000000000000267928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af78ad506bd00ce2023-02-08 09:44:47.485root 11241100x8000000000000000267927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659a4a3479367ff82023-02-08 09:44:47.485root 11241100x8000000000000000267937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ca5ed766dee6e2023-02-08 09:44:47.486root 11241100x8000000000000000267941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac451910b48813d2023-02-08 09:44:47.984root 11241100x8000000000000000267940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6885c143ef11501c2023-02-08 09:44:47.984root 11241100x8000000000000000267939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2022ad1bd5dc2a332023-02-08 09:44:47.984root 11241100x8000000000000000267938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04dcea8424ad475d2023-02-08 09:44:47.984root 11241100x8000000000000000267952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c586b49394c9178a2023-02-08 09:44:47.985root 11241100x8000000000000000267951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6540c4d9d0a302fc2023-02-08 09:44:47.985root 11241100x8000000000000000267950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194a3bc7ef6c20e2023-02-08 09:44:47.985root 11241100x8000000000000000267949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198fec921bf5f06e2023-02-08 09:44:47.985root 11241100x8000000000000000267948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152019ac7c49e9682023-02-08 09:44:47.985root 11241100x8000000000000000267947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc0c16daa8cda12023-02-08 09:44:47.985root 11241100x8000000000000000267946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcdddfba77ae6632023-02-08 09:44:47.985root 11241100x8000000000000000267945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a10841d13f8a832023-02-08 09:44:47.985root 11241100x8000000000000000267944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce9f700dac1fe462023-02-08 09:44:47.985root 11241100x8000000000000000267943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91d62efd7b565272023-02-08 09:44:47.985root 11241100x8000000000000000267942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4c1fefda3f5c192023-02-08 09:44:47.985root 11241100x8000000000000000267956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04835a682b1750532023-02-08 09:44:48.484root 11241100x8000000000000000267955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd0961736a01c8e2023-02-08 09:44:48.484root 11241100x8000000000000000267954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0036657ecb96d3a22023-02-08 09:44:48.484root 11241100x8000000000000000267953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44153559a899052023-02-08 09:44:48.484root 11241100x8000000000000000267967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2221da7218da54c62023-02-08 09:44:48.485root 11241100x8000000000000000267966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506ddaeb8a9902452023-02-08 09:44:48.485root 11241100x8000000000000000267965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5003bdbcad80622023-02-08 09:44:48.485root 11241100x8000000000000000267964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d341db5edbaeef2023-02-08 09:44:48.485root 11241100x8000000000000000267963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb9dbf9f0bc05ba2023-02-08 09:44:48.485root 11241100x8000000000000000267962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b2342baa7afcc92023-02-08 09:44:48.485root 11241100x8000000000000000267961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83441fa6b86d1e3f2023-02-08 09:44:48.485root 11241100x8000000000000000267960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488107d75bb481632023-02-08 09:44:48.485root 11241100x8000000000000000267959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17e55556376a4bc2023-02-08 09:44:48.485root 11241100x8000000000000000267958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abce1c9a2778bdb2023-02-08 09:44:48.485root 11241100x8000000000000000267957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac9f7d07f9e267b2023-02-08 09:44:48.485root 11241100x8000000000000000267971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba32b4f964cb2452023-02-08 09:44:48.984root 11241100x8000000000000000267970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d787c93982f95bdb2023-02-08 09:44:48.984root 11241100x8000000000000000267969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1affeb02db8f90222023-02-08 09:44:48.984root 11241100x8000000000000000267968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961114ba223b4ab62023-02-08 09:44:48.984root 11241100x8000000000000000267982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc68124f4f704632023-02-08 09:44:48.985root 11241100x8000000000000000267981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084321a60bd790862023-02-08 09:44:48.985root 11241100x8000000000000000267980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71245ee3097449a22023-02-08 09:44:48.985root 11241100x8000000000000000267979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1021119cfea99fa12023-02-08 09:44:48.985root 11241100x8000000000000000267978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d053de676efea2023-02-08 09:44:48.985root 11241100x8000000000000000267977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b576330326f7a66e2023-02-08 09:44:48.985root 11241100x8000000000000000267976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2902fc32995beb82023-02-08 09:44:48.985root 11241100x8000000000000000267975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fc30a81b1f9db82023-02-08 09:44:48.985root 11241100x8000000000000000267974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a3a0eeb33b7ced2023-02-08 09:44:48.985root 11241100x8000000000000000267973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2776d8470b698e772023-02-08 09:44:48.985root 11241100x8000000000000000267972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f22ee56343c312023-02-08 09:44:48.985root 11241100x8000000000000000267986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a543e9ee9d12782023-02-08 09:44:49.484root 11241100x8000000000000000267985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68469af6d221d4de2023-02-08 09:44:49.484root 11241100x8000000000000000267984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c05341e3f8eab22023-02-08 09:44:49.484root 11241100x8000000000000000267983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef982a1879727d12023-02-08 09:44:49.484root 11241100x8000000000000000267997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d65eb9975d17042023-02-08 09:44:49.485root 11241100x8000000000000000267996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87d1299d336fae02023-02-08 09:44:49.485root 11241100x8000000000000000267995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf95036ffde43d5e2023-02-08 09:44:49.485root 11241100x8000000000000000267994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274934f0b048e51f2023-02-08 09:44:49.485root 11241100x8000000000000000267993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cad91f2a5a71922023-02-08 09:44:49.485root 11241100x8000000000000000267992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361150336ddfb29f2023-02-08 09:44:49.485root 11241100x8000000000000000267991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fa1556ea457fec2023-02-08 09:44:49.485root 11241100x8000000000000000267990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69472836d19770152023-02-08 09:44:49.485root 11241100x8000000000000000267989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf38116ad48693c2023-02-08 09:44:49.485root 11241100x8000000000000000267988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2047780c21e79d2023-02-08 09:44:49.485root 11241100x8000000000000000267987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e942224650b217c12023-02-08 09:44:49.485root 11241100x8000000000000000268001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2150a1f8365deb0c2023-02-08 09:44:49.984root 11241100x8000000000000000268000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9358587c54d1336f2023-02-08 09:44:49.984root 11241100x8000000000000000267999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e14175258091ff2023-02-08 09:44:49.984root 11241100x8000000000000000267998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2243e3a09863dd2023-02-08 09:44:49.984root 11241100x8000000000000000268012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb91fb8545b559e2023-02-08 09:44:49.985root 11241100x8000000000000000268011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e95a2d1193ea132023-02-08 09:44:49.985root 11241100x8000000000000000268010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd357765c94638b2023-02-08 09:44:49.985root 11241100x8000000000000000268009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb81ac1d0ac0b9f2023-02-08 09:44:49.985root 11241100x8000000000000000268008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c817b26023981312023-02-08 09:44:49.985root 11241100x8000000000000000268007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013b132635ca45d92023-02-08 09:44:49.985root 11241100x8000000000000000268006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778fe0ca99a46da72023-02-08 09:44:49.985root 11241100x8000000000000000268005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ccba1c4c02b33a2023-02-08 09:44:49.985root 11241100x8000000000000000268004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21220d60249f1d82023-02-08 09:44:49.985root 11241100x8000000000000000268003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ac030b2c88f7e2023-02-08 09:44:49.985root 11241100x8000000000000000268002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8fb9c95cd234cd2023-02-08 09:44:49.985root 11241100x8000000000000000268016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21288c9daa7acff02023-02-08 09:44:50.484root 11241100x8000000000000000268015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4378ba09692b8fe2023-02-08 09:44:50.484root 11241100x8000000000000000268014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8ca04fbbff95072023-02-08 09:44:50.484root 11241100x8000000000000000268013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fef48da18568802023-02-08 09:44:50.484root 11241100x8000000000000000268027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d68e970c3a87ff2023-02-08 09:44:50.485root 11241100x8000000000000000268026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384861fe4c396d502023-02-08 09:44:50.485root 11241100x8000000000000000268025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9497cc504c0197fc2023-02-08 09:44:50.485root 11241100x8000000000000000268024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865a415e97da966e2023-02-08 09:44:50.485root 11241100x8000000000000000268023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0affe17f67f24d392023-02-08 09:44:50.485root 11241100x8000000000000000268022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cd8e28a1f71e792023-02-08 09:44:50.485root 11241100x8000000000000000268021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbe25a82b2976342023-02-08 09:44:50.485root 11241100x8000000000000000268020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4acaf07a84e4ddc2023-02-08 09:44:50.485root 11241100x8000000000000000268019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43701f2ce0c9982c2023-02-08 09:44:50.485root 11241100x8000000000000000268018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459d683580d147f02023-02-08 09:44:50.485root 11241100x8000000000000000268017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3f6e482622fad52023-02-08 09:44:50.485root 11241100x8000000000000000268031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b0c020a97e1da12023-02-08 09:44:50.984root 11241100x8000000000000000268030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c5bcab382178ab2023-02-08 09:44:50.984root 11241100x8000000000000000268029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e9c2bdfa5496232023-02-08 09:44:50.984root 11241100x8000000000000000268028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed09aa5c207ccec2023-02-08 09:44:50.984root 11241100x8000000000000000268042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c1a8179dcf93992023-02-08 09:44:50.985root 11241100x8000000000000000268041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7327a1db4cd1862023-02-08 09:44:50.985root 11241100x8000000000000000268040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05471bf3fb3e47a72023-02-08 09:44:50.985root 11241100x8000000000000000268039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bf400e0f779fb62023-02-08 09:44:50.985root 11241100x8000000000000000268038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5795c21a746c8e2023-02-08 09:44:50.985root 11241100x8000000000000000268037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c57902cb1b4dc622023-02-08 09:44:50.985root 11241100x8000000000000000268036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afc4c26fef068dd2023-02-08 09:44:50.985root 11241100x8000000000000000268035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3d808629570032023-02-08 09:44:50.985root 11241100x8000000000000000268034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097014823f71f672023-02-08 09:44:50.985root 11241100x8000000000000000268033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c22799d757ecf32023-02-08 09:44:50.985root 11241100x8000000000000000268032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3d8f416bf450822023-02-08 09:44:50.985root 11241100x8000000000000000268046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca780d6b11927e252023-02-08 09:44:51.484root 11241100x8000000000000000268045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce382d7f294b00272023-02-08 09:44:51.484root 11241100x8000000000000000268044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5fa2823a6308812023-02-08 09:44:51.484root 11241100x8000000000000000268043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e39dee3354f62e2023-02-08 09:44:51.484root 11241100x8000000000000000268057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a2d819e1a3a6922023-02-08 09:44:51.485root 11241100x8000000000000000268056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d425582fd7784b972023-02-08 09:44:51.485root 11241100x8000000000000000268055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7953158045e4fe2023-02-08 09:44:51.485root 11241100x8000000000000000268054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7363380183b92b2023-02-08 09:44:51.485root 11241100x8000000000000000268053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae47a02bf87b8082023-02-08 09:44:51.485root 11241100x8000000000000000268052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7dffe00433963e2023-02-08 09:44:51.485root 11241100x8000000000000000268051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21c2613dda079992023-02-08 09:44:51.485root 11241100x8000000000000000268050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d6b4560be558f2023-02-08 09:44:51.485root 11241100x8000000000000000268049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df965ae1f95a42c92023-02-08 09:44:51.485root 11241100x8000000000000000268048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df431c351e446a292023-02-08 09:44:51.485root 11241100x8000000000000000268047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1730a67a3e31da2023-02-08 09:44:51.485root 11241100x8000000000000000268061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478163cd79d5e5e2023-02-08 09:44:51.984root 11241100x8000000000000000268060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad72b1d23ccb9f2023-02-08 09:44:51.984root 11241100x8000000000000000268059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714ceebcdda4a0712023-02-08 09:44:51.984root 11241100x8000000000000000268058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a797f2fe3530f42023-02-08 09:44:51.984root 11241100x8000000000000000268072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555133bb5732ba312023-02-08 09:44:51.985root 11241100x8000000000000000268071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085d1ece705d74ed2023-02-08 09:44:51.985root 11241100x8000000000000000268070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe887d3fce32a5b2023-02-08 09:44:51.985root 11241100x8000000000000000268069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a637d4ceeb1f47d2023-02-08 09:44:51.985root 11241100x8000000000000000268068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb1e64909ad8562023-02-08 09:44:51.985root 11241100x8000000000000000268067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203fc5527c2637f02023-02-08 09:44:51.985root 11241100x8000000000000000268066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc69334996b07a952023-02-08 09:44:51.985root 11241100x8000000000000000268065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da08fbe41a3e1e32023-02-08 09:44:51.985root 11241100x8000000000000000268064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2376f7825a706b2d2023-02-08 09:44:51.985root 11241100x8000000000000000268063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb2d6818a1b8b9b2023-02-08 09:44:51.985root 11241100x8000000000000000268062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7941c75215899c9b2023-02-08 09:44:51.985root 354300x8000000000000000268073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.203{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43362-false10.0.1.12-8000- 11241100x8000000000000000268076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aade1b10d7741192023-02-08 09:44:52.484root 11241100x8000000000000000268075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb82b6207258b1e2023-02-08 09:44:52.484root 11241100x8000000000000000268074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db10cb24dc766e782023-02-08 09:44:52.484root 11241100x8000000000000000268085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d46743ac1c3c2c2023-02-08 09:44:52.485root 11241100x8000000000000000268084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74caad0769d089322023-02-08 09:44:52.485root 11241100x8000000000000000268083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11044f5392d14a702023-02-08 09:44:52.485root 11241100x8000000000000000268082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88378d28500bbc9a2023-02-08 09:44:52.485root 11241100x8000000000000000268081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21a280431498f52023-02-08 09:44:52.485root 11241100x8000000000000000268080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b7559b8f61cb1e2023-02-08 09:44:52.485root 11241100x8000000000000000268079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8212369c3100dc242023-02-08 09:44:52.485root 11241100x8000000000000000268078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a6954f6ee091db2023-02-08 09:44:52.485root 11241100x8000000000000000268077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d7af9841648f572023-02-08 09:44:52.485root 11241100x8000000000000000268089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0423f89827b0712023-02-08 09:44:52.486root 11241100x8000000000000000268088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5528729f751ca2023-02-08 09:44:52.486root 11241100x8000000000000000268087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d266db28d3b97d2023-02-08 09:44:52.486root 11241100x8000000000000000268086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbd82b7a4ce04182023-02-08 09:44:52.486root 11241100x8000000000000000268091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd84d67760f4972023-02-08 09:44:52.984root 11241100x8000000000000000268090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a871467fd585b02023-02-08 09:44:52.984root 11241100x8000000000000000268100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3663cd2b796bfb2023-02-08 09:44:52.985root 11241100x8000000000000000268099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149af32e838282de2023-02-08 09:44:52.985root 11241100x8000000000000000268098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082863b1935dba712023-02-08 09:44:52.985root 11241100x8000000000000000268097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507ea45b96d099aa2023-02-08 09:44:52.985root 11241100x8000000000000000268096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ccf65d7166f6232023-02-08 09:44:52.985root 11241100x8000000000000000268095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a797e105d3493122023-02-08 09:44:52.985root 11241100x8000000000000000268094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7085c4a26292b1642023-02-08 09:44:52.985root 11241100x8000000000000000268093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f48308f36181c2023-02-08 09:44:52.985root 11241100x8000000000000000268092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fd586fd490ca302023-02-08 09:44:52.985root 11241100x8000000000000000268105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9fbba0774588b22023-02-08 09:44:52.986root 11241100x8000000000000000268104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c1b8b1623b0f8e2023-02-08 09:44:52.986root 11241100x8000000000000000268103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e764990278aed9e32023-02-08 09:44:52.986root 11241100x8000000000000000268102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741037937c705f742023-02-08 09:44:52.986root 11241100x8000000000000000268101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50fcbef2bb855242023-02-08 09:44:52.986root 11241100x8000000000000000268106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d76c62f6eb46742023-02-08 09:44:53.484root 11241100x8000000000000000268112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167ec8df2e2f931e2023-02-08 09:44:53.485root 11241100x8000000000000000268111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44953d0b39acfaad2023-02-08 09:44:53.485root 11241100x8000000000000000268110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783ac597eba883252023-02-08 09:44:53.485root 11241100x8000000000000000268109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41c09573dbb17022023-02-08 09:44:53.485root 11241100x8000000000000000268108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254bf954ae0e08bd2023-02-08 09:44:53.485root 11241100x8000000000000000268107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b416c76fd2f04f2023-02-08 09:44:53.485root 11241100x8000000000000000268118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63486b432018a6f62023-02-08 09:44:53.486root 11241100x8000000000000000268117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29659a16cfbc3cf2023-02-08 09:44:53.486root 11241100x8000000000000000268116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0b68f10cc3efbb2023-02-08 09:44:53.486root 11241100x8000000000000000268115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76231ab43534c8862023-02-08 09:44:53.486root 11241100x8000000000000000268114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eacb0851ddbaf92023-02-08 09:44:53.486root 11241100x8000000000000000268113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b29adb8fc88e2c82023-02-08 09:44:53.486root 11241100x8000000000000000268121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2882f3cbf044042023-02-08 09:44:53.487root 11241100x8000000000000000268120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85180f8e18f17652023-02-08 09:44:53.487root 11241100x8000000000000000268119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797b977c5ce98c842023-02-08 09:44:53.487root 11241100x8000000000000000268122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7825194e0aab9afa2023-02-08 09:44:53.984root 11241100x8000000000000000268130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f71cfe594695042023-02-08 09:44:53.985root 11241100x8000000000000000268129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386379b353f0335d2023-02-08 09:44:53.985root 11241100x8000000000000000268128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0edc0526362d282023-02-08 09:44:53.985root 11241100x8000000000000000268127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac816a0c775f8a22023-02-08 09:44:53.985root 11241100x8000000000000000268126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e3a50a44547a452023-02-08 09:44:53.985root 11241100x8000000000000000268125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367583719f48138d2023-02-08 09:44:53.985root 11241100x8000000000000000268124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80e67ecc6d9fffe2023-02-08 09:44:53.985root 11241100x8000000000000000268123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ec54b988dfdcc82023-02-08 09:44:53.985root 11241100x8000000000000000268137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a07fc4809e453e2023-02-08 09:44:53.986root 11241100x8000000000000000268136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49bccca381a88d32023-02-08 09:44:53.986root 11241100x8000000000000000268135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a51ecdaf1cb3f9c2023-02-08 09:44:53.986root 11241100x8000000000000000268134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e1540a14b48f4e2023-02-08 09:44:53.986root 11241100x8000000000000000268133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051366f2e4bfaaab2023-02-08 09:44:53.986root 11241100x8000000000000000268132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe5b9778bfa579a2023-02-08 09:44:53.986root 11241100x8000000000000000268131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e265c15d02dce2023-02-08 09:44:53.986root 11241100x8000000000000000268139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb184092de191d2023-02-08 09:44:54.484root 11241100x8000000000000000268138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84926d5ac534dd7f2023-02-08 09:44:54.484root 11241100x8000000000000000268151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969121a7f7e772192023-02-08 09:44:54.485root 11241100x8000000000000000268150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedcf208b46df9f82023-02-08 09:44:54.485root 11241100x8000000000000000268149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1391b925844c92112023-02-08 09:44:54.485root 11241100x8000000000000000268148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cc39b813a9ff582023-02-08 09:44:54.485root 11241100x8000000000000000268147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feaffbd4166137f2023-02-08 09:44:54.485root 11241100x8000000000000000268146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3502a7ab0a05a58c2023-02-08 09:44:54.485root 11241100x8000000000000000268145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c6b334aad933732023-02-08 09:44:54.485root 11241100x8000000000000000268144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dcde39bbbdbc6c2023-02-08 09:44:54.485root 11241100x8000000000000000268143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674405b7dbf53a4c2023-02-08 09:44:54.485root 11241100x8000000000000000268142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a3e70a044be492023-02-08 09:44:54.485root 11241100x8000000000000000268141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bd350c901ac62f2023-02-08 09:44:54.485root 11241100x8000000000000000268140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2b3eca28bef3472023-02-08 09:44:54.485root 11241100x8000000000000000268153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d61a0c65ed8402023-02-08 09:44:54.486root 11241100x8000000000000000268152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e7fb8f47e721d82023-02-08 09:44:54.486root 11241100x8000000000000000268155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4ab4d774948f9e2023-02-08 09:44:54.984root 11241100x8000000000000000268154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86d7270ff7726fc2023-02-08 09:44:54.984root 11241100x8000000000000000268165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b278c25b8948a212023-02-08 09:44:54.985root 11241100x8000000000000000268164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f523fe8a3d2bef62023-02-08 09:44:54.985root 11241100x8000000000000000268163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664430900ed85c6e2023-02-08 09:44:54.985root 11241100x8000000000000000268162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ddbe40bb6626ea2023-02-08 09:44:54.985root 11241100x8000000000000000268161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258b56c3dce332d92023-02-08 09:44:54.985root 11241100x8000000000000000268160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7355f1aff5a93db2023-02-08 09:44:54.985root 11241100x8000000000000000268159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd9dbb81eaab3fe2023-02-08 09:44:54.985root 11241100x8000000000000000268158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df4e21ca74caaf82023-02-08 09:44:54.985root 11241100x8000000000000000268157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fa4e9b54c45c212023-02-08 09:44:54.985root 11241100x8000000000000000268156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28628d6b0007e7dd2023-02-08 09:44:54.985root 11241100x8000000000000000268169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a8619f36f3aadf2023-02-08 09:44:54.986root 11241100x8000000000000000268168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412eb3c83d4a0ce62023-02-08 09:44:54.986root 11241100x8000000000000000268167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97756a15349419b2023-02-08 09:44:54.986root 11241100x8000000000000000268166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330ed9144b66ac402023-02-08 09:44:54.986root 11241100x8000000000000000268178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c288837c862b03d2023-02-08 09:44:55.485root 11241100x8000000000000000268177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4753eafd114626c2023-02-08 09:44:55.485root 11241100x8000000000000000268176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361cce96d8a3176c2023-02-08 09:44:55.485root 11241100x8000000000000000268175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d498ad4c06679452023-02-08 09:44:55.485root 11241100x8000000000000000268174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9413c88f7544710f2023-02-08 09:44:55.485root 11241100x8000000000000000268173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b964d819039c05c2023-02-08 09:44:55.485root 11241100x8000000000000000268172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f3bb95ca01381f2023-02-08 09:44:55.485root 11241100x8000000000000000268171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7fa3e820cc3ef2023-02-08 09:44:55.485root 11241100x8000000000000000268170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60ec50db0509a632023-02-08 09:44:55.485root 11241100x8000000000000000268185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4f3d674be724b62023-02-08 09:44:55.486root 11241100x8000000000000000268184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d4c967ad5a5a02023-02-08 09:44:55.486root 11241100x8000000000000000268183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a8f98c8593c2392023-02-08 09:44:55.486root 11241100x8000000000000000268182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dabc2825729e3e12023-02-08 09:44:55.486root 11241100x8000000000000000268181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088fb7172c8404db2023-02-08 09:44:55.486root 11241100x8000000000000000268180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25021d3b8af05c62023-02-08 09:44:55.486root 11241100x8000000000000000268179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fa22f274637f842023-02-08 09:44:55.486root 11241100x8000000000000000268189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc932b94a9f4f7362023-02-08 09:44:55.984root 11241100x8000000000000000268188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e9c3d831be805b2023-02-08 09:44:55.984root 11241100x8000000000000000268187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2cc3f5609e42232023-02-08 09:44:55.984root 11241100x8000000000000000268186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af9ca39a92f9552023-02-08 09:44:55.984root 11241100x8000000000000000268199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3961ac198fe8ec932023-02-08 09:44:55.985root 11241100x8000000000000000268198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4c787c438487112023-02-08 09:44:55.985root 11241100x8000000000000000268197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865821fa3dd9973c2023-02-08 09:44:55.985root 11241100x8000000000000000268196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d350a4f49b851cd12023-02-08 09:44:55.985root 11241100x8000000000000000268195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bc7896935712322023-02-08 09:44:55.985root 11241100x8000000000000000268194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9548dca4f43502023-02-08 09:44:55.985root 11241100x8000000000000000268193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46e6a430a0dbf532023-02-08 09:44:55.985root 11241100x8000000000000000268192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1785d1de182a5162023-02-08 09:44:55.985root 11241100x8000000000000000268191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9793af5753ebc8bd2023-02-08 09:44:55.985root 11241100x8000000000000000268190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a68b23988f51ad52023-02-08 09:44:55.985root 11241100x8000000000000000268201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca5c3a1729578e52023-02-08 09:44:55.986root 11241100x8000000000000000268200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206028f8620acb942023-02-08 09:44:55.986root 11241100x8000000000000000268205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a950f95e91e5292023-02-08 09:44:56.484root 11241100x8000000000000000268204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193f994024672df62023-02-08 09:44:56.484root 11241100x8000000000000000268203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da7e4f7340a7032023-02-08 09:44:56.484root 11241100x8000000000000000268202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04a1b54de713fb2023-02-08 09:44:56.484root 11241100x8000000000000000268217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4818aa8332f1a5c2023-02-08 09:44:56.485root 11241100x8000000000000000268216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19443c36580014512023-02-08 09:44:56.485root 11241100x8000000000000000268215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1777ce95ef4c62a42023-02-08 09:44:56.485root 11241100x8000000000000000268214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb416e9f708cf42023-02-08 09:44:56.485root 11241100x8000000000000000268213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3033230e5df31cf92023-02-08 09:44:56.485root 11241100x8000000000000000268212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698795ea95a3f022023-02-08 09:44:56.485root 11241100x8000000000000000268211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d810c17a9d58f62023-02-08 09:44:56.485root 11241100x8000000000000000268210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4111e0d782b3a22023-02-08 09:44:56.485root 11241100x8000000000000000268209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdef3f06ca9d773f2023-02-08 09:44:56.485root 11241100x8000000000000000268208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207f9f7d66d13a62023-02-08 09:44:56.485root 11241100x8000000000000000268207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d11cebe7b19c3a22023-02-08 09:44:56.485root 11241100x8000000000000000268206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c94f1e678e42702023-02-08 09:44:56.485root 11241100x8000000000000000268221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84844f5d24979e872023-02-08 09:44:56.984root 11241100x8000000000000000268220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0821c43df3d9b2232023-02-08 09:44:56.984root 11241100x8000000000000000268219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7899b5cf85b38a042023-02-08 09:44:56.984root 11241100x8000000000000000268218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ef8771522ce1622023-02-08 09:44:56.984root 11241100x8000000000000000268233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c63da887344c2bd2023-02-08 09:44:56.985root 11241100x8000000000000000268232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dfd0bdeb4e58e62023-02-08 09:44:56.985root 11241100x8000000000000000268231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b96bd49b016a5b52023-02-08 09:44:56.985root 11241100x8000000000000000268230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2817f4e64537832023-02-08 09:44:56.985root 11241100x8000000000000000268229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854dc2352501b71a2023-02-08 09:44:56.985root 11241100x8000000000000000268228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a8154572640cc72023-02-08 09:44:56.985root 11241100x8000000000000000268227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c664f0a4443605a2023-02-08 09:44:56.985root 11241100x8000000000000000268226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f9da5c5d824bdd2023-02-08 09:44:56.985root 11241100x8000000000000000268225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a63970aa31c08f2023-02-08 09:44:56.985root 11241100x8000000000000000268224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbea5014c9cbd4b2023-02-08 09:44:56.985root 11241100x8000000000000000268223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6fed29629a3252023-02-08 09:44:56.985root 11241100x8000000000000000268222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca07ac7836cac722023-02-08 09:44:56.985root 11241100x8000000000000000268239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de4fb8cc09db5b52023-02-08 09:44:57.485root 11241100x8000000000000000268238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca870168cddc94d2023-02-08 09:44:57.485root 11241100x8000000000000000268237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a1b2506138d2992023-02-08 09:44:57.485root 11241100x8000000000000000268236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7934633cff16f6b22023-02-08 09:44:57.485root 11241100x8000000000000000268235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74254a8e53d476a32023-02-08 09:44:57.485root 11241100x8000000000000000268234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfc07b4050b06452023-02-08 09:44:57.485root 11241100x8000000000000000268249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb9c1d1d6df340d2023-02-08 09:44:57.486root 11241100x8000000000000000268248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fda5b0833adf33e2023-02-08 09:44:57.486root 11241100x8000000000000000268247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c288e7ff7e037a832023-02-08 09:44:57.486root 11241100x8000000000000000268246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc1a085f047c06e2023-02-08 09:44:57.486root 11241100x8000000000000000268245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122d23d3a49ddf132023-02-08 09:44:57.486root 11241100x8000000000000000268244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14266659b67130f2023-02-08 09:44:57.486root 11241100x8000000000000000268243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617130cf8bbcc9fa2023-02-08 09:44:57.486root 11241100x8000000000000000268242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606de0970c94ae442023-02-08 09:44:57.486root 11241100x8000000000000000268241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd0b7b598f0530a2023-02-08 09:44:57.486root 11241100x8000000000000000268240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f356a17c0ea25c2023-02-08 09:44:57.486root 11241100x8000000000000000268253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1a8c82687c34a82023-02-08 09:44:57.984root 11241100x8000000000000000268252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ba0e5c5b56dc42023-02-08 09:44:57.984root 11241100x8000000000000000268251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d725df3b2fa842023-02-08 09:44:57.984root 11241100x8000000000000000268250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9139d344bc85f8082023-02-08 09:44:57.984root 11241100x8000000000000000268265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfce11bf82ad3a4e2023-02-08 09:44:57.985root 11241100x8000000000000000268264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ae1a735dfc148b2023-02-08 09:44:57.985root 11241100x8000000000000000268263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c55db659747c92023-02-08 09:44:57.985root 11241100x8000000000000000268262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a085eb2f1f8c5f2023-02-08 09:44:57.985root 11241100x8000000000000000268261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd76a66a2adc5782023-02-08 09:44:57.985root 11241100x8000000000000000268260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3deb3a4e9884372023-02-08 09:44:57.985root 11241100x8000000000000000268259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627807f69d7625002023-02-08 09:44:57.985root 11241100x8000000000000000268258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a006b05eb842c8c62023-02-08 09:44:57.985root 11241100x8000000000000000268257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ad6f4fe46ebb22023-02-08 09:44:57.985root 11241100x8000000000000000268256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57fa16b0d6b9b122023-02-08 09:44:57.985root 11241100x8000000000000000268255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744713ab5475a53d2023-02-08 09:44:57.985root 11241100x8000000000000000268254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11193e5fc917852023-02-08 09:44:57.985root 354300x8000000000000000268266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.165{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41210-false10.0.1.12-8000- 11241100x8000000000000000268269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2660d853af6d37e42023-02-08 09:44:58.484root 11241100x8000000000000000268268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb0dc9a207a3cf32023-02-08 09:44:58.484root 11241100x8000000000000000268267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8645f25eaa9dd232023-02-08 09:44:58.484root 11241100x8000000000000000268277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b79158adb27d1d12023-02-08 09:44:58.485root 11241100x8000000000000000268276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231ad56a5544337c2023-02-08 09:44:58.485root 11241100x8000000000000000268275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0b4ceb6f357b12023-02-08 09:44:58.485root 11241100x8000000000000000268274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773fdbcba93080092023-02-08 09:44:58.485root 11241100x8000000000000000268273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7a92e3095659412023-02-08 09:44:58.485root 11241100x8000000000000000268272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dda71909c33d732023-02-08 09:44:58.485root 11241100x8000000000000000268271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684886735f42829a2023-02-08 09:44:58.485root 11241100x8000000000000000268270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3212bfa68aa45b82023-02-08 09:44:58.485root 11241100x8000000000000000268283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8168b3f1e8ff86a2023-02-08 09:44:58.486root 11241100x8000000000000000268282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2da1f27ac59364d2023-02-08 09:44:58.486root 11241100x8000000000000000268281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ff5a6bac66dff2023-02-08 09:44:58.486root 11241100x8000000000000000268280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1af74f3183e4f052023-02-08 09:44:58.486root 11241100x8000000000000000268279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d81a0b4712414832023-02-08 09:44:58.486root 11241100x8000000000000000268278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9be9c42c6b9d602023-02-08 09:44:58.486root 11241100x8000000000000000268286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8206698060761d2023-02-08 09:44:58.984root 11241100x8000000000000000268285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d3d7cda1b474cb2023-02-08 09:44:58.984root 11241100x8000000000000000268284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e031d2789324272023-02-08 09:44:58.984root 11241100x8000000000000000268300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62311dcbbc6d7a192023-02-08 09:44:58.985root 11241100x8000000000000000268299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699e6be1d10643b72023-02-08 09:44:58.985root 11241100x8000000000000000268298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a494be72f6b92fca2023-02-08 09:44:58.985root 11241100x8000000000000000268297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc141c961852c582023-02-08 09:44:58.985root 11241100x8000000000000000268296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603378cb90c425fd2023-02-08 09:44:58.985root 11241100x8000000000000000268295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938a7f2c7b7de9522023-02-08 09:44:58.985root 11241100x8000000000000000268294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8783653a89ac922023-02-08 09:44:58.985root 11241100x8000000000000000268293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77dd889a73a73602023-02-08 09:44:58.985root 11241100x8000000000000000268292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e609ed26f8cd3ee52023-02-08 09:44:58.985root 11241100x8000000000000000268291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb8dbb78227bfb22023-02-08 09:44:58.985root 11241100x8000000000000000268290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7273a0db219d23922023-02-08 09:44:58.985root 11241100x8000000000000000268289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5013f5433bfe292023-02-08 09:44:58.985root 11241100x8000000000000000268288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5058cade91ee25dd2023-02-08 09:44:58.985root 11241100x8000000000000000268287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5815756888a06a02023-02-08 09:44:58.985root 11241100x8000000000000000268303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5623b086722a00a2023-02-08 09:44:59.484root 11241100x8000000000000000268302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7331f32bc7a64fbe2023-02-08 09:44:59.484root 11241100x8000000000000000268301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dca84c0ccf45b72023-02-08 09:44:59.484root 11241100x8000000000000000268316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2729121146cb362023-02-08 09:44:59.485root 11241100x8000000000000000268315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179fd531a770994e2023-02-08 09:44:59.485root 11241100x8000000000000000268314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1261bf9606d39382023-02-08 09:44:59.485root 11241100x8000000000000000268313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0424c0f90efa96d02023-02-08 09:44:59.485root 11241100x8000000000000000268312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e011c192c15bfd2023-02-08 09:44:59.485root 11241100x8000000000000000268311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbafb73cab39cb22023-02-08 09:44:59.485root 11241100x8000000000000000268310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f837caf5a80efea2023-02-08 09:44:59.485root 11241100x8000000000000000268309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff29505977b151d52023-02-08 09:44:59.485root 11241100x8000000000000000268308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c68aff626afc5782023-02-08 09:44:59.485root 11241100x8000000000000000268307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9af7e20edcbdb42023-02-08 09:44:59.485root 11241100x8000000000000000268306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19645009635a86672023-02-08 09:44:59.485root 11241100x8000000000000000268305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d43444c6af97b2023-02-08 09:44:59.485root 11241100x8000000000000000268304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dee30cd8fcf99b2023-02-08 09:44:59.485root 11241100x8000000000000000268317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740574e9bc7e981f2023-02-08 09:44:59.486root 11241100x8000000000000000268320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ce34b4abc549232023-02-08 09:44:59.984root 11241100x8000000000000000268319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf82a0ce59177562023-02-08 09:44:59.984root 11241100x8000000000000000268318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78399de1fe5a00cb2023-02-08 09:44:59.984root 11241100x8000000000000000268334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ddb78ae7e81ea52023-02-08 09:44:59.985root 11241100x8000000000000000268333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125a216166be79ec2023-02-08 09:44:59.985root 11241100x8000000000000000268332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7e66c2c4abde432023-02-08 09:44:59.985root 11241100x8000000000000000268331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549e1b1a8bc50d982023-02-08 09:44:59.985root 11241100x8000000000000000268330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43608e17c90187182023-02-08 09:44:59.985root 11241100x8000000000000000268329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d259f7995c292ad52023-02-08 09:44:59.985root 11241100x8000000000000000268328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edf84cdcb988c9f2023-02-08 09:44:59.985root 11241100x8000000000000000268327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81387a3847dd41d62023-02-08 09:44:59.985root 11241100x8000000000000000268326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c90e92795018462023-02-08 09:44:59.985root 11241100x8000000000000000268325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776e22609aa8b422023-02-08 09:44:59.985root 11241100x8000000000000000268324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8157fe0bfd47537b2023-02-08 09:44:59.985root 11241100x8000000000000000268323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053fa5506b6d2df32023-02-08 09:44:59.985root 11241100x8000000000000000268322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea238ab525e611ea2023-02-08 09:44:59.985root 11241100x8000000000000000268321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:44:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11213505cb4f4eb32023-02-08 09:44:59.985root 11241100x8000000000000000268337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de252e706271ec3c2023-02-08 09:45:00.484root 11241100x8000000000000000268336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df521df2163af52023-02-08 09:45:00.484root 11241100x8000000000000000268335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25554d721d533fd62023-02-08 09:45:00.484root 11241100x8000000000000000268351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432ddb0e2a9c4c042023-02-08 09:45:00.485root 11241100x8000000000000000268350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7b1698e578f8302023-02-08 09:45:00.485root 11241100x8000000000000000268349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8045e36a258acc2023-02-08 09:45:00.485root 11241100x8000000000000000268348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9701f40206e7166a2023-02-08 09:45:00.485root 11241100x8000000000000000268347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5ad3035f002c842023-02-08 09:45:00.485root 11241100x8000000000000000268346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e571d1efa6a97d22023-02-08 09:45:00.485root 11241100x8000000000000000268345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4882f46703849d02023-02-08 09:45:00.485root 11241100x8000000000000000268344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609775ef822e38212023-02-08 09:45:00.485root 11241100x8000000000000000268343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc790513c41f7d4f2023-02-08 09:45:00.485root 11241100x8000000000000000268342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe842cbd3e25eec2023-02-08 09:45:00.485root 11241100x8000000000000000268341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19050dea8133da2a2023-02-08 09:45:00.485root 11241100x8000000000000000268340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13b6e06fd167dfd2023-02-08 09:45:00.485root 11241100x8000000000000000268339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed453ece5db948e2023-02-08 09:45:00.485root 11241100x8000000000000000268338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a47487d0a818a1d2023-02-08 09:45:00.485root 11241100x8000000000000000268354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a618b5d9918f22023-02-08 09:45:00.984root 11241100x8000000000000000268353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1577dc61b3d6ab12023-02-08 09:45:00.984root 11241100x8000000000000000268352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c73b6608e28bc32023-02-08 09:45:00.984root 11241100x8000000000000000268361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58ba9f767e0df852023-02-08 09:45:00.985root 11241100x8000000000000000268360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fda2a836611b5e2023-02-08 09:45:00.985root 11241100x8000000000000000268359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22730190d2b69a962023-02-08 09:45:00.985root 11241100x8000000000000000268358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d9079a7f651f6b2023-02-08 09:45:00.985root 11241100x8000000000000000268357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061f0218acd023522023-02-08 09:45:00.985root 11241100x8000000000000000268356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5813dc648cb81482023-02-08 09:45:00.985root 11241100x8000000000000000268355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc07a990a5ed2fac2023-02-08 09:45:00.985root 11241100x8000000000000000268367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638078d327c25a8f2023-02-08 09:45:00.986root 11241100x8000000000000000268366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e4ab24a078dd6b2023-02-08 09:45:00.986root 11241100x8000000000000000268365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df3d9e607fa4b592023-02-08 09:45:00.986root 11241100x8000000000000000268364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7ac4c51ccff2432023-02-08 09:45:00.986root 11241100x8000000000000000268363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d312b46dc696e6cd2023-02-08 09:45:00.986root 11241100x8000000000000000268362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c0f6ce9309d2e12023-02-08 09:45:00.986root 11241100x8000000000000000268368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f676960803734ff62023-02-08 09:45:00.987root 11241100x8000000000000000268371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd3b4aaf530eac22023-02-08 09:45:01.484root 11241100x8000000000000000268370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405cfc080b1a27542023-02-08 09:45:01.484root 11241100x8000000000000000268369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d656cb4ff824b92023-02-08 09:45:01.484root 11241100x8000000000000000268383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512fa427864b1762023-02-08 09:45:01.485root 11241100x8000000000000000268382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3be74b454505c2023-02-08 09:45:01.485root 11241100x8000000000000000268381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afaea9aa47fb8662023-02-08 09:45:01.485root 11241100x8000000000000000268380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296efe5aacf5caef2023-02-08 09:45:01.485root 11241100x8000000000000000268379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57f1fd0eeffc0c2023-02-08 09:45:01.485root 11241100x8000000000000000268378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dcfa2cd569f8a22023-02-08 09:45:01.485root 11241100x8000000000000000268377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207129a6644841612023-02-08 09:45:01.485root 11241100x8000000000000000268376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a3644b5d8732d42023-02-08 09:45:01.485root 11241100x8000000000000000268375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6fa35294e96edf2023-02-08 09:45:01.485root 11241100x8000000000000000268374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58472fa6b4ccd9282023-02-08 09:45:01.485root 11241100x8000000000000000268373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1167f41bffb01132023-02-08 09:45:01.485root 11241100x8000000000000000268372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914ec9bcd9a52662023-02-08 09:45:01.485root 11241100x8000000000000000268385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a2cc1b05897402023-02-08 09:45:01.486root 11241100x8000000000000000268384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab56e942bd9fe4ba2023-02-08 09:45:01.486root 11241100x8000000000000000268387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c224f8b9bdc3b7532023-02-08 09:45:01.984root 11241100x8000000000000000268386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98598bee4e5dc3282023-02-08 09:45:01.984root 11241100x8000000000000000268396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b361dc10b4d282023-02-08 09:45:01.985root 11241100x8000000000000000268395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b03e8d2fd3f00c2023-02-08 09:45:01.985root 11241100x8000000000000000268394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677599566f6d14522023-02-08 09:45:01.985root 11241100x8000000000000000268393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a855c1e24923c92023-02-08 09:45:01.985root 11241100x8000000000000000268392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cc742a64442ce62023-02-08 09:45:01.985root 11241100x8000000000000000268391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc4019522ea8a182023-02-08 09:45:01.985root 11241100x8000000000000000268390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8993d2a8fcdf312023-02-08 09:45:01.985root 11241100x8000000000000000268389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99df49d51dace52023-02-08 09:45:01.985root 11241100x8000000000000000268388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5355505b7925d4b2023-02-08 09:45:01.985root 11241100x8000000000000000268402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cfaca74063985d2023-02-08 09:45:01.986root 11241100x8000000000000000268401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbadd5eeba14af4b2023-02-08 09:45:01.986root 11241100x8000000000000000268400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e692757357fe882023-02-08 09:45:01.986root 11241100x8000000000000000268399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cc0712df1640f02023-02-08 09:45:01.986root 11241100x8000000000000000268398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaa464ec156b5dd2023-02-08 09:45:01.986root 11241100x8000000000000000268397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb513f1f4c0bc5822023-02-08 09:45:01.986root 11241100x8000000000000000268405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f753cc838d978d2023-02-08 09:45:02.484root 11241100x8000000000000000268404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c841db7fa9183f2023-02-08 09:45:02.484root 11241100x8000000000000000268403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559e9e7570e361402023-02-08 09:45:02.484root 11241100x8000000000000000268414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12547c87c8ebb4d02023-02-08 09:45:02.485root 11241100x8000000000000000268413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a700a357d4eb3e2023-02-08 09:45:02.485root 11241100x8000000000000000268412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a986f72358a0e2023-02-08 09:45:02.485root 11241100x8000000000000000268411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b60603bed60dad2023-02-08 09:45:02.485root 11241100x8000000000000000268410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ec3dae13e099d2023-02-08 09:45:02.485root 11241100x8000000000000000268409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fa7923a918dd5c2023-02-08 09:45:02.485root 11241100x8000000000000000268408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c211843a8f7a0e22023-02-08 09:45:02.485root 11241100x8000000000000000268407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00580f31530fed22023-02-08 09:45:02.485root 11241100x8000000000000000268406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb95916b936bc202023-02-08 09:45:02.485root 11241100x8000000000000000268419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df60cedf84deae52023-02-08 09:45:02.486root 11241100x8000000000000000268418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26994399491d3d072023-02-08 09:45:02.486root 11241100x8000000000000000268417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8121f36a159ebcb32023-02-08 09:45:02.486root 11241100x8000000000000000268416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3d2a9cc113ff4f2023-02-08 09:45:02.486root 11241100x8000000000000000268415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffa53b21147b8672023-02-08 09:45:02.486root 154100x8000000000000000268420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.950{ec2a0601-6f1e-63e3-6824-b2dfd7550000}5809/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000268426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4806612cee8c10e62023-02-08 09:45:02.953root 11241100x8000000000000000268425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ec0eb2a5fc63242023-02-08 09:45:02.953root 11241100x8000000000000000268424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16129290a06973b02023-02-08 09:45:02.953root 11241100x8000000000000000268423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfead58067896392023-02-08 09:45:02.953root 11241100x8000000000000000268422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c551c712a27fdd742023-02-08 09:45:02.953root 11241100x8000000000000000268421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.953{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9b81bb7152002d2023-02-08 09:45:02.953root 11241100x8000000000000000268430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.954{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d98c1fcb6de3a2023-02-08 09:45:02.954root 11241100x8000000000000000268429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.954{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430c7cb7ead689482023-02-08 09:45:02.954root 11241100x8000000000000000268428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.954{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35c2121989167722023-02-08 09:45:02.954root 11241100x8000000000000000268427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.954{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a5d5d976de50522023-02-08 09:45:02.954root 11241100x8000000000000000268432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.955{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e206348c7b77d32023-02-08 09:45:02.955root 11241100x8000000000000000268431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.955{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9722a5d082716f2023-02-08 09:45:02.955root 11241100x8000000000000000268435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.956{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bfa9cd8d9220d82023-02-08 09:45:02.956root 11241100x8000000000000000268434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.956{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fcc8670ff69fee2023-02-08 09:45:02.956root 11241100x8000000000000000268433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.956{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44e93a994470d792023-02-08 09:45:02.956root 11241100x8000000000000000268438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.957{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620e2f7110d50a392023-02-08 09:45:02.957root 11241100x8000000000000000268437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.957{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a7512761ebd0a2023-02-08 09:45:02.957root 11241100x8000000000000000268436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.957{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04ba0aded773f9c2023-02-08 09:45:02.957root 534500x8000000000000000268439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:02.978{ec2a0601-6f1e-63e3-6824-b2dfd7550000}5809/bin/psroot 11241100x8000000000000000268440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b5cb74614b9de52023-02-08 09:45:03.237root 11241100x8000000000000000268454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb691058b5347a6c2023-02-08 09:45:03.238root 11241100x8000000000000000268453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15a2ea15ff3392a2023-02-08 09:45:03.238root 11241100x8000000000000000268452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602a2718f4b4e0492023-02-08 09:45:03.238root 11241100x8000000000000000268451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a94f36c21eeaaff2023-02-08 09:45:03.238root 11241100x8000000000000000268450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f81de47e538a9682023-02-08 09:45:03.238root 11241100x8000000000000000268449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88436ea06afc1cbf2023-02-08 09:45:03.238root 11241100x8000000000000000268448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4be968d7d8a1c22023-02-08 09:45:03.238root 11241100x8000000000000000268447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad65ce3b45624b1c2023-02-08 09:45:03.238root 11241100x8000000000000000268446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e057c98bea39a062023-02-08 09:45:03.238root 11241100x8000000000000000268445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5153991d0ccc362023-02-08 09:45:03.238root 11241100x8000000000000000268444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3318d6301a3b64762023-02-08 09:45:03.238root 11241100x8000000000000000268443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6509ac3551ad5e2023-02-08 09:45:03.238root 11241100x8000000000000000268442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34d896dfc8dbcbf2023-02-08 09:45:03.238root 11241100x8000000000000000268441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3c932ab44f445a2023-02-08 09:45:03.238root 11241100x8000000000000000268458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915bbc28cb30d482023-02-08 09:45:03.239root 11241100x8000000000000000268457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098d09a1c451803b2023-02-08 09:45:03.239root 11241100x8000000000000000268456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a86beecae72ff52023-02-08 09:45:03.239root 11241100x8000000000000000268455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e5fe4e0e0a2f12023-02-08 09:45:03.239root 11241100x8000000000000000268459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093fd0adfd4050062023-02-08 09:45:03.734root 11241100x8000000000000000268474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c175f94daeb787fd2023-02-08 09:45:03.735root 11241100x8000000000000000268473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef69ee73c8e5bc9d2023-02-08 09:45:03.735root 11241100x8000000000000000268472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be70006c713ba5292023-02-08 09:45:03.735root 11241100x8000000000000000268471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f498c18fca4ebd842023-02-08 09:45:03.735root 11241100x8000000000000000268470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f26588aaca3de82023-02-08 09:45:03.735root 11241100x8000000000000000268469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb583d1a291bcc52023-02-08 09:45:03.735root 11241100x8000000000000000268468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f4f78ecc4175a2023-02-08 09:45:03.735root 11241100x8000000000000000268467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65870c2aa72dd32f2023-02-08 09:45:03.735root 11241100x8000000000000000268466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b190ee06160948ca2023-02-08 09:45:03.735root 11241100x8000000000000000268465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd564c8f00dbc9cb2023-02-08 09:45:03.735root 11241100x8000000000000000268464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8322c583d1a660e12023-02-08 09:45:03.735root 11241100x8000000000000000268463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b8375c8487cc322023-02-08 09:45:03.735root 11241100x8000000000000000268462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d8574431da15a92023-02-08 09:45:03.735root 11241100x8000000000000000268461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841243979f2f5f912023-02-08 09:45:03.735root 11241100x8000000000000000268460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4317d4eced7ca02023-02-08 09:45:03.735root 11241100x8000000000000000268477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f88d8ddba1b7b42023-02-08 09:45:03.736root 11241100x8000000000000000268476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff3ccdb8f79d722023-02-08 09:45:03.736root 11241100x8000000000000000268475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284129c997e90e9f2023-02-08 09:45:03.736root 354300x8000000000000000268478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.154{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41212-false10.0.1.12-8000- 11241100x8000000000000000268484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314112ea7b9102532023-02-08 09:45:04.155root 11241100x8000000000000000268483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22df928e8638493c2023-02-08 09:45:04.155root 11241100x8000000000000000268482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cfe9d883d8c59e2023-02-08 09:45:04.155root 11241100x8000000000000000268481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6064b06a072b242023-02-08 09:45:04.155root 11241100x8000000000000000268480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0dafa4031f0f812023-02-08 09:45:04.155root 11241100x8000000000000000268479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354c3bd3f1f1d0042023-02-08 09:45:04.155root 11241100x8000000000000000268494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6fd86b39ea6e342023-02-08 09:45:04.156root 11241100x8000000000000000268493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7757b1de84c9172023-02-08 09:45:04.156root 11241100x8000000000000000268492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4912627cc39729972023-02-08 09:45:04.156root 11241100x8000000000000000268491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c6067bc02c3b5a2023-02-08 09:45:04.156root 11241100x8000000000000000268490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad019cb0d17639042023-02-08 09:45:04.156root 11241100x8000000000000000268489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e59cd3afdb1a902023-02-08 09:45:04.156root 11241100x8000000000000000268488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23a118fb6c78ef22023-02-08 09:45:04.156root 11241100x8000000000000000268487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6875bc39f74b14292023-02-08 09:45:04.156root 11241100x8000000000000000268486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a7356e5e765e792023-02-08 09:45:04.156root 11241100x8000000000000000268485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd949fd070061422023-02-08 09:45:04.156root 11241100x8000000000000000268498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbf5c87be941a182023-02-08 09:45:04.157root 11241100x8000000000000000268497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9b8a5e8d052282023-02-08 09:45:04.157root 11241100x8000000000000000268496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed1aff07bcd05312023-02-08 09:45:04.157root 11241100x8000000000000000268495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bca43a7aa4152152023-02-08 09:45:04.157root 11241100x8000000000000000268499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946eed882f4c495e2023-02-08 09:45:04.484root 11241100x8000000000000000268514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71209fa055630c8f2023-02-08 09:45:04.485root 11241100x8000000000000000268513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f8dba69c2233e62023-02-08 09:45:04.485root 11241100x8000000000000000268512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a013c21bf40032023-02-08 09:45:04.485root 11241100x8000000000000000268511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f47b6b17af118f2023-02-08 09:45:04.485root 11241100x8000000000000000268510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5c3b5e7338346b2023-02-08 09:45:04.485root 11241100x8000000000000000268509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5cc757759fed082023-02-08 09:45:04.485root 11241100x8000000000000000268508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3cbb1450ff641b2023-02-08 09:45:04.485root 11241100x8000000000000000268507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cb0bd103a9fa022023-02-08 09:45:04.485root 11241100x8000000000000000268506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce2d958fd414ac2023-02-08 09:45:04.485root 11241100x8000000000000000268505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee7954a25f03b002023-02-08 09:45:04.485root 11241100x8000000000000000268504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15305a14f9ea1dfc2023-02-08 09:45:04.485root 11241100x8000000000000000268503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7c98ae856b264f2023-02-08 09:45:04.485root 11241100x8000000000000000268502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5625d3bb16d5a812023-02-08 09:45:04.485root 11241100x8000000000000000268501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1758ca34942a4d2023-02-08 09:45:04.485root 11241100x8000000000000000268500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab0be8d0bf09d12023-02-08 09:45:04.485root 11241100x8000000000000000268518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3784e534ddc0bf522023-02-08 09:45:04.486root 11241100x8000000000000000268517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3130721e21fd60cd2023-02-08 09:45:04.486root 11241100x8000000000000000268516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0601493252981092023-02-08 09:45:04.486root 11241100x8000000000000000268515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394452523f139f362023-02-08 09:45:04.486root 11241100x8000000000000000268519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87cbc934b2c33ad2023-02-08 09:45:04.984root 11241100x8000000000000000268533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeb52e135abceaa2023-02-08 09:45:04.985root 11241100x8000000000000000268532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1db26c5c93faf72023-02-08 09:45:04.985root 11241100x8000000000000000268531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c137befbba1e322023-02-08 09:45:04.985root 11241100x8000000000000000268530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7974068a44bb9edd2023-02-08 09:45:04.985root 11241100x8000000000000000268529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0867b5631fe59e2023-02-08 09:45:04.985root 11241100x8000000000000000268528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db85b9d78d5f85632023-02-08 09:45:04.985root 11241100x8000000000000000268527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074d6dbd6055d0632023-02-08 09:45:04.985root 11241100x8000000000000000268526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c88b9823344edf2023-02-08 09:45:04.985root 11241100x8000000000000000268525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44269d595cd20862023-02-08 09:45:04.985root 11241100x8000000000000000268524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ffaa320cc0b77c2023-02-08 09:45:04.985root 11241100x8000000000000000268523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1817b4fd58d040042023-02-08 09:45:04.985root 11241100x8000000000000000268522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c7ad6ac03cf4772023-02-08 09:45:04.985root 11241100x8000000000000000268521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d5dc9fd48bfab2023-02-08 09:45:04.985root 11241100x8000000000000000268520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0662cd2d79032aa82023-02-08 09:45:04.985root 11241100x8000000000000000268538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057cde386a57124d2023-02-08 09:45:04.986root 11241100x8000000000000000268537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee25e3c61a32d4232023-02-08 09:45:04.986root 11241100x8000000000000000268536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c975d39c89440a3f2023-02-08 09:45:04.986root 11241100x8000000000000000268535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e466d9bfcb231d722023-02-08 09:45:04.986root 11241100x8000000000000000268534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65a8bb4691c0d6f2023-02-08 09:45:04.986root 11241100x8000000000000000268539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5e0660f246cc7c2023-02-08 09:45:05.485root 11241100x8000000000000000268553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cc62514341f7fd2023-02-08 09:45:05.486root 11241100x8000000000000000268552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e9917b8b22ca9a2023-02-08 09:45:05.486root 11241100x8000000000000000268551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb914ef2614fb5542023-02-08 09:45:05.486root 11241100x8000000000000000268550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f899a13a9310914d2023-02-08 09:45:05.486root 11241100x8000000000000000268549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26343b428a5a63522023-02-08 09:45:05.486root 11241100x8000000000000000268548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe83b47567c70002023-02-08 09:45:05.486root 11241100x8000000000000000268547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7423d4b289a2a2f2023-02-08 09:45:05.486root 11241100x8000000000000000268546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dd34165546b2452023-02-08 09:45:05.486root 11241100x8000000000000000268545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b1e5711465e3c32023-02-08 09:45:05.486root 11241100x8000000000000000268544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106e785a848e68d12023-02-08 09:45:05.486root 11241100x8000000000000000268543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1320a5959b2f8972023-02-08 09:45:05.486root 11241100x8000000000000000268542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc9922d0e63b5572023-02-08 09:45:05.486root 11241100x8000000000000000268541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d8b25f4349eaff2023-02-08 09:45:05.486root 11241100x8000000000000000268540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6630d0bc9b6700672023-02-08 09:45:05.486root 11241100x8000000000000000268558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fd66abfec794392023-02-08 09:45:05.487root 11241100x8000000000000000268557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a5010605adf3442023-02-08 09:45:05.487root 11241100x8000000000000000268556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c0abcab8b537c72023-02-08 09:45:05.487root 11241100x8000000000000000268555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817cf2f07c58d29a2023-02-08 09:45:05.487root 11241100x8000000000000000268554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4398c169326132f12023-02-08 09:45:05.487root 11241100x8000000000000000268559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b799b69e604124332023-02-08 09:45:05.984root 11241100x8000000000000000268569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954f5fca5242e8882023-02-08 09:45:05.985root 11241100x8000000000000000268568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33f21ee6e7539ff2023-02-08 09:45:05.985root 11241100x8000000000000000268567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eb968d3bd473152023-02-08 09:45:05.985root 11241100x8000000000000000268566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3d6e8e0fdcd0212023-02-08 09:45:05.985root 11241100x8000000000000000268565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cce75c3dccdbe882023-02-08 09:45:05.985root 11241100x8000000000000000268564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4154fb29a39c9b2023-02-08 09:45:05.985root 11241100x8000000000000000268563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3f4884f7be3fc2023-02-08 09:45:05.985root 11241100x8000000000000000268562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43c09e888d3fa362023-02-08 09:45:05.985root 11241100x8000000000000000268561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1165aee92447831a2023-02-08 09:45:05.985root 11241100x8000000000000000268560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5e016ffbf720e2023-02-08 09:45:05.985root 11241100x8000000000000000268578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e81bbdf9fad9d22023-02-08 09:45:05.986root 11241100x8000000000000000268577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403593114c00d8962023-02-08 09:45:05.986root 11241100x8000000000000000268576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13593fbfdb03d2b2023-02-08 09:45:05.986root 11241100x8000000000000000268575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c803440ea2ccf6202023-02-08 09:45:05.986root 11241100x8000000000000000268574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79085443642bb9722023-02-08 09:45:05.986root 11241100x8000000000000000268573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d6ed729d4613c2023-02-08 09:45:05.986root 11241100x8000000000000000268572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5d7f4dff7b94d2023-02-08 09:45:05.986root 11241100x8000000000000000268571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2f0757d24423aa2023-02-08 09:45:05.986root 11241100x8000000000000000268570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec552b635d9e6712023-02-08 09:45:05.986root 11241100x8000000000000000268580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9028c14c0953c7042023-02-08 09:45:06.363root 11241100x8000000000000000268579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:45:06.363root 11241100x8000000000000000268588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad4c392bb058992023-02-08 09:45:06.364root 11241100x8000000000000000268587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b7db2672f4a3d72023-02-08 09:45:06.364root 11241100x8000000000000000268586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45ecb4a8c31173f2023-02-08 09:45:06.364root 11241100x8000000000000000268585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155545c32d9f48fe2023-02-08 09:45:06.364root 11241100x8000000000000000268584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb17b8352897b14d2023-02-08 09:45:06.364root 11241100x8000000000000000268583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf12cb2a3713e342023-02-08 09:45:06.364root 11241100x8000000000000000268582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afde7d08a3933bf2023-02-08 09:45:06.364root 11241100x8000000000000000268581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa27786e78558d02023-02-08 09:45:06.364root 11241100x8000000000000000268597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d83294f2862c0892023-02-08 09:45:06.365root 11241100x8000000000000000268596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d80d94fc20734d2023-02-08 09:45:06.365root 11241100x8000000000000000268595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8042dd357080aa2023-02-08 09:45:06.365root 11241100x8000000000000000268594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fd2976cd81c4ed2023-02-08 09:45:06.365root 11241100x8000000000000000268593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b2897f820be062023-02-08 09:45:06.365root 11241100x8000000000000000268592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6aa4a7813eeb2a2023-02-08 09:45:06.365root 11241100x8000000000000000268591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe494c30516ce022023-02-08 09:45:06.365root 11241100x8000000000000000268590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c9cc202568b2282023-02-08 09:45:06.365root 11241100x8000000000000000268589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b1008db55ef072023-02-08 09:45:06.365root 11241100x8000000000000000268600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a299caf6b5c249c12023-02-08 09:45:06.366root 11241100x8000000000000000268599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf98dc5da55ba612023-02-08 09:45:06.366root 11241100x8000000000000000268598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31b670c6f996d122023-02-08 09:45:06.366root 354300x8000000000000000268601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.717{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-36782-false10.0.1.12-8089- 11241100x8000000000000000268606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775d957cefd719ae2023-02-08 09:45:06.718root 11241100x8000000000000000268605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ef5ba4564dcf2b2023-02-08 09:45:06.718root 11241100x8000000000000000268604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dd5df513cc5daf2023-02-08 09:45:06.718root 11241100x8000000000000000268603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d21c111ffbd1852023-02-08 09:45:06.718root 11241100x8000000000000000268602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469aba364a8c6db2023-02-08 09:45:06.718root 11241100x8000000000000000268616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86993c9121fdf872023-02-08 09:45:06.719root 11241100x8000000000000000268615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8644098f2e62702023-02-08 09:45:06.719root 11241100x8000000000000000268614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c598f7302404a4c2023-02-08 09:45:06.719root 11241100x8000000000000000268613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8175aee4a56df3da2023-02-08 09:45:06.719root 11241100x8000000000000000268612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1924bc0d30fcdfa2023-02-08 09:45:06.719root 11241100x8000000000000000268611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc59e97f8e8b3332023-02-08 09:45:06.719root 11241100x8000000000000000268610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533023aa7a890ea22023-02-08 09:45:06.719root 11241100x8000000000000000268609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56c8d6186e2e7cb2023-02-08 09:45:06.719root 11241100x8000000000000000268608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14d1479a6636772023-02-08 09:45:06.719root 11241100x8000000000000000268607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2075de3a3dd6bb2023-02-08 09:45:06.719root 11241100x8000000000000000268625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1084b9f69f63b72023-02-08 09:45:06.720root 11241100x8000000000000000268624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31104edaa7735b42023-02-08 09:45:06.720root 11241100x8000000000000000268623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d5aacb5dedf9e2023-02-08 09:45:06.720root 11241100x8000000000000000268622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8d84720af8b0ce2023-02-08 09:45:06.720root 11241100x8000000000000000268621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e711901a24adb602023-02-08 09:45:06.720root 11241100x8000000000000000268620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f6cb6cb0542822023-02-08 09:45:06.720root 11241100x8000000000000000268619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e96dcff550a59ae2023-02-08 09:45:06.720root 11241100x8000000000000000268618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594d1882b3d8f34b2023-02-08 09:45:06.720root 11241100x8000000000000000268617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bb5ddcb39ae1342023-02-08 09:45:06.720root 11241100x8000000000000000268633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8596ba792abdbfb2023-02-08 09:45:06.721root 11241100x8000000000000000268632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7941df96827a445c2023-02-08 09:45:06.721root 11241100x8000000000000000268631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2508c92f3c4598f22023-02-08 09:45:06.721root 11241100x8000000000000000268630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1258ecf0cc47af62023-02-08 09:45:06.721root 11241100x8000000000000000268629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6608a7b5cfe145d2023-02-08 09:45:06.721root 11241100x8000000000000000268628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae101ffe48fd892023-02-08 09:45:06.721root 11241100x8000000000000000268627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700f81c6ec1956882023-02-08 09:45:06.721root 11241100x8000000000000000268626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60980a743c384a152023-02-08 09:45:06.721root 11241100x8000000000000000268635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179dcd5fae24ea492023-02-08 09:45:06.722root 11241100x8000000000000000268634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448e79867b6e99e32023-02-08 09:45:06.722root 11241100x8000000000000000268636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59df5182c8cafa762023-02-08 09:45:06.984root 11241100x8000000000000000268645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be85b4f425a97f2023-02-08 09:45:06.985root 11241100x8000000000000000268644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67bb7c4095a398f2023-02-08 09:45:06.985root 11241100x8000000000000000268643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271edffdbc4a9fd82023-02-08 09:45:06.985root 11241100x8000000000000000268642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bed080c5bbe6062023-02-08 09:45:06.985root 11241100x8000000000000000268641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421afab9b7314422023-02-08 09:45:06.985root 11241100x8000000000000000268640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21200d67fb9e9b4b2023-02-08 09:45:06.985root 11241100x8000000000000000268639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f20dd3cae8d4922023-02-08 09:45:06.985root 11241100x8000000000000000268638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb0a64a30af8a412023-02-08 09:45:06.985root 11241100x8000000000000000268637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627640bbac6f30322023-02-08 09:45:06.985root 11241100x8000000000000000268657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f71fbd66c0add62023-02-08 09:45:06.986root 11241100x8000000000000000268656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f233fc385763131a2023-02-08 09:45:06.986root 11241100x8000000000000000268655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5dc0afa41061c2023-02-08 09:45:06.986root 11241100x8000000000000000268654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43b7f67e543a86b2023-02-08 09:45:06.986root 11241100x8000000000000000268653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e96215afb02b02023-02-08 09:45:06.986root 11241100x8000000000000000268652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6fd09650af9f432023-02-08 09:45:06.986root 11241100x8000000000000000268651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890414628098edab2023-02-08 09:45:06.986root 11241100x8000000000000000268650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cd7266108b7c642023-02-08 09:45:06.986root 11241100x8000000000000000268649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a14fee4b8eb882a2023-02-08 09:45:06.986root 11241100x8000000000000000268648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904f0d81822fa4092023-02-08 09:45:06.986root 11241100x8000000000000000268647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6601ff81d82b5c292023-02-08 09:45:06.986root 11241100x8000000000000000268646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ff6b8b91a6deb2023-02-08 09:45:06.986root 11241100x8000000000000000268669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b3c8e5672803122023-02-08 09:45:07.485root 11241100x8000000000000000268668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44c695445a802102023-02-08 09:45:07.485root 11241100x8000000000000000268667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613f36330bcc1e6c2023-02-08 09:45:07.485root 11241100x8000000000000000268666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20c58e5d2ac4a62023-02-08 09:45:07.485root 11241100x8000000000000000268665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c05d7912f8e39c2023-02-08 09:45:07.485root 11241100x8000000000000000268664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e538dc3b8b10a642023-02-08 09:45:07.485root 11241100x8000000000000000268663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926f4cd3f815cb8c2023-02-08 09:45:07.485root 11241100x8000000000000000268662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624eb517c37e6f8d2023-02-08 09:45:07.485root 11241100x8000000000000000268661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d4764184cb96f12023-02-08 09:45:07.485root 11241100x8000000000000000268660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480c21f2d033da262023-02-08 09:45:07.485root 11241100x8000000000000000268659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649a1ee41b6f4d592023-02-08 09:45:07.485root 11241100x8000000000000000268658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db8c088f8f30a892023-02-08 09:45:07.485root 11241100x8000000000000000268679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f019ff9a30fbf8722023-02-08 09:45:07.486root 11241100x8000000000000000268678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caafa5971051f2902023-02-08 09:45:07.486root 11241100x8000000000000000268677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfcec99bb66fd642023-02-08 09:45:07.486root 11241100x8000000000000000268676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa835c8d5c06dbaf2023-02-08 09:45:07.486root 11241100x8000000000000000268675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a05a8ca18d87302023-02-08 09:45:07.486root 11241100x8000000000000000268674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fbd71c6951085b2023-02-08 09:45:07.486root 11241100x8000000000000000268673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdec926e3ec04cf12023-02-08 09:45:07.486root 11241100x8000000000000000268672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54624dfd968be3c72023-02-08 09:45:07.486root 11241100x8000000000000000268671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca4faf0dfeaf06a2023-02-08 09:45:07.486root 11241100x8000000000000000268670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9fa4112ee613252023-02-08 09:45:07.486root 11241100x8000000000000000268692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518bdd77b5c4552d2023-02-08 09:45:07.985root 11241100x8000000000000000268691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bafff74a46743d2023-02-08 09:45:07.985root 11241100x8000000000000000268690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f4dffb40b385622023-02-08 09:45:07.985root 11241100x8000000000000000268689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b756744682653d02023-02-08 09:45:07.985root 11241100x8000000000000000268688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da99a2e732a88a42023-02-08 09:45:07.985root 11241100x8000000000000000268687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3200dd9e3c73d7292023-02-08 09:45:07.985root 11241100x8000000000000000268686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d126b23a0a0c9022023-02-08 09:45:07.985root 11241100x8000000000000000268685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71756e9b2fda5abe2023-02-08 09:45:07.985root 11241100x8000000000000000268684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521173d40464907f2023-02-08 09:45:07.985root 11241100x8000000000000000268683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d641907c17e28efa2023-02-08 09:45:07.985root 11241100x8000000000000000268682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5740bd3496dbf90b2023-02-08 09:45:07.985root 11241100x8000000000000000268681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326237fcacf0ff702023-02-08 09:45:07.985root 11241100x8000000000000000268680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96900f67c291ee02023-02-08 09:45:07.985root 11241100x8000000000000000268700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edc5fa64c97ed532023-02-08 09:45:07.986root 11241100x8000000000000000268699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d3916fdfa71ab12023-02-08 09:45:07.986root 11241100x8000000000000000268698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee8e42ae93cad612023-02-08 09:45:07.986root 11241100x8000000000000000268697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56e61cb0458fbf72023-02-08 09:45:07.986root 11241100x8000000000000000268696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7af39ef370ec352023-02-08 09:45:07.986root 11241100x8000000000000000268695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd08c3cc8dbe32242023-02-08 09:45:07.986root 11241100x8000000000000000268694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8009afbf98f046522023-02-08 09:45:07.986root 11241100x8000000000000000268693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd11066393a1ea62023-02-08 09:45:07.986root 11241100x8000000000000000268701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f326b2715ea33082023-02-08 09:45:07.987root 11241100x8000000000000000268702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90883b3ea9535a12023-02-08 09:45:08.484root 11241100x8000000000000000268716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1d24f47f8ca98f2023-02-08 09:45:08.485root 11241100x8000000000000000268715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b28c083334c642c2023-02-08 09:45:08.485root 11241100x8000000000000000268714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde5f18ee03e4082023-02-08 09:45:08.485root 11241100x8000000000000000268713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3143a27d8388b5ea2023-02-08 09:45:08.485root 11241100x8000000000000000268712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf44b700d0b0faa2023-02-08 09:45:08.485root 11241100x8000000000000000268711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf83a729cf509182023-02-08 09:45:08.485root 11241100x8000000000000000268710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb67ebb0a81fad52023-02-08 09:45:08.485root 11241100x8000000000000000268709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62496e04ecd6cd6b2023-02-08 09:45:08.485root 11241100x8000000000000000268708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa356a46f0f1fc2023-02-08 09:45:08.485root 11241100x8000000000000000268707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f5a8713de69692023-02-08 09:45:08.485root 11241100x8000000000000000268706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82ab6ec89a74c212023-02-08 09:45:08.485root 11241100x8000000000000000268705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972943324279d3412023-02-08 09:45:08.485root 11241100x8000000000000000268704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90ce7858b894c252023-02-08 09:45:08.485root 11241100x8000000000000000268703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d1c9c79b26689c2023-02-08 09:45:08.485root 11241100x8000000000000000268723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a80f9c35720ad82023-02-08 09:45:08.486root 11241100x8000000000000000268722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d9aefb2f2b84dc2023-02-08 09:45:08.486root 11241100x8000000000000000268721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b32417cc89dbe82023-02-08 09:45:08.486root 11241100x8000000000000000268720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed588417769f86b2023-02-08 09:45:08.486root 11241100x8000000000000000268719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c07d8bf4b0f7552023-02-08 09:45:08.486root 11241100x8000000000000000268718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b65fe29fd63dd012023-02-08 09:45:08.486root 11241100x8000000000000000268717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b190169369b1682023-02-08 09:45:08.486root 11241100x8000000000000000268724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41e143fdfbb948f2023-02-08 09:45:08.984root 11241100x8000000000000000268736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1647dba56a5a2d5e2023-02-08 09:45:08.985root 11241100x8000000000000000268735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e69d25a9a8ca8d2023-02-08 09:45:08.985root 11241100x8000000000000000268734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7570b641846320532023-02-08 09:45:08.985root 11241100x8000000000000000268733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33429daeae91df282023-02-08 09:45:08.985root 11241100x8000000000000000268732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189199e6ba81006a2023-02-08 09:45:08.985root 11241100x8000000000000000268731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccea5823200fdf092023-02-08 09:45:08.985root 11241100x8000000000000000268730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff796864a5e1349f2023-02-08 09:45:08.985root 11241100x8000000000000000268729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a5eb23160c90832023-02-08 09:45:08.985root 11241100x8000000000000000268728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66d8dd1127cf1a92023-02-08 09:45:08.985root 11241100x8000000000000000268727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0fd7416e4f792f2023-02-08 09:45:08.985root 11241100x8000000000000000268726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc1041c993ab9842023-02-08 09:45:08.985root 11241100x8000000000000000268725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f66e0d7c8c79a2023-02-08 09:45:08.985root 11241100x8000000000000000268745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a08e434264a9f92023-02-08 09:45:08.986root 11241100x8000000000000000268744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51454752cb22972023-02-08 09:45:08.986root 11241100x8000000000000000268743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c248eaab9e821d2023-02-08 09:45:08.986root 11241100x8000000000000000268742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d1657ba59bb0f2023-02-08 09:45:08.986root 11241100x8000000000000000268741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e39aaf3dfddc552023-02-08 09:45:08.986root 11241100x8000000000000000268740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e3f038c3b2ba9a2023-02-08 09:45:08.986root 11241100x8000000000000000268739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964d74599590b2b2023-02-08 09:45:08.986root 11241100x8000000000000000268738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d56ae6ddb521a982023-02-08 09:45:08.986root 11241100x8000000000000000268737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da434eb79915c1672023-02-08 09:45:08.986root 23542300x8000000000000000268746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.289{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000268752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e328ad94fe620d052023-02-08 09:45:09.290root 11241100x8000000000000000268751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7855f09efc0bf8742023-02-08 09:45:09.290root 11241100x8000000000000000268750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a137fa149c51632023-02-08 09:45:09.290root 11241100x8000000000000000268749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e420b00cbfab483e2023-02-08 09:45:09.290root 11241100x8000000000000000268748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945ccd9184d489de2023-02-08 09:45:09.290root 11241100x8000000000000000268747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.290{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b099392a76380102023-02-08 09:45:09.290root 11241100x8000000000000000268762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecfe475738a841d2023-02-08 09:45:09.291root 11241100x8000000000000000268761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9552cb2a15f850592023-02-08 09:45:09.291root 11241100x8000000000000000268760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140eb87c8e993fb42023-02-08 09:45:09.291root 11241100x8000000000000000268759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa2bc6c5d8ae512023-02-08 09:45:09.291root 11241100x8000000000000000268758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d1c3d607be01f92023-02-08 09:45:09.291root 11241100x8000000000000000268757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1423bd7cbab2092023-02-08 09:45:09.291root 11241100x8000000000000000268756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64a41fd111ca74b2023-02-08 09:45:09.291root 11241100x8000000000000000268755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87c468dd050d2592023-02-08 09:45:09.291root 11241100x8000000000000000268754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf60aade03d65742023-02-08 09:45:09.291root 11241100x8000000000000000268753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.291{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7054e03efe69901b2023-02-08 09:45:09.291root 11241100x8000000000000000268772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e087523b2d7bad32023-02-08 09:45:09.292root 11241100x8000000000000000268771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767467ab836ae1a12023-02-08 09:45:09.292root 11241100x8000000000000000268770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909d1221187eaacc2023-02-08 09:45:09.292root 11241100x8000000000000000268769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b9e96c8c542052023-02-08 09:45:09.292root 11241100x8000000000000000268768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc13d0c6b38c5ab2023-02-08 09:45:09.292root 11241100x8000000000000000268767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83ae4ae84c1a932023-02-08 09:45:09.292root 11241100x8000000000000000268766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcd452b82d99e2f2023-02-08 09:45:09.292root 11241100x8000000000000000268765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bce1fbde4e52762023-02-08 09:45:09.292root 11241100x8000000000000000268764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5590313565222e482023-02-08 09:45:09.292root 11241100x8000000000000000268763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.292{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5961626cd7e17192023-02-08 09:45:09.292root 11241100x8000000000000000268777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.293{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5fe0b7b892cc1702023-02-08 09:45:09.293root 11241100x8000000000000000268776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.293{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00098102e17ae7b2023-02-08 09:45:09.293root 11241100x8000000000000000268775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.293{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b44fd08c5bbc962023-02-08 09:45:09.293root 11241100x8000000000000000268774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.293{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3e962d060fd24e2023-02-08 09:45:09.293root 11241100x8000000000000000268773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.293{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c7da330faace22023-02-08 09:45:09.293root 11241100x8000000000000000268778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e21781504ba372023-02-08 09:45:09.734root 11241100x8000000000000000268782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a952d437f80542af2023-02-08 09:45:09.735root 11241100x8000000000000000268781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2ad1dd71e472c92023-02-08 09:45:09.735root 11241100x8000000000000000268780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366982655b0e1dd2023-02-08 09:45:09.735root 11241100x8000000000000000268779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4888590d24a3fc2023-02-08 09:45:09.735root 11241100x8000000000000000268791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d8dbe53b78d06c2023-02-08 09:45:09.736root 11241100x8000000000000000268790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc165efcd371a5d2023-02-08 09:45:09.736root 11241100x8000000000000000268789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8603eb8dc5302f12023-02-08 09:45:09.736root 11241100x8000000000000000268788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410cb2296476b332023-02-08 09:45:09.736root 11241100x8000000000000000268787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f67c5f376ef68962023-02-08 09:45:09.736root 11241100x8000000000000000268786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be70ce93684e634c2023-02-08 09:45:09.736root 11241100x8000000000000000268785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6790371107b9da2023-02-08 09:45:09.736root 11241100x8000000000000000268784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2f2a52faa55c62023-02-08 09:45:09.736root 11241100x8000000000000000268783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed1e49c4edb0122023-02-08 09:45:09.736root 11241100x8000000000000000268800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b02769ebe70812b2023-02-08 09:45:09.737root 11241100x8000000000000000268799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769456b1b3a0d452023-02-08 09:45:09.737root 11241100x8000000000000000268798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ab1c7a23e77c9c2023-02-08 09:45:09.737root 11241100x8000000000000000268797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5728b2ed7aecb92023-02-08 09:45:09.737root 11241100x8000000000000000268796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397ee22fc0f196702023-02-08 09:45:09.737root 11241100x8000000000000000268795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876ee3e07c43caa32023-02-08 09:45:09.737root 11241100x8000000000000000268794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d66827e2271aaf2023-02-08 09:45:09.737root 11241100x8000000000000000268793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88889368f1bde64b2023-02-08 09:45:09.737root 11241100x8000000000000000268792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213a699af7781c972023-02-08 09:45:09.737root 354300x8000000000000000268801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.130{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55318-false10.0.1.12-8000- 11241100x8000000000000000268802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.131{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13bf21c02ed4612023-02-08 09:45:10.131root 11241100x8000000000000000268811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2842f199b783118b2023-02-08 09:45:10.132root 11241100x8000000000000000268810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eed15f0b1d676d72023-02-08 09:45:10.132root 11241100x8000000000000000268809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34b6dafd5ece62f2023-02-08 09:45:10.132root 11241100x8000000000000000268808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cec33108c6245b2023-02-08 09:45:10.132root 11241100x8000000000000000268807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f5df10f8e7291a2023-02-08 09:45:10.132root 11241100x8000000000000000268806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702c43cfb2ccf0b32023-02-08 09:45:10.132root 11241100x8000000000000000268805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce67194ae57b3f2023-02-08 09:45:10.132root 11241100x8000000000000000268804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788227dc7da39cc42023-02-08 09:45:10.132root 11241100x8000000000000000268803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.132{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbfbd1aa28a0f5d2023-02-08 09:45:10.132root 11241100x8000000000000000268814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb76a2e28870c8742023-02-08 09:45:10.133root 11241100x8000000000000000268813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e49e38d4bdcfa42023-02-08 09:45:10.133root 11241100x8000000000000000268812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.133{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e1c5d25c05e782023-02-08 09:45:10.133root 11241100x8000000000000000268820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47a1fccafe1a0e92023-02-08 09:45:10.135root 11241100x8000000000000000268819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba1b318644aa1ad2023-02-08 09:45:10.135root 11241100x8000000000000000268818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b67e2136e3f909d2023-02-08 09:45:10.135root 11241100x8000000000000000268817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d210cd1b7a1dbe32023-02-08 09:45:10.135root 11241100x8000000000000000268816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c848fae3ca317042023-02-08 09:45:10.135root 11241100x8000000000000000268815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.135{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8df1751084d392023-02-08 09:45:10.135root 11241100x8000000000000000268825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006b901f0d020f92023-02-08 09:45:10.136root 11241100x8000000000000000268824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a5bc1f04b580f2023-02-08 09:45:10.136root 11241100x8000000000000000268823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9753fa23b2bdb42023-02-08 09:45:10.136root 11241100x8000000000000000268822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a07493f89d3c43c2023-02-08 09:45:10.136root 11241100x8000000000000000268821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.136{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335f38097dd779252023-02-08 09:45:10.136root 11241100x8000000000000000268836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599cfcca14afe2c92023-02-08 09:45:10.485root 11241100x8000000000000000268835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407c06f6674159cb2023-02-08 09:45:10.485root 11241100x8000000000000000268834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0a5cd08ff4220c2023-02-08 09:45:10.485root 11241100x8000000000000000268833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781ea1759722a4d52023-02-08 09:45:10.485root 11241100x8000000000000000268832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8abc1bf4ba2bfe2023-02-08 09:45:10.485root 11241100x8000000000000000268831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d05164371ba9332023-02-08 09:45:10.485root 11241100x8000000000000000268830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b78eb55e2bc46312023-02-08 09:45:10.485root 11241100x8000000000000000268829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19fc1918b04687f2023-02-08 09:45:10.485root 11241100x8000000000000000268828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c9f885ae307e5a2023-02-08 09:45:10.485root 11241100x8000000000000000268827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd52407fe7bad9f92023-02-08 09:45:10.485root 11241100x8000000000000000268826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1fd4c98e5893cb2023-02-08 09:45:10.485root 11241100x8000000000000000268847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e20fd97eaf9d2c2023-02-08 09:45:10.488root 11241100x8000000000000000268846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff556958ebff4a12023-02-08 09:45:10.488root 11241100x8000000000000000268845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c2778ecbcfb83c2023-02-08 09:45:10.488root 11241100x8000000000000000268844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425216baad00bff42023-02-08 09:45:10.488root 11241100x8000000000000000268843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adb6a8f2eb634fe2023-02-08 09:45:10.488root 11241100x8000000000000000268842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03abf04802db7bf42023-02-08 09:45:10.488root 11241100x8000000000000000268841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1449baa6368dcb432023-02-08 09:45:10.488root 11241100x8000000000000000268840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88197515bf95bfe42023-02-08 09:45:10.488root 11241100x8000000000000000268839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b4035c8246ba702023-02-08 09:45:10.488root 11241100x8000000000000000268838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4b71730f9e58fb2023-02-08 09:45:10.488root 11241100x8000000000000000268837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadb1fc3c694d10b2023-02-08 09:45:10.488root 11241100x8000000000000000268848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95237070c1520cf2023-02-08 09:45:10.489root 11241100x8000000000000000268849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb9f54c8ff458d12023-02-08 09:45:10.490root 11241100x8000000000000000268858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c11ef6fe6ca5fd2023-02-08 09:45:10.985root 11241100x8000000000000000268857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcc9e0bee5f60842023-02-08 09:45:10.985root 11241100x8000000000000000268856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe6cdef45f1dc02023-02-08 09:45:10.985root 11241100x8000000000000000268855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd10720756939b22023-02-08 09:45:10.985root 11241100x8000000000000000268854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1529b9ad5c973772023-02-08 09:45:10.985root 11241100x8000000000000000268853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118a1600e2ab06d62023-02-08 09:45:10.985root 11241100x8000000000000000268852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f50a13f130dd7e2023-02-08 09:45:10.985root 11241100x8000000000000000268851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ec08b1f9311622023-02-08 09:45:10.985root 11241100x8000000000000000268850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7029e4fdaa3885c2023-02-08 09:45:10.985root 11241100x8000000000000000268864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30ce5d88a6f9b0c2023-02-08 09:45:10.988root 11241100x8000000000000000268863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a91797e42904282023-02-08 09:45:10.988root 11241100x8000000000000000268862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5432be55bd23142023-02-08 09:45:10.988root 11241100x8000000000000000268861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bac155b95bc592023-02-08 09:45:10.988root 11241100x8000000000000000268860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c067c27a33e9ba2023-02-08 09:45:10.988root 11241100x8000000000000000268859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7062e12a0ec55a2023-02-08 09:45:10.988root 11241100x8000000000000000268870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1c27428d761292023-02-08 09:45:10.989root 11241100x8000000000000000268869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ac721e561f3a6b2023-02-08 09:45:10.989root 11241100x8000000000000000268868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b86060a3a80cf32023-02-08 09:45:10.989root 11241100x8000000000000000268867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2fe174fb8e614c2023-02-08 09:45:10.989root 11241100x8000000000000000268866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf4c31e46b432132023-02-08 09:45:10.989root 11241100x8000000000000000268865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabcdaeeff921c032023-02-08 09:45:10.989root 11241100x8000000000000000268873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62c92e9cf6ee6de2023-02-08 09:45:10.990root 11241100x8000000000000000268872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c002f9d7188785352023-02-08 09:45:10.990root 11241100x8000000000000000268871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a3a6c0fea91d12023-02-08 09:45:10.990root 11241100x8000000000000000268883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3936acfef88ea2023-02-08 09:45:11.485root 11241100x8000000000000000268882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5d7d7ad27d6192023-02-08 09:45:11.485root 11241100x8000000000000000268881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6db7731f2e314a32023-02-08 09:45:11.485root 11241100x8000000000000000268880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b056c1aada61d2c12023-02-08 09:45:11.485root 11241100x8000000000000000268879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab759dd37ea5de972023-02-08 09:45:11.485root 11241100x8000000000000000268878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7700401e4705df2d2023-02-08 09:45:11.485root 11241100x8000000000000000268877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299f47c649fd66ba2023-02-08 09:45:11.485root 11241100x8000000000000000268876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ffc80731448a642023-02-08 09:45:11.485root 11241100x8000000000000000268875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcf9232fe6729092023-02-08 09:45:11.485root 11241100x8000000000000000268874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9ca29768e6b0052023-02-08 09:45:11.485root 11241100x8000000000000000268887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0887b65d52278c2023-02-08 09:45:11.486root 11241100x8000000000000000268886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff8d30f23b17fdf2023-02-08 09:45:11.486root 11241100x8000000000000000268885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9e64a0684a374f2023-02-08 09:45:11.486root 11241100x8000000000000000268884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be612d8d5e690ad22023-02-08 09:45:11.486root 11241100x8000000000000000268892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3665a1b4f6b3c12023-02-08 09:45:11.487root 11241100x8000000000000000268891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881d429f05f2600a2023-02-08 09:45:11.487root 11241100x8000000000000000268890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70e4814da3a75a2023-02-08 09:45:11.487root 11241100x8000000000000000268889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61487234ab5cf7b72023-02-08 09:45:11.487root 11241100x8000000000000000268888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a585e5d07fc0f1092023-02-08 09:45:11.487root 11241100x8000000000000000268897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab449e7405ccafb32023-02-08 09:45:11.488root 11241100x8000000000000000268896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f47b03c601b4a7d2023-02-08 09:45:11.488root 11241100x8000000000000000268895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100953a6d61c13af2023-02-08 09:45:11.488root 11241100x8000000000000000268894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f72bb21c49551b2023-02-08 09:45:11.488root 11241100x8000000000000000268893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ce87071db1104a2023-02-08 09:45:11.488root 11241100x8000000000000000268905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd9cbd56261c3312023-02-08 09:45:11.985root 11241100x8000000000000000268904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c21dfa677719e2023-02-08 09:45:11.985root 11241100x8000000000000000268903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19851302d5b7bf652023-02-08 09:45:11.985root 11241100x8000000000000000268902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d328befe6274f2372023-02-08 09:45:11.985root 11241100x8000000000000000268901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a749a947ec631aea2023-02-08 09:45:11.985root 11241100x8000000000000000268900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbcbed0c80b6b612023-02-08 09:45:11.985root 11241100x8000000000000000268899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26807c64884a8772023-02-08 09:45:11.985root 11241100x8000000000000000268898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6205ae2b29576a2023-02-08 09:45:11.985root 11241100x8000000000000000268911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d51c3be56132d9c2023-02-08 09:45:11.986root 11241100x8000000000000000268910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda327185951db072023-02-08 09:45:11.986root 11241100x8000000000000000268909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eb8becdd980c1e2023-02-08 09:45:11.986root 11241100x8000000000000000268908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1f556ffdd826042023-02-08 09:45:11.986root 11241100x8000000000000000268907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35d385dcb5c1322023-02-08 09:45:11.986root 11241100x8000000000000000268906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfb15b473064c4b2023-02-08 09:45:11.986root 11241100x8000000000000000268921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2f5e350b99aef42023-02-08 09:45:11.987root 11241100x8000000000000000268920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a31d730f1560482023-02-08 09:45:11.987root 11241100x8000000000000000268919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f9188945895a712023-02-08 09:45:11.987root 11241100x8000000000000000268918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef1d9394b12ac02023-02-08 09:45:11.987root 11241100x8000000000000000268917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7369b2450be0c2042023-02-08 09:45:11.987root 11241100x8000000000000000268916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a578ad6885f7ce442023-02-08 09:45:11.987root 11241100x8000000000000000268915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c0b2fa8fecb7332023-02-08 09:45:11.987root 11241100x8000000000000000268914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1b3899d90797a2023-02-08 09:45:11.987root 11241100x8000000000000000268913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834fcb7bf47cf6972023-02-08 09:45:11.987root 11241100x8000000000000000268912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e1c748617c5fb2023-02-08 09:45:11.987root 11241100x8000000000000000268930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0476a283ecb636502023-02-08 09:45:12.485root 11241100x8000000000000000268929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05b445d0b3a7d452023-02-08 09:45:12.485root 11241100x8000000000000000268928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ade697663367ab42023-02-08 09:45:12.485root 11241100x8000000000000000268927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff793c300cf4b7622023-02-08 09:45:12.485root 11241100x8000000000000000268926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa48da4c84df6a82023-02-08 09:45:12.485root 11241100x8000000000000000268925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f62065159b410272023-02-08 09:45:12.485root 11241100x8000000000000000268924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e861d12a35605882023-02-08 09:45:12.485root 11241100x8000000000000000268923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47060ebfb87f5bd2023-02-08 09:45:12.485root 11241100x8000000000000000268922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4111f65ac94534532023-02-08 09:45:12.485root 11241100x8000000000000000268940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa099fb6fdc5032023-02-08 09:45:12.486root 11241100x8000000000000000268939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6283e14cd53e159b2023-02-08 09:45:12.486root 11241100x8000000000000000268938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559c961a9d765c1b2023-02-08 09:45:12.486root 11241100x8000000000000000268937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4942839a115d65332023-02-08 09:45:12.486root 11241100x8000000000000000268936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8894be010881472023-02-08 09:45:12.486root 11241100x8000000000000000268935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653ba74d8e2e75122023-02-08 09:45:12.486root 11241100x8000000000000000268934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e4d2f1f2c2d7d52023-02-08 09:45:12.486root 11241100x8000000000000000268933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98ef3cfdaae324d2023-02-08 09:45:12.486root 11241100x8000000000000000268932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b9f8a30ebc006f2023-02-08 09:45:12.486root 11241100x8000000000000000268931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f02bd3fd75e8bb12023-02-08 09:45:12.486root 11241100x8000000000000000268945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4260de7bce7872672023-02-08 09:45:12.488root 11241100x8000000000000000268944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fafab152564aae12023-02-08 09:45:12.488root 11241100x8000000000000000268943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ea08f70c690a372023-02-08 09:45:12.488root 11241100x8000000000000000268942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf11b88644a993e2023-02-08 09:45:12.488root 11241100x8000000000000000268941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736e8a2b8bc82b502023-02-08 09:45:12.488root 11241100x8000000000000000268957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4221809f924b88e2023-02-08 09:45:12.985root 11241100x8000000000000000268956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5c06c721d5b6a82023-02-08 09:45:12.985root 11241100x8000000000000000268955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1e63a8324cb592023-02-08 09:45:12.985root 11241100x8000000000000000268954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8be6dae5531b52023-02-08 09:45:12.985root 11241100x8000000000000000268953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf85d44d993a6a302023-02-08 09:45:12.985root 11241100x8000000000000000268952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75487e5a547163a92023-02-08 09:45:12.985root 11241100x8000000000000000268951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee1462268b26f12023-02-08 09:45:12.985root 11241100x8000000000000000268950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77dd5fb7d5db7762023-02-08 09:45:12.985root 11241100x8000000000000000268949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e9fd77934e07e2023-02-08 09:45:12.985root 11241100x8000000000000000268948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d756354328bd62023-02-08 09:45:12.985root 11241100x8000000000000000268947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e34097a6236eb2023-02-08 09:45:12.985root 11241100x8000000000000000268946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bbcc2bc62c0322023-02-08 09:45:12.985root 11241100x8000000000000000268969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b485adfcf29b5ea2023-02-08 09:45:12.986root 11241100x8000000000000000268968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918d08bd39ee7d862023-02-08 09:45:12.986root 11241100x8000000000000000268967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89245072368e80fa2023-02-08 09:45:12.986root 11241100x8000000000000000268966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316e1e2aab635e6d2023-02-08 09:45:12.986root 11241100x8000000000000000268965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c69f9c3893835b2023-02-08 09:45:12.986root 11241100x8000000000000000268964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1613f64df1c2f25c2023-02-08 09:45:12.986root 11241100x8000000000000000268963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe7c245a1757b642023-02-08 09:45:12.986root 11241100x8000000000000000268962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693fdfb56213d3012023-02-08 09:45:12.986root 11241100x8000000000000000268961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb703a11b0fdfe882023-02-08 09:45:12.986root 11241100x8000000000000000268960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90c557d2acf17132023-02-08 09:45:12.986root 11241100x8000000000000000268959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb570074796933e2023-02-08 09:45:12.986root 11241100x8000000000000000268958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74c8a85906859e52023-02-08 09:45:12.986root 11241100x8000000000000000268983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674eba69c54a3d032023-02-08 09:45:13.485root 11241100x8000000000000000268982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f354a1fa1b763c9c2023-02-08 09:45:13.485root 11241100x8000000000000000268981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e62b6f23eb9d8a32023-02-08 09:45:13.485root 11241100x8000000000000000268980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee065d420983e3a12023-02-08 09:45:13.485root 11241100x8000000000000000268979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0d338c4a30bb7f2023-02-08 09:45:13.485root 11241100x8000000000000000268978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e609acb1892fa6572023-02-08 09:45:13.485root 11241100x8000000000000000268977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cb628139639b8d2023-02-08 09:45:13.485root 11241100x8000000000000000268976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d7a64f92ad46b2023-02-08 09:45:13.485root 11241100x8000000000000000268975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2c3ab96cd03d7a2023-02-08 09:45:13.485root 11241100x8000000000000000268974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826603647681a1812023-02-08 09:45:13.485root 11241100x8000000000000000268973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7e9f51cf357c4a2023-02-08 09:45:13.485root 11241100x8000000000000000268972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32386bdcb68c27c2023-02-08 09:45:13.485root 11241100x8000000000000000268971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab696061715279242023-02-08 09:45:13.485root 11241100x8000000000000000268970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36866884a8d4c2562023-02-08 09:45:13.485root 11241100x8000000000000000268993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7733f0c5c3f7c2aa2023-02-08 09:45:13.486root 11241100x8000000000000000268992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff6aee28cc749182023-02-08 09:45:13.486root 11241100x8000000000000000268991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2b0379d758160d2023-02-08 09:45:13.486root 11241100x8000000000000000268990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9a23041da67942023-02-08 09:45:13.486root 11241100x8000000000000000268989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe285cdfbe3885942023-02-08 09:45:13.486root 11241100x8000000000000000268988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb2eb4f7f3e728b2023-02-08 09:45:13.486root 11241100x8000000000000000268987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8125ae06669ed2eb2023-02-08 09:45:13.486root 11241100x8000000000000000268986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65526135ccc6bcad2023-02-08 09:45:13.486root 11241100x8000000000000000268985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a34db3c5239f0642023-02-08 09:45:13.486root 11241100x8000000000000000268984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925b5e909dd526032023-02-08 09:45:13.486root 11241100x8000000000000000269006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057a4a68f67d81382023-02-08 09:45:13.985root 11241100x8000000000000000269005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9dff16ada59ae2023-02-08 09:45:13.985root 11241100x8000000000000000269004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d3a134a53703692023-02-08 09:45:13.985root 11241100x8000000000000000269003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d71fe4bacc7fc972023-02-08 09:45:13.985root 11241100x8000000000000000269002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677ba92e66ccd3f02023-02-08 09:45:13.985root 11241100x8000000000000000269001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26752aefad7f70282023-02-08 09:45:13.985root 11241100x8000000000000000269000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e098711be8ad2c2023-02-08 09:45:13.985root 11241100x8000000000000000268999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597c649fab78fa802023-02-08 09:45:13.985root 11241100x8000000000000000268998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1366c5e14575942023-02-08 09:45:13.985root 11241100x8000000000000000268997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303280c101a0afb2023-02-08 09:45:13.985root 11241100x8000000000000000268996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890c17e388b348da2023-02-08 09:45:13.985root 11241100x8000000000000000268995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf915230e5855a2023-02-08 09:45:13.985root 11241100x8000000000000000268994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe852fa25035aad2023-02-08 09:45:13.985root 11241100x8000000000000000269017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df63a13c932ffcd2023-02-08 09:45:13.986root 11241100x8000000000000000269016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d61451c9eda7cb2023-02-08 09:45:13.986root 11241100x8000000000000000269015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d4723d356ceffa2023-02-08 09:45:13.986root 11241100x8000000000000000269014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f59cfb16b8d6cc02023-02-08 09:45:13.986root 11241100x8000000000000000269013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb7933bfd620b4f2023-02-08 09:45:13.986root 11241100x8000000000000000269012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6fc3fb5b1c7b912023-02-08 09:45:13.986root 11241100x8000000000000000269011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6340a03f658db5c2023-02-08 09:45:13.986root 11241100x8000000000000000269010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff6bd7e8108938d2023-02-08 09:45:13.986root 11241100x8000000000000000269009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e3408cf734b7302023-02-08 09:45:13.986root 11241100x8000000000000000269008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145db7f17139d9912023-02-08 09:45:13.986root 11241100x8000000000000000269007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c17746a72b60762023-02-08 09:45:13.986root 11241100x8000000000000000269029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980962335e54d16c2023-02-08 09:45:14.485root 11241100x8000000000000000269028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c1de9fa1125272023-02-08 09:45:14.485root 11241100x8000000000000000269027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f88c9a56616d5c2023-02-08 09:45:14.485root 11241100x8000000000000000269026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b782b9ec87a9242023-02-08 09:45:14.485root 11241100x8000000000000000269025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004d452d95d590202023-02-08 09:45:14.485root 11241100x8000000000000000269024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ef01b75f334f7b2023-02-08 09:45:14.485root 11241100x8000000000000000269023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ac308ea42f9ea2023-02-08 09:45:14.485root 11241100x8000000000000000269022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab88d623786040202023-02-08 09:45:14.485root 11241100x8000000000000000269021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ceacef8a1e7a32023-02-08 09:45:14.485root 11241100x8000000000000000269020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e094fe55de70c812023-02-08 09:45:14.485root 11241100x8000000000000000269019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a830697e7df11aa2023-02-08 09:45:14.485root 11241100x8000000000000000269018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785d8c70ec1a0492023-02-08 09:45:14.485root 11241100x8000000000000000269041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a776658a19ad802023-02-08 09:45:14.486root 11241100x8000000000000000269040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e957fe62d2f57a52023-02-08 09:45:14.486root 11241100x8000000000000000269039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a1e181722e87c42023-02-08 09:45:14.486root 11241100x8000000000000000269038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3c3b109589c55a2023-02-08 09:45:14.486root 11241100x8000000000000000269037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4503c0975974662023-02-08 09:45:14.486root 11241100x8000000000000000269036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9256b10e9ab1c6902023-02-08 09:45:14.486root 11241100x8000000000000000269035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fca9e1c92137412023-02-08 09:45:14.486root 11241100x8000000000000000269034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd6e9a09869dcc12023-02-08 09:45:14.486root 11241100x8000000000000000269033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e02fcd0495c362023-02-08 09:45:14.486root 11241100x8000000000000000269032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcba29828858a4a2023-02-08 09:45:14.486root 11241100x8000000000000000269031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa02f1bf8c6bf032023-02-08 09:45:14.486root 11241100x8000000000000000269030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbedcfb7d453205a2023-02-08 09:45:14.486root 11241100x8000000000000000269051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890a3f6d1dacd242023-02-08 09:45:14.985root 11241100x8000000000000000269050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbdbd7f347ead412023-02-08 09:45:14.985root 11241100x8000000000000000269049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7181f07bf02bebae2023-02-08 09:45:14.985root 11241100x8000000000000000269048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06268ccbfdf35dbc2023-02-08 09:45:14.985root 11241100x8000000000000000269047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed662ad4327fa56c2023-02-08 09:45:14.985root 11241100x8000000000000000269046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233d5591dd0205382023-02-08 09:45:14.985root 11241100x8000000000000000269045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670165e6e8270dd32023-02-08 09:45:14.985root 11241100x8000000000000000269044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a73219e9fb2dc92023-02-08 09:45:14.985root 11241100x8000000000000000269043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3127df89da6533182023-02-08 09:45:14.985root 11241100x8000000000000000269042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acce60d041192ae52023-02-08 09:45:14.985root 11241100x8000000000000000269062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d871d2b352c0ea3d2023-02-08 09:45:14.986root 11241100x8000000000000000269061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b462ad4695599b52023-02-08 09:45:14.986root 11241100x8000000000000000269060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958b6e8503d0e9792023-02-08 09:45:14.986root 11241100x8000000000000000269059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88be4c25244db102023-02-08 09:45:14.986root 11241100x8000000000000000269058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124d9a3cfc4e3a0b2023-02-08 09:45:14.986root 11241100x8000000000000000269057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d990eb7f1816976d2023-02-08 09:45:14.986root 11241100x8000000000000000269056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047772e7aad5253a2023-02-08 09:45:14.986root 11241100x8000000000000000269055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24544c6d774427482023-02-08 09:45:14.986root 11241100x8000000000000000269054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808ca522a39bcf942023-02-08 09:45:14.986root 11241100x8000000000000000269053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b535c15be8a57d8f2023-02-08 09:45:14.986root 11241100x8000000000000000269052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fe1a3dbb1a0ff2023-02-08 09:45:14.986root 11241100x8000000000000000269065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f7da26bfaec0982023-02-08 09:45:14.987root 11241100x8000000000000000269064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65bedb0f3df1ab02023-02-08 09:45:14.987root 11241100x8000000000000000269063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858880d80606b1df2023-02-08 09:45:14.987root 354300x8000000000000000269066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.167{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55334-false10.0.1.12-8000- 11241100x8000000000000000269077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c73a85676ad1472023-02-08 09:45:15.485root 11241100x8000000000000000269076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b361f6b0b4f32f62023-02-08 09:45:15.485root 11241100x8000000000000000269075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649467e026e169c02023-02-08 09:45:15.485root 11241100x8000000000000000269074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb9a513fc3731672023-02-08 09:45:15.485root 11241100x8000000000000000269073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f07d1b7a90cda52023-02-08 09:45:15.485root 11241100x8000000000000000269072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee06bb3e980421832023-02-08 09:45:15.485root 11241100x8000000000000000269071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406e09c7c59848f12023-02-08 09:45:15.485root 11241100x8000000000000000269070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2560c5c37f9366f62023-02-08 09:45:15.485root 11241100x8000000000000000269069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55526a3c0118eeb52023-02-08 09:45:15.485root 11241100x8000000000000000269068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e755d9f921677c2023-02-08 09:45:15.485root 11241100x8000000000000000269067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f135d83d1602900b2023-02-08 09:45:15.485root 11241100x8000000000000000269086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78f53b9091c2f752023-02-08 09:45:15.486root 11241100x8000000000000000269085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5db10f5a58d326e2023-02-08 09:45:15.486root 11241100x8000000000000000269084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b20d3d3d47df0b2023-02-08 09:45:15.486root 11241100x8000000000000000269083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf20a9e426539f8d2023-02-08 09:45:15.486root 11241100x8000000000000000269082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211c240a6ac21d902023-02-08 09:45:15.486root 11241100x8000000000000000269081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128f26f8bc6306442023-02-08 09:45:15.486root 11241100x8000000000000000269080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea88e5d69e69cb12023-02-08 09:45:15.486root 11241100x8000000000000000269079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77b7f1a3f3f6c22023-02-08 09:45:15.486root 11241100x8000000000000000269078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8d54a973b70c82023-02-08 09:45:15.486root 11241100x8000000000000000269091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43dd26b473bb33a2023-02-08 09:45:15.487root 11241100x8000000000000000269090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd416616fc90cfc2023-02-08 09:45:15.487root 11241100x8000000000000000269089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c456bdda326a92023-02-08 09:45:15.487root 11241100x8000000000000000269088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a328418651001512023-02-08 09:45:15.487root 11241100x8000000000000000269087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8095cde8897bf6012023-02-08 09:45:15.487root 11241100x8000000000000000269094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08998b2a1a9d07172023-02-08 09:45:15.985root 11241100x8000000000000000269093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8e237177d9761e2023-02-08 09:45:15.985root 11241100x8000000000000000269092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09014f31761850752023-02-08 09:45:15.985root 11241100x8000000000000000269101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb622e002c6cbbd2023-02-08 09:45:15.986root 11241100x8000000000000000269100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4722ccf9cc8e07292023-02-08 09:45:15.986root 11241100x8000000000000000269099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790dbf0ebc6218f42023-02-08 09:45:15.986root 11241100x8000000000000000269098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658c6c802439124c2023-02-08 09:45:15.986root 11241100x8000000000000000269097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bae444c55c135d2023-02-08 09:45:15.986root 11241100x8000000000000000269096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb19be886ee8f42023-02-08 09:45:15.986root 11241100x8000000000000000269095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb5c30c25ca0a312023-02-08 09:45:15.986root 11241100x8000000000000000269110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056048f04855523e2023-02-08 09:45:15.987root 11241100x8000000000000000269109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ffe346ed9aa7682023-02-08 09:45:15.987root 11241100x8000000000000000269108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa664c0b597b17ea2023-02-08 09:45:15.987root 11241100x8000000000000000269107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e67691eed40f7df2023-02-08 09:45:15.987root 11241100x8000000000000000269106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43ceda39f4790b2023-02-08 09:45:15.987root 11241100x8000000000000000269105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a2ff17f5dd0fad2023-02-08 09:45:15.987root 11241100x8000000000000000269104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8e2c6cc5d5a6c12023-02-08 09:45:15.987root 11241100x8000000000000000269103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595b9e629b34bd402023-02-08 09:45:15.987root 11241100x8000000000000000269102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1b62ea516d24d42023-02-08 09:45:15.987root 11241100x8000000000000000269116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f2afecce41c8df2023-02-08 09:45:15.988root 11241100x8000000000000000269115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f03d707d9281a52023-02-08 09:45:15.988root 11241100x8000000000000000269114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edc0f87afa4c62d2023-02-08 09:45:15.988root 11241100x8000000000000000269113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095916deeb45af242023-02-08 09:45:15.988root 11241100x8000000000000000269112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fca8ef08c0daaf2023-02-08 09:45:15.988root 11241100x8000000000000000269111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afee32718de6ef202023-02-08 09:45:15.988root 11241100x8000000000000000269125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232790a068873a252023-02-08 09:45:16.485root 11241100x8000000000000000269124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23b0e579ae197232023-02-08 09:45:16.485root 11241100x8000000000000000269123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4c7a43ce0ad2172023-02-08 09:45:16.485root 11241100x8000000000000000269122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abe634570ba2f132023-02-08 09:45:16.485root 11241100x8000000000000000269121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e70d803b0f879af2023-02-08 09:45:16.485root 11241100x8000000000000000269120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ee2e95ea2ba2412023-02-08 09:45:16.485root 11241100x8000000000000000269119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfce0506604e7392023-02-08 09:45:16.485root 11241100x8000000000000000269118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020c46cbb35838a62023-02-08 09:45:16.485root 11241100x8000000000000000269117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b913e600ae8032023-02-08 09:45:16.485root 11241100x8000000000000000269135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b2bf36fbf284392023-02-08 09:45:16.486root 11241100x8000000000000000269134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ef92d53816bdd72023-02-08 09:45:16.486root 11241100x8000000000000000269133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71d4a9ab0de015c2023-02-08 09:45:16.486root 11241100x8000000000000000269132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59941d00904112172023-02-08 09:45:16.486root 11241100x8000000000000000269131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc84a0311c2884a12023-02-08 09:45:16.486root 11241100x8000000000000000269130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9169c9ea3fa056752023-02-08 09:45:16.486root 11241100x8000000000000000269129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ef74095b1a8092023-02-08 09:45:16.486root 11241100x8000000000000000269128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb57055e1e6cd652023-02-08 09:45:16.486root 11241100x8000000000000000269127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d535b2bef40f452023-02-08 09:45:16.486root 11241100x8000000000000000269126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500ca982abae9e7a2023-02-08 09:45:16.486root 11241100x8000000000000000269141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dc356dae3dde462023-02-08 09:45:16.487root 11241100x8000000000000000269140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1f1f1d30bbbc3d2023-02-08 09:45:16.487root 11241100x8000000000000000269139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f8062b196d07b72023-02-08 09:45:16.487root 11241100x8000000000000000269138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691e0e444fd927842023-02-08 09:45:16.487root 11241100x8000000000000000269137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a617e2cae8a5872023-02-08 09:45:16.487root 11241100x8000000000000000269136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a682175d6f5e0f2023-02-08 09:45:16.487root 11241100x8000000000000000269150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834d097083ec9f8d2023-02-08 09:45:16.985root 11241100x8000000000000000269149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20345203a05a54f2023-02-08 09:45:16.985root 11241100x8000000000000000269148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5422899888ab34282023-02-08 09:45:16.985root 11241100x8000000000000000269147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2397438a6e6cf5ea2023-02-08 09:45:16.985root 11241100x8000000000000000269146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18b4a70b00f6ee2023-02-08 09:45:16.985root 11241100x8000000000000000269145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b263a39a338e472023-02-08 09:45:16.985root 11241100x8000000000000000269144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e909450331d8a22023-02-08 09:45:16.985root 11241100x8000000000000000269143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715749c009f96fbf2023-02-08 09:45:16.985root 11241100x8000000000000000269142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c5599ee06e5ca62023-02-08 09:45:16.985root 11241100x8000000000000000269160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad0894e38aef3262023-02-08 09:45:16.986root 11241100x8000000000000000269159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b402e787d453b532023-02-08 09:45:16.986root 11241100x8000000000000000269158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e84f7330b2e6062023-02-08 09:45:16.986root 11241100x8000000000000000269157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c586e4f54fc8842023-02-08 09:45:16.986root 11241100x8000000000000000269156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6084d920099c4322023-02-08 09:45:16.986root 11241100x8000000000000000269155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93beb945d8083cf2023-02-08 09:45:16.986root 11241100x8000000000000000269154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e05ae11daf8982023-02-08 09:45:16.986root 11241100x8000000000000000269153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ffccb39970e9982023-02-08 09:45:16.986root 11241100x8000000000000000269152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c7a53eb8b030d02023-02-08 09:45:16.986root 11241100x8000000000000000269151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a00f09c999caa072023-02-08 09:45:16.986root 11241100x8000000000000000269166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d1019324c851732023-02-08 09:45:16.987root 11241100x8000000000000000269165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b7d3e57e5806032023-02-08 09:45:16.987root 11241100x8000000000000000269164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0a217acbd9230f2023-02-08 09:45:16.987root 11241100x8000000000000000269163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333061af349f9f142023-02-08 09:45:16.987root 11241100x8000000000000000269162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e5b92d6ef16c142023-02-08 09:45:16.987root 11241100x8000000000000000269161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b281f953a39e7382023-02-08 09:45:16.987root 11241100x8000000000000000269174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1345294cbb1a0962023-02-08 09:45:17.485root 11241100x8000000000000000269173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e660a0039b6a32f42023-02-08 09:45:17.485root 11241100x8000000000000000269172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220b774c73fced82023-02-08 09:45:17.485root 11241100x8000000000000000269171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cad955101f08c812023-02-08 09:45:17.485root 11241100x8000000000000000269170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4e266b7c3f7442023-02-08 09:45:17.485root 11241100x8000000000000000269169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e762122fd105a882023-02-08 09:45:17.485root 11241100x8000000000000000269168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e6931333ea7acd2023-02-08 09:45:17.485root 11241100x8000000000000000269167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf93dd2bf2023bf2023-02-08 09:45:17.485root 11241100x8000000000000000269181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c8758d913208e62023-02-08 09:45:17.486root 11241100x8000000000000000269180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60a855a24d5ce902023-02-08 09:45:17.486root 11241100x8000000000000000269179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e88d53bf270402023-02-08 09:45:17.486root 11241100x8000000000000000269178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b942218429e34a8b2023-02-08 09:45:17.486root 11241100x8000000000000000269177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c9addd399b7ddc2023-02-08 09:45:17.486root 11241100x8000000000000000269176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27cc9378f9032412023-02-08 09:45:17.486root 11241100x8000000000000000269175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d111b1b7911e1e2023-02-08 09:45:17.486root 11241100x8000000000000000269190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec3f7e12390005b2023-02-08 09:45:17.487root 11241100x8000000000000000269189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9573042412dbe0e22023-02-08 09:45:17.487root 11241100x8000000000000000269188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47b27eebce6ac962023-02-08 09:45:17.487root 11241100x8000000000000000269187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60864f93b13ccf482023-02-08 09:45:17.487root 11241100x8000000000000000269186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ddd4ea354a90d92023-02-08 09:45:17.487root 11241100x8000000000000000269185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f12828a39da67d2023-02-08 09:45:17.487root 11241100x8000000000000000269184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85249d55baddbb532023-02-08 09:45:17.487root 11241100x8000000000000000269183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6f61b87b33b0152023-02-08 09:45:17.487root 11241100x8000000000000000269182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f1c6b1ad3232ae2023-02-08 09:45:17.487root 11241100x8000000000000000269191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ddc1faba7a13582023-02-08 09:45:17.488root 11241100x8000000000000000269198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68585f995d6d62e2023-02-08 09:45:17.985root 11241100x8000000000000000269197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1293a1ba1921db702023-02-08 09:45:17.985root 11241100x8000000000000000269196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3954961eef447c182023-02-08 09:45:17.985root 11241100x8000000000000000269195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5fbe4c3932c60c2023-02-08 09:45:17.985root 11241100x8000000000000000269194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc0239cfcd9c0562023-02-08 09:45:17.985root 11241100x8000000000000000269193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72941e8fdc1d3fa2023-02-08 09:45:17.985root 11241100x8000000000000000269192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b50e325a164f20e2023-02-08 09:45:17.985root 11241100x8000000000000000269207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bd8a03ec1d70122023-02-08 09:45:17.986root 11241100x8000000000000000269206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a26a3a4d7ee7a72023-02-08 09:45:17.986root 11241100x8000000000000000269205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1e3845194c84a62023-02-08 09:45:17.986root 11241100x8000000000000000269204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a3b6ef5fd025b52023-02-08 09:45:17.986root 11241100x8000000000000000269203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff50ee27b4260562023-02-08 09:45:17.986root 11241100x8000000000000000269202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1ac6ba0a7b62812023-02-08 09:45:17.986root 11241100x8000000000000000269201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797869a06f43c2f12023-02-08 09:45:17.986root 11241100x8000000000000000269200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bf84a0f24a1f062023-02-08 09:45:17.986root 11241100x8000000000000000269199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ec599efd5f69d2023-02-08 09:45:17.986root 11241100x8000000000000000269215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0a6695fe65aec02023-02-08 09:45:17.987root 11241100x8000000000000000269214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf9cda8f577817a2023-02-08 09:45:17.987root 11241100x8000000000000000269213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9902367697447182023-02-08 09:45:17.987root 11241100x8000000000000000269212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08749dfeff3ba0b12023-02-08 09:45:17.987root 11241100x8000000000000000269211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d909ab9dfe706432023-02-08 09:45:17.987root 11241100x8000000000000000269210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc944936b693a8992023-02-08 09:45:17.987root 11241100x8000000000000000269209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd7a310864f23b52023-02-08 09:45:17.987root 11241100x8000000000000000269208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11755fca1fb8c432023-02-08 09:45:17.987root 11241100x8000000000000000269216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c409005e305f67d82023-02-08 09:45:17.988root 11241100x8000000000000000269223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6ed91c6bb08e7c2023-02-08 09:45:18.485root 11241100x8000000000000000269222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca8d97b4978fe4b2023-02-08 09:45:18.485root 11241100x8000000000000000269221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3065c445551e64192023-02-08 09:45:18.485root 11241100x8000000000000000269220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb5fce3bac13bf2023-02-08 09:45:18.485root 11241100x8000000000000000269219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79c00db70c6865e2023-02-08 09:45:18.485root 11241100x8000000000000000269218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab5187e0371a4a02023-02-08 09:45:18.485root 11241100x8000000000000000269217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f310771ae2815912023-02-08 09:45:18.485root 11241100x8000000000000000269233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59d0cfc6abe207d2023-02-08 09:45:18.486root 11241100x8000000000000000269232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254d813d126406542023-02-08 09:45:18.486root 11241100x8000000000000000269231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5c540b3d483c9c2023-02-08 09:45:18.486root 11241100x8000000000000000269230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb0347d26945f3d2023-02-08 09:45:18.486root 11241100x8000000000000000269229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9c329807c78d032023-02-08 09:45:18.486root 11241100x8000000000000000269228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7bc5a43662b52e2023-02-08 09:45:18.486root 11241100x8000000000000000269227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68677e0903df68ea2023-02-08 09:45:18.486root 11241100x8000000000000000269226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b28b5656bce9a1f2023-02-08 09:45:18.486root 11241100x8000000000000000269225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99449eae7575992023-02-08 09:45:18.486root 11241100x8000000000000000269224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a88ea2d263747bd2023-02-08 09:45:18.486root 11241100x8000000000000000269240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a184df2293a13d2023-02-08 09:45:18.487root 11241100x8000000000000000269239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2688a652f1dd05992023-02-08 09:45:18.487root 11241100x8000000000000000269238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e9cd3d8f007dd62023-02-08 09:45:18.487root 11241100x8000000000000000269237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d6871f5c79fff2023-02-08 09:45:18.487root 11241100x8000000000000000269236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac589b78de2e632023-02-08 09:45:18.487root 11241100x8000000000000000269235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae489c415a79c0d62023-02-08 09:45:18.487root 11241100x8000000000000000269234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629388cfcead07582023-02-08 09:45:18.487root 11241100x8000000000000000269241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8847c0c9520ea52023-02-08 09:45:18.488root 11241100x8000000000000000269249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3a02957392af0d2023-02-08 09:45:18.985root 11241100x8000000000000000269248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac931cf7e4012df02023-02-08 09:45:18.985root 11241100x8000000000000000269247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6b06a16fdc8e272023-02-08 09:45:18.985root 11241100x8000000000000000269246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ec5cd3f0524fe2023-02-08 09:45:18.985root 11241100x8000000000000000269245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d2dc32b5c04ff2023-02-08 09:45:18.985root 11241100x8000000000000000269244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f518dd6707323e22023-02-08 09:45:18.985root 11241100x8000000000000000269243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d4954501da30b52023-02-08 09:45:18.985root 11241100x8000000000000000269242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2e5079f4deec542023-02-08 09:45:18.985root 11241100x8000000000000000269257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df80c26410fb3e82023-02-08 09:45:18.986root 11241100x8000000000000000269256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dbb893cde916802023-02-08 09:45:18.986root 11241100x8000000000000000269255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a89bbe395d22a82023-02-08 09:45:18.986root 11241100x8000000000000000269254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7c8387cbf4b3c42023-02-08 09:45:18.986root 11241100x8000000000000000269253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a68d0d5eec16d2023-02-08 09:45:18.986root 11241100x8000000000000000269252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7d4ebccc3432402023-02-08 09:45:18.986root 11241100x8000000000000000269251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4687be60ec70632023-02-08 09:45:18.986root 11241100x8000000000000000269250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05607248f0224bbc2023-02-08 09:45:18.986root 11241100x8000000000000000269264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c66c6f617aa90002023-02-08 09:45:18.987root 11241100x8000000000000000269263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccb2f54411161f22023-02-08 09:45:18.987root 11241100x8000000000000000269262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594ece98f49fbf9a2023-02-08 09:45:18.987root 11241100x8000000000000000269261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b84fa6199f24e282023-02-08 09:45:18.987root 11241100x8000000000000000269260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6fcbc3698a3a3e2023-02-08 09:45:18.987root 11241100x8000000000000000269259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f309abd6cce2dd12023-02-08 09:45:18.987root 11241100x8000000000000000269258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3621338f0719d5492023-02-08 09:45:18.987root 11241100x8000000000000000269266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa8ce0ce23d57f82023-02-08 09:45:18.988root 11241100x8000000000000000269265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f386d3a374e4052023-02-08 09:45:18.988root 11241100x8000000000000000269273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4997734a8ed8b3742023-02-08 09:45:19.485root 11241100x8000000000000000269272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68b68fea033052b2023-02-08 09:45:19.485root 11241100x8000000000000000269271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04e4bec918263712023-02-08 09:45:19.485root 11241100x8000000000000000269270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8968823294eb25b02023-02-08 09:45:19.485root 11241100x8000000000000000269269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d0087d54b9b9a2023-02-08 09:45:19.485root 11241100x8000000000000000269268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8933b7867dda4d2023-02-08 09:45:19.485root 11241100x8000000000000000269267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3ccc3d75090b42023-02-08 09:45:19.485root 11241100x8000000000000000269278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5b8b5d753275a82023-02-08 09:45:19.486root 11241100x8000000000000000269277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933605bb1c3000b82023-02-08 09:45:19.486root 11241100x8000000000000000269276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9641dd291fd94362023-02-08 09:45:19.486root 11241100x8000000000000000269275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90715e81536e3f22023-02-08 09:45:19.486root 11241100x8000000000000000269274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2820c8227145dbb2023-02-08 09:45:19.486root 11241100x8000000000000000269281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364bd5715d3df4fa2023-02-08 09:45:19.487root 11241100x8000000000000000269280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1785bca503b9b82023-02-08 09:45:19.487root 11241100x8000000000000000269279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf667a1167133db42023-02-08 09:45:19.487root 11241100x8000000000000000269287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a67447c0e77c432023-02-08 09:45:19.488root 11241100x8000000000000000269286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b07901817feccf2023-02-08 09:45:19.488root 11241100x8000000000000000269285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722e3bce3b91a9272023-02-08 09:45:19.488root 11241100x8000000000000000269284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdbcff56a753eff2023-02-08 09:45:19.488root 11241100x8000000000000000269283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d049c273eb72a0532023-02-08 09:45:19.488root 11241100x8000000000000000269282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac532f90c1950372023-02-08 09:45:19.488root 11241100x8000000000000000269291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e4d3fd20746722023-02-08 09:45:19.489root 11241100x8000000000000000269290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a71f399964847b2023-02-08 09:45:19.489root 11241100x8000000000000000269289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b05a6c3510450e2023-02-08 09:45:19.489root 11241100x8000000000000000269288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfc47ad394d2482023-02-08 09:45:19.489root 11241100x8000000000000000269299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc53e3946d157e022023-02-08 09:45:19.985root 11241100x8000000000000000269298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5645389e6862edb2023-02-08 09:45:19.985root 11241100x8000000000000000269297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42176c9572eea9d82023-02-08 09:45:19.985root 11241100x8000000000000000269296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a75f37e47d8ad92023-02-08 09:45:19.985root 11241100x8000000000000000269295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097aa2e0a8c46742023-02-08 09:45:19.985root 11241100x8000000000000000269294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0b01ec03340c532023-02-08 09:45:19.985root 11241100x8000000000000000269293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d038c30aa1ced3c2023-02-08 09:45:19.985root 11241100x8000000000000000269292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1dd9340da33d352023-02-08 09:45:19.985root 11241100x8000000000000000269309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba06e3bb3f84b512023-02-08 09:45:19.986root 11241100x8000000000000000269308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79802d0a92e3a5d62023-02-08 09:45:19.986root 11241100x8000000000000000269307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1686341a6a81d7722023-02-08 09:45:19.986root 11241100x8000000000000000269306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e45b4b2342ecd82023-02-08 09:45:19.986root 11241100x8000000000000000269305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991db582acefe142023-02-08 09:45:19.986root 11241100x8000000000000000269304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44925c4fbacaddba2023-02-08 09:45:19.986root 11241100x8000000000000000269303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83857f9fc6f4b5e92023-02-08 09:45:19.986root 11241100x8000000000000000269302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446731bc4af4e42a2023-02-08 09:45:19.986root 11241100x8000000000000000269301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4916c465a73d41dc2023-02-08 09:45:19.986root 11241100x8000000000000000269300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e348933f5d60432023-02-08 09:45:19.986root 11241100x8000000000000000269316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7019867a543ca3a2023-02-08 09:45:19.987root 11241100x8000000000000000269315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc5845aa9a566d02023-02-08 09:45:19.987root 11241100x8000000000000000269314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0e18844c034202023-02-08 09:45:19.987root 11241100x8000000000000000269313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe2c8af897457e2023-02-08 09:45:19.987root 11241100x8000000000000000269312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be4f48c69ce10972023-02-08 09:45:19.987root 11241100x8000000000000000269311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49586bd83e279d3f2023-02-08 09:45:19.987root 11241100x8000000000000000269310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f9a7e0a74a8592023-02-08 09:45:19.987root 354300x8000000000000000269317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.193{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43444-false10.0.1.12-8000- 11241100x8000000000000000269327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af40f5979a112b212023-02-08 09:45:20.485root 11241100x8000000000000000269326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a832e3c6123772023-02-08 09:45:20.485root 11241100x8000000000000000269325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4889feaec3f802023-02-08 09:45:20.485root 11241100x8000000000000000269324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee45621c3922b492023-02-08 09:45:20.485root 11241100x8000000000000000269323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc4796bc49f8242023-02-08 09:45:20.485root 11241100x8000000000000000269322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8408107e6b029a2023-02-08 09:45:20.485root 11241100x8000000000000000269321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5787fa210b3cc7c02023-02-08 09:45:20.485root 11241100x8000000000000000269320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded1d445bf5532d22023-02-08 09:45:20.485root 11241100x8000000000000000269319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49631acee2d94be2023-02-08 09:45:20.485root 11241100x8000000000000000269318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f69dab8f27c422023-02-08 09:45:20.485root 11241100x8000000000000000269341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f3db2f0252b7962023-02-08 09:45:20.486root 11241100x8000000000000000269340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7056efe91faf59832023-02-08 09:45:20.486root 11241100x8000000000000000269339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf722ab435bd03942023-02-08 09:45:20.486root 11241100x8000000000000000269338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf35cdfcbc95bc02023-02-08 09:45:20.486root 11241100x8000000000000000269337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc91f82612110e2023-02-08 09:45:20.486root 11241100x8000000000000000269336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09abbae2cf8acf6a2023-02-08 09:45:20.486root 11241100x8000000000000000269335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844c15b0a6f7e39f2023-02-08 09:45:20.486root 11241100x8000000000000000269334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6467d1b28207d302023-02-08 09:45:20.486root 11241100x8000000000000000269333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22684b9c7a3f8022023-02-08 09:45:20.486root 11241100x8000000000000000269332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d2a687ebaa21502023-02-08 09:45:20.486root 11241100x8000000000000000269331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daca33ed849420072023-02-08 09:45:20.486root 11241100x8000000000000000269330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549b198241d9a2242023-02-08 09:45:20.486root 11241100x8000000000000000269329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf915a8121906a02023-02-08 09:45:20.486root 11241100x8000000000000000269328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dffc8c6cdfa53682023-02-08 09:45:20.486root 11241100x8000000000000000269343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c33326b2b1d61152023-02-08 09:45:20.487root 11241100x8000000000000000269342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db2ae18066a035e2023-02-08 09:45:20.487root 11241100x8000000000000000269353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f91f613720bfb2023-02-08 09:45:20.985root 11241100x8000000000000000269352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc149652afde40672023-02-08 09:45:20.985root 11241100x8000000000000000269351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd050959594ee1e2023-02-08 09:45:20.985root 11241100x8000000000000000269350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693331dd58c0da092023-02-08 09:45:20.985root 11241100x8000000000000000269349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d057e5675577b7d12023-02-08 09:45:20.985root 11241100x8000000000000000269348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ac0c344a075452023-02-08 09:45:20.985root 11241100x8000000000000000269347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c6345688f76f6e2023-02-08 09:45:20.985root 11241100x8000000000000000269346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b569e0e2fecc16ee2023-02-08 09:45:20.985root 11241100x8000000000000000269345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fce325295dda5fe2023-02-08 09:45:20.985root 11241100x8000000000000000269344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714cabadcfed8ead2023-02-08 09:45:20.985root 11241100x8000000000000000269363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a34e6a6d6e92232023-02-08 09:45:20.986root 11241100x8000000000000000269362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad7d8fb5ef7c9172023-02-08 09:45:20.986root 11241100x8000000000000000269361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577356d7f8a7fbc62023-02-08 09:45:20.986root 11241100x8000000000000000269360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f21d79c4a66beb2023-02-08 09:45:20.986root 11241100x8000000000000000269359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b0fecd56601812023-02-08 09:45:20.986root 11241100x8000000000000000269358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec71d04c7e2320b42023-02-08 09:45:20.986root 11241100x8000000000000000269357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c39e1bd4be39cf82023-02-08 09:45:20.986root 11241100x8000000000000000269356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306fbe9d71b105fd2023-02-08 09:45:20.986root 11241100x8000000000000000269355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79085cc02317388e2023-02-08 09:45:20.986root 11241100x8000000000000000269354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2863ce7b0e25b92023-02-08 09:45:20.986root 11241100x8000000000000000269369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17071c48ae4225792023-02-08 09:45:20.987root 11241100x8000000000000000269368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377d269b1807a85d2023-02-08 09:45:20.987root 11241100x8000000000000000269367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a40953f05543272023-02-08 09:45:20.987root 11241100x8000000000000000269366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13876dc1eadb34222023-02-08 09:45:20.987root 11241100x8000000000000000269365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7a59c5eb2a16f22023-02-08 09:45:20.987root 11241100x8000000000000000269364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b249fe85e3af5b2023-02-08 09:45:20.987root 11241100x8000000000000000269379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e39073e23780712023-02-08 09:45:21.485root 11241100x8000000000000000269378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d88ded2dcd27102023-02-08 09:45:21.485root 11241100x8000000000000000269377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d3100a98324b472023-02-08 09:45:21.485root 11241100x8000000000000000269376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa9b97bdc5958502023-02-08 09:45:21.485root 11241100x8000000000000000269375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a78742a52054add2023-02-08 09:45:21.485root 11241100x8000000000000000269374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b91dc6d0a754ec2023-02-08 09:45:21.485root 11241100x8000000000000000269373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa17da131a9a5ee2023-02-08 09:45:21.485root 11241100x8000000000000000269372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ca633b9104015f2023-02-08 09:45:21.485root 11241100x8000000000000000269371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c58699e90b068b2023-02-08 09:45:21.485root 11241100x8000000000000000269370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f457ded4e100d2023-02-08 09:45:21.485root 11241100x8000000000000000269380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01609c68ef6104822023-02-08 09:45:21.486root 11241100x8000000000000000269381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a74aba981f8f2f22023-02-08 09:45:21.488root 11241100x8000000000000000269390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de54810983e503b62023-02-08 09:45:21.489root 11241100x8000000000000000269389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb883fb90abdf302023-02-08 09:45:21.489root 11241100x8000000000000000269388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01a08b0cc9cc50c2023-02-08 09:45:21.489root 11241100x8000000000000000269387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c118ab6a71e38c0c2023-02-08 09:45:21.489root 11241100x8000000000000000269386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fbafb23072dace2023-02-08 09:45:21.489root 11241100x8000000000000000269385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c23d5771650fc2023-02-08 09:45:21.489root 11241100x8000000000000000269384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ab1c550b8a8bc32023-02-08 09:45:21.489root 11241100x8000000000000000269383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0dd00da7e529812023-02-08 09:45:21.489root 11241100x8000000000000000269382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6653053a0f656afd2023-02-08 09:45:21.489root 11241100x8000000000000000269395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46092bb2fc09e1712023-02-08 09:45:21.490root 11241100x8000000000000000269394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb70fb73f0cd1932023-02-08 09:45:21.490root 11241100x8000000000000000269393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc12bd080257f8832023-02-08 09:45:21.490root 11241100x8000000000000000269392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603ad46d06ed037a2023-02-08 09:45:21.490root 11241100x8000000000000000269391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b021fbb540298b712023-02-08 09:45:21.490root 11241100x8000000000000000269406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e607a0f1c37e7d812023-02-08 09:45:21.985root 11241100x8000000000000000269405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4ed3db5545083e2023-02-08 09:45:21.985root 11241100x8000000000000000269404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d158cd34c3644f2023-02-08 09:45:21.985root 11241100x8000000000000000269403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a8d899e23c57252023-02-08 09:45:21.985root 11241100x8000000000000000269402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7a68f82b8500922023-02-08 09:45:21.985root 11241100x8000000000000000269401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d838ad9fbf288d42023-02-08 09:45:21.985root 11241100x8000000000000000269400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be7afd069ba16562023-02-08 09:45:21.985root 11241100x8000000000000000269399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb63bc42f8508792023-02-08 09:45:21.985root 11241100x8000000000000000269398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f0bf995c1e72362023-02-08 09:45:21.985root 11241100x8000000000000000269397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dcfac1661c72e52023-02-08 09:45:21.985root 11241100x8000000000000000269396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18bb40fdde242f02023-02-08 09:45:21.985root 11241100x8000000000000000269415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf32a091767ce052023-02-08 09:45:21.986root 11241100x8000000000000000269414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f899256941bd742023-02-08 09:45:21.986root 11241100x8000000000000000269413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de1da9ae40057c42023-02-08 09:45:21.986root 11241100x8000000000000000269412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354b970a778e52b2023-02-08 09:45:21.986root 11241100x8000000000000000269411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31148601e4a85f02023-02-08 09:45:21.986root 11241100x8000000000000000269410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648982b307c10f582023-02-08 09:45:21.986root 11241100x8000000000000000269409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c65ebb96c537ba2023-02-08 09:45:21.986root 11241100x8000000000000000269408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e34898acc4fc372023-02-08 09:45:21.986root 11241100x8000000000000000269407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da74a07e217117cb2023-02-08 09:45:21.986root 11241100x8000000000000000269421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e005289058b6752023-02-08 09:45:21.987root 11241100x8000000000000000269420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d3710cd207643e2023-02-08 09:45:21.987root 11241100x8000000000000000269419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8808260c4e2e752d2023-02-08 09:45:21.987root 11241100x8000000000000000269418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36138a7fe1bbc87d2023-02-08 09:45:21.987root 11241100x8000000000000000269417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0864f1608ea1cf2023-02-08 09:45:21.987root 11241100x8000000000000000269416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c41e5166ea3a1102023-02-08 09:45:21.987root 11241100x8000000000000000269429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6799b16f2f25de492023-02-08 09:45:22.485root 11241100x8000000000000000269428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb39877b6f3a524e2023-02-08 09:45:22.485root 11241100x8000000000000000269427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad90abadb528be012023-02-08 09:45:22.485root 11241100x8000000000000000269426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8e015959ef14512023-02-08 09:45:22.485root 11241100x8000000000000000269425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973bd0cff8ce056b2023-02-08 09:45:22.485root 11241100x8000000000000000269424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27abad6876606d192023-02-08 09:45:22.485root 11241100x8000000000000000269423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe70f65f5c78717c2023-02-08 09:45:22.485root 11241100x8000000000000000269422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da886d9408662c3b2023-02-08 09:45:22.485root 11241100x8000000000000000269436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b05a620720171a2023-02-08 09:45:22.486root 11241100x8000000000000000269435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9434a7def8d5812023-02-08 09:45:22.486root 11241100x8000000000000000269434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcff26945a9a17152023-02-08 09:45:22.486root 11241100x8000000000000000269433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8128d2f9366e43f12023-02-08 09:45:22.486root 11241100x8000000000000000269432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e410ec0195fdcd2023-02-08 09:45:22.486root 11241100x8000000000000000269431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4c7b164db45d002023-02-08 09:45:22.486root 11241100x8000000000000000269430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbbee42699028fa2023-02-08 09:45:22.486root 11241100x8000000000000000269443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102fb4086a78e7e2023-02-08 09:45:22.487root 11241100x8000000000000000269442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d224e74598aa872023-02-08 09:45:22.487root 11241100x8000000000000000269441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801203d79bcb3f3e2023-02-08 09:45:22.487root 11241100x8000000000000000269440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463fe9c650c4970f2023-02-08 09:45:22.487root 11241100x8000000000000000269439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434a9e6195279ebb2023-02-08 09:45:22.487root 11241100x8000000000000000269438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c75786df8e36012023-02-08 09:45:22.487root 11241100x8000000000000000269437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a29164eb130d202023-02-08 09:45:22.487root 11241100x8000000000000000269447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5fa6cbff803ab42023-02-08 09:45:22.488root 11241100x8000000000000000269446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e558ab00553e598a2023-02-08 09:45:22.488root 11241100x8000000000000000269445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935bbce66cf3226d2023-02-08 09:45:22.488root 11241100x8000000000000000269444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90dcedbee8ce61d2023-02-08 09:45:22.488root 11241100x8000000000000000269451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e079aefd6f2bc5122023-02-08 09:45:22.985root 11241100x8000000000000000269450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6246086a667db352023-02-08 09:45:22.985root 11241100x8000000000000000269449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aef536f848b66c2023-02-08 09:45:22.985root 11241100x8000000000000000269448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12f19f6ba9cad0e2023-02-08 09:45:22.985root 11241100x8000000000000000269459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33603747ad8744492023-02-08 09:45:22.986root 11241100x8000000000000000269458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685e901929b8ba612023-02-08 09:45:22.986root 11241100x8000000000000000269457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b281bc02902e4a2a2023-02-08 09:45:22.986root 11241100x8000000000000000269456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcabc8dc950e1ac2023-02-08 09:45:22.986root 11241100x8000000000000000269455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a983dd2613eb27e52023-02-08 09:45:22.986root 11241100x8000000000000000269454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1be44db98c67a642023-02-08 09:45:22.986root 11241100x8000000000000000269453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5faad765beef242023-02-08 09:45:22.986root 11241100x8000000000000000269452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60700a86b5a43842023-02-08 09:45:22.986root 11241100x8000000000000000269470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052b2a73b50834192023-02-08 09:45:22.987root 11241100x8000000000000000269469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8623e6b837d67e2023-02-08 09:45:22.987root 11241100x8000000000000000269468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a38c9a3a28cf8bf2023-02-08 09:45:22.987root 11241100x8000000000000000269467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0b7e128da71c222023-02-08 09:45:22.987root 11241100x8000000000000000269466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b36d8b7172376a2023-02-08 09:45:22.987root 11241100x8000000000000000269465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e25f2459069a1ca2023-02-08 09:45:22.987root 11241100x8000000000000000269464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45266e22185e322023-02-08 09:45:22.987root 11241100x8000000000000000269463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6bf3335cefcc862023-02-08 09:45:22.987root 11241100x8000000000000000269462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87bf046c141796f2023-02-08 09:45:22.987root 11241100x8000000000000000269461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c3e5ab3f3fca962023-02-08 09:45:22.987root 11241100x8000000000000000269460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19caab3ef2c5c69e2023-02-08 09:45:22.987root 11241100x8000000000000000269473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49512ac380cbf72023-02-08 09:45:22.988root 11241100x8000000000000000269472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7ee82a8b3d69c02023-02-08 09:45:22.988root 11241100x8000000000000000269471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c04884aeefddd02023-02-08 09:45:22.988root 11241100x8000000000000000269483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b93fa1eb477db812023-02-08 09:45:23.485root 11241100x8000000000000000269482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62688cb9d5957cd02023-02-08 09:45:23.485root 11241100x8000000000000000269481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6691b95a8c12f5212023-02-08 09:45:23.485root 11241100x8000000000000000269480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c6d8b6c2f532032023-02-08 09:45:23.485root 11241100x8000000000000000269479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d1806a7c1255d2023-02-08 09:45:23.485root 11241100x8000000000000000269478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb23ca049d52cb62023-02-08 09:45:23.485root 11241100x8000000000000000269477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3085794a1de957a82023-02-08 09:45:23.485root 11241100x8000000000000000269476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5e79e26326c3652023-02-08 09:45:23.485root 11241100x8000000000000000269475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f72d08d877f1cde2023-02-08 09:45:23.485root 11241100x8000000000000000269474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8818c2bda62cb5562023-02-08 09:45:23.485root 11241100x8000000000000000269490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c42ef862d51933f2023-02-08 09:45:23.486root 11241100x8000000000000000269489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fbde4a6bf5a7542023-02-08 09:45:23.486root 11241100x8000000000000000269488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ff6f16f754848a2023-02-08 09:45:23.486root 11241100x8000000000000000269487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95969ea52201917b2023-02-08 09:45:23.486root 11241100x8000000000000000269486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e9f92690f99a7e2023-02-08 09:45:23.486root 11241100x8000000000000000269485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d4a17e2deac5e02023-02-08 09:45:23.486root 11241100x8000000000000000269484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f47ce3c1386f422023-02-08 09:45:23.486root 11241100x8000000000000000269497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e889967965142ee2023-02-08 09:45:23.487root 11241100x8000000000000000269496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514c1a65fe22383a2023-02-08 09:45:23.487root 11241100x8000000000000000269495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1dfa9b618ac57c2023-02-08 09:45:23.487root 11241100x8000000000000000269494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58028ad44557e8fc2023-02-08 09:45:23.487root 11241100x8000000000000000269493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de60333b17a66412023-02-08 09:45:23.487root 11241100x8000000000000000269492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2104e0677252e472023-02-08 09:45:23.487root 11241100x8000000000000000269491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f47911dd327b28d2023-02-08 09:45:23.487root 11241100x8000000000000000269498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dbfda021ab14212023-02-08 09:45:23.488root 11241100x8000000000000000269499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5445f269cf63f12023-02-08 09:45:23.489root 11241100x8000000000000000269510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77351033934553e2023-02-08 09:45:23.985root 11241100x8000000000000000269509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d409afbb6d708352023-02-08 09:45:23.985root 11241100x8000000000000000269508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f630a33ae31a27d2023-02-08 09:45:23.985root 11241100x8000000000000000269507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235e7ef43c3064e62023-02-08 09:45:23.985root 11241100x8000000000000000269506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb2822e51d3f63d2023-02-08 09:45:23.985root 11241100x8000000000000000269505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d22a671d1ec59512023-02-08 09:45:23.985root 11241100x8000000000000000269504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc82000c9f41392023-02-08 09:45:23.985root 11241100x8000000000000000269503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992521230835e952023-02-08 09:45:23.985root 11241100x8000000000000000269502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a7cb5f50539e42023-02-08 09:45:23.985root 11241100x8000000000000000269501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516680c09e95ede22023-02-08 09:45:23.985root 11241100x8000000000000000269500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b8ada20c124102023-02-08 09:45:23.985root 11241100x8000000000000000269520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a92b3bbd8487ed62023-02-08 09:45:23.986root 11241100x8000000000000000269519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f787d4c3d94ff9d52023-02-08 09:45:23.986root 11241100x8000000000000000269518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6726fe9edecd68962023-02-08 09:45:23.986root 11241100x8000000000000000269517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2719a79aa464de172023-02-08 09:45:23.986root 11241100x8000000000000000269516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa567e09a56c2262023-02-08 09:45:23.986root 11241100x8000000000000000269515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8691f263525be6e2023-02-08 09:45:23.986root 11241100x8000000000000000269514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0e30b7bd81c96e2023-02-08 09:45:23.986root 11241100x8000000000000000269513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678980d1a51db2bf2023-02-08 09:45:23.986root 11241100x8000000000000000269512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e9099558d83fd2023-02-08 09:45:23.986root 11241100x8000000000000000269511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f1d2d2394408fa2023-02-08 09:45:23.986root 11241100x8000000000000000269525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c6d3283d66a262023-02-08 09:45:23.987root 11241100x8000000000000000269524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d38b79d16f375a2023-02-08 09:45:23.987root 11241100x8000000000000000269523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d13609651d4ece2023-02-08 09:45:23.987root 11241100x8000000000000000269522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2556e1a3dff382d62023-02-08 09:45:23.987root 11241100x8000000000000000269521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e607ed4dda0b40e82023-02-08 09:45:23.987root 11241100x8000000000000000269533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c98a3b46a507c8c2023-02-08 09:45:24.485root 11241100x8000000000000000269532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87da9297b5601cc2023-02-08 09:45:24.485root 11241100x8000000000000000269531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1eb8be23a88c312023-02-08 09:45:24.485root 11241100x8000000000000000269530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947a8f46dbea68db2023-02-08 09:45:24.485root 11241100x8000000000000000269529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25ea74fdde12ec22023-02-08 09:45:24.485root 11241100x8000000000000000269528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee11fafc0e66bdc2023-02-08 09:45:24.485root 11241100x8000000000000000269527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaae465d0ba5bba2023-02-08 09:45:24.485root 11241100x8000000000000000269526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b503e81800066912023-02-08 09:45:24.485root 11241100x8000000000000000269542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4d20bdc4a34a582023-02-08 09:45:24.486root 11241100x8000000000000000269541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e3ebd457a08522023-02-08 09:45:24.486root 11241100x8000000000000000269540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83539c59c49f7c1d2023-02-08 09:45:24.486root 11241100x8000000000000000269539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d8bda5d54dead12023-02-08 09:45:24.486root 11241100x8000000000000000269538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c5f2e6c7d062702023-02-08 09:45:24.486root 11241100x8000000000000000269537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9ad09615481da2023-02-08 09:45:24.486root 11241100x8000000000000000269536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06089bca23817012023-02-08 09:45:24.486root 11241100x8000000000000000269535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227319b5918317b82023-02-08 09:45:24.486root 11241100x8000000000000000269534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a57e6e51f67d542023-02-08 09:45:24.486root 11241100x8000000000000000269548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c609ac9abf150a482023-02-08 09:45:24.487root 11241100x8000000000000000269547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7f7cb67b69183b2023-02-08 09:45:24.487root 11241100x8000000000000000269546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613979134ea1a5a62023-02-08 09:45:24.487root 11241100x8000000000000000269545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c935cc0d6a137922023-02-08 09:45:24.487root 11241100x8000000000000000269544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5197298cf4f828442023-02-08 09:45:24.487root 11241100x8000000000000000269543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd43b6b4e40d822a2023-02-08 09:45:24.487root 11241100x8000000000000000269551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a330366264f7792023-02-08 09:45:24.488root 11241100x8000000000000000269550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d710b9f828a6b22023-02-08 09:45:24.488root 11241100x8000000000000000269549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c85a4d8510190e2023-02-08 09:45:24.488root 11241100x8000000000000000269559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301369569f2ea892023-02-08 09:45:24.985root 11241100x8000000000000000269558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96bc1879d624f722023-02-08 09:45:24.985root 11241100x8000000000000000269557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f00e18e0ce922e02023-02-08 09:45:24.985root 11241100x8000000000000000269556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c817972183437e2023-02-08 09:45:24.985root 11241100x8000000000000000269555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b203360c02380692023-02-08 09:45:24.985root 11241100x8000000000000000269554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a779dc283a390c62023-02-08 09:45:24.985root 11241100x8000000000000000269553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5ceee39b55033b2023-02-08 09:45:24.985root 11241100x8000000000000000269552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a565b133204a6fc62023-02-08 09:45:24.985root 11241100x8000000000000000269564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d196dc4757bd412023-02-08 09:45:24.986root 11241100x8000000000000000269563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61f7c7613da2eb22023-02-08 09:45:24.986root 11241100x8000000000000000269562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91edda210b698b652023-02-08 09:45:24.986root 11241100x8000000000000000269561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47702720b7c170bb2023-02-08 09:45:24.986root 11241100x8000000000000000269560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d03c6ddfaf83a62023-02-08 09:45:24.986root 11241100x8000000000000000269571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5866004c407192023-02-08 09:45:24.987root 11241100x8000000000000000269570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4259bd6b0305ca822023-02-08 09:45:24.987root 11241100x8000000000000000269569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd97a6df5d49a422023-02-08 09:45:24.987root 11241100x8000000000000000269568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9db0bf49cb1d9082023-02-08 09:45:24.987root 11241100x8000000000000000269567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422163823df6249d2023-02-08 09:45:24.987root 11241100x8000000000000000269566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b658fa2ac192c12023-02-08 09:45:24.987root 11241100x8000000000000000269565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc795e1f9a89bc782023-02-08 09:45:24.987root 11241100x8000000000000000269577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83225067443f0ab42023-02-08 09:45:24.988root 11241100x8000000000000000269576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bc8863e31e18842023-02-08 09:45:24.988root 11241100x8000000000000000269575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd6781999180f172023-02-08 09:45:24.988root 11241100x8000000000000000269574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12d4947479ac1de2023-02-08 09:45:24.988root 11241100x8000000000000000269573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed5eec7ac326f1f2023-02-08 09:45:24.988root 11241100x8000000000000000269572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c422df59ba272b2023-02-08 09:45:24.988root 354300x8000000000000000269578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.221{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43456-false10.0.1.12-8000- 11241100x8000000000000000269586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23798418e499334b2023-02-08 09:45:25.485root 11241100x8000000000000000269585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae2d543c5f14b72023-02-08 09:45:25.485root 11241100x8000000000000000269584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee8cae441578612023-02-08 09:45:25.485root 11241100x8000000000000000269583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415a2cb34f3614f72023-02-08 09:45:25.485root 11241100x8000000000000000269582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563c5be5260ad20f2023-02-08 09:45:25.485root 11241100x8000000000000000269581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62f198c2d58a31e2023-02-08 09:45:25.485root 11241100x8000000000000000269580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0434a17480970eb12023-02-08 09:45:25.485root 11241100x8000000000000000269579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5099af9b9da7090c2023-02-08 09:45:25.485root 11241100x8000000000000000269588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2de5c6d13cd25a72023-02-08 09:45:25.486root 11241100x8000000000000000269587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b730b209cb98c3332023-02-08 09:45:25.486root 11241100x8000000000000000269591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdcf84b192eb5222023-02-08 09:45:25.487root 11241100x8000000000000000269590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7997591a894d12023-02-08 09:45:25.487root 11241100x8000000000000000269589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a6bc034a6a4e1a2023-02-08 09:45:25.487root 11241100x8000000000000000269601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c696b1760e6543a2023-02-08 09:45:25.488root 11241100x8000000000000000269600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3a3059342d768e2023-02-08 09:45:25.488root 11241100x8000000000000000269599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f733dedb3e63ea2023-02-08 09:45:25.488root 11241100x8000000000000000269598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5112a935b224b6782023-02-08 09:45:25.488root 11241100x8000000000000000269597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cabee002f200d422023-02-08 09:45:25.488root 11241100x8000000000000000269596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e637cac940a5dbd2023-02-08 09:45:25.488root 11241100x8000000000000000269595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d04b42917481152023-02-08 09:45:25.488root 11241100x8000000000000000269594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5afd067e983d092023-02-08 09:45:25.488root 11241100x8000000000000000269593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5c53b12a81bf3d2023-02-08 09:45:25.488root 11241100x8000000000000000269592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fba0f6be7b5e5882023-02-08 09:45:25.488root 11241100x8000000000000000269604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6ee16ba034e5dc2023-02-08 09:45:25.489root 11241100x8000000000000000269603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accc453ebb54c30e2023-02-08 09:45:25.489root 11241100x8000000000000000269602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f40258642740852023-02-08 09:45:25.489root 11241100x8000000000000000269605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46affa202d0c382a2023-02-08 09:45:25.490root 11241100x8000000000000000269615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c2594fc65fc3c2023-02-08 09:45:25.986root 11241100x8000000000000000269614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc1304380c4169c2023-02-08 09:45:25.986root 11241100x8000000000000000269613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d23ae257a6bbf962023-02-08 09:45:25.986root 11241100x8000000000000000269612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd70836b35478ea2023-02-08 09:45:25.986root 11241100x8000000000000000269611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2227cb5384f355c2023-02-08 09:45:25.986root 11241100x8000000000000000269610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed97c664ae6531e2023-02-08 09:45:25.986root 11241100x8000000000000000269609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970843dc34415dab2023-02-08 09:45:25.986root 11241100x8000000000000000269608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48066bfc7d3a25622023-02-08 09:45:25.986root 11241100x8000000000000000269607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e312835658f73552023-02-08 09:45:25.986root 11241100x8000000000000000269606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960a813386476ff02023-02-08 09:45:25.986root 11241100x8000000000000000269627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04d43ef12ecc7702023-02-08 09:45:25.987root 11241100x8000000000000000269626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9275086582302df92023-02-08 09:45:25.987root 11241100x8000000000000000269625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc3b749555518d42023-02-08 09:45:25.987root 11241100x8000000000000000269624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2746059e7a798aa12023-02-08 09:45:25.987root 11241100x8000000000000000269623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1764d17fc2260c72023-02-08 09:45:25.987root 11241100x8000000000000000269622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a58455edff833fe2023-02-08 09:45:25.987root 11241100x8000000000000000269621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05767f15c793b63e2023-02-08 09:45:25.987root 11241100x8000000000000000269620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e801ced8018472023-02-08 09:45:25.987root 11241100x8000000000000000269619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a112c336798b63952023-02-08 09:45:25.987root 11241100x8000000000000000269618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4966246389a28a8f2023-02-08 09:45:25.987root 11241100x8000000000000000269617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d185bfa997ab552023-02-08 09:45:25.987root 11241100x8000000000000000269616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e501402e629c2b4c2023-02-08 09:45:25.987root 11241100x8000000000000000269628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a0472fbc784522023-02-08 09:45:25.988root 11241100x8000000000000000269631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde21ea96145b61d2023-02-08 09:45:25.989root 11241100x8000000000000000269630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eb86b9420b3d772023-02-08 09:45:25.989root 11241100x8000000000000000269629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c804287b8051f9172023-02-08 09:45:25.989root 11241100x8000000000000000269641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739e1d469d2429132023-02-08 09:45:25.990root 11241100x8000000000000000269640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6fcf794d018c682023-02-08 09:45:25.990root 11241100x8000000000000000269639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fd85d7220846ea2023-02-08 09:45:25.990root 11241100x8000000000000000269638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e09a723af5fb462023-02-08 09:45:25.990root 11241100x8000000000000000269637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b81008565cd43b12023-02-08 09:45:25.990root 11241100x8000000000000000269636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980048b87b07fba22023-02-08 09:45:25.990root 11241100x8000000000000000269635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a8a4fae377ed72023-02-08 09:45:25.990root 11241100x8000000000000000269634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc1b4f0cdb2b2442023-02-08 09:45:25.990root 11241100x8000000000000000269633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0863b25e9500e2023-02-08 09:45:25.990root 11241100x8000000000000000269632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f99c83b50c1182023-02-08 09:45:25.990root 11241100x8000000000000000269647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed973a96541322e2023-02-08 09:45:25.991root 11241100x8000000000000000269646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897906bd3758eb692023-02-08 09:45:25.991root 11241100x8000000000000000269645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8583ed6a61793e3f2023-02-08 09:45:25.991root 11241100x8000000000000000269644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aadc2405db7472b2023-02-08 09:45:25.991root 11241100x8000000000000000269643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec6549acd22e25f2023-02-08 09:45:25.991root 11241100x8000000000000000269642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e48367beac60fcc2023-02-08 09:45:25.991root 11241100x8000000000000000269653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb783e92eb1a2ae2023-02-08 09:45:25.992root 11241100x8000000000000000269652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5031b5996e581a2023-02-08 09:45:25.992root 11241100x8000000000000000269651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a213ea0030b43c2023-02-08 09:45:25.992root 11241100x8000000000000000269650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f68fcfee8262b72023-02-08 09:45:25.992root 11241100x8000000000000000269649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a5600cbc6752c72023-02-08 09:45:25.992root 11241100x8000000000000000269648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60571dd838fb42f82023-02-08 09:45:25.992root 11241100x8000000000000000269654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2533880405b8142023-02-08 09:45:25.993root 11241100x8000000000000000269662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a4a532e1d14212023-02-08 09:45:26.485root 11241100x8000000000000000269661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd92dd6ec11338c2023-02-08 09:45:26.485root 11241100x8000000000000000269660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018dbbee6d186a1e2023-02-08 09:45:26.485root 11241100x8000000000000000269659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68282e6a77f93e5a2023-02-08 09:45:26.485root 11241100x8000000000000000269658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee72c1bf6ee5dc72023-02-08 09:45:26.485root 11241100x8000000000000000269657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d87868a833591412023-02-08 09:45:26.485root 11241100x8000000000000000269656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24cdfc4174c32e72023-02-08 09:45:26.485root 11241100x8000000000000000269655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00fdf59586e70a32023-02-08 09:45:26.485root 11241100x8000000000000000269678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa6cdfb49e6d6692023-02-08 09:45:26.486root 11241100x8000000000000000269677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce96acabd3f5af32023-02-08 09:45:26.486root 11241100x8000000000000000269676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef326ec9b8bf14672023-02-08 09:45:26.486root 11241100x8000000000000000269675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f0f0c46ed69d72023-02-08 09:45:26.486root 11241100x8000000000000000269674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aad1d01a37505e2023-02-08 09:45:26.486root 11241100x8000000000000000269673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b337aad9b274dbbd2023-02-08 09:45:26.486root 11241100x8000000000000000269672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161f4f6686b4a6772023-02-08 09:45:26.486root 11241100x8000000000000000269671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e561af0b0c7b9f2023-02-08 09:45:26.486root 11241100x8000000000000000269670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5644df30fcece0a2023-02-08 09:45:26.486root 11241100x8000000000000000269669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc78ecf1eec62702023-02-08 09:45:26.486root 11241100x8000000000000000269668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36eb101edb106f62023-02-08 09:45:26.486root 11241100x8000000000000000269667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1378cf6f48cb4e452023-02-08 09:45:26.486root 11241100x8000000000000000269666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b94d7d644a4f252023-02-08 09:45:26.486root 11241100x8000000000000000269665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735789f6aec3eafb2023-02-08 09:45:26.486root 11241100x8000000000000000269664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6477f00627c080032023-02-08 09:45:26.486root 11241100x8000000000000000269663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcea32d6dd8e0092023-02-08 09:45:26.486root 11241100x8000000000000000269681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a389521829a31ab2023-02-08 09:45:26.487root 11241100x8000000000000000269680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd06e32b2bd4f3bc2023-02-08 09:45:26.487root 11241100x8000000000000000269679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d842576434cb46d92023-02-08 09:45:26.487root 11241100x8000000000000000269691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002a376c4b3614cd2023-02-08 09:45:26.984root 11241100x8000000000000000269690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75cc797c58f2c32023-02-08 09:45:26.984root 11241100x8000000000000000269689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aff11db1f08acc2023-02-08 09:45:26.984root 11241100x8000000000000000269688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5218eba80e9377e22023-02-08 09:45:26.984root 11241100x8000000000000000269687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b78834a17f237e2023-02-08 09:45:26.984root 11241100x8000000000000000269686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860ba0660795e8b52023-02-08 09:45:26.984root 11241100x8000000000000000269685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c58a185a10a5c42023-02-08 09:45:26.984root 11241100x8000000000000000269684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe98e79693abeba2023-02-08 09:45:26.984root 11241100x8000000000000000269683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c0ff0aa632ff9b2023-02-08 09:45:26.984root 11241100x8000000000000000269682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f74eb0cdfd257a2023-02-08 09:45:26.984root 11241100x8000000000000000269705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be80bd47c5bc7c822023-02-08 09:45:26.985root 11241100x8000000000000000269704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba44eb999460f212023-02-08 09:45:26.985root 11241100x8000000000000000269703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5e083e1edcd5f42023-02-08 09:45:26.985root 11241100x8000000000000000269702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bcae52a2764fac2023-02-08 09:45:26.985root 11241100x8000000000000000269701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ebb9715f0bcc62023-02-08 09:45:26.985root 11241100x8000000000000000269700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c162d8c4e49bc2023-02-08 09:45:26.985root 11241100x8000000000000000269699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd5f41d4f9d1ca62023-02-08 09:45:26.985root 11241100x8000000000000000269698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c0177453a713e22023-02-08 09:45:26.985root 11241100x8000000000000000269697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6935936817d0432f2023-02-08 09:45:26.985root 11241100x8000000000000000269696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c395d719849afb4e2023-02-08 09:45:26.985root 11241100x8000000000000000269695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d9578a65ef1fe02023-02-08 09:45:26.985root 11241100x8000000000000000269694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44064ea176c03282023-02-08 09:45:26.985root 11241100x8000000000000000269693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b72abd4de703c2023-02-08 09:45:26.985root 11241100x8000000000000000269692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87e3788f0012d442023-02-08 09:45:26.985root 11241100x8000000000000000269711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e19b31f2545992023-02-08 09:45:26.986root 11241100x8000000000000000269710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0283ff508db5e68c2023-02-08 09:45:26.986root 11241100x8000000000000000269709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1dd5651e73853a2023-02-08 09:45:26.986root 11241100x8000000000000000269708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be141e21ef85b402023-02-08 09:45:26.986root 11241100x8000000000000000269707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b424088ddd94afc2023-02-08 09:45:26.986root 11241100x8000000000000000269706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d76c8638ed4a492023-02-08 09:45:26.986root 11241100x8000000000000000269712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9823a4ea4d5ef652023-02-08 09:45:26.988root 11241100x8000000000000000269714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dedf956a0065162023-02-08 09:45:26.989root 11241100x8000000000000000269713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2ef8d1446ef222023-02-08 09:45:26.989root 11241100x8000000000000000269723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c884c9ae32efd2023-02-08 09:45:26.990root 11241100x8000000000000000269722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff6fd2947b2e14b2023-02-08 09:45:26.990root 11241100x8000000000000000269721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc64dfbafdade162023-02-08 09:45:26.990root 11241100x8000000000000000269720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b123214d62b658ad2023-02-08 09:45:26.990root 11241100x8000000000000000269719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5280ae57c57a79322023-02-08 09:45:26.990root 11241100x8000000000000000269718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d83a8e02af661e2023-02-08 09:45:26.990root 11241100x8000000000000000269717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a63dd4e225ff62023-02-08 09:45:26.990root 11241100x8000000000000000269716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc204a66942d7912023-02-08 09:45:26.990root 11241100x8000000000000000269715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb5cd45e15c68952023-02-08 09:45:26.990root 11241100x8000000000000000269731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63fbfd67fc3a3932023-02-08 09:45:26.991root 11241100x8000000000000000269730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbbab268ad298ea2023-02-08 09:45:26.991root 11241100x8000000000000000269729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ef18c2692026db2023-02-08 09:45:26.991root 11241100x8000000000000000269728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13095fd4b20177f82023-02-08 09:45:26.991root 11241100x8000000000000000269727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95e21b5e57bb87c2023-02-08 09:45:26.991root 11241100x8000000000000000269726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936563359b81ddaa2023-02-08 09:45:26.991root 11241100x8000000000000000269725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d069b9e8414f92023-02-08 09:45:26.991root 11241100x8000000000000000269724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33069b6a3b95ef442023-02-08 09:45:26.991root 11241100x8000000000000000269732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a208445f02c5671c2023-02-08 09:45:26.992root 11241100x8000000000000000269738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8aa3d63e94c4b02023-02-08 09:45:26.993root 11241100x8000000000000000269737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bd6aee7b1ed8042023-02-08 09:45:26.993root 11241100x8000000000000000269736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae39818dbe277b092023-02-08 09:45:26.993root 11241100x8000000000000000269735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601609ed98173f582023-02-08 09:45:26.993root 11241100x8000000000000000269734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb57991c13e429522023-02-08 09:45:26.993root 11241100x8000000000000000269733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d57cb335f5e1bf52023-02-08 09:45:26.993root 11241100x8000000000000000269739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448b301ae76f440a2023-02-08 09:45:26.994root 11241100x8000000000000000269742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639ca7a18716ae682023-02-08 09:45:26.995root 11241100x8000000000000000269741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381373a13a58aea42023-02-08 09:45:26.995root 11241100x8000000000000000269740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e5ba1090f866da2023-02-08 09:45:26.995root 11241100x8000000000000000269743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4f67326c0600372023-02-08 09:45:26.996root 11241100x8000000000000000269748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122042465f99e02d2023-02-08 09:45:26.997root 11241100x8000000000000000269747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06131c05b2b9f26c2023-02-08 09:45:26.997root 11241100x8000000000000000269746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024b6fd65a26f8632023-02-08 09:45:26.997root 11241100x8000000000000000269745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209334e1cb99243b2023-02-08 09:45:26.997root 11241100x8000000000000000269744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d326b6a1178c402023-02-08 09:45:26.997root 11241100x8000000000000000269751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11deab8341d9f942023-02-08 09:45:26.998root 11241100x8000000000000000269750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2319231de696462023-02-08 09:45:26.998root 11241100x8000000000000000269749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9604b7112c4851a2023-02-08 09:45:26.998root 11241100x8000000000000000269755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5e7f90048c29482023-02-08 09:45:26.999root 11241100x8000000000000000269754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c38cef7f6009dda2023-02-08 09:45:26.999root 11241100x8000000000000000269753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eafe728aea0690d2023-02-08 09:45:26.999root 11241100x8000000000000000269752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:26.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a90ed1f4f40412023-02-08 09:45:26.999root 11241100x8000000000000000269757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cb84aad36d61942023-02-08 09:45:27.000root 11241100x8000000000000000269756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdae945d6dc089f2023-02-08 09:45:27.000root 11241100x8000000000000000269760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7f3dd099a37dff2023-02-08 09:45:27.001root 11241100x8000000000000000269759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2064d7854288a5f42023-02-08 09:45:27.001root 11241100x8000000000000000269758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa279fbcd731686f2023-02-08 09:45:27.001root 11241100x8000000000000000269763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442028ed7d42be142023-02-08 09:45:27.002root 11241100x8000000000000000269762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac54139a8229b542023-02-08 09:45:27.002root 11241100x8000000000000000269761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da89bec54c453ba2023-02-08 09:45:27.002root 11241100x8000000000000000269768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f721cd62780ef332023-02-08 09:45:27.003root 11241100x8000000000000000269767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a7e2080e9316422023-02-08 09:45:27.003root 11241100x8000000000000000269766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5785c99b5b53c2023-02-08 09:45:27.003root 11241100x8000000000000000269765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dc3fd64334f4172023-02-08 09:45:27.003root 11241100x8000000000000000269764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51aa374a9acb2e52023-02-08 09:45:27.003root 11241100x8000000000000000269769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0302e27ae6b4509c2023-02-08 09:45:27.484root 11241100x8000000000000000269773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738445434a43f9032023-02-08 09:45:27.485root 11241100x8000000000000000269772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a115e7f23761de2023-02-08 09:45:27.485root 11241100x8000000000000000269771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea60fcc38cc4ce12023-02-08 09:45:27.485root 11241100x8000000000000000269770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab575eabc8f6a602023-02-08 09:45:27.485root 11241100x8000000000000000269779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df71cb7a40b160b2023-02-08 09:45:27.486root 11241100x8000000000000000269778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6b33ce84cef4372023-02-08 09:45:27.486root 11241100x8000000000000000269777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ad8b6d1dab90842023-02-08 09:45:27.486root 11241100x8000000000000000269776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82b832e9e08244b2023-02-08 09:45:27.486root 11241100x8000000000000000269775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c6a09e8dec18622023-02-08 09:45:27.486root 11241100x8000000000000000269774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f29e91e0d61fcd2023-02-08 09:45:27.486root 11241100x8000000000000000269791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8352550894ca21bd2023-02-08 09:45:27.487root 11241100x8000000000000000269790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3038f98181cb21d42023-02-08 09:45:27.487root 11241100x8000000000000000269789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29abd80a351c6222023-02-08 09:45:27.487root 11241100x8000000000000000269788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b4bfe5f9f3af5d2023-02-08 09:45:27.487root 11241100x8000000000000000269787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2a4b2892bd862f2023-02-08 09:45:27.487root 11241100x8000000000000000269786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3a7333578390b2023-02-08 09:45:27.487root 11241100x8000000000000000269785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0da90e9bfb5aee2023-02-08 09:45:27.487root 11241100x8000000000000000269784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e770b6a31686602023-02-08 09:45:27.487root 11241100x8000000000000000269783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc3c9f2d21ba4a2023-02-08 09:45:27.487root 11241100x8000000000000000269782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aacb4c8f3714192023-02-08 09:45:27.487root 11241100x8000000000000000269781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c4d4c7f122f5b12023-02-08 09:45:27.487root 11241100x8000000000000000269780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0215fc69235802023-02-08 09:45:27.487root 11241100x8000000000000000269795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec72f80bdf7a802023-02-08 09:45:27.488root 11241100x8000000000000000269794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacf6aa525a3ab3a2023-02-08 09:45:27.488root 11241100x8000000000000000269793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820c7b8d59aa2cb92023-02-08 09:45:27.488root 11241100x8000000000000000269792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d0acfe5260f0c12023-02-08 09:45:27.488root 11241100x8000000000000000269805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48097461a660d3882023-02-08 09:45:27.985root 11241100x8000000000000000269804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cbc83d976e4f462023-02-08 09:45:27.985root 11241100x8000000000000000269803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b66ba5333e71652023-02-08 09:45:27.985root 11241100x8000000000000000269802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8cbd0cea8083822023-02-08 09:45:27.985root 11241100x8000000000000000269801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8636e9a31e442c92023-02-08 09:45:27.985root 11241100x8000000000000000269800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae8e191637930e22023-02-08 09:45:27.985root 11241100x8000000000000000269799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1beb29f0dd01ee2023-02-08 09:45:27.985root 11241100x8000000000000000269798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd431eda8c562342023-02-08 09:45:27.985root 11241100x8000000000000000269797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c092e4b9561402023-02-08 09:45:27.985root 11241100x8000000000000000269796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13077a24ebca3072023-02-08 09:45:27.985root 11241100x8000000000000000269820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b22bbac41ee3072023-02-08 09:45:27.986root 11241100x8000000000000000269819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a306ba66a78930c32023-02-08 09:45:27.986root 11241100x8000000000000000269818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35812d8c8786d7912023-02-08 09:45:27.986root 11241100x8000000000000000269817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb368cb1902de742023-02-08 09:45:27.986root 11241100x8000000000000000269816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba9fe2716dc7242023-02-08 09:45:27.986root 11241100x8000000000000000269815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38cd47f73b437992023-02-08 09:45:27.986root 11241100x8000000000000000269814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662046f766d547032023-02-08 09:45:27.986root 11241100x8000000000000000269813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484c79bcf00019342023-02-08 09:45:27.986root 11241100x8000000000000000269812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474bf1a0885f18cd2023-02-08 09:45:27.986root 11241100x8000000000000000269811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46655c56fcc618022023-02-08 09:45:27.986root 11241100x8000000000000000269810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8556b847adb36242023-02-08 09:45:27.986root 11241100x8000000000000000269809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8b885b561fd1bc2023-02-08 09:45:27.986root 11241100x8000000000000000269808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a127767c0b108aea2023-02-08 09:45:27.986root 11241100x8000000000000000269807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877e2efcf7ae54252023-02-08 09:45:27.986root 11241100x8000000000000000269806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4628f3060215ef82023-02-08 09:45:27.986root 11241100x8000000000000000269822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e64bcd43ac81dc42023-02-08 09:45:27.987root 11241100x8000000000000000269821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb4d8d7f0cda842023-02-08 09:45:27.987root 11241100x8000000000000000269828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46c91414623c332023-02-08 09:45:28.485root 11241100x8000000000000000269827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9915af5932a322332023-02-08 09:45:28.485root 11241100x8000000000000000269826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015c47e8cfd76762023-02-08 09:45:28.485root 11241100x8000000000000000269825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df13801d7e7efe22023-02-08 09:45:28.485root 11241100x8000000000000000269824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c92a6cccd4ed0a52023-02-08 09:45:28.485root 11241100x8000000000000000269823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acdcd836db9e3bc2023-02-08 09:45:28.485root 11241100x8000000000000000269839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21945af4cc6932042023-02-08 09:45:28.486root 11241100x8000000000000000269838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1bb7c61e540a0a2023-02-08 09:45:28.486root 11241100x8000000000000000269837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16928f254cfb64642023-02-08 09:45:28.486root 11241100x8000000000000000269836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997caac5ca8cfcad2023-02-08 09:45:28.486root 11241100x8000000000000000269835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6578c894ad755bbc2023-02-08 09:45:28.486root 11241100x8000000000000000269834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a55e60ceb7005712023-02-08 09:45:28.486root 11241100x8000000000000000269833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571d492ca09f63b2023-02-08 09:45:28.486root 11241100x8000000000000000269832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de616aeb0798f6c2023-02-08 09:45:28.486root 11241100x8000000000000000269831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b873f98663824a32023-02-08 09:45:28.486root 11241100x8000000000000000269830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca0d176b49a76582023-02-08 09:45:28.486root 11241100x8000000000000000269829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c43162e062c2c382023-02-08 09:45:28.486root 11241100x8000000000000000269845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c8180b28e0a5332023-02-08 09:45:28.487root 11241100x8000000000000000269844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b0f810b71931772023-02-08 09:45:28.487root 11241100x8000000000000000269843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07153cb3c99d68f32023-02-08 09:45:28.487root 11241100x8000000000000000269842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca78a71329695b2023-02-08 09:45:28.487root 11241100x8000000000000000269841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3bcd8514ad1ac32023-02-08 09:45:28.487root 11241100x8000000000000000269840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf32326a8e6130da2023-02-08 09:45:28.487root 11241100x8000000000000000269849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00cf3182e9de1d2023-02-08 09:45:28.488root 11241100x8000000000000000269848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87ba11ee0123b112023-02-08 09:45:28.488root 11241100x8000000000000000269847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67b06a0f6ae22d92023-02-08 09:45:28.488root 11241100x8000000000000000269846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2394b0124418722023-02-08 09:45:28.488root 11241100x8000000000000000269857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3801b1c3d4d7a6492023-02-08 09:45:28.985root 11241100x8000000000000000269856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11b826dceeb72b52023-02-08 09:45:28.985root 11241100x8000000000000000269855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7124f11bfedea2023-02-08 09:45:28.985root 11241100x8000000000000000269854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65253ad983c4464d2023-02-08 09:45:28.985root 11241100x8000000000000000269853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba316e17e210dbd82023-02-08 09:45:28.985root 11241100x8000000000000000269852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8ff864d3763cb42023-02-08 09:45:28.985root 11241100x8000000000000000269851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d3959381e924bf2023-02-08 09:45:28.985root 11241100x8000000000000000269850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7290bf9aba1ebb122023-02-08 09:45:28.985root 11241100x8000000000000000269861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccb1803cabc96482023-02-08 09:45:28.986root 11241100x8000000000000000269860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b721910afff6152c2023-02-08 09:45:28.986root 11241100x8000000000000000269859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e54f36eceea2512023-02-08 09:45:28.986root 11241100x8000000000000000269858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f5af799e98cb562023-02-08 09:45:28.986root 11241100x8000000000000000269865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e9f3e4ff378b32023-02-08 09:45:28.987root 11241100x8000000000000000269864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcbc0a20657b47c2023-02-08 09:45:28.987root 11241100x8000000000000000269863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd150aa513b62c82023-02-08 09:45:28.987root 11241100x8000000000000000269862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9907d002dad64752023-02-08 09:45:28.987root 11241100x8000000000000000269874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b196b2b6714214f22023-02-08 09:45:28.988root 11241100x8000000000000000269873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6e7cb915fe3c432023-02-08 09:45:28.988root 11241100x8000000000000000269872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc2a1235c1160772023-02-08 09:45:28.988root 11241100x8000000000000000269871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55598e252dac932023-02-08 09:45:28.988root 11241100x8000000000000000269870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332a0b91a66a30b82023-02-08 09:45:28.988root 11241100x8000000000000000269869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f58baa1e0ed2b82023-02-08 09:45:28.988root 11241100x8000000000000000269868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaaf4ac574527762023-02-08 09:45:28.988root 11241100x8000000000000000269867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61b4a70875c7af42023-02-08 09:45:28.988root 11241100x8000000000000000269866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f1921bc281aea82023-02-08 09:45:28.988root 11241100x8000000000000000269876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e888a88ca8ac8e82023-02-08 09:45:28.989root 11241100x8000000000000000269875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c55bbadc6093e8f2023-02-08 09:45:28.989root 11241100x8000000000000000269883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94e7b068e1d82442023-02-08 09:45:29.485root 11241100x8000000000000000269882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7371905a29d042023-02-08 09:45:29.485root 11241100x8000000000000000269881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c0779c91ab5bbb2023-02-08 09:45:29.485root 11241100x8000000000000000269880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff71620dc3582a42023-02-08 09:45:29.485root 11241100x8000000000000000269879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da23bc59890d5e12023-02-08 09:45:29.485root 11241100x8000000000000000269878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f6f5ce59f62d222023-02-08 09:45:29.485root 11241100x8000000000000000269877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37b051ded42a3592023-02-08 09:45:29.485root 11241100x8000000000000000269898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da15b7bd34b7922023-02-08 09:45:29.486root 11241100x8000000000000000269897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b4190c6b150e692023-02-08 09:45:29.486root 11241100x8000000000000000269896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11147829be80a8fb2023-02-08 09:45:29.486root 11241100x8000000000000000269895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0c5d02d62d07922023-02-08 09:45:29.486root 11241100x8000000000000000269894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328a86bffcfe43442023-02-08 09:45:29.486root 11241100x8000000000000000269893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2eb1de0a1f89d22023-02-08 09:45:29.486root 11241100x8000000000000000269892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de48bd73681a205f2023-02-08 09:45:29.486root 11241100x8000000000000000269891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6d90c825af61262023-02-08 09:45:29.486root 11241100x8000000000000000269890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0680a8f6a0286e902023-02-08 09:45:29.486root 11241100x8000000000000000269889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0a71a5d9a3773d2023-02-08 09:45:29.486root 11241100x8000000000000000269888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f17c6d91137d1322023-02-08 09:45:29.486root 11241100x8000000000000000269887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9662e6df782bff7a2023-02-08 09:45:29.486root 11241100x8000000000000000269886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b34faecd439b8102023-02-08 09:45:29.486root 11241100x8000000000000000269885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de614bd478807842023-02-08 09:45:29.486root 11241100x8000000000000000269884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882a2419f7dbf5112023-02-08 09:45:29.486root 11241100x8000000000000000269903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766da2f700d22eb12023-02-08 09:45:29.487root 11241100x8000000000000000269902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ce100bb54871fe2023-02-08 09:45:29.487root 11241100x8000000000000000269901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b449da9ffa1f72023-02-08 09:45:29.487root 11241100x8000000000000000269900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff702b3e47d34d482023-02-08 09:45:29.487root 11241100x8000000000000000269899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e076ebd640ac0b2023-02-08 09:45:29.487root 11241100x8000000000000000269909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218f9ccc15b4a5de2023-02-08 09:45:29.985root 11241100x8000000000000000269908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fe3adbe89b25df2023-02-08 09:45:29.985root 11241100x8000000000000000269907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40e338d103bf7af2023-02-08 09:45:29.985root 11241100x8000000000000000269906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19d7ff9febb1e5b2023-02-08 09:45:29.985root 11241100x8000000000000000269905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8d746d2620d6112023-02-08 09:45:29.985root 11241100x8000000000000000269904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c14842a1f3ab26c2023-02-08 09:45:29.985root 11241100x8000000000000000269922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1099e78548a383582023-02-08 09:45:29.986root 11241100x8000000000000000269921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c38faae15f3b512023-02-08 09:45:29.986root 11241100x8000000000000000269920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abbe227c930bb5e2023-02-08 09:45:29.986root 11241100x8000000000000000269919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709ffc4ffaa55a292023-02-08 09:45:29.986root 11241100x8000000000000000269918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50573ea7a5d1eb0f2023-02-08 09:45:29.986root 11241100x8000000000000000269917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac1233294192e982023-02-08 09:45:29.986root 11241100x8000000000000000269916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44704c5f912867e2023-02-08 09:45:29.986root 11241100x8000000000000000269915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0885cbae4ff923b92023-02-08 09:45:29.986root 11241100x8000000000000000269914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed30238230a69c62023-02-08 09:45:29.986root 11241100x8000000000000000269913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117098d200d3f762023-02-08 09:45:29.986root 11241100x8000000000000000269912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ec5b2397173c492023-02-08 09:45:29.986root 11241100x8000000000000000269911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e851f84446c2a92023-02-08 09:45:29.986root 11241100x8000000000000000269910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f156bab99085782023-02-08 09:45:29.986root 11241100x8000000000000000269930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b326978f58ce2722023-02-08 09:45:29.987root 11241100x8000000000000000269929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0ba2d6a7046432023-02-08 09:45:29.987root 11241100x8000000000000000269928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5b14f3fd3117fd2023-02-08 09:45:29.987root 11241100x8000000000000000269927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f706c4c1554600e2023-02-08 09:45:29.987root 11241100x8000000000000000269926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df00658cfbe32002023-02-08 09:45:29.987root 11241100x8000000000000000269925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4e9eaae2c9c9a2023-02-08 09:45:29.987root 11241100x8000000000000000269924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c89b8a370e40b12023-02-08 09:45:29.987root 11241100x8000000000000000269923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5223ec8eacb862023-02-08 09:45:29.987root 11241100x8000000000000000269938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ece618d157a42d2023-02-08 09:45:30.484root 11241100x8000000000000000269937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b61c470397a06022023-02-08 09:45:30.484root 11241100x8000000000000000269936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee25bf32d6cf9a52023-02-08 09:45:30.484root 11241100x8000000000000000269935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6590801daceabf752023-02-08 09:45:30.484root 11241100x8000000000000000269934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f6097ae9a0bd22023-02-08 09:45:30.484root 11241100x8000000000000000269933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0924767717ab4f2023-02-08 09:45:30.484root 11241100x8000000000000000269932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847ecbe684e8a99d2023-02-08 09:45:30.484root 11241100x8000000000000000269931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b1ddf9d41c393f2023-02-08 09:45:30.484root 11241100x8000000000000000269955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6931ae9ff2e34c6c2023-02-08 09:45:30.485root 11241100x8000000000000000269954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e71a9d688a8b3542023-02-08 09:45:30.485root 11241100x8000000000000000269953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc022bf11238e35c2023-02-08 09:45:30.485root 11241100x8000000000000000269952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf77b820ea9593f12023-02-08 09:45:30.485root 11241100x8000000000000000269951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5a21e9af00d5a82023-02-08 09:45:30.485root 11241100x8000000000000000269950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445b87b6242c8aed2023-02-08 09:45:30.485root 11241100x8000000000000000269949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424fc94bef602b992023-02-08 09:45:30.485root 11241100x8000000000000000269948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5905dd5d6f2c24792023-02-08 09:45:30.485root 11241100x8000000000000000269947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef83770ecb8cbb32023-02-08 09:45:30.485root 11241100x8000000000000000269946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977c9b9c24e48672023-02-08 09:45:30.485root 11241100x8000000000000000269945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a508fde2dcea0292023-02-08 09:45:30.485root 11241100x8000000000000000269944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba133d00d752516b2023-02-08 09:45:30.485root 11241100x8000000000000000269943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dafb57ce8d61e822023-02-08 09:45:30.485root 11241100x8000000000000000269942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a553d9eb5a8de62023-02-08 09:45:30.485root 11241100x8000000000000000269941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b1ec522dce18dd2023-02-08 09:45:30.485root 11241100x8000000000000000269940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff92fd46785a3292023-02-08 09:45:30.485root 11241100x8000000000000000269939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2541b09314b303ef2023-02-08 09:45:30.485root 11241100x8000000000000000269959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2851894904125dbd2023-02-08 09:45:30.486root 11241100x8000000000000000269958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad7632573625b02023-02-08 09:45:30.486root 11241100x8000000000000000269957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec219d9ec57ddbd72023-02-08 09:45:30.486root 11241100x8000000000000000269956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b469967610b4dc2023-02-08 09:45:30.486root 11241100x8000000000000000269960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0021290bab9c382023-02-08 09:45:30.984root 11241100x8000000000000000269975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbd67dc8a6b36a32023-02-08 09:45:30.985root 11241100x8000000000000000269974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d476515fa1b3f1ca2023-02-08 09:45:30.985root 11241100x8000000000000000269973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60d5ab63d16ed062023-02-08 09:45:30.985root 11241100x8000000000000000269972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afac8eba36d2da82023-02-08 09:45:30.985root 11241100x8000000000000000269971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd691b051db0287d2023-02-08 09:45:30.985root 11241100x8000000000000000269970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70146d7b462368c2023-02-08 09:45:30.985root 11241100x8000000000000000269969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c3d8991a2bd3db2023-02-08 09:45:30.985root 11241100x8000000000000000269968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391c1aacc851d6052023-02-08 09:45:30.985root 11241100x8000000000000000269967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31618a0722e5d85b2023-02-08 09:45:30.985root 11241100x8000000000000000269966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d57613b9dbc81bb2023-02-08 09:45:30.985root 11241100x8000000000000000269965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1334f4e98cb7312023-02-08 09:45:30.985root 11241100x8000000000000000269964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7122578f0f61fa732023-02-08 09:45:30.985root 11241100x8000000000000000269963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ba25696a6133c32023-02-08 09:45:30.985root 11241100x8000000000000000269962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b68a6ab49358f392023-02-08 09:45:30.985root 11241100x8000000000000000269961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ab17d6d4040c12023-02-08 09:45:30.985root 11241100x8000000000000000269986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378972970d8504042023-02-08 09:45:30.986root 11241100x8000000000000000269985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c369285c9a9eae12023-02-08 09:45:30.986root 11241100x8000000000000000269984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d1a9b7bd7c9f642023-02-08 09:45:30.986root 11241100x8000000000000000269983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0200c3870b43e0a22023-02-08 09:45:30.986root 11241100x8000000000000000269982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad5bb7f9aa7323d2023-02-08 09:45:30.986root 11241100x8000000000000000269981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4580ce087aa280042023-02-08 09:45:30.986root 11241100x8000000000000000269980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07afb25973b311952023-02-08 09:45:30.986root 11241100x8000000000000000269979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312f672157217d802023-02-08 09:45:30.986root 11241100x8000000000000000269978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a32c8620fa80a2023-02-08 09:45:30.986root 11241100x8000000000000000269977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e8dfedd129d6fa2023-02-08 09:45:30.986root 11241100x8000000000000000269976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adddb8994004ccd22023-02-08 09:45:30.986root 354300x8000000000000000269987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.194{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33964-false10.0.1.12-8000- 11241100x8000000000000000269993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f79ddc3dd5c75042023-02-08 09:45:31.485root 11241100x8000000000000000269992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92700e0b39f5702023-02-08 09:45:31.485root 11241100x8000000000000000269991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d035f2e5c9b8f4c72023-02-08 09:45:31.485root 11241100x8000000000000000269990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a5883e4a305692023-02-08 09:45:31.485root 11241100x8000000000000000269989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310d5565d8cf65882023-02-08 09:45:31.485root 11241100x8000000000000000269988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5915f1fad0802ff22023-02-08 09:45:31.485root 11241100x8000000000000000270005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2463bd94099bc42023-02-08 09:45:31.486root 11241100x8000000000000000270004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fec74f6a3b7faf32023-02-08 09:45:31.486root 11241100x8000000000000000270003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a68643627170f2023-02-08 09:45:31.486root 11241100x8000000000000000270002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a07631e0ee3e362023-02-08 09:45:31.486root 11241100x8000000000000000270001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1df52fdce452bee2023-02-08 09:45:31.486root 11241100x8000000000000000270000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80259387bf93127e2023-02-08 09:45:31.486root 11241100x8000000000000000269999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f6eb9f645c26b42023-02-08 09:45:31.486root 11241100x8000000000000000269998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf22e936d67e37452023-02-08 09:45:31.486root 11241100x8000000000000000269997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648d1e2f28d5894c2023-02-08 09:45:31.486root 11241100x8000000000000000269996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b810f5a7ba7e3b52023-02-08 09:45:31.486root 11241100x8000000000000000269995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f38c0b66fe6fa2023-02-08 09:45:31.486root 11241100x8000000000000000269994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406237c9e7d8d7a12023-02-08 09:45:31.486root 11241100x8000000000000000270015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fcd991d3d872a32023-02-08 09:45:31.487root 11241100x8000000000000000270014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04360952b9269e0d2023-02-08 09:45:31.487root 11241100x8000000000000000270013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b81a5eabec2b0f2023-02-08 09:45:31.487root 11241100x8000000000000000270012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fd15a9402c35352023-02-08 09:45:31.487root 11241100x8000000000000000270011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2790bc562dc4fe972023-02-08 09:45:31.487root 11241100x8000000000000000270010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6f6534b2f766d52023-02-08 09:45:31.487root 11241100x8000000000000000270009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63232941a669861d2023-02-08 09:45:31.487root 11241100x8000000000000000270008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acd6770c8860b722023-02-08 09:45:31.487root 11241100x8000000000000000270007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4930cbc7cb0baa212023-02-08 09:45:31.487root 11241100x8000000000000000270006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e167c48a00712c2023-02-08 09:45:31.487root 11241100x8000000000000000270021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c413c0bad51501b42023-02-08 09:45:31.985root 11241100x8000000000000000270020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a728251de9f942023-02-08 09:45:31.985root 11241100x8000000000000000270019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6b1aa3fe4cdd52023-02-08 09:45:31.985root 11241100x8000000000000000270018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6b5adbd8d8f4122023-02-08 09:45:31.985root 11241100x8000000000000000270017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6fffd1b50d02912023-02-08 09:45:31.985root 11241100x8000000000000000270016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33cd6676bdbf092023-02-08 09:45:31.985root 11241100x8000000000000000270034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a826d9c32e909f2023-02-08 09:45:31.986root 11241100x8000000000000000270033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68875aeb7284b42023-02-08 09:45:31.986root 11241100x8000000000000000270032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9992636c085b0ac2023-02-08 09:45:31.986root 11241100x8000000000000000270031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae70ca717aef2a4c2023-02-08 09:45:31.986root 11241100x8000000000000000270030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bddb97fc349cc432023-02-08 09:45:31.986root 11241100x8000000000000000270029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799a61e8460a18b42023-02-08 09:45:31.986root 11241100x8000000000000000270028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959c1119a3d6b3812023-02-08 09:45:31.986root 11241100x8000000000000000270027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70292e296e2727442023-02-08 09:45:31.986root 11241100x8000000000000000270026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f33f59082ab42c2023-02-08 09:45:31.986root 11241100x8000000000000000270025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d61c9c6d40e092023-02-08 09:45:31.986root 11241100x8000000000000000270024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159f869a25d153f32023-02-08 09:45:31.986root 11241100x8000000000000000270023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5019ec0ce625662023-02-08 09:45:31.986root 11241100x8000000000000000270022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b28243823db9d2023-02-08 09:45:31.986root 11241100x8000000000000000270041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bc1e50bb9ca9df2023-02-08 09:45:31.987root 11241100x8000000000000000270040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713634141cbeb2042023-02-08 09:45:31.987root 11241100x8000000000000000270039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5137c0cbdb06a12023-02-08 09:45:31.987root 11241100x8000000000000000270038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64308d0a6e8285c02023-02-08 09:45:31.987root 11241100x8000000000000000270037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfee941ef39eec32023-02-08 09:45:31.987root 11241100x8000000000000000270036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3627425302ecfa632023-02-08 09:45:31.987root 11241100x8000000000000000270035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc159dd1f41730b32023-02-08 09:45:31.987root 11241100x8000000000000000270043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d201bfc58f36d32023-02-08 09:45:31.988root 11241100x8000000000000000270042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45433b7d7c972cb12023-02-08 09:45:31.988root 11241100x8000000000000000270052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d14e7fecb61be3c2023-02-08 09:45:32.485root 11241100x8000000000000000270051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffa1b6c85f3673a2023-02-08 09:45:32.485root 11241100x8000000000000000270050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196715dfbf98bc402023-02-08 09:45:32.485root 11241100x8000000000000000270049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151d907ae2c3fff72023-02-08 09:45:32.485root 11241100x8000000000000000270048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac10592e28ce69722023-02-08 09:45:32.485root 11241100x8000000000000000270047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538fdf1fc7855bea2023-02-08 09:45:32.485root 11241100x8000000000000000270046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a746bd417bcdb082023-02-08 09:45:32.485root 11241100x8000000000000000270045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdbf5d5efe180952023-02-08 09:45:32.485root 11241100x8000000000000000270044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4688cee01c56b3b2023-02-08 09:45:32.485root 11241100x8000000000000000270061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa7cd925d3d3daf2023-02-08 09:45:32.486root 11241100x8000000000000000270060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d551d1b53b1157a2023-02-08 09:45:32.486root 11241100x8000000000000000270059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa837449d2a394c92023-02-08 09:45:32.486root 11241100x8000000000000000270058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41cdba729aee4bb2023-02-08 09:45:32.486root 11241100x8000000000000000270057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5086d12f9b747a302023-02-08 09:45:32.486root 11241100x8000000000000000270056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37bf6a1c0150a22023-02-08 09:45:32.486root 11241100x8000000000000000270055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d745f6e96ab3a82b2023-02-08 09:45:32.486root 11241100x8000000000000000270054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d45ff9e9797adbc2023-02-08 09:45:32.486root 11241100x8000000000000000270053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1028b6ec8166afb2023-02-08 09:45:32.486root 11241100x8000000000000000270063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cba2a6efb5e2d82023-02-08 09:45:32.487root 11241100x8000000000000000270062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa481d6ea1144b82023-02-08 09:45:32.487root 11241100x8000000000000000270071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe30b94e9783dbb2023-02-08 09:45:32.488root 11241100x8000000000000000270070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219ba365feef37282023-02-08 09:45:32.488root 11241100x8000000000000000270069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316e58eb362c9f0f2023-02-08 09:45:32.488root 11241100x8000000000000000270068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa8a1bbb7bb099c2023-02-08 09:45:32.488root 11241100x8000000000000000270067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b3f9e4cf303d0d2023-02-08 09:45:32.488root 11241100x8000000000000000270066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a11be2c3d0ec822023-02-08 09:45:32.488root 11241100x8000000000000000270065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9a8c34f83920c62023-02-08 09:45:32.488root 11241100x8000000000000000270064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f61049ec4096612023-02-08 09:45:32.488root 11241100x8000000000000000270077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a85959267231ddc2023-02-08 09:45:32.985root 11241100x8000000000000000270076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65162492fef6183e2023-02-08 09:45:32.985root 11241100x8000000000000000270075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161ac919d0bc01322023-02-08 09:45:32.985root 11241100x8000000000000000270074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d44b1d1fbc5c4742023-02-08 09:45:32.985root 11241100x8000000000000000270073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c692aa9731be2d82023-02-08 09:45:32.985root 11241100x8000000000000000270072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee4f9ec7f80106e2023-02-08 09:45:32.985root 11241100x8000000000000000270088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d1d5312dfde6252023-02-08 09:45:32.986root 11241100x8000000000000000270087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea385a867f4687132023-02-08 09:45:32.986root 11241100x8000000000000000270086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c660219f914916e2023-02-08 09:45:32.986root 11241100x8000000000000000270085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9206d812e299d1892023-02-08 09:45:32.986root 11241100x8000000000000000270084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b23a85be8f8412023-02-08 09:45:32.986root 11241100x8000000000000000270083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232379236881b182023-02-08 09:45:32.986root 11241100x8000000000000000270082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d92e6fc85f6a052023-02-08 09:45:32.986root 11241100x8000000000000000270081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1925ef41d75a8f492023-02-08 09:45:32.986root 11241100x8000000000000000270080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812528eb6ce2aa92023-02-08 09:45:32.986root 11241100x8000000000000000270079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aab64eb9c81ba222023-02-08 09:45:32.986root 11241100x8000000000000000270078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968e6d5a480b90402023-02-08 09:45:32.986root 11241100x8000000000000000270099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a5e2f35b25806a2023-02-08 09:45:32.987root 11241100x8000000000000000270098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bbcd765099ee082023-02-08 09:45:32.987root 11241100x8000000000000000270097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f3ab0df48c5572023-02-08 09:45:32.987root 11241100x8000000000000000270096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d27b150019a1802023-02-08 09:45:32.987root 11241100x8000000000000000270095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ec4f188cd6b5332023-02-08 09:45:32.987root 11241100x8000000000000000270094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efc3cf6cb6c8a172023-02-08 09:45:32.987root 11241100x8000000000000000270093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5909854f40ac77f2023-02-08 09:45:32.987root 11241100x8000000000000000270092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d5f16e410950e12023-02-08 09:45:32.987root 11241100x8000000000000000270091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95b6355de77c6552023-02-08 09:45:32.987root 11241100x8000000000000000270090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcd65492c5c3e142023-02-08 09:45:32.987root 11241100x8000000000000000270089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:32.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b296e123526f7b32023-02-08 09:45:32.987root 11241100x8000000000000000270110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b429bcb051b3a172023-02-08 09:45:33.485root 11241100x8000000000000000270109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a610c9f03033292023-02-08 09:45:33.485root 11241100x8000000000000000270108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f16030a5c5f6f2023-02-08 09:45:33.485root 11241100x8000000000000000270107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d463cc49e5b0b0362023-02-08 09:45:33.485root 11241100x8000000000000000270106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8165686d7944c2c2023-02-08 09:45:33.485root 11241100x8000000000000000270105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517e9c57f6c5e4752023-02-08 09:45:33.485root 11241100x8000000000000000270104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6403568a86a77ca02023-02-08 09:45:33.485root 11241100x8000000000000000270103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf8aff953e15f2c2023-02-08 09:45:33.485root 11241100x8000000000000000270102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f132393a41323122023-02-08 09:45:33.485root 11241100x8000000000000000270101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cec1976ae772382023-02-08 09:45:33.485root 11241100x8000000000000000270100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2164b34f7739832023-02-08 09:45:33.485root 11241100x8000000000000000270120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5558449286c216a42023-02-08 09:45:33.486root 11241100x8000000000000000270119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e97f0f72d7e6f5f2023-02-08 09:45:33.486root 11241100x8000000000000000270118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1d03c438d26142023-02-08 09:45:33.486root 11241100x8000000000000000270117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4736fcdef23663332023-02-08 09:45:33.486root 11241100x8000000000000000270116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e280bffe2e258a2023-02-08 09:45:33.486root 11241100x8000000000000000270115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103f9f6f9559603d2023-02-08 09:45:33.486root 11241100x8000000000000000270114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ccd6114d7bca902023-02-08 09:45:33.486root 11241100x8000000000000000270113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7025dd42ab3091102023-02-08 09:45:33.486root 11241100x8000000000000000270112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca54831f06deb52023-02-08 09:45:33.486root 11241100x8000000000000000270111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476c0e901d2e7fb62023-02-08 09:45:33.486root 11241100x8000000000000000270127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7e63f70cf787d12023-02-08 09:45:33.487root 11241100x8000000000000000270126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a087fcf49bdeebb52023-02-08 09:45:33.487root 11241100x8000000000000000270125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccf4925644ef61f2023-02-08 09:45:33.487root 11241100x8000000000000000270124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723022a199476b4d2023-02-08 09:45:33.487root 11241100x8000000000000000270123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb92b68152cd3802023-02-08 09:45:33.487root 11241100x8000000000000000270122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c910bd26240372042023-02-08 09:45:33.487root 11241100x8000000000000000270121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96e14c1b84938f2023-02-08 09:45:33.487root 11241100x8000000000000000270134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4415120ee263ad3f2023-02-08 09:45:33.985root 11241100x8000000000000000270133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec7282ce37b2d52023-02-08 09:45:33.985root 11241100x8000000000000000270132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ca24454f99b4b2023-02-08 09:45:33.985root 11241100x8000000000000000270131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6a405b3e4516fb2023-02-08 09:45:33.985root 11241100x8000000000000000270130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880b851e8b8fc8ed2023-02-08 09:45:33.985root 11241100x8000000000000000270129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b422dd214f2ed0a2023-02-08 09:45:33.985root 11241100x8000000000000000270128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f7c76cc4fecfbd2023-02-08 09:45:33.985root 11241100x8000000000000000270148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c016522fcd679bc2023-02-08 09:45:33.986root 11241100x8000000000000000270147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00cde358a196132023-02-08 09:45:33.986root 11241100x8000000000000000270146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae039c39438660a32023-02-08 09:45:33.986root 11241100x8000000000000000270145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941fcbb55afeab3d2023-02-08 09:45:33.986root 11241100x8000000000000000270144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f777d9d21ff967d2023-02-08 09:45:33.986root 11241100x8000000000000000270143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d88eb1e0ca85bc2023-02-08 09:45:33.986root 11241100x8000000000000000270142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2570dca1b2f89ea02023-02-08 09:45:33.986root 11241100x8000000000000000270141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51686034e3c110572023-02-08 09:45:33.986root 11241100x8000000000000000270140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e43e08641f7c52023-02-08 09:45:33.986root 11241100x8000000000000000270139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27d01477ac29fe92023-02-08 09:45:33.986root 11241100x8000000000000000270138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c8ba492d872ecf2023-02-08 09:45:33.986root 11241100x8000000000000000270137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a1524aeb399f542023-02-08 09:45:33.986root 11241100x8000000000000000270136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10b5e3cf715ac112023-02-08 09:45:33.986root 11241100x8000000000000000270135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b866989e2c33aff72023-02-08 09:45:33.986root 11241100x8000000000000000270155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ead2ea758185d82023-02-08 09:45:33.987root 11241100x8000000000000000270154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e155d838c55ef59a2023-02-08 09:45:33.987root 11241100x8000000000000000270153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9110374f2fc9e5372023-02-08 09:45:33.987root 11241100x8000000000000000270152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2415c92f272072d72023-02-08 09:45:33.987root 11241100x8000000000000000270151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd2163eff3c131c2023-02-08 09:45:33.987root 11241100x8000000000000000270150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b2025e23811412023-02-08 09:45:33.987root 11241100x8000000000000000270149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:33.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ee8aa42f0fe8c2023-02-08 09:45:33.987root 11241100x8000000000000000270162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e02c5ac4a3fc42023-02-08 09:45:34.485root 11241100x8000000000000000270161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4206964b48088d2023-02-08 09:45:34.485root 11241100x8000000000000000270160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3c79265daadee12023-02-08 09:45:34.485root 11241100x8000000000000000270159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d726f99709f96002023-02-08 09:45:34.485root 11241100x8000000000000000270158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bd85d86cdadf0e2023-02-08 09:45:34.485root 11241100x8000000000000000270157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beeb1d979d516d12023-02-08 09:45:34.485root 11241100x8000000000000000270156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7aa588e000f66a2023-02-08 09:45:34.485root 11241100x8000000000000000270172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdab1cdb17c750b2023-02-08 09:45:34.486root 11241100x8000000000000000270171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df223f654b8fcbec2023-02-08 09:45:34.486root 11241100x8000000000000000270170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d074c2b5aa239572023-02-08 09:45:34.486root 11241100x8000000000000000270169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98616fe7f25226c52023-02-08 09:45:34.486root 11241100x8000000000000000270168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0cc7a2468474f72023-02-08 09:45:34.486root 11241100x8000000000000000270167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53724ba98a02b6ef2023-02-08 09:45:34.486root 11241100x8000000000000000270166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99a813c11e94df02023-02-08 09:45:34.486root 11241100x8000000000000000270165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffb17fea57e9e932023-02-08 09:45:34.486root 11241100x8000000000000000270164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c4c38408064afb2023-02-08 09:45:34.486root 11241100x8000000000000000270163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b1381bcfb8970a2023-02-08 09:45:34.486root 11241100x8000000000000000270177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f3b68b453ad2ad2023-02-08 09:45:34.487root 11241100x8000000000000000270176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060d5461b703f1dd2023-02-08 09:45:34.487root 11241100x8000000000000000270175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91daad54aed842b2023-02-08 09:45:34.487root 11241100x8000000000000000270174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348634ac96e6aff42023-02-08 09:45:34.487root 11241100x8000000000000000270173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f70c271e60cdc292023-02-08 09:45:34.487root 11241100x8000000000000000270183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4655a7487e80248e2023-02-08 09:45:34.488root 11241100x8000000000000000270182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99be8f155cf1e1702023-02-08 09:45:34.488root 11241100x8000000000000000270181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbf836b8a834b8a2023-02-08 09:45:34.488root 11241100x8000000000000000270180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108e4b87092b5062023-02-08 09:45:34.488root 11241100x8000000000000000270179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1862145f6d249b62023-02-08 09:45:34.488root 11241100x8000000000000000270178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cfe0919c6ba4f82023-02-08 09:45:34.488root 11241100x8000000000000000270191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd8fc2a849830f62023-02-08 09:45:34.985root 11241100x8000000000000000270190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7542c5dfbdcebfd02023-02-08 09:45:34.985root 11241100x8000000000000000270189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c27fab208079c82023-02-08 09:45:34.985root 11241100x8000000000000000270188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b5c8e7029a1ce72023-02-08 09:45:34.985root 11241100x8000000000000000270187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac511fddc340a0c32023-02-08 09:45:34.985root 11241100x8000000000000000270186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0001132e40906eab2023-02-08 09:45:34.985root 11241100x8000000000000000270185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d24d3f51ec9b67d2023-02-08 09:45:34.985root 11241100x8000000000000000270184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a75961b9f4b5622023-02-08 09:45:34.985root 11241100x8000000000000000270204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617a9e995e8352f2023-02-08 09:45:34.986root 11241100x8000000000000000270203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3d6e899e81b6e52023-02-08 09:45:34.986root 11241100x8000000000000000270202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b0c78519a936bd2023-02-08 09:45:34.986root 11241100x8000000000000000270201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d2f4f062424892023-02-08 09:45:34.986root 11241100x8000000000000000270200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62931cc98d53ca042023-02-08 09:45:34.986root 11241100x8000000000000000270199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f74ae5c0258a3872023-02-08 09:45:34.986root 11241100x8000000000000000270198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4359807a8c50168a2023-02-08 09:45:34.986root 11241100x8000000000000000270197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40d5fcdc6bd4b5b2023-02-08 09:45:34.986root 11241100x8000000000000000270196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687662c51b2b56a42023-02-08 09:45:34.986root 11241100x8000000000000000270195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27745e36ceee2eba2023-02-08 09:45:34.986root 11241100x8000000000000000270194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62cc2ddc613739c2023-02-08 09:45:34.986root 11241100x8000000000000000270193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96064b28a636d9782023-02-08 09:45:34.986root 11241100x8000000000000000270192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d99b3875988ea132023-02-08 09:45:34.986root 11241100x8000000000000000270211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e934ff8abb374f1c2023-02-08 09:45:34.987root 11241100x8000000000000000270210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2262c9bf1db20cd72023-02-08 09:45:34.987root 11241100x8000000000000000270209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89096060bf3e54752023-02-08 09:45:34.987root 11241100x8000000000000000270208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b1f537440a590b2023-02-08 09:45:34.987root 11241100x8000000000000000270207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da5fb3a6df30dd2023-02-08 09:45:34.987root 11241100x8000000000000000270206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e987ccb40acacf2023-02-08 09:45:34.987root 11241100x8000000000000000270205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aab33b066bb9932023-02-08 09:45:34.987root 11241100x8000000000000000270219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70a01d9687f4d822023-02-08 09:45:35.485root 11241100x8000000000000000270218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc92d647029fe7c2023-02-08 09:45:35.485root 11241100x8000000000000000270217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f6a9d9f1e0b2672023-02-08 09:45:35.485root 11241100x8000000000000000270216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c202e1c3d8590b2023-02-08 09:45:35.485root 11241100x8000000000000000270215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba271ee9f6986b62023-02-08 09:45:35.485root 11241100x8000000000000000270214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c04ceadd0591622023-02-08 09:45:35.485root 11241100x8000000000000000270213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608113999ff1af482023-02-08 09:45:35.485root 11241100x8000000000000000270212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ec1487271c4e1e2023-02-08 09:45:35.485root 11241100x8000000000000000270227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f241b2af0bcab3f32023-02-08 09:45:35.486root 11241100x8000000000000000270226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea1eae286863f92023-02-08 09:45:35.486root 11241100x8000000000000000270225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0bd07673a7f7b22023-02-08 09:45:35.486root 11241100x8000000000000000270224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ec280eb1a0bdd32023-02-08 09:45:35.486root 11241100x8000000000000000270223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54beaa0d8a6a50492023-02-08 09:45:35.486root 11241100x8000000000000000270222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20de1d2378291a2023-02-08 09:45:35.486root 11241100x8000000000000000270221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2632508619982c9c2023-02-08 09:45:35.486root 11241100x8000000000000000270220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6316c26ea65d7032023-02-08 09:45:35.486root 11241100x8000000000000000270233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867077b47ca78d8b2023-02-08 09:45:35.487root 11241100x8000000000000000270232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c081e7e46db80c2023-02-08 09:45:35.487root 11241100x8000000000000000270231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade74cd5069dffee2023-02-08 09:45:35.487root 11241100x8000000000000000270230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a79d77d733b80ba2023-02-08 09:45:35.487root 11241100x8000000000000000270229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c04a615edf2f802023-02-08 09:45:35.487root 11241100x8000000000000000270228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cea9e52dc736c32023-02-08 09:45:35.487root 11241100x8000000000000000270239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dfb880f9a766842023-02-08 09:45:35.488root 11241100x8000000000000000270238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8375750a70acee2b2023-02-08 09:45:35.488root 11241100x8000000000000000270237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85b12ec3ff053992023-02-08 09:45:35.488root 11241100x8000000000000000270236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f750b69b2ac86e9e2023-02-08 09:45:35.488root 11241100x8000000000000000270235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98640713ae436d392023-02-08 09:45:35.488root 11241100x8000000000000000270234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e254da2ce0050a2023-02-08 09:45:35.488root 11241100x8000000000000000270246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676e8a41a6f500902023-02-08 09:45:35.985root 11241100x8000000000000000270245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d1f4ad536e80292023-02-08 09:45:35.985root 11241100x8000000000000000270244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d7488f499e4f322023-02-08 09:45:35.985root 11241100x8000000000000000270243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef22a2986bcb3812023-02-08 09:45:35.985root 11241100x8000000000000000270242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd45a1a19f50780a2023-02-08 09:45:35.985root 11241100x8000000000000000270241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82110ea89420d55d2023-02-08 09:45:35.985root 11241100x8000000000000000270240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3d7c528808f1a72023-02-08 09:45:35.985root 11241100x8000000000000000270255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b8aa10cab19f72023-02-08 09:45:35.986root 11241100x8000000000000000270254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f08105785109b2023-02-08 09:45:35.986root 11241100x8000000000000000270253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12cd310451a8e432023-02-08 09:45:35.986root 11241100x8000000000000000270252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbcbf0bd755c9342023-02-08 09:45:35.986root 11241100x8000000000000000270251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef6a4e1ee36b332023-02-08 09:45:35.986root 11241100x8000000000000000270250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551f87720f9965492023-02-08 09:45:35.986root 11241100x8000000000000000270249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93691fc017855bab2023-02-08 09:45:35.986root 11241100x8000000000000000270248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4636ec9ce6d3e2023-02-08 09:45:35.986root 11241100x8000000000000000270247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f8d8a2779e344a2023-02-08 09:45:35.986root 11241100x8000000000000000270258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1348b542b1375c2023-02-08 09:45:35.987root 11241100x8000000000000000270257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcbdbf5e18222fe2023-02-08 09:45:35.987root 11241100x8000000000000000270256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54d9641a2683eaf2023-02-08 09:45:35.987root 11241100x8000000000000000270267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade8f907b28f438e2023-02-08 09:45:35.988root 11241100x8000000000000000270266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e597339db862332023-02-08 09:45:35.988root 11241100x8000000000000000270265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ebcee014ed0d0e2023-02-08 09:45:35.988root 11241100x8000000000000000270264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801a51436bce52ad2023-02-08 09:45:35.988root 11241100x8000000000000000270263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b005c73441f6f8ab2023-02-08 09:45:35.988root 11241100x8000000000000000270262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5a47d19aa3f0d32023-02-08 09:45:35.988root 11241100x8000000000000000270261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1951f06691ca886c2023-02-08 09:45:35.988root 11241100x8000000000000000270260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965f374b677fc9ec2023-02-08 09:45:35.988root 11241100x8000000000000000270259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:35.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ceac4a17b015e2023-02-08 09:45:35.988root 354300x8000000000000000270268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.229{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33978-false10.0.1.12-8000- 11241100x8000000000000000270269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:45:36.363root 11241100x8000000000000000270272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd7ad5fbfb39e042023-02-08 09:45:36.364root 11241100x8000000000000000270271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11090b6ca18fcb2023-02-08 09:45:36.364root 11241100x8000000000000000270270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a544260e0cbab4f2023-02-08 09:45:36.364root 11241100x8000000000000000270283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddd36cb50bbc9a2023-02-08 09:45:36.365root 11241100x8000000000000000270282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78645c38e4094fbb2023-02-08 09:45:36.365root 11241100x8000000000000000270281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f7080337bf0ac32023-02-08 09:45:36.365root 11241100x8000000000000000270280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27b0bdb1b578b5d2023-02-08 09:45:36.365root 11241100x8000000000000000270279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d0fdb02ba9a1112023-02-08 09:45:36.365root 11241100x8000000000000000270278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9774f8d548e3592023-02-08 09:45:36.365root 11241100x8000000000000000270277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deff9b60a3dd9b72023-02-08 09:45:36.365root 11241100x8000000000000000270276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867e4d5c0f8ecfd2023-02-08 09:45:36.365root 11241100x8000000000000000270275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7192c5a9f4c96872023-02-08 09:45:36.365root 11241100x8000000000000000270274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fed45eb0f8e9b02023-02-08 09:45:36.365root 11241100x8000000000000000270273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c9a6b107191ff82023-02-08 09:45:36.365root 11241100x8000000000000000270291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427851c8ece5ed252023-02-08 09:45:36.366root 11241100x8000000000000000270290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5a579964b7c6322023-02-08 09:45:36.366root 11241100x8000000000000000270289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca02c70da051e5012023-02-08 09:45:36.366root 11241100x8000000000000000270288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed07f0d9942409a72023-02-08 09:45:36.366root 11241100x8000000000000000270287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5712ccb7755627b2023-02-08 09:45:36.366root 11241100x8000000000000000270286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08563fbb873f13c2023-02-08 09:45:36.366root 11241100x8000000000000000270285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c4d7ad1a325a32023-02-08 09:45:36.366root 11241100x8000000000000000270284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117b9e6c8ab5a74d2023-02-08 09:45:36.366root 11241100x8000000000000000270301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c170b8c29796dd202023-02-08 09:45:36.367root 11241100x8000000000000000270300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548d23cde3b052ae2023-02-08 09:45:36.367root 11241100x8000000000000000270299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff2e402027e67be2023-02-08 09:45:36.367root 11241100x8000000000000000270298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07f7a7826f0ed062023-02-08 09:45:36.367root 11241100x8000000000000000270297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b297ac97d2a3c182023-02-08 09:45:36.367root 11241100x8000000000000000270296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19569b16c1efe6c2023-02-08 09:45:36.367root 11241100x8000000000000000270295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd2ebdf8bfc00e2023-02-08 09:45:36.367root 11241100x8000000000000000270294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d57c43917755b82023-02-08 09:45:36.367root 11241100x8000000000000000270293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb507e94aef89e962023-02-08 09:45:36.367root 11241100x8000000000000000270292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fdc51c845340512023-02-08 09:45:36.367root 11241100x8000000000000000270313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d9762801ea2242023-02-08 09:45:36.368root 11241100x8000000000000000270312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f3481d67a357122023-02-08 09:45:36.368root 11241100x8000000000000000270311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9284c62666abc5802023-02-08 09:45:36.368root 11241100x8000000000000000270310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5496869e10cd13722023-02-08 09:45:36.368root 11241100x8000000000000000270309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfd31bfbdeb677d2023-02-08 09:45:36.368root 11241100x8000000000000000270308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78dedfc49d2ceeb2023-02-08 09:45:36.368root 11241100x8000000000000000270307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3db56e66874c7cc2023-02-08 09:45:36.368root 11241100x8000000000000000270306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492ab101ef2b136a2023-02-08 09:45:36.368root 11241100x8000000000000000270305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59512eb6f8172b222023-02-08 09:45:36.368root 11241100x8000000000000000270304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fc52e699da45452023-02-08 09:45:36.368root 11241100x8000000000000000270303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f7beaa8f6a700f2023-02-08 09:45:36.368root 11241100x8000000000000000270302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98586e393f97c5aa2023-02-08 09:45:36.368root 11241100x8000000000000000270326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41f9bab4a09f3a2023-02-08 09:45:36.369root 11241100x8000000000000000270325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf8eadb55d90202023-02-08 09:45:36.369root 11241100x8000000000000000270324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63887ea12a6cb6372023-02-08 09:45:36.369root 11241100x8000000000000000270323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe51124722a5fb2023-02-08 09:45:36.369root 11241100x8000000000000000270322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8139efd835553e462023-02-08 09:45:36.369root 11241100x8000000000000000270321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdf5c27ddeee6eb2023-02-08 09:45:36.369root 11241100x8000000000000000270320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c292a2c6bf3e8b02023-02-08 09:45:36.369root 11241100x8000000000000000270319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c91d2450b2bddf2023-02-08 09:45:36.369root 11241100x8000000000000000270318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed4b8ac0be47372023-02-08 09:45:36.369root 11241100x8000000000000000270317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3c655abc0fb69c2023-02-08 09:45:36.369root 11241100x8000000000000000270316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64f8a7d47b312952023-02-08 09:45:36.369root 11241100x8000000000000000270315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0d50c3230f090a2023-02-08 09:45:36.369root 11241100x8000000000000000270314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8494fa6fc6cd082023-02-08 09:45:36.369root 11241100x8000000000000000270332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d15e5e5ae91237a2023-02-08 09:45:36.370root 11241100x8000000000000000270331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b96c0d8e02c6982023-02-08 09:45:36.370root 11241100x8000000000000000270330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615518f60b3d3dbb2023-02-08 09:45:36.370root 11241100x8000000000000000270329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbb7ca3295817122023-02-08 09:45:36.370root 11241100x8000000000000000270328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2679c14636c19e652023-02-08 09:45:36.370root 11241100x8000000000000000270327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516f54707c0155892023-02-08 09:45:36.370root 11241100x8000000000000000270338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d5287f614df8812023-02-08 09:45:36.371root 11241100x8000000000000000270337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1460cb4be8be484d2023-02-08 09:45:36.371root 11241100x8000000000000000270336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2ae0ff2000c7212023-02-08 09:45:36.371root 11241100x8000000000000000270335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278f75e73dc2054a2023-02-08 09:45:36.371root 11241100x8000000000000000270334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d760cce544f6bb2023-02-08 09:45:36.371root 11241100x8000000000000000270333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.371{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c27ad1844f533812023-02-08 09:45:36.371root 11241100x8000000000000000270343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b8727b053660fc2023-02-08 09:45:36.372root 11241100x8000000000000000270342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7cb4bed05822592023-02-08 09:45:36.372root 11241100x8000000000000000270341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177648be68c485b2023-02-08 09:45:36.372root 11241100x8000000000000000270340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6bb0c12ef06b382023-02-08 09:45:36.372root 11241100x8000000000000000270339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.372{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b50338214c7e1b12023-02-08 09:45:36.372root 11241100x8000000000000000270351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6e315586ec31722023-02-08 09:45:36.735root 11241100x8000000000000000270350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10daa9880669340b2023-02-08 09:45:36.735root 11241100x8000000000000000270349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c8d2509f48c19b2023-02-08 09:45:36.735root 11241100x8000000000000000270348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b8c25c87a9ab142023-02-08 09:45:36.735root 11241100x8000000000000000270347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f4d6bde7a62952023-02-08 09:45:36.735root 11241100x8000000000000000270346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927043896539473c2023-02-08 09:45:36.735root 11241100x8000000000000000270345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a88c5935f515d42023-02-08 09:45:36.735root 11241100x8000000000000000270344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d57b4be1ac0e82023-02-08 09:45:36.735root 11241100x8000000000000000270359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b16b8cbf58c13112023-02-08 09:45:36.736root 11241100x8000000000000000270358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9072d210a7a48f9f2023-02-08 09:45:36.736root 11241100x8000000000000000270357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7d25bf3201fd602023-02-08 09:45:36.736root 11241100x8000000000000000270356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f14fd5f55d64602023-02-08 09:45:36.736root 11241100x8000000000000000270355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f35d7f33f05232023-02-08 09:45:36.736root 11241100x8000000000000000270354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82646c9584128252023-02-08 09:45:36.736root 11241100x8000000000000000270353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5c91d40ced9222023-02-08 09:45:36.736root 11241100x8000000000000000270352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655ce122f59739382023-02-08 09:45:36.736root 11241100x8000000000000000270366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8764cade2e8b5f52023-02-08 09:45:36.737root 11241100x8000000000000000270365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef20597cd5e546a2023-02-08 09:45:36.737root 11241100x8000000000000000270364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f990a10fc1fc8c0c2023-02-08 09:45:36.737root 11241100x8000000000000000270363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8636e7a4b8982c4a2023-02-08 09:45:36.737root 11241100x8000000000000000270362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5f6bfa243d6932023-02-08 09:45:36.737root 11241100x8000000000000000270361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd11a806c2b38c2023-02-08 09:45:36.737root 11241100x8000000000000000270360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc703564e41716872023-02-08 09:45:36.737root 11241100x8000000000000000270373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aac5b2a07c184202023-02-08 09:45:36.738root 11241100x8000000000000000270372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd179c4ccd67092023-02-08 09:45:36.738root 11241100x8000000000000000270371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdf7065952e0cc92023-02-08 09:45:36.738root 11241100x8000000000000000270370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3e63af2f60894f2023-02-08 09:45:36.738root 11241100x8000000000000000270369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270e2da81d9cff442023-02-08 09:45:36.738root 11241100x8000000000000000270368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea6bed2c9568202023-02-08 09:45:36.738root 11241100x8000000000000000270367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cf8ca6cbab59fc2023-02-08 09:45:36.738root 11241100x8000000000000000270383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9e0b6f7e6ea7b2023-02-08 09:45:37.235root 11241100x8000000000000000270382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bac740c7a7860f2023-02-08 09:45:37.235root 11241100x8000000000000000270381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71fc0d7e93906ec2023-02-08 09:45:37.235root 11241100x8000000000000000270380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf49770275569a452023-02-08 09:45:37.235root 11241100x8000000000000000270379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2f76c63c3da47a2023-02-08 09:45:37.235root 11241100x8000000000000000270378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d8b2a96de529f2023-02-08 09:45:37.235root 11241100x8000000000000000270377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2553ea62a458102023-02-08 09:45:37.235root 11241100x8000000000000000270376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c2007ab5d6977f2023-02-08 09:45:37.235root 11241100x8000000000000000270375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de98e44c1fe4112023-02-08 09:45:37.235root 11241100x8000000000000000270374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0564f40bdd44a6382023-02-08 09:45:37.235root 11241100x8000000000000000270399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141e1522ebc6d70d2023-02-08 09:45:37.236root 11241100x8000000000000000270398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce806358a8ca36e32023-02-08 09:45:37.236root 11241100x8000000000000000270397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9b5cdfd03df33b2023-02-08 09:45:37.236root 11241100x8000000000000000270396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6840537062f3a902023-02-08 09:45:37.236root 11241100x8000000000000000270395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a499740ace74736a2023-02-08 09:45:37.236root 11241100x8000000000000000270394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d8106a2abb6d4b2023-02-08 09:45:37.236root 11241100x8000000000000000270393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286563ca3d42e362023-02-08 09:45:37.236root 11241100x8000000000000000270392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f7398e80a6173c2023-02-08 09:45:37.236root 11241100x8000000000000000270391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43486696ce2f32a72023-02-08 09:45:37.236root 11241100x8000000000000000270390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec55a7e8a3993f52023-02-08 09:45:37.236root 11241100x8000000000000000270389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc2e7f094e91622023-02-08 09:45:37.236root 11241100x8000000000000000270388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedb66d1488481dc2023-02-08 09:45:37.236root 11241100x8000000000000000270387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94ff35d2709fd032023-02-08 09:45:37.236root 11241100x8000000000000000270386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587a920c09e0c0c32023-02-08 09:45:37.236root 11241100x8000000000000000270385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f285515a003c7a222023-02-08 09:45:37.236root 11241100x8000000000000000270384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9737f218b5c5662023-02-08 09:45:37.236root 11241100x8000000000000000270403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9477f0525a20c6b62023-02-08 09:45:37.237root 11241100x8000000000000000270402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e889eefcc60d862023-02-08 09:45:37.237root 11241100x8000000000000000270401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b5e6ccb9deeb452023-02-08 09:45:37.237root 11241100x8000000000000000270400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e977e7ba02b0ce632023-02-08 09:45:37.237root 11241100x8000000000000000270411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fe9d0d2be986e02023-02-08 09:45:37.735root 11241100x8000000000000000270410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669f9d52ea4f6f2a2023-02-08 09:45:37.735root 11241100x8000000000000000270409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddae22a857cfa3f2023-02-08 09:45:37.735root 11241100x8000000000000000270408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f7005f41265692023-02-08 09:45:37.735root 11241100x8000000000000000270407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799709b1c4aa0d5c2023-02-08 09:45:37.735root 11241100x8000000000000000270406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce68408d152700c2023-02-08 09:45:37.735root 11241100x8000000000000000270405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c60e5690d5f6cc2023-02-08 09:45:37.735root 11241100x8000000000000000270404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5b508c1838eab72023-02-08 09:45:37.735root 11241100x8000000000000000270427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34543eff17b8632a2023-02-08 09:45:37.736root 11241100x8000000000000000270426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b080dc31d8bbb6672023-02-08 09:45:37.736root 11241100x8000000000000000270425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed4a8a018aeab42023-02-08 09:45:37.736root 11241100x8000000000000000270424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bc0cc06952fe7c2023-02-08 09:45:37.736root 11241100x8000000000000000270423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edea5ec76c119732023-02-08 09:45:37.736root 11241100x8000000000000000270422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257654029d734f5f2023-02-08 09:45:37.736root 11241100x8000000000000000270421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fecdc9dac8d55602023-02-08 09:45:37.736root 11241100x8000000000000000270420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b58022cfc28a1152023-02-08 09:45:37.736root 11241100x8000000000000000270419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003cb8e5e9d814362023-02-08 09:45:37.736root 11241100x8000000000000000270418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37539d3afe47a9232023-02-08 09:45:37.736root 11241100x8000000000000000270417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ca63984873f6d82023-02-08 09:45:37.736root 11241100x8000000000000000270416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649e6b7c17eb3de52023-02-08 09:45:37.736root 11241100x8000000000000000270415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a52658ea9754e62023-02-08 09:45:37.736root 11241100x8000000000000000270414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab8b77e7aca49cf2023-02-08 09:45:37.736root 11241100x8000000000000000270413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f13bfd99adf49392023-02-08 09:45:37.736root 11241100x8000000000000000270412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d37aca898d615972023-02-08 09:45:37.736root 11241100x8000000000000000270433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da638cc983d73e3b2023-02-08 09:45:37.737root 11241100x8000000000000000270432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d972683a993d185c2023-02-08 09:45:37.737root 11241100x8000000000000000270431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7522642cda6699252023-02-08 09:45:37.737root 11241100x8000000000000000270430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e7ca60f1f67c912023-02-08 09:45:37.737root 11241100x8000000000000000270429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6bd57159e04c042023-02-08 09:45:37.737root 11241100x8000000000000000270428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7daf3970890eed2023-02-08 09:45:37.737root 11241100x8000000000000000270435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f64420963102ca2023-02-08 09:45:38.236root 11241100x8000000000000000270434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed2095afa6c4262023-02-08 09:45:38.236root 11241100x8000000000000000270442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cffe23f72fac5002023-02-08 09:45:38.237root 11241100x8000000000000000270441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d603c09588f7d3772023-02-08 09:45:38.237root 11241100x8000000000000000270440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba73ed53d6508de2023-02-08 09:45:38.237root 11241100x8000000000000000270439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bef2eb5f5b57f092023-02-08 09:45:38.237root 11241100x8000000000000000270438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef14be0f8da27f02023-02-08 09:45:38.237root 11241100x8000000000000000270437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff25d1128a4dc4b2023-02-08 09:45:38.237root 11241100x8000000000000000270436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f53b001c1adeaa2023-02-08 09:45:38.237root 11241100x8000000000000000270450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650f5c0c08ab48532023-02-08 09:45:38.238root 11241100x8000000000000000270449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6f95d602605acd2023-02-08 09:45:38.238root 11241100x8000000000000000270448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1f6f29c667271d2023-02-08 09:45:38.238root 11241100x8000000000000000270447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c26a1a2887df4682023-02-08 09:45:38.238root 11241100x8000000000000000270446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c2a5b22d82d8a42023-02-08 09:45:38.238root 11241100x8000000000000000270445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55213365f8f7822023-02-08 09:45:38.238root 11241100x8000000000000000270444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3751764987c2a62023-02-08 09:45:38.238root 11241100x8000000000000000270443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa737935860cd9102023-02-08 09:45:38.238root 11241100x8000000000000000270461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faa7546383a0a912023-02-08 09:45:38.239root 11241100x8000000000000000270460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9ea09c68217a9b2023-02-08 09:45:38.239root 11241100x8000000000000000270459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4da23e3f4e68052023-02-08 09:45:38.239root 11241100x8000000000000000270458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050f2b68dbe6b5152023-02-08 09:45:38.239root 11241100x8000000000000000270457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662a0977659e88ba2023-02-08 09:45:38.239root 11241100x8000000000000000270456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd457ad25fd78a72023-02-08 09:45:38.239root 11241100x8000000000000000270455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b525fe125f042742023-02-08 09:45:38.239root 11241100x8000000000000000270454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451e05dc8959d9232023-02-08 09:45:38.239root 11241100x8000000000000000270453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d44be773b4cc552023-02-08 09:45:38.239root 11241100x8000000000000000270452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43bbb0f84d411f2023-02-08 09:45:38.239root 11241100x8000000000000000270451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b2cc6d94f4e492023-02-08 09:45:38.239root 11241100x8000000000000000270463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a42e1c119b9c8c2023-02-08 09:45:38.240root 11241100x8000000000000000270462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3fa780c97c2be72023-02-08 09:45:38.240root 11241100x8000000000000000270473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5bafaa2dca64ca2023-02-08 09:45:38.735root 11241100x8000000000000000270472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f93bcc1febf5582023-02-08 09:45:38.735root 11241100x8000000000000000270471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10554a6ddff4ac752023-02-08 09:45:38.735root 11241100x8000000000000000270470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15d0de57ee377532023-02-08 09:45:38.735root 11241100x8000000000000000270469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfa7cef2f47aaf32023-02-08 09:45:38.735root 11241100x8000000000000000270468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a7e6b797d8de1c2023-02-08 09:45:38.735root 11241100x8000000000000000270467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c37c957e6476e782023-02-08 09:45:38.735root 11241100x8000000000000000270466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb07e3e4e86d6e2023-02-08 09:45:38.735root 11241100x8000000000000000270465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2cfb042fa7d1a92023-02-08 09:45:38.735root 11241100x8000000000000000270464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b98ec3ff6f2e9552023-02-08 09:45:38.735root 11241100x8000000000000000270489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443cefee31dc02282023-02-08 09:45:38.736root 11241100x8000000000000000270488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d237b8a12f19132023-02-08 09:45:38.736root 11241100x8000000000000000270487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe36a7af117367b2023-02-08 09:45:38.736root 11241100x8000000000000000270486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff1b3d18efe1372023-02-08 09:45:38.736root 11241100x8000000000000000270485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1218cec8afc9482023-02-08 09:45:38.736root 11241100x8000000000000000270484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4435fa102125922023-02-08 09:45:38.736root 11241100x8000000000000000270483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c53564d656d5dc62023-02-08 09:45:38.736root 11241100x8000000000000000270482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4413dc0ab63ac46e2023-02-08 09:45:38.736root 11241100x8000000000000000270481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c93015b89d177522023-02-08 09:45:38.736root 11241100x8000000000000000270480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208e513c4a19bf102023-02-08 09:45:38.736root 11241100x8000000000000000270479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffa9d081e9f7dc92023-02-08 09:45:38.736root 11241100x8000000000000000270478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b618bb12d9a6e3e2023-02-08 09:45:38.736root 11241100x8000000000000000270477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3018cc453af17a2023-02-08 09:45:38.736root 11241100x8000000000000000270476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a98276e4661a26f2023-02-08 09:45:38.736root 11241100x8000000000000000270475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4d8d2c40594f462023-02-08 09:45:38.736root 11241100x8000000000000000270474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9782a602c7bb8f2023-02-08 09:45:38.736root 11241100x8000000000000000270493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b56ccfe2ad7c5ce2023-02-08 09:45:38.737root 11241100x8000000000000000270492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051dded0502a74392023-02-08 09:45:38.737root 11241100x8000000000000000270491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d754f235892cad2023-02-08 09:45:38.737root 11241100x8000000000000000270490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:38.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bbde5943fd857c2023-02-08 09:45:38.737root 11241100x8000000000000000270502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0883757edffa105c2023-02-08 09:45:39.235root 11241100x8000000000000000270501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dabeddde907a5712023-02-08 09:45:39.235root 11241100x8000000000000000270500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8a87f926f01f92023-02-08 09:45:39.235root 11241100x8000000000000000270499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb2bda8d51a16b62023-02-08 09:45:39.235root 11241100x8000000000000000270498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b579e6bf6482eb1b2023-02-08 09:45:39.235root 11241100x8000000000000000270497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d6eb8485c08d22023-02-08 09:45:39.235root 11241100x8000000000000000270496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65597ec709caf9a72023-02-08 09:45:39.235root 11241100x8000000000000000270495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c597ac18d878602023-02-08 09:45:39.235root 11241100x8000000000000000270494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ecd69c1f51c3182023-02-08 09:45:39.235root 11241100x8000000000000000270518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9b4558012d678d2023-02-08 09:45:39.236root 11241100x8000000000000000270517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd915757c52caef2023-02-08 09:45:39.236root 11241100x8000000000000000270516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ed79d44034c4ad2023-02-08 09:45:39.236root 11241100x8000000000000000270515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5e88e6b665db392023-02-08 09:45:39.236root 11241100x8000000000000000270514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9599b308710cb2362023-02-08 09:45:39.236root 11241100x8000000000000000270513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c52daa0be6c7902023-02-08 09:45:39.236root 11241100x8000000000000000270512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119e4e6e900802a92023-02-08 09:45:39.236root 11241100x8000000000000000270511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc6a323e83d949f2023-02-08 09:45:39.236root 11241100x8000000000000000270510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd85b0ec893c233c2023-02-08 09:45:39.236root 11241100x8000000000000000270509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76441d4514559d942023-02-08 09:45:39.236root 11241100x8000000000000000270508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193fb1ef2eb991282023-02-08 09:45:39.236root 11241100x8000000000000000270507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d65dc1658369b102023-02-08 09:45:39.236root 11241100x8000000000000000270506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c696ea7b62dfcb182023-02-08 09:45:39.236root 11241100x8000000000000000270505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9b61209c3dc4cd2023-02-08 09:45:39.236root 11241100x8000000000000000270504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd805287b2361242023-02-08 09:45:39.236root 11241100x8000000000000000270503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711578f361304b612023-02-08 09:45:39.236root 11241100x8000000000000000270523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf6859ac8f60d942023-02-08 09:45:39.237root 11241100x8000000000000000270522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae5332e0022fe3c2023-02-08 09:45:39.237root 11241100x8000000000000000270521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b33f727eace97222023-02-08 09:45:39.237root 11241100x8000000000000000270520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a47d77e992fa1b02023-02-08 09:45:39.237root 11241100x8000000000000000270519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84e319f912926c62023-02-08 09:45:39.237root 23542300x8000000000000000270524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000270531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7a33f12d8556b82023-02-08 09:45:39.735root 11241100x8000000000000000270530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a54a623dbf05592023-02-08 09:45:39.735root 11241100x8000000000000000270529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a1ec670d4e46fa2023-02-08 09:45:39.735root 11241100x8000000000000000270528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0ee7db4d85f9f42023-02-08 09:45:39.735root 11241100x8000000000000000270527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cff3b15a2baea32023-02-08 09:45:39.735root 11241100x8000000000000000270526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5abbdbe81351ed2023-02-08 09:45:39.735root 11241100x8000000000000000270525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb7c15c48b805892023-02-08 09:45:39.735root 11241100x8000000000000000270545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39e3b2a169d76fb2023-02-08 09:45:39.736root 11241100x8000000000000000270544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521f20835c4534252023-02-08 09:45:39.736root 11241100x8000000000000000270543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0621a2c02e6a72023-02-08 09:45:39.736root 11241100x8000000000000000270542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae3683b20080592023-02-08 09:45:39.736root 11241100x8000000000000000270541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2956b7d135a77c202023-02-08 09:45:39.736root 11241100x8000000000000000270540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a998d396449a332023-02-08 09:45:39.736root 11241100x8000000000000000270539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e2d4d2d2ac6492023-02-08 09:45:39.736root 11241100x8000000000000000270538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9468fd84ec88b1892023-02-08 09:45:39.736root 11241100x8000000000000000270537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b71ac13b237c44b2023-02-08 09:45:39.736root 11241100x8000000000000000270536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4657c6ee95fc148f2023-02-08 09:45:39.736root 11241100x8000000000000000270535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61af9105fe5479d92023-02-08 09:45:39.736root 11241100x8000000000000000270534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f007e6a27e2dde242023-02-08 09:45:39.736root 11241100x8000000000000000270533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bbd23b6cf45cb02023-02-08 09:45:39.736root 11241100x8000000000000000270532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49542dd9794b9a1b2023-02-08 09:45:39.736root 11241100x8000000000000000270555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921732cedd02520d2023-02-08 09:45:39.737root 11241100x8000000000000000270554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10217ccc837d69fa2023-02-08 09:45:39.737root 11241100x8000000000000000270553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83e8b9473831a372023-02-08 09:45:39.737root 11241100x8000000000000000270552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c446bbab8ac10962023-02-08 09:45:39.737root 11241100x8000000000000000270551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9ef9907849738d2023-02-08 09:45:39.737root 11241100x8000000000000000270550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06318498481d1aa92023-02-08 09:45:39.737root 11241100x8000000000000000270549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d74ad6cffdeed2023-02-08 09:45:39.737root 11241100x8000000000000000270548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bc87f20749e9ac2023-02-08 09:45:39.737root 11241100x8000000000000000270547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d763b0a01865de542023-02-08 09:45:39.737root 11241100x8000000000000000270546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c4b7009cde11762023-02-08 09:45:39.737root 11241100x8000000000000000270562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500f516f0a52b5852023-02-08 09:45:40.235root 11241100x8000000000000000270561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced2a043aa185f652023-02-08 09:45:40.235root 11241100x8000000000000000270560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d9ba1c8a50cfa2023-02-08 09:45:40.235root 11241100x8000000000000000270559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56dd724f627c3a42023-02-08 09:45:40.235root 11241100x8000000000000000270558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75767c8d4533bb7b2023-02-08 09:45:40.235root 11241100x8000000000000000270557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20228f3f5cfdfc662023-02-08 09:45:40.235root 11241100x8000000000000000270556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb18e07918128f92023-02-08 09:45:40.235root 11241100x8000000000000000270576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915529ec169bb7e2023-02-08 09:45:40.236root 11241100x8000000000000000270575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f76d0a3cd4c27642023-02-08 09:45:40.236root 11241100x8000000000000000270574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67edde22124548492023-02-08 09:45:40.236root 11241100x8000000000000000270573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6657ec2d85bd242023-02-08 09:45:40.236root 11241100x8000000000000000270572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85cb37e341245f72023-02-08 09:45:40.236root 11241100x8000000000000000270571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e87185256a83c832023-02-08 09:45:40.236root 11241100x8000000000000000270570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a89ad28f8939b392023-02-08 09:45:40.236root 11241100x8000000000000000270569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53c8773b8ea847c2023-02-08 09:45:40.236root 11241100x8000000000000000270568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a326bacc54451c2023-02-08 09:45:40.236root 11241100x8000000000000000270567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763f0d4f19ea43b52023-02-08 09:45:40.236root 11241100x8000000000000000270566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edda351da6fdae712023-02-08 09:45:40.236root 11241100x8000000000000000270565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3923f2115befb66b2023-02-08 09:45:40.236root 11241100x8000000000000000270564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45df2f6665194a52023-02-08 09:45:40.236root 11241100x8000000000000000270563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f55496264bfa3dd2023-02-08 09:45:40.236root 11241100x8000000000000000270586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc757f314fc08b572023-02-08 09:45:40.237root 11241100x8000000000000000270585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ee349e5c6855aa2023-02-08 09:45:40.237root 11241100x8000000000000000270584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf16087abc9bc84d2023-02-08 09:45:40.237root 11241100x8000000000000000270583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cb15f5971ed9172023-02-08 09:45:40.237root 11241100x8000000000000000270582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac43abedfec6d0d62023-02-08 09:45:40.237root 11241100x8000000000000000270581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c93481976f48712023-02-08 09:45:40.237root 11241100x8000000000000000270580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffb8648e5112ce32023-02-08 09:45:40.237root 11241100x8000000000000000270579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dbb21ca71f37d22023-02-08 09:45:40.237root 11241100x8000000000000000270578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ad715ffbdac3b2023-02-08 09:45:40.237root 11241100x8000000000000000270577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ec533d100610002023-02-08 09:45:40.237root 11241100x8000000000000000270594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2194964581ed4fac2023-02-08 09:45:40.735root 11241100x8000000000000000270593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1051164fe1fb882023-02-08 09:45:40.735root 11241100x8000000000000000270592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df2e6291f5748092023-02-08 09:45:40.735root 11241100x8000000000000000270591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2175d925357689ce2023-02-08 09:45:40.735root 11241100x8000000000000000270590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4023e8b49c39eca2023-02-08 09:45:40.735root 11241100x8000000000000000270589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d14ef1b4f0c68c2023-02-08 09:45:40.735root 11241100x8000000000000000270588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23fc2757d4dc7ae2023-02-08 09:45:40.735root 11241100x8000000000000000270587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6f25b16ed482272023-02-08 09:45:40.735root 11241100x8000000000000000270605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d7e981eb1a6b782023-02-08 09:45:40.736root 11241100x8000000000000000270604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f7b542072d9d962023-02-08 09:45:40.736root 11241100x8000000000000000270603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041595057ee81d222023-02-08 09:45:40.736root 11241100x8000000000000000270602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5f9d582e350fd32023-02-08 09:45:40.736root 11241100x8000000000000000270601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c158cc4e217515cb2023-02-08 09:45:40.736root 11241100x8000000000000000270600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc878541de2103f62023-02-08 09:45:40.736root 11241100x8000000000000000270599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa3723e679f9f322023-02-08 09:45:40.736root 11241100x8000000000000000270598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09f63b6cd831c7a2023-02-08 09:45:40.736root 11241100x8000000000000000270597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8aa46c8812a4ca2023-02-08 09:45:40.736root 11241100x8000000000000000270596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268197f66eff81fc2023-02-08 09:45:40.736root 11241100x8000000000000000270595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff8704c1184d42d2023-02-08 09:45:40.736root 11241100x8000000000000000270615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1744bdff980a8b2023-02-08 09:45:40.737root 11241100x8000000000000000270614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cf1b81e8fd3d7e2023-02-08 09:45:40.737root 11241100x8000000000000000270613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dcdcd93885ba2d2023-02-08 09:45:40.737root 11241100x8000000000000000270612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c815320f36917ed2023-02-08 09:45:40.737root 11241100x8000000000000000270611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed5d00dbef4a662023-02-08 09:45:40.737root 11241100x8000000000000000270610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a340ef93d2c61f922023-02-08 09:45:40.737root 11241100x8000000000000000270609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50945eb14e1207b02023-02-08 09:45:40.737root 11241100x8000000000000000270608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3679875b1d0663922023-02-08 09:45:40.737root 11241100x8000000000000000270607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58859bf2c31489f92023-02-08 09:45:40.737root 11241100x8000000000000000270606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f12270950463e822023-02-08 09:45:40.737root 11241100x8000000000000000270617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ab10f19f1166b2023-02-08 09:45:40.738root 11241100x8000000000000000270616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d08767844b1e0b2023-02-08 09:45:40.738root 11241100x8000000000000000270625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddadacface98c1e02023-02-08 09:45:41.235root 11241100x8000000000000000270624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c805d83f51be8f92023-02-08 09:45:41.235root 11241100x8000000000000000270623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e549db6d8a0723412023-02-08 09:45:41.235root 11241100x8000000000000000270622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9452db516a4faf2d2023-02-08 09:45:41.235root 11241100x8000000000000000270621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7e785494470a052023-02-08 09:45:41.235root 11241100x8000000000000000270620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366ba25ea333cc6a2023-02-08 09:45:41.235root 11241100x8000000000000000270619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b08544e264b9d92023-02-08 09:45:41.235root 11241100x8000000000000000270618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be8a54e52de65112023-02-08 09:45:41.235root 11241100x8000000000000000270641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d5d2aaee525dd22023-02-08 09:45:41.236root 11241100x8000000000000000270640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7196672bd86a2892023-02-08 09:45:41.236root 11241100x8000000000000000270639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ec2aeab61d4032023-02-08 09:45:41.236root 11241100x8000000000000000270638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10027eb98e7ace32023-02-08 09:45:41.236root 11241100x8000000000000000270637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d7d44eafb46e72023-02-08 09:45:41.236root 11241100x8000000000000000270636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239347170bbf336a2023-02-08 09:45:41.236root 11241100x8000000000000000270635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a259ec2e72dbc3a52023-02-08 09:45:41.236root 11241100x8000000000000000270634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0106f386a10a70bf2023-02-08 09:45:41.236root 11241100x8000000000000000270633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b4b3773389ab6e2023-02-08 09:45:41.236root 11241100x8000000000000000270632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670dd470ca50ffa82023-02-08 09:45:41.236root 11241100x8000000000000000270631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1105afd569bf742023-02-08 09:45:41.236root 11241100x8000000000000000270630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a1ba79a0b2cc272023-02-08 09:45:41.236root 11241100x8000000000000000270629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74651c5b57df34e42023-02-08 09:45:41.236root 11241100x8000000000000000270628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a77e60643a863992023-02-08 09:45:41.236root 11241100x8000000000000000270627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6e33d3809016132023-02-08 09:45:41.236root 11241100x8000000000000000270626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c11b6e9bea6f08e2023-02-08 09:45:41.236root 11241100x8000000000000000270648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9111268599e1eca2023-02-08 09:45:41.237root 11241100x8000000000000000270647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb30bd8ea52955dc2023-02-08 09:45:41.237root 11241100x8000000000000000270646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f5de552297adaa2023-02-08 09:45:41.237root 11241100x8000000000000000270645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b8ae2b37d52502023-02-08 09:45:41.237root 11241100x8000000000000000270644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdc2aedb6245ae12023-02-08 09:45:41.237root 11241100x8000000000000000270643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af40e0250bd86f2023-02-08 09:45:41.237root 11241100x8000000000000000270642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3156a934ed8279a2023-02-08 09:45:41.237root 11241100x8000000000000000270654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a747e02ae0e6d2023-02-08 09:45:41.735root 11241100x8000000000000000270653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b728231e964eed2023-02-08 09:45:41.735root 11241100x8000000000000000270652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a1e0b32900209e2023-02-08 09:45:41.735root 11241100x8000000000000000270651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2446903970141712023-02-08 09:45:41.735root 11241100x8000000000000000270650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acb5208886703992023-02-08 09:45:41.735root 11241100x8000000000000000270649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4122f36915162c22023-02-08 09:45:41.735root 11241100x8000000000000000270663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f373fb2805bca582023-02-08 09:45:41.736root 11241100x8000000000000000270662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918f73bb636674572023-02-08 09:45:41.736root 11241100x8000000000000000270661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a907e66f28e321a82023-02-08 09:45:41.736root 11241100x8000000000000000270660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4129b13a741d61cc2023-02-08 09:45:41.736root 11241100x8000000000000000270659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249fed059208b8b22023-02-08 09:45:41.736root 11241100x8000000000000000270658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5b5a1414e93612023-02-08 09:45:41.736root 11241100x8000000000000000270657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c00f0296f087332023-02-08 09:45:41.736root 11241100x8000000000000000270656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6f5faf35093cb82023-02-08 09:45:41.736root 11241100x8000000000000000270655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485510a8beae3f1e2023-02-08 09:45:41.736root 11241100x8000000000000000270668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78985dcf1e36b9742023-02-08 09:45:41.737root 11241100x8000000000000000270667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db6f7959edcbfac2023-02-08 09:45:41.737root 11241100x8000000000000000270666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d579008b85756c2023-02-08 09:45:41.737root 11241100x8000000000000000270665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7473e31fab642ce32023-02-08 09:45:41.737root 11241100x8000000000000000270664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb8530faff409e22023-02-08 09:45:41.737root 11241100x8000000000000000270671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df711f79379452052023-02-08 09:45:41.738root 11241100x8000000000000000270670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6ee0da9f518b6f2023-02-08 09:45:41.738root 11241100x8000000000000000270669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed8464306aaf3c2023-02-08 09:45:41.738root 11241100x8000000000000000270677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de336a7ad7a4b4b52023-02-08 09:45:41.739root 11241100x8000000000000000270676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d43750b31c3dcd2023-02-08 09:45:41.739root 11241100x8000000000000000270675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0a7c2ed90234e32023-02-08 09:45:41.739root 11241100x8000000000000000270674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02a33cd1e30df3f2023-02-08 09:45:41.739root 11241100x8000000000000000270673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabbe2018b6142842023-02-08 09:45:41.739root 11241100x8000000000000000270672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f80fa5e5b0aa342023-02-08 09:45:41.739root 11241100x8000000000000000270679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0583589bc85bedb82023-02-08 09:45:41.740root 11241100x8000000000000000270678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f17d2dceaada7a2023-02-08 09:45:41.740root 354300x8000000000000000270680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.042{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50894-false10.0.1.12-8000- 11241100x8000000000000000270681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.043{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd037846571f47722023-02-08 09:45:42.043root 11241100x8000000000000000270693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e9b559154f14f2023-02-08 09:45:42.044root 11241100x8000000000000000270692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165a1aa795a1f4132023-02-08 09:45:42.044root 11241100x8000000000000000270691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c853137109742c2023-02-08 09:45:42.044root 11241100x8000000000000000270690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cc58326d7196772023-02-08 09:45:42.044root 11241100x8000000000000000270689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94451ba1c09a4db2023-02-08 09:45:42.044root 11241100x8000000000000000270688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9c351fe1288d712023-02-08 09:45:42.044root 11241100x8000000000000000270687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628b4eb576fd19a42023-02-08 09:45:42.044root 11241100x8000000000000000270686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5e9c33c2643e692023-02-08 09:45:42.044root 11241100x8000000000000000270685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e05ea051578532023-02-08 09:45:42.044root 11241100x8000000000000000270684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04e1fe1eeb8ca992023-02-08 09:45:42.044root 11241100x8000000000000000270683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe14fd99a5f7a22023-02-08 09:45:42.044root 11241100x8000000000000000270682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.044{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e1a41bc41b5c302023-02-08 09:45:42.044root 11241100x8000000000000000270708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3742649b5401d932023-02-08 09:45:42.045root 11241100x8000000000000000270707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb249ea45638012023-02-08 09:45:42.045root 11241100x8000000000000000270706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b7332c719ccf12023-02-08 09:45:42.045root 11241100x8000000000000000270705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d8ea6835c942e2023-02-08 09:45:42.045root 11241100x8000000000000000270704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e895f81cff60b82023-02-08 09:45:42.045root 11241100x8000000000000000270703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef8ee7a19d028e02023-02-08 09:45:42.045root 11241100x8000000000000000270702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e03c36162111ff2023-02-08 09:45:42.045root 11241100x8000000000000000270701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec024a6c6fb78142023-02-08 09:45:42.045root 11241100x8000000000000000270700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447518757d07cc7a2023-02-08 09:45:42.045root 11241100x8000000000000000270699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5b7b92e3227b832023-02-08 09:45:42.045root 11241100x8000000000000000270698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eda8f8b43f608612023-02-08 09:45:42.045root 11241100x8000000000000000270697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecd373eb519ccde2023-02-08 09:45:42.045root 11241100x8000000000000000270696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e5eb05cf237ba32023-02-08 09:45:42.045root 11241100x8000000000000000270695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f515f85aedb342023-02-08 09:45:42.045root 11241100x8000000000000000270694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.045{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134e0233f85758e72023-02-08 09:45:42.045root 11241100x8000000000000000270722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ca5ed16c135332023-02-08 09:45:42.046root 11241100x8000000000000000270721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7423cba9b49a0f2e2023-02-08 09:45:42.046root 11241100x8000000000000000270720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9681af5a633d3a3d2023-02-08 09:45:42.046root 11241100x8000000000000000270719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e3f5893903c022023-02-08 09:45:42.046root 11241100x8000000000000000270718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06736a9bc442d5a2023-02-08 09:45:42.046root 11241100x8000000000000000270717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15319fe129ca58282023-02-08 09:45:42.046root 11241100x8000000000000000270716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf6366852ab99402023-02-08 09:45:42.046root 11241100x8000000000000000270715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d172758a0d75c2023-02-08 09:45:42.046root 11241100x8000000000000000270714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9fac2ab09770eb2023-02-08 09:45:42.046root 11241100x8000000000000000270713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3043cf2cabcdf32023-02-08 09:45:42.046root 11241100x8000000000000000270712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c35418954fd9e82023-02-08 09:45:42.046root 11241100x8000000000000000270711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44119c801d1e0ec2023-02-08 09:45:42.046root 11241100x8000000000000000270710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f08d7461626bfb2023-02-08 09:45:42.046root 11241100x8000000000000000270709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.046{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7441ccd02db8be42023-02-08 09:45:42.046root 11241100x8000000000000000270729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da0f6edbd069fc52023-02-08 09:45:42.485root 11241100x8000000000000000270728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafc666912b4807b2023-02-08 09:45:42.485root 11241100x8000000000000000270727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930eb4027bc519042023-02-08 09:45:42.485root 11241100x8000000000000000270726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3099d8601048f32023-02-08 09:45:42.485root 11241100x8000000000000000270725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b47832722f3c82023-02-08 09:45:42.485root 11241100x8000000000000000270724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6606079ed370fa42023-02-08 09:45:42.485root 11241100x8000000000000000270723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2208d96dff83e6662023-02-08 09:45:42.485root 11241100x8000000000000000270737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b289e28d71b09142023-02-08 09:45:42.486root 11241100x8000000000000000270736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611f5a335f02b2292023-02-08 09:45:42.486root 11241100x8000000000000000270735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d210e560403f7b2023-02-08 09:45:42.486root 11241100x8000000000000000270734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9c72d5401c4f02023-02-08 09:45:42.486root 11241100x8000000000000000270733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a45ee41a425de82023-02-08 09:45:42.486root 11241100x8000000000000000270732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067cee4094921da02023-02-08 09:45:42.486root 11241100x8000000000000000270731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c3856eafdaf17c2023-02-08 09:45:42.486root 11241100x8000000000000000270730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f507356554e1cbe52023-02-08 09:45:42.486root 11241100x8000000000000000270745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8cb5550cd44782023-02-08 09:45:42.487root 11241100x8000000000000000270744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2807ace9343e75102023-02-08 09:45:42.487root 11241100x8000000000000000270743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cb7b5482272ede2023-02-08 09:45:42.487root 11241100x8000000000000000270742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9016a204e32d5022023-02-08 09:45:42.487root 11241100x8000000000000000270741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9972e92d8948372023-02-08 09:45:42.487root 11241100x8000000000000000270740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500c33efa324c6fd2023-02-08 09:45:42.487root 11241100x8000000000000000270739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f79276bc7aabbf2023-02-08 09:45:42.487root 11241100x8000000000000000270738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c1ad20ad40fb642023-02-08 09:45:42.487root 11241100x8000000000000000270754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a538e259a008a512023-02-08 09:45:42.488root 11241100x8000000000000000270753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73c64d3fcceead42023-02-08 09:45:42.488root 11241100x8000000000000000270752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276a56ed41472b8a2023-02-08 09:45:42.488root 11241100x8000000000000000270751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c1378953b97bbe2023-02-08 09:45:42.488root 11241100x8000000000000000270750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a80352635b83e92023-02-08 09:45:42.488root 11241100x8000000000000000270749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14521eaa45259b772023-02-08 09:45:42.488root 11241100x8000000000000000270748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3640e27b82f039d2023-02-08 09:45:42.488root 11241100x8000000000000000270747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cec895cd186f7f2023-02-08 09:45:42.488root 11241100x8000000000000000270746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ce847455f235042023-02-08 09:45:42.488root 11241100x8000000000000000270760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b722aad2f1c61342023-02-08 09:45:42.985root 11241100x8000000000000000270759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df30c423e07b95282023-02-08 09:45:42.985root 11241100x8000000000000000270758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484a8d69330c7f4d2023-02-08 09:45:42.985root 11241100x8000000000000000270757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6348e0099040635b2023-02-08 09:45:42.985root 11241100x8000000000000000270756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e114fb8566422d2023-02-08 09:45:42.985root 11241100x8000000000000000270755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e18abb96e43c562023-02-08 09:45:42.985root 11241100x8000000000000000270766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b76f3ac66e9288c2023-02-08 09:45:42.986root 11241100x8000000000000000270765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81cbecc534af9502023-02-08 09:45:42.986root 11241100x8000000000000000270764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ebeaa3c10d23bf2023-02-08 09:45:42.986root 11241100x8000000000000000270763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4432d00e31fb262023-02-08 09:45:42.986root 11241100x8000000000000000270762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1d9c2c3d2545802023-02-08 09:45:42.986root 11241100x8000000000000000270761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9815d4c690ebb342023-02-08 09:45:42.986root 11241100x8000000000000000270773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d6c70be463ce5d2023-02-08 09:45:42.987root 11241100x8000000000000000270772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa05e5949a20052023-02-08 09:45:42.987root 11241100x8000000000000000270771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ecef238983d69c2023-02-08 09:45:42.987root 11241100x8000000000000000270770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530e394404306022023-02-08 09:45:42.987root 11241100x8000000000000000270769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c3993e8e206252023-02-08 09:45:42.987root 11241100x8000000000000000270768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ae39467649e2562023-02-08 09:45:42.987root 11241100x8000000000000000270767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845592792efb2f552023-02-08 09:45:42.987root 11241100x8000000000000000270780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6985f0d784712b2023-02-08 09:45:42.988root 11241100x8000000000000000270779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2199b770244bb0352023-02-08 09:45:42.988root 11241100x8000000000000000270778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701954bab20237be2023-02-08 09:45:42.988root 11241100x8000000000000000270777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c54af8fa262c2d2023-02-08 09:45:42.988root 11241100x8000000000000000270776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d645edc347b752e2023-02-08 09:45:42.988root 11241100x8000000000000000270775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d53fbcb60a006bb2023-02-08 09:45:42.988root 11241100x8000000000000000270774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734cf1598b0cf7952023-02-08 09:45:42.988root 11241100x8000000000000000270786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de184e41e7376bb42023-02-08 09:45:42.989root 11241100x8000000000000000270785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6339a128d17c660e2023-02-08 09:45:42.989root 11241100x8000000000000000270784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52ec9cdbae5d912023-02-08 09:45:42.989root 11241100x8000000000000000270783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07346fd62fd68c072023-02-08 09:45:42.989root 11241100x8000000000000000270782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f5eccd4139a9b42023-02-08 09:45:42.989root 11241100x8000000000000000270781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:42.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc3122d40240572023-02-08 09:45:42.989root 11241100x8000000000000000270793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da24050d3d7d6e382023-02-08 09:45:43.485root 11241100x8000000000000000270792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28434a9033c80c622023-02-08 09:45:43.485root 11241100x8000000000000000270791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e7b65ff893be22023-02-08 09:45:43.485root 11241100x8000000000000000270790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d268841e660c382023-02-08 09:45:43.485root 11241100x8000000000000000270789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d39c6a09573b52023-02-08 09:45:43.485root 11241100x8000000000000000270788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69519cbfdbf69222023-02-08 09:45:43.485root 11241100x8000000000000000270787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525624bfe71624c92023-02-08 09:45:43.485root 11241100x8000000000000000270807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdbbfae9d5e0cd32023-02-08 09:45:43.486root 11241100x8000000000000000270806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beafc7f6471be602023-02-08 09:45:43.486root 11241100x8000000000000000270805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e6f2a74bfe4a602023-02-08 09:45:43.486root 11241100x8000000000000000270804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d99cd0043dc27a52023-02-08 09:45:43.486root 11241100x8000000000000000270803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f9cabb344812762023-02-08 09:45:43.486root 11241100x8000000000000000270802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a599058b39693fbc2023-02-08 09:45:43.486root 11241100x8000000000000000270801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edd426dbf6f16302023-02-08 09:45:43.486root 11241100x8000000000000000270800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3313a1d3e8a31d62023-02-08 09:45:43.486root 11241100x8000000000000000270799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4598d2149197fa1f2023-02-08 09:45:43.486root 11241100x8000000000000000270798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e81a493d54f3032023-02-08 09:45:43.486root 11241100x8000000000000000270797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11db99a0b8d14832023-02-08 09:45:43.486root 11241100x8000000000000000270796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff96773c17f640ee2023-02-08 09:45:43.486root 11241100x8000000000000000270795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f0a3a6e3d32e662023-02-08 09:45:43.486root 11241100x8000000000000000270794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e8cddb02de8ef62023-02-08 09:45:43.486root 11241100x8000000000000000270818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dccd5ac279d8c382023-02-08 09:45:43.487root 11241100x8000000000000000270817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f2446547a3fefd2023-02-08 09:45:43.487root 11241100x8000000000000000270816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060fd6816c260f0a2023-02-08 09:45:43.487root 11241100x8000000000000000270815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98700e393763828f2023-02-08 09:45:43.487root 11241100x8000000000000000270814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba741c67a1dff7f2023-02-08 09:45:43.487root 11241100x8000000000000000270813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724232ee98410eb02023-02-08 09:45:43.487root 11241100x8000000000000000270812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441b76c0216689942023-02-08 09:45:43.487root 11241100x8000000000000000270811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b3c801efc272c52023-02-08 09:45:43.487root 11241100x8000000000000000270810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72de38daa3c7762023-02-08 09:45:43.487root 11241100x8000000000000000270809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628130cb0a7e25992023-02-08 09:45:43.487root 11241100x8000000000000000270808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f635ce02488e72492023-02-08 09:45:43.487root 11241100x8000000000000000270824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2437de27d9677e292023-02-08 09:45:43.985root 11241100x8000000000000000270823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe9260fc413a42b2023-02-08 09:45:43.985root 11241100x8000000000000000270822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed0e07d1b8301d62023-02-08 09:45:43.985root 11241100x8000000000000000270821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9656f6c76f5d342023-02-08 09:45:43.985root 11241100x8000000000000000270820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b6c6d2af28904d2023-02-08 09:45:43.985root 11241100x8000000000000000270819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fa1f46d0464cff2023-02-08 09:45:43.985root 11241100x8000000000000000270838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c2000e1693af752023-02-08 09:45:43.986root 11241100x8000000000000000270837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33557465d98e53f22023-02-08 09:45:43.986root 11241100x8000000000000000270836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05663ca5c8387e12023-02-08 09:45:43.986root 11241100x8000000000000000270835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42559e2014da72432023-02-08 09:45:43.986root 11241100x8000000000000000270834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea83cddd2758eb42023-02-08 09:45:43.986root 11241100x8000000000000000270833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24aa07d225da9462023-02-08 09:45:43.986root 11241100x8000000000000000270832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeceddbc09abc822023-02-08 09:45:43.986root 11241100x8000000000000000270831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c4d01ce7df46b2023-02-08 09:45:43.986root 11241100x8000000000000000270830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395a4ff9bed9e3432023-02-08 09:45:43.986root 11241100x8000000000000000270829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96118099ad6b51872023-02-08 09:45:43.986root 11241100x8000000000000000270828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ee00a3fc2393402023-02-08 09:45:43.986root 11241100x8000000000000000270827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bb44a81bb496c42023-02-08 09:45:43.986root 11241100x8000000000000000270826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44850b72fcd09e312023-02-08 09:45:43.986root 11241100x8000000000000000270825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab9b817dd8876aa2023-02-08 09:45:43.986root 11241100x8000000000000000270850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece2cf691c45265f2023-02-08 09:45:43.987root 11241100x8000000000000000270849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438b521f64ca8e92023-02-08 09:45:43.987root 11241100x8000000000000000270848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf212eb566a1ffa2023-02-08 09:45:43.987root 11241100x8000000000000000270847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf3e0d7e75c21dd2023-02-08 09:45:43.987root 11241100x8000000000000000270846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca67631c6cff7bd2023-02-08 09:45:43.987root 11241100x8000000000000000270845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918063ee74601ec22023-02-08 09:45:43.987root 11241100x8000000000000000270844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9c0e0b5e2b8ae52023-02-08 09:45:43.987root 11241100x8000000000000000270843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf1e9c3e08efb862023-02-08 09:45:43.987root 11241100x8000000000000000270842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffaa3c0f06635d22023-02-08 09:45:43.987root 11241100x8000000000000000270841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2143d1dc3a2696162023-02-08 09:45:43.987root 11241100x8000000000000000270840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c00e18acf16d282023-02-08 09:45:43.987root 11241100x8000000000000000270839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04293d7a835180712023-02-08 09:45:43.987root 11241100x8000000000000000270851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63aeb6852bb4e592023-02-08 09:45:44.485root 11241100x8000000000000000270863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18170af8df322292023-02-08 09:45:44.486root 11241100x8000000000000000270862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6069271538efa802023-02-08 09:45:44.486root 11241100x8000000000000000270861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e252cf877ec6822023-02-08 09:45:44.486root 11241100x8000000000000000270860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842b9ddd22ecb0da2023-02-08 09:45:44.486root 11241100x8000000000000000270859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57997b6a8b7f3ee62023-02-08 09:45:44.486root 11241100x8000000000000000270858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59f554d5dae3d8c2023-02-08 09:45:44.486root 11241100x8000000000000000270857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04426b08e8ae0392023-02-08 09:45:44.486root 11241100x8000000000000000270856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b0d20326054d12023-02-08 09:45:44.486root 11241100x8000000000000000270855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb529dbef467afbc2023-02-08 09:45:44.486root 11241100x8000000000000000270854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41171021e893a0262023-02-08 09:45:44.486root 11241100x8000000000000000270853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6536ff2add456cb92023-02-08 09:45:44.486root 11241100x8000000000000000270852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c4f063542e096e2023-02-08 09:45:44.486root 11241100x8000000000000000270874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e67fad3f9548b522023-02-08 09:45:44.487root 11241100x8000000000000000270873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f16dbb93864966a2023-02-08 09:45:44.487root 11241100x8000000000000000270872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e196464b0aff6292023-02-08 09:45:44.487root 11241100x8000000000000000270871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4326111c3142c5b2023-02-08 09:45:44.487root 11241100x8000000000000000270870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da44834b735de12023-02-08 09:45:44.487root 11241100x8000000000000000270869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c5fdfa35a651b72023-02-08 09:45:44.487root 11241100x8000000000000000270868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f79953eb41c1e2023-02-08 09:45:44.487root 11241100x8000000000000000270867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b39735a5925b4d22023-02-08 09:45:44.487root 11241100x8000000000000000270866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e83e89278bd4892023-02-08 09:45:44.487root 11241100x8000000000000000270865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5104c7c9b3fbfdc12023-02-08 09:45:44.487root 11241100x8000000000000000270864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d06851eae816f32023-02-08 09:45:44.487root 11241100x8000000000000000270882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779a71db41da98582023-02-08 09:45:44.488root 11241100x8000000000000000270881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4388577c51e792f2023-02-08 09:45:44.488root 11241100x8000000000000000270880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ef977a078c1482023-02-08 09:45:44.488root 11241100x8000000000000000270879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff98e5acf3e7155a2023-02-08 09:45:44.488root 11241100x8000000000000000270878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bddf8b3f5395152023-02-08 09:45:44.488root 11241100x8000000000000000270877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729ad1322e2cb642023-02-08 09:45:44.488root 11241100x8000000000000000270876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb835a281acaf5852023-02-08 09:45:44.488root 11241100x8000000000000000270875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a443c2b91a2c232023-02-08 09:45:44.488root 11241100x8000000000000000270889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35fb445c0232d202023-02-08 09:45:44.985root 11241100x8000000000000000270888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f090d6e2aedb7b2023-02-08 09:45:44.985root 11241100x8000000000000000270887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a23a93a77cef92023-02-08 09:45:44.985root 11241100x8000000000000000270886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1387cfe1e4edf92023-02-08 09:45:44.985root 11241100x8000000000000000270885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4834ef228a3f7e732023-02-08 09:45:44.985root 11241100x8000000000000000270884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae749b01fa801022023-02-08 09:45:44.985root 11241100x8000000000000000270883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ada054eb4af1eb82023-02-08 09:45:44.985root 11241100x8000000000000000270898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b791b3d8ff3178b52023-02-08 09:45:44.986root 11241100x8000000000000000270897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ebc38b58aa69342023-02-08 09:45:44.986root 11241100x8000000000000000270896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c745b7ab56570252023-02-08 09:45:44.986root 11241100x8000000000000000270895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd4abba2a2c0232023-02-08 09:45:44.986root 11241100x8000000000000000270894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9b742c3ca99f702023-02-08 09:45:44.986root 11241100x8000000000000000270893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90478ae6380e1f032023-02-08 09:45:44.986root 11241100x8000000000000000270892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab924d538e0532b2023-02-08 09:45:44.986root 11241100x8000000000000000270891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99302647b48f645b2023-02-08 09:45:44.986root 11241100x8000000000000000270890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a05f61cb34465b82023-02-08 09:45:44.986root 11241100x8000000000000000270907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562324dd87955d5d2023-02-08 09:45:44.987root 11241100x8000000000000000270906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0224e738148c1072023-02-08 09:45:44.987root 11241100x8000000000000000270905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1a42b2cd5233ec2023-02-08 09:45:44.987root 11241100x8000000000000000270904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b170a5dc3912812023-02-08 09:45:44.987root 11241100x8000000000000000270903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0c2823fe2d47422023-02-08 09:45:44.987root 11241100x8000000000000000270902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13316d54e9d732042023-02-08 09:45:44.987root 11241100x8000000000000000270901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6c0ab6cc1c8c42023-02-08 09:45:44.987root 11241100x8000000000000000270900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc87b52c07c65992023-02-08 09:45:44.987root 11241100x8000000000000000270899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13820a6cc53765052023-02-08 09:45:44.987root 11241100x8000000000000000270909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb4da6d223d10232023-02-08 09:45:44.988root 11241100x8000000000000000270908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a733fb31068709fc2023-02-08 09:45:44.988root 11241100x8000000000000000270914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a2319b123f157a2023-02-08 09:45:44.989root 11241100x8000000000000000270913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb5e784c496b6e72023-02-08 09:45:44.989root 11241100x8000000000000000270912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ac3ba6c1ec840b2023-02-08 09:45:44.989root 11241100x8000000000000000270911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ccf227675d801f2023-02-08 09:45:44.989root 11241100x8000000000000000270910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8374530f046116b12023-02-08 09:45:44.989root 11241100x8000000000000000270921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d596ef269750382023-02-08 09:45:45.485root 11241100x8000000000000000270920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3b4d630c84ab5e2023-02-08 09:45:45.485root 11241100x8000000000000000270919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335b2d7d313876b82023-02-08 09:45:45.485root 11241100x8000000000000000270918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cefd0824db4c2c2023-02-08 09:45:45.485root 11241100x8000000000000000270917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d84f90116c961d2023-02-08 09:45:45.485root 11241100x8000000000000000270916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a82752e937b342023-02-08 09:45:45.485root 11241100x8000000000000000270915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d5af42fa68d172023-02-08 09:45:45.485root 11241100x8000000000000000270930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9f8189982cd4062023-02-08 09:45:45.486root 11241100x8000000000000000270929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3133b943f603106d2023-02-08 09:45:45.486root 11241100x8000000000000000270928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb67ed67266ec71a2023-02-08 09:45:45.486root 11241100x8000000000000000270927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c95e5376b0e8f382023-02-08 09:45:45.486root 11241100x8000000000000000270926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d052434184a985c2023-02-08 09:45:45.486root 11241100x8000000000000000270925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af94aee0f65b06012023-02-08 09:45:45.486root 11241100x8000000000000000270924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee38403213f556a82023-02-08 09:45:45.486root 11241100x8000000000000000270923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34786ebad2a107282023-02-08 09:45:45.486root 11241100x8000000000000000270922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12734bf142740402023-02-08 09:45:45.486root 11241100x8000000000000000270940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7d8b6616fa49fd2023-02-08 09:45:45.487root 11241100x8000000000000000270939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b75df3a2ae0b8d2023-02-08 09:45:45.487root 11241100x8000000000000000270938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c983893e6fcdbb2023-02-08 09:45:45.487root 11241100x8000000000000000270937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5def02ad106e2432023-02-08 09:45:45.487root 11241100x8000000000000000270936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e951f0038fb61b6c2023-02-08 09:45:45.487root 11241100x8000000000000000270935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820166bef5df1bdc2023-02-08 09:45:45.487root 11241100x8000000000000000270934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a16bafcbfcdbcd2023-02-08 09:45:45.487root 11241100x8000000000000000270933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce6b222d6a720ff2023-02-08 09:45:45.487root 11241100x8000000000000000270932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc82f0ea5b07291d2023-02-08 09:45:45.487root 11241100x8000000000000000270931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5bb870128f72172023-02-08 09:45:45.487root 11241100x8000000000000000270946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c285f27391bdd0042023-02-08 09:45:45.488root 11241100x8000000000000000270945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ca697603861f52023-02-08 09:45:45.488root 11241100x8000000000000000270944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1601fb4103b6d4f2023-02-08 09:45:45.488root 11241100x8000000000000000270943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424160b0387033332023-02-08 09:45:45.488root 11241100x8000000000000000270942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8bd69701c275562023-02-08 09:45:45.488root 11241100x8000000000000000270941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43ef81be3f7b56e2023-02-08 09:45:45.488root 11241100x8000000000000000270952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed626ffafd5e1add2023-02-08 09:45:45.985root 11241100x8000000000000000270951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd78b4fe89379e32023-02-08 09:45:45.985root 11241100x8000000000000000270950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd764787db02f0ec2023-02-08 09:45:45.985root 11241100x8000000000000000270949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d55582f9ab7782023-02-08 09:45:45.985root 11241100x8000000000000000270948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d129e3ec6f6d8452023-02-08 09:45:45.985root 11241100x8000000000000000270947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95bfc28aafac1532023-02-08 09:45:45.985root 11241100x8000000000000000270965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc971d10f2422e2023-02-08 09:45:45.987root 11241100x8000000000000000270964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8fc80ab228cf652023-02-08 09:45:45.987root 11241100x8000000000000000270963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f664a63ce69b4602023-02-08 09:45:45.987root 11241100x8000000000000000270962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b213ff711b612ff2023-02-08 09:45:45.987root 11241100x8000000000000000270961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd5442bacb625fd2023-02-08 09:45:45.987root 11241100x8000000000000000270960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958c20a6e760fc122023-02-08 09:45:45.987root 11241100x8000000000000000270959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f908ebcb4d9d42023-02-08 09:45:45.987root 11241100x8000000000000000270958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d9176e0d8f1d12023-02-08 09:45:45.987root 11241100x8000000000000000270957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c6710e59f12a3d2023-02-08 09:45:45.987root 11241100x8000000000000000270956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b2a2c1d7eee6962023-02-08 09:45:45.987root 11241100x8000000000000000270955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20c2c8147b105742023-02-08 09:45:45.987root 11241100x8000000000000000270954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9c97daefeafa4a2023-02-08 09:45:45.987root 11241100x8000000000000000270953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f14a2981f7ad3762023-02-08 09:45:45.987root 11241100x8000000000000000270978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca987474401f7032023-02-08 09:45:45.988root 11241100x8000000000000000270977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caf8453fc49c5572023-02-08 09:45:45.988root 11241100x8000000000000000270976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82c12fe567b4da2023-02-08 09:45:45.988root 11241100x8000000000000000270975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cdc092aa7af43c2023-02-08 09:45:45.988root 11241100x8000000000000000270974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b2a838a62c8ebb2023-02-08 09:45:45.988root 11241100x8000000000000000270973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bf63cbd652d8e2023-02-08 09:45:45.988root 11241100x8000000000000000270972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6bf8c2d4d5691e2023-02-08 09:45:45.988root 11241100x8000000000000000270971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a214b893de3434c52023-02-08 09:45:45.988root 11241100x8000000000000000270970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ca9ec2d8ce4d92023-02-08 09:45:45.988root 11241100x8000000000000000270969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac4f46a4738f0fd2023-02-08 09:45:45.988root 11241100x8000000000000000270968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f846c280463a5762023-02-08 09:45:45.988root 11241100x8000000000000000270967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ad9a4d74dd05a52023-02-08 09:45:45.988root 11241100x8000000000000000270966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b820f942a9cf5b72023-02-08 09:45:45.988root 11241100x8000000000000000270984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3a3adf80a394932023-02-08 09:45:46.485root 11241100x8000000000000000270983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e3437aaaf294d62023-02-08 09:45:46.485root 11241100x8000000000000000270982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25066f893abfc8c2023-02-08 09:45:46.485root 11241100x8000000000000000270981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967cd6581020f5d92023-02-08 09:45:46.485root 11241100x8000000000000000270980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c824a33b384b95b62023-02-08 09:45:46.485root 11241100x8000000000000000270979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f732b5e20df1d2023-02-08 09:45:46.485root 11241100x8000000000000000270991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86908626905e5f452023-02-08 09:45:46.486root 11241100x8000000000000000270990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99a892615c832f2023-02-08 09:45:46.486root 11241100x8000000000000000270989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10599ac30e787dea2023-02-08 09:45:46.486root 11241100x8000000000000000270988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c933861a3a03a3b2023-02-08 09:45:46.486root 11241100x8000000000000000270987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38a7aa8a17f1442023-02-08 09:45:46.486root 11241100x8000000000000000270986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3330218d45fee68f2023-02-08 09:45:46.486root 11241100x8000000000000000270985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7661c9b966b224e2023-02-08 09:45:46.486root 11241100x8000000000000000271000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3783c943098a2a2023-02-08 09:45:46.487root 11241100x8000000000000000270999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8558986caf471612023-02-08 09:45:46.487root 11241100x8000000000000000270998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f563875a0e9316a92023-02-08 09:45:46.487root 11241100x8000000000000000270997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2322ba5563386d42023-02-08 09:45:46.487root 11241100x8000000000000000270996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba8abbc5d8f16512023-02-08 09:45:46.487root 11241100x8000000000000000270995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cf0ea0da506fe92023-02-08 09:45:46.487root 11241100x8000000000000000270994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5738918e9fdc1972023-02-08 09:45:46.487root 11241100x8000000000000000270993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9284815102c23e0a2023-02-08 09:45:46.487root 11241100x8000000000000000270992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a52e97571067762023-02-08 09:45:46.487root 11241100x8000000000000000271010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dba9680b420ef2c2023-02-08 09:45:46.488root 11241100x8000000000000000271009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb1fd22fd9220cb2023-02-08 09:45:46.488root 11241100x8000000000000000271008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f5f4234b1c06002023-02-08 09:45:46.488root 11241100x8000000000000000271007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db48b6f0c915e7b2023-02-08 09:45:46.488root 11241100x8000000000000000271006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644231e93c70bee2023-02-08 09:45:46.488root 11241100x8000000000000000271005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9ceacf05daa4972023-02-08 09:45:46.488root 11241100x8000000000000000271004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0871743d4401d4802023-02-08 09:45:46.488root 11241100x8000000000000000271003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ad795d0ceb2f112023-02-08 09:45:46.488root 11241100x8000000000000000271002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddedd04e668ea6372023-02-08 09:45:46.488root 11241100x8000000000000000271001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b44bdc7a11a1dd32023-02-08 09:45:46.488root 11241100x8000000000000000271016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962fc932a5587b072023-02-08 09:45:46.985root 11241100x8000000000000000271015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bf480546d097f12023-02-08 09:45:46.985root 11241100x8000000000000000271014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a11114867bd95192023-02-08 09:45:46.985root 11241100x8000000000000000271013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646b480b553dc1a82023-02-08 09:45:46.985root 11241100x8000000000000000271012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e109891978c3e2023-02-08 09:45:46.985root 11241100x8000000000000000271011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dd39f2bc4710ba2023-02-08 09:45:46.985root 11241100x8000000000000000271026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0e5cd3ba3510f22023-02-08 09:45:46.986root 11241100x8000000000000000271025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7a7b5e471ee69f2023-02-08 09:45:46.986root 11241100x8000000000000000271024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e89d01b2021832023-02-08 09:45:46.986root 11241100x8000000000000000271023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadf116dac881b402023-02-08 09:45:46.986root 11241100x8000000000000000271022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d511cf9ea9c2622023-02-08 09:45:46.986root 11241100x8000000000000000271021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c35a26427ee295b2023-02-08 09:45:46.986root 11241100x8000000000000000271020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbbc00d27ad74102023-02-08 09:45:46.986root 11241100x8000000000000000271019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2743c07d88b9ce822023-02-08 09:45:46.986root 11241100x8000000000000000271018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3350029b441332023-02-08 09:45:46.986root 11241100x8000000000000000271017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1423c784c7dff7112023-02-08 09:45:46.986root 11241100x8000000000000000271035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312862a4b13b08c52023-02-08 09:45:46.987root 11241100x8000000000000000271034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96339348bd88a3342023-02-08 09:45:46.987root 11241100x8000000000000000271033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bd8d36138d8b832023-02-08 09:45:46.987root 11241100x8000000000000000271032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbabe603b9bfb6802023-02-08 09:45:46.987root 11241100x8000000000000000271031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbc841d1cb3b50e2023-02-08 09:45:46.987root 11241100x8000000000000000271030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2ef8d48557a7112023-02-08 09:45:46.987root 11241100x8000000000000000271029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4fa8b5d2ea72cd2023-02-08 09:45:46.987root 11241100x8000000000000000271028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb482a8fdb1991dc2023-02-08 09:45:46.987root 11241100x8000000000000000271027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dc4b5ed71ae46f2023-02-08 09:45:46.987root 11241100x8000000000000000271042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba3a5e1f9c870f62023-02-08 09:45:46.988root 11241100x8000000000000000271041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83431c51df59d9dd2023-02-08 09:45:46.988root 11241100x8000000000000000271040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd50965370c5c5082023-02-08 09:45:46.988root 11241100x8000000000000000271039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892ebe5c5653ffe12023-02-08 09:45:46.988root 11241100x8000000000000000271038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84a13764eae5d352023-02-08 09:45:46.988root 11241100x8000000000000000271037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38108c2b5e8b0df2023-02-08 09:45:46.988root 11241100x8000000000000000271036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429772fde7b9adb12023-02-08 09:45:46.988root 354300x8000000000000000271043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.128{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50896-false10.0.1.12-8000- 11241100x8000000000000000271047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae26b429cdb8902023-02-08 09:45:47.485root 11241100x8000000000000000271046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e3e0bba87683f62023-02-08 09:45:47.485root 11241100x8000000000000000271045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106a2467e11bee0c2023-02-08 09:45:47.485root 11241100x8000000000000000271044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ef755158a6ce242023-02-08 09:45:47.485root 11241100x8000000000000000271056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4afb7d064f3b42023-02-08 09:45:47.486root 11241100x8000000000000000271055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af88af5dc92c29a02023-02-08 09:45:47.486root 11241100x8000000000000000271054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec0b76691f05be2023-02-08 09:45:47.486root 11241100x8000000000000000271053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49dfed9d37d9deb2023-02-08 09:45:47.486root 11241100x8000000000000000271052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17fe1ff03f3e4a42023-02-08 09:45:47.486root 11241100x8000000000000000271051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a379719a945050e22023-02-08 09:45:47.486root 11241100x8000000000000000271050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f46e31dcc79d92023-02-08 09:45:47.486root 11241100x8000000000000000271049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a93ed7568279282023-02-08 09:45:47.486root 11241100x8000000000000000271048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84e6120cfc0cb5f2023-02-08 09:45:47.486root 11241100x8000000000000000271062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a7f3acab8413332023-02-08 09:45:47.487root 11241100x8000000000000000271061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d604fa3c88dbc52023-02-08 09:45:47.487root 11241100x8000000000000000271060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70eb0e679c4f1502023-02-08 09:45:47.487root 11241100x8000000000000000271059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea62c9292df2c312023-02-08 09:45:47.487root 11241100x8000000000000000271058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae1f257407ecf32023-02-08 09:45:47.487root 11241100x8000000000000000271057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba65c6d05d83a2f02023-02-08 09:45:47.487root 11241100x8000000000000000271070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960b7e57080627ee2023-02-08 09:45:47.488root 11241100x8000000000000000271069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c540416260127a402023-02-08 09:45:47.488root 11241100x8000000000000000271068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ae9b9ba9b877d92023-02-08 09:45:47.488root 11241100x8000000000000000271067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cca35ddd544c912023-02-08 09:45:47.488root 11241100x8000000000000000271066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e72d256ecd4265d2023-02-08 09:45:47.488root 11241100x8000000000000000271065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e059b7001ef05f772023-02-08 09:45:47.488root 11241100x8000000000000000271064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f437a8e33346072023-02-08 09:45:47.488root 11241100x8000000000000000271063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7773133c9e2c31042023-02-08 09:45:47.488root 11241100x8000000000000000271076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6708a370ce60bd2023-02-08 09:45:47.489root 11241100x8000000000000000271075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6d97e68409b522023-02-08 09:45:47.489root 11241100x8000000000000000271074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2c2e78bf42c0ad2023-02-08 09:45:47.489root 11241100x8000000000000000271073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993755aadf03c0d22023-02-08 09:45:47.489root 11241100x8000000000000000271072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489efe9b0f8721282023-02-08 09:45:47.489root 11241100x8000000000000000271071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59fce6d43fa06e62023-02-08 09:45:47.489root 11241100x8000000000000000271079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e00d9ade4820b382023-02-08 09:45:47.985root 11241100x8000000000000000271078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2707cb55fe649e1d2023-02-08 09:45:47.985root 11241100x8000000000000000271077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505eed6f888549602023-02-08 09:45:47.985root 11241100x8000000000000000271087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6313b712d46877212023-02-08 09:45:47.986root 11241100x8000000000000000271086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3a1cff9a73af5a2023-02-08 09:45:47.986root 11241100x8000000000000000271085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b12b6091af9cdd2023-02-08 09:45:47.986root 11241100x8000000000000000271084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b29deca8b0e3cb22023-02-08 09:45:47.986root 11241100x8000000000000000271083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8369ccaeb10a09f02023-02-08 09:45:47.986root 11241100x8000000000000000271082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfe6a22d9b2b9f52023-02-08 09:45:47.986root 11241100x8000000000000000271081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2596ae1c8d1a192023-02-08 09:45:47.986root 11241100x8000000000000000271080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca9b75cc34cb64c2023-02-08 09:45:47.986root 11241100x8000000000000000271093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566b513eda1ee7b92023-02-08 09:45:47.987root 11241100x8000000000000000271092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8b28419bcf6992023-02-08 09:45:47.987root 11241100x8000000000000000271091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef79da7ecb9c9192023-02-08 09:45:47.987root 11241100x8000000000000000271090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6390ef942ade24842023-02-08 09:45:47.987root 11241100x8000000000000000271089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6203cb7a9d0799952023-02-08 09:45:47.987root 11241100x8000000000000000271088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289ab568cdda12dd2023-02-08 09:45:47.987root 11241100x8000000000000000271099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8aa6756aaeff7c2023-02-08 09:45:47.988root 11241100x8000000000000000271098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87f362a0a2476562023-02-08 09:45:47.988root 11241100x8000000000000000271097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a514756c861270c32023-02-08 09:45:47.988root 11241100x8000000000000000271096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b244d6f783fc88c02023-02-08 09:45:47.988root 11241100x8000000000000000271095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b10dce50f14b992023-02-08 09:45:47.988root 11241100x8000000000000000271094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b0123e6cd9c2e2023-02-08 09:45:47.988root 11241100x8000000000000000271105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792adff70d3433282023-02-08 09:45:47.989root 11241100x8000000000000000271104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd80700557b591d2023-02-08 09:45:47.989root 11241100x8000000000000000271103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cb5c16cdc3f1a12023-02-08 09:45:47.989root 11241100x8000000000000000271102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7105b0c7ef8d4052023-02-08 09:45:47.989root 11241100x8000000000000000271101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e27d8bd9ef64672023-02-08 09:45:47.989root 11241100x8000000000000000271100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44e910dec22d1752023-02-08 09:45:47.989root 11241100x8000000000000000271109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c21967d155e364a2023-02-08 09:45:47.990root 11241100x8000000000000000271108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900ef67a2e1628232023-02-08 09:45:47.990root 11241100x8000000000000000271107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fbf7dd7fde2c102023-02-08 09:45:47.990root 11241100x8000000000000000271106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe5ff22f80020be2023-02-08 09:45:47.990root 11241100x8000000000000000271114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1104a3050d53302023-02-08 09:45:48.485root 11241100x8000000000000000271113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb485615c3300e2023-02-08 09:45:48.485root 11241100x8000000000000000271112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3182238053d4af02023-02-08 09:45:48.485root 11241100x8000000000000000271111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9564903adb4f94f2023-02-08 09:45:48.485root 11241100x8000000000000000271110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936ee357a59ca5952023-02-08 09:45:48.485root 11241100x8000000000000000271126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58811b3d4f0d56c42023-02-08 09:45:48.486root 11241100x8000000000000000271125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91073922898ccea02023-02-08 09:45:48.486root 11241100x8000000000000000271124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e459792f3b594d12023-02-08 09:45:48.486root 11241100x8000000000000000271123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e1ba98505009082023-02-08 09:45:48.486root 11241100x8000000000000000271122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d273ed224ecdd792023-02-08 09:45:48.486root 11241100x8000000000000000271121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784830f09d0117032023-02-08 09:45:48.486root 11241100x8000000000000000271120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125b4bb8b86806d72023-02-08 09:45:48.486root 11241100x8000000000000000271119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068e047b9249857e2023-02-08 09:45:48.486root 11241100x8000000000000000271118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73653eb8e39dfb52023-02-08 09:45:48.486root 11241100x8000000000000000271117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4e408aedd967c2023-02-08 09:45:48.486root 11241100x8000000000000000271116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28727122bf20e3cc2023-02-08 09:45:48.486root 11241100x8000000000000000271115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed4ddd9970cd552023-02-08 09:45:48.486root 11241100x8000000000000000271139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89bc3e270a54c5c2023-02-08 09:45:48.487root 11241100x8000000000000000271138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25fa8758db2b1292023-02-08 09:45:48.487root 11241100x8000000000000000271137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b1febfe2d0de132023-02-08 09:45:48.487root 11241100x8000000000000000271136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f319f79db1bb7f42023-02-08 09:45:48.487root 11241100x8000000000000000271135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c45b09c0405e5f2023-02-08 09:45:48.487root 11241100x8000000000000000271134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cea484571704e02023-02-08 09:45:48.487root 11241100x8000000000000000271133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f58618a74b4f6132023-02-08 09:45:48.487root 11241100x8000000000000000271132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f8e93eff63614f2023-02-08 09:45:48.487root 11241100x8000000000000000271131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca341ff5f333e1592023-02-08 09:45:48.487root 11241100x8000000000000000271130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209917c994b0b3e92023-02-08 09:45:48.487root 11241100x8000000000000000271129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1fd898a742035d2023-02-08 09:45:48.487root 11241100x8000000000000000271128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325468f76ed549112023-02-08 09:45:48.487root 11241100x8000000000000000271127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74e2df216459e502023-02-08 09:45:48.487root 11241100x8000000000000000271142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c231f5cf696f35a2023-02-08 09:45:48.489root 11241100x8000000000000000271141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae533c8129e61912023-02-08 09:45:48.489root 11241100x8000000000000000271140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb91772f0a33f262023-02-08 09:45:48.489root 11241100x8000000000000000271148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d97746679683fa2023-02-08 09:45:48.985root 11241100x8000000000000000271147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a147207b31f5a862023-02-08 09:45:48.985root 11241100x8000000000000000271146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f9bd3d083e8f92023-02-08 09:45:48.985root 11241100x8000000000000000271145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bad07e1ab27094f2023-02-08 09:45:48.985root 11241100x8000000000000000271144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146abfc87041a1c72023-02-08 09:45:48.985root 11241100x8000000000000000271143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7ae7b11e5661bc2023-02-08 09:45:48.985root 11241100x8000000000000000271159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878ec16d9e237eb2023-02-08 09:45:48.986root 11241100x8000000000000000271158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcee8298904f1f552023-02-08 09:45:48.986root 11241100x8000000000000000271157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6fc6b1c1f6ea52023-02-08 09:45:48.986root 11241100x8000000000000000271156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba45213f3cb364442023-02-08 09:45:48.986root 11241100x8000000000000000271155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b26006cde0652952023-02-08 09:45:48.986root 11241100x8000000000000000271154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9527c626c2e22e2023-02-08 09:45:48.986root 11241100x8000000000000000271153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd3bd6dee73e3ea2023-02-08 09:45:48.986root 11241100x8000000000000000271152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7157c7d0afb9c2023-02-08 09:45:48.986root 11241100x8000000000000000271151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf825816762d7bf02023-02-08 09:45:48.986root 11241100x8000000000000000271150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08896c6a696a73cf2023-02-08 09:45:48.986root 11241100x8000000000000000271149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccef3746557441b2023-02-08 09:45:48.986root 11241100x8000000000000000271174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c0cc63a335e2662023-02-08 09:45:48.987root 11241100x8000000000000000271173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b055f00c59b2a1422023-02-08 09:45:48.987root 11241100x8000000000000000271172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e948abc41910402023-02-08 09:45:48.987root 11241100x8000000000000000271171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38b68b4f19f5d2a2023-02-08 09:45:48.987root 11241100x8000000000000000271170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da145cc76c7ba3b2023-02-08 09:45:48.987root 11241100x8000000000000000271169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c2c5b14e0691362023-02-08 09:45:48.987root 11241100x8000000000000000271168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8da3b2f974ac62023-02-08 09:45:48.987root 11241100x8000000000000000271167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0b2f8f34a9bc122023-02-08 09:45:48.987root 11241100x8000000000000000271166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d433c42f57072d2023-02-08 09:45:48.987root 11241100x8000000000000000271165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad035c52d66d1192023-02-08 09:45:48.987root 11241100x8000000000000000271164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432e85e6b55f4cef2023-02-08 09:45:48.987root 11241100x8000000000000000271163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1716411755cbf4c2023-02-08 09:45:48.987root 11241100x8000000000000000271162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93406b7a57771eb92023-02-08 09:45:48.987root 11241100x8000000000000000271161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441fe7aefa334ece2023-02-08 09:45:48.987root 11241100x8000000000000000271160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b5d1895ebd0e9b2023-02-08 09:45:48.987root 11241100x8000000000000000271175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac42990bb06263f02023-02-08 09:45:48.988root 11241100x8000000000000000271181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5184cd7dea69f112023-02-08 09:45:49.485root 11241100x8000000000000000271180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf0651c9de8025a2023-02-08 09:45:49.485root 11241100x8000000000000000271179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42ddbf1be90033f2023-02-08 09:45:49.485root 11241100x8000000000000000271178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d36432451765b2023-02-08 09:45:49.485root 11241100x8000000000000000271177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6241971b06429f2023-02-08 09:45:49.485root 11241100x8000000000000000271176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0c0530eb2d8a622023-02-08 09:45:49.485root 11241100x8000000000000000271188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec6a52ce0f28442023-02-08 09:45:49.486root 11241100x8000000000000000271187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cba367943125fd2023-02-08 09:45:49.486root 11241100x8000000000000000271186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d33c8787a001eb2023-02-08 09:45:49.486root 11241100x8000000000000000271185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f1a4ddb170fa42023-02-08 09:45:49.486root 11241100x8000000000000000271184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db1436272ae52792023-02-08 09:45:49.486root 11241100x8000000000000000271183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f72b6a7f10a5fa2023-02-08 09:45:49.486root 11241100x8000000000000000271182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db68a831064a62762023-02-08 09:45:49.486root 11241100x8000000000000000271202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b587acec927402023-02-08 09:45:49.487root 11241100x8000000000000000271201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4fb44194addc9f2023-02-08 09:45:49.487root 11241100x8000000000000000271200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbfbed999f8b3ef2023-02-08 09:45:49.487root 11241100x8000000000000000271199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bda0157000e5742023-02-08 09:45:49.487root 11241100x8000000000000000271198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5fe81a899112102023-02-08 09:45:49.487root 11241100x8000000000000000271197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415aacc0917906a2023-02-08 09:45:49.487root 11241100x8000000000000000271196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6371cd9173e1492023-02-08 09:45:49.487root 11241100x8000000000000000271195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694f380a57379cdc2023-02-08 09:45:49.487root 11241100x8000000000000000271194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ebfd38b82d6e842023-02-08 09:45:49.487root 11241100x8000000000000000271193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14cec7cd7e35bd82023-02-08 09:45:49.487root 11241100x8000000000000000271192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd21e0469b61c462023-02-08 09:45:49.487root 11241100x8000000000000000271191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a734cb25727f4402023-02-08 09:45:49.487root 11241100x8000000000000000271190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca160a8cdd2ab6d62023-02-08 09:45:49.487root 11241100x8000000000000000271189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36801a94e90d11e12023-02-08 09:45:49.487root 11241100x8000000000000000271208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0cfde013612a02023-02-08 09:45:49.488root 11241100x8000000000000000271207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9c1934ecbfb8462023-02-08 09:45:49.488root 11241100x8000000000000000271206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cd5c298f9d32162023-02-08 09:45:49.488root 11241100x8000000000000000271205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941958725f9e07132023-02-08 09:45:49.488root 11241100x8000000000000000271204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f072f9b8df2d9f82023-02-08 09:45:49.488root 11241100x8000000000000000271203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45e490d5fcb39262023-02-08 09:45:49.488root 11241100x8000000000000000271213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187f77586cadce022023-02-08 09:45:49.985root 11241100x8000000000000000271212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090f4216b9107acf2023-02-08 09:45:49.985root 11241100x8000000000000000271211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88653f3e7d64fba2023-02-08 09:45:49.985root 11241100x8000000000000000271210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256131f89fb70a242023-02-08 09:45:49.985root 11241100x8000000000000000271209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaeb13019c99cdd2023-02-08 09:45:49.985root 11241100x8000000000000000271228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9003749fcaea2032023-02-08 09:45:49.987root 11241100x8000000000000000271227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a037729641760d2023-02-08 09:45:49.987root 11241100x8000000000000000271226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758dfead8efa690e2023-02-08 09:45:49.987root 11241100x8000000000000000271225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c66103e9287ded2023-02-08 09:45:49.987root 11241100x8000000000000000271224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3410443572c247852023-02-08 09:45:49.987root 11241100x8000000000000000271223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191e6c03ee29a81b2023-02-08 09:45:49.987root 11241100x8000000000000000271222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ba14f1c10316e2023-02-08 09:45:49.987root 11241100x8000000000000000271221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b56cdbf05049502023-02-08 09:45:49.987root 11241100x8000000000000000271220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6d714b8747cc42023-02-08 09:45:49.987root 11241100x8000000000000000271219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0646f6dd7a7bee2023-02-08 09:45:49.987root 11241100x8000000000000000271218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4146cae16375eb2023-02-08 09:45:49.987root 11241100x8000000000000000271217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abf9943c253fb732023-02-08 09:45:49.987root 11241100x8000000000000000271216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912631393e42a1ea2023-02-08 09:45:49.987root 11241100x8000000000000000271215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5e1b92248cb6e92023-02-08 09:45:49.987root 11241100x8000000000000000271214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0034f93f0a7d49362023-02-08 09:45:49.987root 11241100x8000000000000000271241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae28665b4cbc5392023-02-08 09:45:49.988root 11241100x8000000000000000271240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a892254717593b2023-02-08 09:45:49.988root 11241100x8000000000000000271239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5392df495c82d012023-02-08 09:45:49.988root 11241100x8000000000000000271238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fe9b9b4c9b5b082023-02-08 09:45:49.988root 11241100x8000000000000000271237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1056cc6c647a4b9f2023-02-08 09:45:49.988root 11241100x8000000000000000271236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17f20ed7aec7f6c2023-02-08 09:45:49.988root 11241100x8000000000000000271235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c54d6fa97b3c9472023-02-08 09:45:49.988root 11241100x8000000000000000271234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29cdc250bbb94be2023-02-08 09:45:49.988root 11241100x8000000000000000271233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de236fd1b52daf12023-02-08 09:45:49.988root 11241100x8000000000000000271232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e483a720da75af2023-02-08 09:45:49.988root 11241100x8000000000000000271231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83582ab96a7bbc82023-02-08 09:45:49.988root 11241100x8000000000000000271230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e078637eba3142a2023-02-08 09:45:49.988root 11241100x8000000000000000271229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55041af612a9062023-02-08 09:45:49.988root 11241100x8000000000000000271247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00aba60a3f067c32023-02-08 09:45:50.485root 11241100x8000000000000000271246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a41a5847f4ac9f92023-02-08 09:45:50.485root 11241100x8000000000000000271245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8014bb8ea07a08562023-02-08 09:45:50.485root 11241100x8000000000000000271244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6913a013268dc0aa2023-02-08 09:45:50.485root 11241100x8000000000000000271243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3779179f4694a9d32023-02-08 09:45:50.485root 11241100x8000000000000000271242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac06421dab3506942023-02-08 09:45:50.485root 11241100x8000000000000000271256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e102db54527612023-02-08 09:45:50.486root 11241100x8000000000000000271255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e11f41a4e59da4c2023-02-08 09:45:50.486root 11241100x8000000000000000271254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f4e5b4f9d5ca9f2023-02-08 09:45:50.486root 11241100x8000000000000000271253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae7c04eb67b86132023-02-08 09:45:50.486root 11241100x8000000000000000271252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41969a5ca0c734e2023-02-08 09:45:50.486root 11241100x8000000000000000271251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b902a260fe89cd2023-02-08 09:45:50.486root 11241100x8000000000000000271250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e4a606778d5a7c2023-02-08 09:45:50.486root 11241100x8000000000000000271249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4307badd0990e32023-02-08 09:45:50.486root 11241100x8000000000000000271248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba259b6deab8a7e2023-02-08 09:45:50.486root 11241100x8000000000000000271260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde72e832c4d948f2023-02-08 09:45:50.487root 11241100x8000000000000000271259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d18c6eb58a60ec2023-02-08 09:45:50.487root 11241100x8000000000000000271258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fe31d1c9750abd2023-02-08 09:45:50.487root 11241100x8000000000000000271257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b51ece61f6ecea2023-02-08 09:45:50.487root 11241100x8000000000000000271263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3180df7bfc790cdf2023-02-08 09:45:50.488root 11241100x8000000000000000271262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29905dfda6a4e8252023-02-08 09:45:50.488root 11241100x8000000000000000271261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1a43b3b0b182662023-02-08 09:45:50.488root 11241100x8000000000000000271273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7735cdfd020515fe2023-02-08 09:45:50.489root 11241100x8000000000000000271272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332bfe10850a2da72023-02-08 09:45:50.489root 11241100x8000000000000000271271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d205fe5d0602632023-02-08 09:45:50.489root 11241100x8000000000000000271270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689402e90ebc1002023-02-08 09:45:50.489root 11241100x8000000000000000271269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc5de5e45206682023-02-08 09:45:50.489root 11241100x8000000000000000271268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e1b0873cf7fc12023-02-08 09:45:50.489root 11241100x8000000000000000271267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ee0c46e1d43182023-02-08 09:45:50.489root 11241100x8000000000000000271266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106ec9693be3bc8f2023-02-08 09:45:50.489root 11241100x8000000000000000271265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3705876cd2eeb52023-02-08 09:45:50.489root 11241100x8000000000000000271264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f76a2f87fcdcb2e2023-02-08 09:45:50.489root 11241100x8000000000000000271274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d28975c45db17c2023-02-08 09:45:50.490root 11241100x8000000000000000271280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1871dcb1120bd2023-02-08 09:45:50.985root 11241100x8000000000000000271279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9708cf0672d65d2023-02-08 09:45:50.985root 11241100x8000000000000000271278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13fe199b75a53f72023-02-08 09:45:50.985root 11241100x8000000000000000271277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01ad11fa6e3e43d2023-02-08 09:45:50.985root 11241100x8000000000000000271276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505824ace5ce14992023-02-08 09:45:50.985root 11241100x8000000000000000271275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb593d4724ab9b52023-02-08 09:45:50.985root 11241100x8000000000000000271289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642298be8f315ed2023-02-08 09:45:50.986root 11241100x8000000000000000271288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6edc8b8520c1742023-02-08 09:45:50.986root 11241100x8000000000000000271287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b704467f985fe92023-02-08 09:45:50.986root 11241100x8000000000000000271286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c65c245b093dee22023-02-08 09:45:50.986root 11241100x8000000000000000271285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefad3967bac04f12023-02-08 09:45:50.986root 11241100x8000000000000000271284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea24050d6f4d72532023-02-08 09:45:50.986root 11241100x8000000000000000271283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad04fe89250ac7d2023-02-08 09:45:50.986root 11241100x8000000000000000271282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a1c1e7551effa2023-02-08 09:45:50.986root 11241100x8000000000000000271281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a193fafd4a7040fb2023-02-08 09:45:50.986root 11241100x8000000000000000271292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462f09ecea08b772023-02-08 09:45:50.989root 11241100x8000000000000000271291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6493f7b5767a39532023-02-08 09:45:50.989root 11241100x8000000000000000271290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50ad4c8503aa5582023-02-08 09:45:50.989root 11241100x8000000000000000271301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1fe5c5701135f2023-02-08 09:45:50.990root 11241100x8000000000000000271300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263012ea2426ec472023-02-08 09:45:50.990root 11241100x8000000000000000271299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f69cd8ebeb77172023-02-08 09:45:50.990root 11241100x8000000000000000271298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7844f281e092d7aa2023-02-08 09:45:50.990root 11241100x8000000000000000271297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a01042fb8c17f12023-02-08 09:45:50.990root 11241100x8000000000000000271296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272040fc3398a83c2023-02-08 09:45:50.990root 11241100x8000000000000000271295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e45e3e6340cf552023-02-08 09:45:50.990root 11241100x8000000000000000271294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb0503566addca2023-02-08 09:45:50.990root 11241100x8000000000000000271293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bb8245ece851de2023-02-08 09:45:50.990root 11241100x8000000000000000271307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a2a22cfc8b62862023-02-08 09:45:50.991root 11241100x8000000000000000271306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d632d7972e2c35a62023-02-08 09:45:50.991root 11241100x8000000000000000271305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cf63a32536f0382023-02-08 09:45:50.991root 11241100x8000000000000000271304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1930f22b158b7ce42023-02-08 09:45:50.991root 11241100x8000000000000000271303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d8fd35bce54ad92023-02-08 09:45:50.991root 11241100x8000000000000000271302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:50.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d522ce1f0a83d072023-02-08 09:45:50.991root 11241100x8000000000000000271308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72920e481762c3f72023-02-08 09:45:51.485root 11241100x8000000000000000271316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06684f3e6dddf12023-02-08 09:45:51.486root 11241100x8000000000000000271315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a2373663878e5a2023-02-08 09:45:51.486root 11241100x8000000000000000271314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1c3eac827480892023-02-08 09:45:51.486root 11241100x8000000000000000271313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0bd06079db50032023-02-08 09:45:51.486root 11241100x8000000000000000271312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990c54d027951a7f2023-02-08 09:45:51.486root 11241100x8000000000000000271311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a7227bf493f5df2023-02-08 09:45:51.486root 11241100x8000000000000000271310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55414434c7ef0592023-02-08 09:45:51.486root 11241100x8000000000000000271309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff817eecb8ee934d2023-02-08 09:45:51.486root 11241100x8000000000000000271325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40174ba40b301f52023-02-08 09:45:51.487root 11241100x8000000000000000271324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae3956387a57a9a2023-02-08 09:45:51.487root 11241100x8000000000000000271323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94f5379fef116ba2023-02-08 09:45:51.487root 11241100x8000000000000000271322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87d82ad6e0303212023-02-08 09:45:51.487root 11241100x8000000000000000271321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eace76b2551cfaab2023-02-08 09:45:51.487root 11241100x8000000000000000271320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3e0e147fdde37d2023-02-08 09:45:51.487root 11241100x8000000000000000271319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbf82de6bd16ea22023-02-08 09:45:51.487root 11241100x8000000000000000271318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d5cbbde8a58292023-02-08 09:45:51.487root 11241100x8000000000000000271317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a849e7ef15c3c922023-02-08 09:45:51.487root 11241100x8000000000000000271332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0d9f6810630f692023-02-08 09:45:51.488root 11241100x8000000000000000271331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b50503d43d050682023-02-08 09:45:51.488root 11241100x8000000000000000271330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a874a1dde6b32172023-02-08 09:45:51.488root 11241100x8000000000000000271329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99de1cf59cb68be52023-02-08 09:45:51.488root 11241100x8000000000000000271328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c0faeb7e89d2b2023-02-08 09:45:51.488root 11241100x8000000000000000271327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8000864c1e394ab2023-02-08 09:45:51.488root 11241100x8000000000000000271326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719dc30ba6297ca32023-02-08 09:45:51.488root 11241100x8000000000000000271337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8490b8e530536a092023-02-08 09:45:51.489root 11241100x8000000000000000271336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331d0b39ac9a6ab32023-02-08 09:45:51.489root 11241100x8000000000000000271335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77486c06ca1dab742023-02-08 09:45:51.489root 11241100x8000000000000000271334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec79692411911252023-02-08 09:45:51.489root 11241100x8000000000000000271333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eabc0d041473a62023-02-08 09:45:51.489root 11241100x8000000000000000271340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb575b8d2112e1a2023-02-08 09:45:51.490root 11241100x8000000000000000271339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b68b3d923ca0f012023-02-08 09:45:51.490root 11241100x8000000000000000271338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eca78e4a9c11c62023-02-08 09:45:51.490root 11241100x8000000000000000271343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a538448c73d5c2023-02-08 09:45:51.985root 11241100x8000000000000000271342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44170cfe6818aa62023-02-08 09:45:51.985root 11241100x8000000000000000271341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d364a5033236022023-02-08 09:45:51.985root 11241100x8000000000000000271352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0150cce6f98f98ea2023-02-08 09:45:51.986root 11241100x8000000000000000271351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c250e9ee99500a2023-02-08 09:45:51.986root 11241100x8000000000000000271350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc65c80676e9dea2023-02-08 09:45:51.986root 11241100x8000000000000000271349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd4ba7fbf346ffb2023-02-08 09:45:51.986root 11241100x8000000000000000271348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d31366f2b095e62023-02-08 09:45:51.986root 11241100x8000000000000000271347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1558284748467e282023-02-08 09:45:51.986root 11241100x8000000000000000271346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dad7151adad109e2023-02-08 09:45:51.986root 11241100x8000000000000000271345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11bac10a9b681ef2023-02-08 09:45:51.986root 11241100x8000000000000000271344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6508972d7bac0e2023-02-08 09:45:51.986root 11241100x8000000000000000271353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d3e8d758fb78e72023-02-08 09:45:51.987root 11241100x8000000000000000271363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc771797a694cac2023-02-08 09:45:51.988root 11241100x8000000000000000271362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2814d225db766dc22023-02-08 09:45:51.988root 11241100x8000000000000000271361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cda64dc970c5da2023-02-08 09:45:51.988root 11241100x8000000000000000271360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8147e4c2bb47522023-02-08 09:45:51.988root 11241100x8000000000000000271359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81a5d08bef0ac042023-02-08 09:45:51.988root 11241100x8000000000000000271358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1840408c935859702023-02-08 09:45:51.988root 11241100x8000000000000000271357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b0a66d05d97862023-02-08 09:45:51.988root 11241100x8000000000000000271356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50339fe54721e9652023-02-08 09:45:51.988root 11241100x8000000000000000271355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cfd53036e078832023-02-08 09:45:51.988root 11241100x8000000000000000271354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4063f0da749fd3662023-02-08 09:45:51.988root 11241100x8000000000000000271365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b6bc7bcd453842023-02-08 09:45:51.989root 11241100x8000000000000000271364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d6a855cf3303c2023-02-08 09:45:51.989root 11241100x8000000000000000271373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61f98b47159e40d2023-02-08 09:45:51.990root 11241100x8000000000000000271372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d456fb29d1d7ec172023-02-08 09:45:51.990root 11241100x8000000000000000271371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47637cf6f9a275c42023-02-08 09:45:51.990root 11241100x8000000000000000271370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e905d3f826c98b1e2023-02-08 09:45:51.990root 11241100x8000000000000000271369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d136c0fab0b5522023-02-08 09:45:51.990root 11241100x8000000000000000271368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3244627f6841658c2023-02-08 09:45:51.990root 11241100x8000000000000000271367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9dac47ce1d77c32023-02-08 09:45:51.990root 11241100x8000000000000000271366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599bbf07c44fdcbf2023-02-08 09:45:51.990root 354300x8000000000000000271374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.168{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51962-false10.0.1.12-8000- 11241100x8000000000000000271380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0aea00e916d5a92023-02-08 09:45:52.485root 11241100x8000000000000000271379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8252db1b9340cd1a2023-02-08 09:45:52.485root 11241100x8000000000000000271378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f9113a640698092023-02-08 09:45:52.485root 11241100x8000000000000000271377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682a3226d294ef72023-02-08 09:45:52.485root 11241100x8000000000000000271376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1512720dc5c24bd72023-02-08 09:45:52.485root 11241100x8000000000000000271375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbcc109dd2c072f2023-02-08 09:45:52.485root 11241100x8000000000000000271390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830a95967dc5d3442023-02-08 09:45:52.486root 11241100x8000000000000000271389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e8164d5bd1c98f2023-02-08 09:45:52.486root 11241100x8000000000000000271388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090b02c88958b8f2023-02-08 09:45:52.486root 11241100x8000000000000000271387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c32e3df4f5c9e2023-02-08 09:45:52.486root 11241100x8000000000000000271386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1afd500f0bab3f2023-02-08 09:45:52.486root 11241100x8000000000000000271385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd7c784ab35c1dd2023-02-08 09:45:52.486root 11241100x8000000000000000271384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c32c0f7e3a60c32023-02-08 09:45:52.486root 11241100x8000000000000000271383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749bfa87c7afbd552023-02-08 09:45:52.486root 11241100x8000000000000000271382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872257e21b287be52023-02-08 09:45:52.486root 11241100x8000000000000000271381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d138633d78f8b32023-02-08 09:45:52.486root 11241100x8000000000000000271391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1587798562e9be8e2023-02-08 09:45:52.487root 11241100x8000000000000000271393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a5ead11e2f31ba2023-02-08 09:45:52.488root 11241100x8000000000000000271392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723134913b352ac52023-02-08 09:45:52.488root 11241100x8000000000000000271407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec31cdbb1d66d3732023-02-08 09:45:52.490root 11241100x8000000000000000271406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec3433c744950412023-02-08 09:45:52.490root 11241100x8000000000000000271405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55053ebd094a29fc2023-02-08 09:45:52.490root 11241100x8000000000000000271404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc19e63a5e6c3bb02023-02-08 09:45:52.490root 11241100x8000000000000000271403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa037bc4105a0d52023-02-08 09:45:52.490root 11241100x8000000000000000271402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8033b886fb76876c2023-02-08 09:45:52.490root 11241100x8000000000000000271401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d8f778370facb42023-02-08 09:45:52.490root 11241100x8000000000000000271400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0feb65c88c82d64a2023-02-08 09:45:52.490root 11241100x8000000000000000271399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1023e697595bb8642023-02-08 09:45:52.490root 11241100x8000000000000000271398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d2d87c633c04792023-02-08 09:45:52.490root 11241100x8000000000000000271397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755f7942bbfb42cb2023-02-08 09:45:52.490root 11241100x8000000000000000271396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb75b3d7adc66e22023-02-08 09:45:52.490root 11241100x8000000000000000271395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b45850e6ebfd5bc2023-02-08 09:45:52.490root 11241100x8000000000000000271394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f1fa755994428f2023-02-08 09:45:52.490root 11241100x8000000000000000271408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fb8cc85cc1804f2023-02-08 09:45:52.491root 11241100x8000000000000000271411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025dbcc82d348bbf2023-02-08 09:45:52.985root 11241100x8000000000000000271410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412d3d67f2cfa46e2023-02-08 09:45:52.985root 11241100x8000000000000000271409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea0af378cf4ee102023-02-08 09:45:52.985root 11241100x8000000000000000271414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f96963bace7c932023-02-08 09:45:52.986root 11241100x8000000000000000271413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb33cd7dc78a9812023-02-08 09:45:52.986root 11241100x8000000000000000271412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966d653c2eb27c862023-02-08 09:45:52.986root 11241100x8000000000000000271415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3957c1a30520bd0b2023-02-08 09:45:52.987root 11241100x8000000000000000271419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51295df6a5e9639d2023-02-08 09:45:52.991root 11241100x8000000000000000271418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a6e77a900bf1442023-02-08 09:45:52.991root 11241100x8000000000000000271417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224efdad97b89d182023-02-08 09:45:52.991root 11241100x8000000000000000271416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e92bb82e505a512023-02-08 09:45:52.991root 11241100x8000000000000000271423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cd3bd14f31c0c52023-02-08 09:45:52.992root 11241100x8000000000000000271422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e987a326a43cb7a52023-02-08 09:45:52.992root 11241100x8000000000000000271421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e664dc43d6745d92023-02-08 09:45:52.992root 11241100x8000000000000000271420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d43da0f5d93d4c2023-02-08 09:45:52.992root 11241100x8000000000000000271425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfda2dddb190ddc2023-02-08 09:45:52.993root 11241100x8000000000000000271424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0752a80654c9d6e32023-02-08 09:45:52.993root 11241100x8000000000000000271431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df92641ed58f4ce02023-02-08 09:45:52.994root 11241100x8000000000000000271430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3ad4bbdbf89392023-02-08 09:45:52.994root 11241100x8000000000000000271429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530c582938cb56cf2023-02-08 09:45:52.994root 11241100x8000000000000000271428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d32f3b41b8e7962023-02-08 09:45:52.994root 11241100x8000000000000000271427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9df2dce1d7f602023-02-08 09:45:52.994root 11241100x8000000000000000271426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d83ac0573723f02023-02-08 09:45:52.994root 11241100x8000000000000000271438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8750e2e596d090b92023-02-08 09:45:52.995root 11241100x8000000000000000271437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb634dac093c3442023-02-08 09:45:52.995root 11241100x8000000000000000271436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a361780b7f55a5282023-02-08 09:45:52.995root 11241100x8000000000000000271435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8bbf6a72e24a512023-02-08 09:45:52.995root 11241100x8000000000000000271434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074377c1535afd942023-02-08 09:45:52.995root 11241100x8000000000000000271433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae246d4075ec3682023-02-08 09:45:52.995root 11241100x8000000000000000271432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba462b83da854a22023-02-08 09:45:52.995root 11241100x8000000000000000271442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14043b4bb4eb0542023-02-08 09:45:52.996root 11241100x8000000000000000271441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe557d59dc2288c52023-02-08 09:45:52.996root 11241100x8000000000000000271440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd02ce28ff7a912023-02-08 09:45:52.996root 11241100x8000000000000000271439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:52.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc3b8d085d9d3cf2023-02-08 09:45:52.996root 11241100x8000000000000000271447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df10996725799862023-02-08 09:45:53.485root 11241100x8000000000000000271446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5c9eacfe1878592023-02-08 09:45:53.485root 11241100x8000000000000000271445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e50796561670742023-02-08 09:45:53.485root 11241100x8000000000000000271444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063464fb676d87572023-02-08 09:45:53.485root 11241100x8000000000000000271443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e505d460e6106172023-02-08 09:45:53.485root 11241100x8000000000000000271456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ae337977ded5c2023-02-08 09:45:53.486root 11241100x8000000000000000271455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18384d6ddf5cfaa42023-02-08 09:45:53.486root 11241100x8000000000000000271454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b377a8f4e06431242023-02-08 09:45:53.486root 11241100x8000000000000000271453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47ba26fb0416d362023-02-08 09:45:53.486root 11241100x8000000000000000271452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b16e2d0065ebcc2023-02-08 09:45:53.486root 11241100x8000000000000000271451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1848a0a093447d152023-02-08 09:45:53.486root 11241100x8000000000000000271450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f25b2734046ca9f2023-02-08 09:45:53.486root 11241100x8000000000000000271449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736190b67fda57df2023-02-08 09:45:53.486root 11241100x8000000000000000271448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b1737d09eaa3d82023-02-08 09:45:53.486root 11241100x8000000000000000271461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e80f4b061c4998c2023-02-08 09:45:53.487root 11241100x8000000000000000271460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4166f02136383ea2023-02-08 09:45:53.487root 11241100x8000000000000000271459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148c691b2e3e40792023-02-08 09:45:53.487root 11241100x8000000000000000271458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b4379bc519185b2023-02-08 09:45:53.487root 11241100x8000000000000000271457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899a444098b44ca72023-02-08 09:45:53.487root 11241100x8000000000000000271469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c16c32c9015432023-02-08 09:45:53.488root 11241100x8000000000000000271468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623c11e52840ce8e2023-02-08 09:45:53.488root 11241100x8000000000000000271467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb435d66e78aa432023-02-08 09:45:53.488root 11241100x8000000000000000271466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b365f2aa9ead8ca2023-02-08 09:45:53.488root 11241100x8000000000000000271465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b67532f98a0f21e2023-02-08 09:45:53.488root 11241100x8000000000000000271464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1478740d655060b2023-02-08 09:45:53.488root 11241100x8000000000000000271463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ec39248856b6212023-02-08 09:45:53.488root 11241100x8000000000000000271462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67a8eb9efb3e5f92023-02-08 09:45:53.488root 11241100x8000000000000000271476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7391e0fb844d79a2023-02-08 09:45:53.489root 11241100x8000000000000000271475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23182386460f3a952023-02-08 09:45:53.489root 11241100x8000000000000000271474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f435cf19bc4b4b2023-02-08 09:45:53.489root 11241100x8000000000000000271473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd50cd0155432022023-02-08 09:45:53.489root 11241100x8000000000000000271472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7e2350e67272752023-02-08 09:45:53.489root 11241100x8000000000000000271471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160984d34481ad172023-02-08 09:45:53.489root 11241100x8000000000000000271470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10261835406b3cfa2023-02-08 09:45:53.489root 11241100x8000000000000000271490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6942b8fb8856212023-02-08 09:45:53.985root 11241100x8000000000000000271489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dcfbd1a1ab494a2023-02-08 09:45:53.985root 11241100x8000000000000000271488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7acfb2771bab12023-02-08 09:45:53.985root 11241100x8000000000000000271487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8915ea6f319f87752023-02-08 09:45:53.985root 11241100x8000000000000000271486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24dfdb893b6a09d2023-02-08 09:45:53.985root 11241100x8000000000000000271485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad84ebf516f53ac72023-02-08 09:45:53.985root 11241100x8000000000000000271484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7edae3c0c3cf4c2023-02-08 09:45:53.985root 11241100x8000000000000000271483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d88fb9331f1d9ad2023-02-08 09:45:53.985root 11241100x8000000000000000271482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b2c01c96426322023-02-08 09:45:53.985root 11241100x8000000000000000271481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d28465952403052023-02-08 09:45:53.985root 11241100x8000000000000000271480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a776b833d93a72023-02-08 09:45:53.985root 11241100x8000000000000000271479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0ab8852a4b6c5b2023-02-08 09:45:53.985root 11241100x8000000000000000271478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18a3924cb1a87d12023-02-08 09:45:53.985root 11241100x8000000000000000271477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc240799ebf7980e2023-02-08 09:45:53.985root 11241100x8000000000000000271506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea519d006e797be2023-02-08 09:45:53.986root 11241100x8000000000000000271505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cae2b8ccf6c5fd2023-02-08 09:45:53.986root 11241100x8000000000000000271504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26885bff47f737912023-02-08 09:45:53.986root 11241100x8000000000000000271503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabe27934f5167aa2023-02-08 09:45:53.986root 11241100x8000000000000000271502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98a6c20f46d7912023-02-08 09:45:53.986root 11241100x8000000000000000271501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b886ae4d5262f8062023-02-08 09:45:53.986root 11241100x8000000000000000271500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1bfff1b796a0892023-02-08 09:45:53.986root 11241100x8000000000000000271499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fefe2660bda31fc2023-02-08 09:45:53.986root 11241100x8000000000000000271498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83f98ea0caa16e82023-02-08 09:45:53.986root 11241100x8000000000000000271497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad23222471b530c22023-02-08 09:45:53.986root 11241100x8000000000000000271496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422218b4d23bb67e2023-02-08 09:45:53.986root 11241100x8000000000000000271495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86b407a5aa960972023-02-08 09:45:53.986root 11241100x8000000000000000271494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5398bba02a54a212023-02-08 09:45:53.986root 11241100x8000000000000000271493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab61ad597a6fb9662023-02-08 09:45:53.986root 11241100x8000000000000000271492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d7815b0134d542023-02-08 09:45:53.986root 11241100x8000000000000000271491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bcc6d92aac577d2023-02-08 09:45:53.986root 11241100x8000000000000000271510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f071e1ef08036122023-02-08 09:45:53.987root 11241100x8000000000000000271509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648f95e935548dbe2023-02-08 09:45:53.987root 11241100x8000000000000000271508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bda95dd01c0ad92023-02-08 09:45:53.987root 11241100x8000000000000000271507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03b8e05355c74e22023-02-08 09:45:53.987root 11241100x8000000000000000271514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05296191b58a6ed2023-02-08 09:45:54.485root 11241100x8000000000000000271513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5432a724700558812023-02-08 09:45:54.485root 11241100x8000000000000000271512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0206108d31695f2023-02-08 09:45:54.485root 11241100x8000000000000000271511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bbd8818a39a8d2023-02-08 09:45:54.485root 11241100x8000000000000000271522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e9585c4d8257ed2023-02-08 09:45:54.486root 11241100x8000000000000000271521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a11f960e99bb9eb2023-02-08 09:45:54.486root 11241100x8000000000000000271520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447e709941cf69f92023-02-08 09:45:54.486root 11241100x8000000000000000271519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0912bfd6a5b9bb2023-02-08 09:45:54.486root 11241100x8000000000000000271518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d19bbd40fc00ea2023-02-08 09:45:54.486root 11241100x8000000000000000271517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0cdd8c2e522b962023-02-08 09:45:54.486root 11241100x8000000000000000271516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818c5d796ed2e8402023-02-08 09:45:54.486root 11241100x8000000000000000271515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8a022a40c94f972023-02-08 09:45:54.486root 11241100x8000000000000000271525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c043e260519db32023-02-08 09:45:54.487root 11241100x8000000000000000271524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9792a3f1425849b2023-02-08 09:45:54.487root 11241100x8000000000000000271523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35242e6cfca00e782023-02-08 09:45:54.487root 11241100x8000000000000000271534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd25ce4662f8185b2023-02-08 09:45:54.488root 11241100x8000000000000000271533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c2c15e7d2a3bc12023-02-08 09:45:54.488root 11241100x8000000000000000271532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e888db6a6a4eeeb2023-02-08 09:45:54.488root 11241100x8000000000000000271531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212c2a7efac934a02023-02-08 09:45:54.488root 11241100x8000000000000000271530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc05142e33b5d2552023-02-08 09:45:54.488root 11241100x8000000000000000271529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7042a89b7e18a682023-02-08 09:45:54.488root 11241100x8000000000000000271528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f050cbff95d972023-02-08 09:45:54.488root 11241100x8000000000000000271527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0d6e598f4b8de32023-02-08 09:45:54.488root 11241100x8000000000000000271526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fedac28016f09e2023-02-08 09:45:54.488root 11241100x8000000000000000271542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcf90cbbd6a754b2023-02-08 09:45:54.489root 11241100x8000000000000000271541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb0d1c849294b152023-02-08 09:45:54.489root 11241100x8000000000000000271540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66dc04eb647b92a2023-02-08 09:45:54.489root 11241100x8000000000000000271539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061c26b104b94a102023-02-08 09:45:54.489root 11241100x8000000000000000271538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16c7bcaa6ab0cd22023-02-08 09:45:54.489root 11241100x8000000000000000271537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32e2614e6f62e0e2023-02-08 09:45:54.489root 11241100x8000000000000000271536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7a906e4e3408252023-02-08 09:45:54.489root 11241100x8000000000000000271535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f35023f3c00b2212023-02-08 09:45:54.489root 11241100x8000000000000000271544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c839167981c66962023-02-08 09:45:54.490root 11241100x8000000000000000271543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e852c5bca6cc992023-02-08 09:45:54.490root 11241100x8000000000000000271548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec808907d52984262023-02-08 09:45:54.985root 11241100x8000000000000000271547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9713ea789e8a7e02023-02-08 09:45:54.985root 11241100x8000000000000000271546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb52dcd74ebb1a32023-02-08 09:45:54.985root 11241100x8000000000000000271545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5533f7345b78b782023-02-08 09:45:54.985root 11241100x8000000000000000271557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a4c04f17a33f92023-02-08 09:45:54.986root 11241100x8000000000000000271556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcc9af2c26632c22023-02-08 09:45:54.986root 11241100x8000000000000000271555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadaff71f0383a522023-02-08 09:45:54.986root 11241100x8000000000000000271554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d8f321baf8da782023-02-08 09:45:54.986root 11241100x8000000000000000271553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b879b63415ab9292023-02-08 09:45:54.986root 11241100x8000000000000000271552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76de5103f4d5b602023-02-08 09:45:54.986root 11241100x8000000000000000271551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5030a523786dbf2023-02-08 09:45:54.986root 11241100x8000000000000000271550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5baa4989fe15032023-02-08 09:45:54.986root 11241100x8000000000000000271549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2864c2b983df8822023-02-08 09:45:54.986root 11241100x8000000000000000271559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa0a49aed4ca622023-02-08 09:45:54.987root 11241100x8000000000000000271558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c48682dfc9943d2023-02-08 09:45:54.987root 11241100x8000000000000000271564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055756a203c36b142023-02-08 09:45:54.988root 11241100x8000000000000000271563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fec8d7110ade352023-02-08 09:45:54.988root 11241100x8000000000000000271562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82e5aeb197b39612023-02-08 09:45:54.988root 11241100x8000000000000000271561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec328c67355efb2023-02-08 09:45:54.988root 11241100x8000000000000000271560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87fcb6a4340be9a2023-02-08 09:45:54.988root 11241100x8000000000000000271571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea1dfad02a32fb22023-02-08 09:45:54.989root 11241100x8000000000000000271570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1def1e258338322023-02-08 09:45:54.989root 11241100x8000000000000000271569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fb233e848da41a2023-02-08 09:45:54.989root 11241100x8000000000000000271568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afb3f330b64359e2023-02-08 09:45:54.989root 11241100x8000000000000000271567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37da28ae3a1521a2023-02-08 09:45:54.989root 11241100x8000000000000000271566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b521b3263ee8c9052023-02-08 09:45:54.989root 11241100x8000000000000000271565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9610f24b4a20c92023-02-08 09:45:54.989root 11241100x8000000000000000271578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10385a9ad0a756002023-02-08 09:45:54.990root 11241100x8000000000000000271577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d049436be0af002023-02-08 09:45:54.990root 11241100x8000000000000000271576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2becb3c14b0e15112023-02-08 09:45:54.990root 11241100x8000000000000000271575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8b5fcd22a7ac12023-02-08 09:45:54.990root 11241100x8000000000000000271574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6fd6bec873205b2023-02-08 09:45:54.990root 11241100x8000000000000000271573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff0a8008f469c512023-02-08 09:45:54.990root 11241100x8000000000000000271572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b2d79f0f5ac00d2023-02-08 09:45:54.990root 11241100x8000000000000000271582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63acf27df798bbe2023-02-08 09:45:55.485root 11241100x8000000000000000271581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7999af131f32702023-02-08 09:45:55.485root 11241100x8000000000000000271580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a616685bcce3fb2023-02-08 09:45:55.485root 11241100x8000000000000000271579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af7dae4690ca4702023-02-08 09:45:55.485root 11241100x8000000000000000271591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccf9b695174ebee2023-02-08 09:45:55.486root 11241100x8000000000000000271590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434c4643bd88f5ca2023-02-08 09:45:55.486root 11241100x8000000000000000271589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4330b8cfcee131802023-02-08 09:45:55.486root 11241100x8000000000000000271588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5ec15f3ecacd212023-02-08 09:45:55.486root 11241100x8000000000000000271587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20210724aee11ab42023-02-08 09:45:55.486root 11241100x8000000000000000271586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f98161c187284eb2023-02-08 09:45:55.486root 11241100x8000000000000000271585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759b0e51a90e89e92023-02-08 09:45:55.486root 11241100x8000000000000000271584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a17616a520833ae2023-02-08 09:45:55.486root 11241100x8000000000000000271583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2648bbe0c4dae7292023-02-08 09:45:55.486root 11241100x8000000000000000271599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6946a9860c888642023-02-08 09:45:55.487root 11241100x8000000000000000271598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab49c4e2ce4fe59f2023-02-08 09:45:55.487root 11241100x8000000000000000271597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022d688e6bc56002023-02-08 09:45:55.487root 11241100x8000000000000000271596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c30aa93f1c56d22023-02-08 09:45:55.487root 11241100x8000000000000000271595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676f10de5b7292452023-02-08 09:45:55.487root 11241100x8000000000000000271594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cee4b24ca283f52023-02-08 09:45:55.487root 11241100x8000000000000000271593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54157561cb47912023-02-08 09:45:55.487root 11241100x8000000000000000271592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52fd9c6ee718e8f2023-02-08 09:45:55.487root 11241100x8000000000000000271606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beee081b0fe7718d2023-02-08 09:45:55.488root 11241100x8000000000000000271605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f674f798002583192023-02-08 09:45:55.488root 11241100x8000000000000000271604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346a952979e012282023-02-08 09:45:55.488root 11241100x8000000000000000271603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfb4076099f1942023-02-08 09:45:55.488root 11241100x8000000000000000271602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dab3c0e67ca0a142023-02-08 09:45:55.488root 11241100x8000000000000000271601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb02b4af8fda592023-02-08 09:45:55.488root 11241100x8000000000000000271600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e8d7a9043602aa2023-02-08 09:45:55.488root 11241100x8000000000000000271612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eed2cfb07bdbf6c2023-02-08 09:45:55.489root 11241100x8000000000000000271611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f9dcbd58e4fa82023-02-08 09:45:55.489root 11241100x8000000000000000271610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9385047e88500e252023-02-08 09:45:55.489root 11241100x8000000000000000271609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553d556ebaa5ebbf2023-02-08 09:45:55.489root 11241100x8000000000000000271608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62dd75bf60c69f2023-02-08 09:45:55.489root 11241100x8000000000000000271607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d075ce708d58dc522023-02-08 09:45:55.489root 11241100x8000000000000000271615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5002c337b79d5e2023-02-08 09:45:55.985root 11241100x8000000000000000271614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce7e72019b269dd2023-02-08 09:45:55.985root 11241100x8000000000000000271613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609f1663a9508cf92023-02-08 09:45:55.985root 11241100x8000000000000000271619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcd3809a8447caf2023-02-08 09:45:55.986root 11241100x8000000000000000271618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985f06257d3ed5e02023-02-08 09:45:55.986root 11241100x8000000000000000271617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1dd9ca15457d5a2023-02-08 09:45:55.986root 11241100x8000000000000000271616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b718b93472d962023-02-08 09:45:55.986root 11241100x8000000000000000271624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f594bee8a81dc0a62023-02-08 09:45:55.987root 11241100x8000000000000000271623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a17c9d5d15b6ad2023-02-08 09:45:55.987root 11241100x8000000000000000271622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091fdfa877d615cb2023-02-08 09:45:55.987root 11241100x8000000000000000271621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bad9d23a90bd9882023-02-08 09:45:55.987root 11241100x8000000000000000271620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d78b6d387d24c2023-02-08 09:45:55.987root 11241100x8000000000000000271626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a801075624cf7712023-02-08 09:45:55.988root 11241100x8000000000000000271625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a047b83b762b6fc2023-02-08 09:45:55.988root 11241100x8000000000000000271637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e939e918c83d317a2023-02-08 09:45:55.989root 11241100x8000000000000000271636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7dfbbae436a7402023-02-08 09:45:55.989root 11241100x8000000000000000271635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.face3b5a25456ddf2023-02-08 09:45:55.989root 11241100x8000000000000000271634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a427813da3c1592023-02-08 09:45:55.989root 11241100x8000000000000000271633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66edc970efc68662023-02-08 09:45:55.989root 11241100x8000000000000000271632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b2873bacb9ed082023-02-08 09:45:55.989root 11241100x8000000000000000271631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1abe4a6b8055972023-02-08 09:45:55.989root 11241100x8000000000000000271630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f7cbfac01c4b322023-02-08 09:45:55.989root 11241100x8000000000000000271629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdfbb228bbfae1b2023-02-08 09:45:55.989root 11241100x8000000000000000271628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013932f1879a26c82023-02-08 09:45:55.989root 11241100x8000000000000000271627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715fe5b8bcb2229d2023-02-08 09:45:55.989root 11241100x8000000000000000271646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c7c8f116b336d2023-02-08 09:45:55.990root 11241100x8000000000000000271645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1be8998b402c9d82023-02-08 09:45:55.990root 11241100x8000000000000000271644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a11b09fcf2c7952023-02-08 09:45:55.990root 11241100x8000000000000000271643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4ea76bf05a2be2023-02-08 09:45:55.990root 11241100x8000000000000000271642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef026738ab5252522023-02-08 09:45:55.990root 11241100x8000000000000000271641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562433fd554520182023-02-08 09:45:55.990root 11241100x8000000000000000271640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab8c6551110847f2023-02-08 09:45:55.990root 11241100x8000000000000000271639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1506ac6357f2812023-02-08 09:45:55.990root 11241100x8000000000000000271638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21913ee208f0adc2023-02-08 09:45:55.990root 11241100x8000000000000000271652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5332e4023fd03af62023-02-08 09:45:56.485root 11241100x8000000000000000271651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982a509eafcb6bbe2023-02-08 09:45:56.485root 11241100x8000000000000000271650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3256b09e8650bf22023-02-08 09:45:56.485root 11241100x8000000000000000271649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1cfe175f54eb42023-02-08 09:45:56.485root 11241100x8000000000000000271648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe5d45a1f4d85202023-02-08 09:45:56.485root 11241100x8000000000000000271647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d61704a1560c562023-02-08 09:45:56.485root 11241100x8000000000000000271658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f18ebaca16aeff52023-02-08 09:45:56.486root 11241100x8000000000000000271657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc59e3d5628db7432023-02-08 09:45:56.486root 11241100x8000000000000000271656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcbff73b6d5127d2023-02-08 09:45:56.486root 11241100x8000000000000000271655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce20b0ba17ad34372023-02-08 09:45:56.486root 11241100x8000000000000000271654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533406a901bd73a2023-02-08 09:45:56.486root 11241100x8000000000000000271653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4317fc360a19ef2023-02-08 09:45:56.486root 11241100x8000000000000000271668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f922e45e3d228d92023-02-08 09:45:56.487root 11241100x8000000000000000271667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f888094330a1e02023-02-08 09:45:56.487root 11241100x8000000000000000271666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad55e4100e7a80a72023-02-08 09:45:56.487root 11241100x8000000000000000271665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25f731cfcee5062023-02-08 09:45:56.487root 11241100x8000000000000000271664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c69ce306857bcc2023-02-08 09:45:56.487root 11241100x8000000000000000271663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4c403be6062e162023-02-08 09:45:56.487root 11241100x8000000000000000271662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f617378f3aaee9832023-02-08 09:45:56.487root 11241100x8000000000000000271661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3df8e8c60fb8052023-02-08 09:45:56.487root 11241100x8000000000000000271660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7077d9ae2d985e2023-02-08 09:45:56.487root 11241100x8000000000000000271659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87008bdc1cd407d32023-02-08 09:45:56.487root 11241100x8000000000000000271676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d119f5ae20e4ec2023-02-08 09:45:56.488root 11241100x8000000000000000271675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de16d07f32c59d192023-02-08 09:45:56.488root 11241100x8000000000000000271674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0f30e13b877332023-02-08 09:45:56.488root 11241100x8000000000000000271673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b1c9e877cdcd702023-02-08 09:45:56.488root 11241100x8000000000000000271672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340c3278feed263d2023-02-08 09:45:56.488root 11241100x8000000000000000271671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631f85b37349d87b2023-02-08 09:45:56.488root 11241100x8000000000000000271670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5597a8fcf57db62023-02-08 09:45:56.488root 11241100x8000000000000000271669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a3e8a5ad03bf052023-02-08 09:45:56.488root 11241100x8000000000000000271680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc83f8ca017bd332023-02-08 09:45:56.489root 11241100x8000000000000000271679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad3d0910e56e372023-02-08 09:45:56.489root 11241100x8000000000000000271678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f397ffd0e45f112023-02-08 09:45:56.489root 11241100x8000000000000000271677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea74f8386ad9f6a72023-02-08 09:45:56.489root 11241100x8000000000000000271686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1287422964da29352023-02-08 09:45:56.985root 11241100x8000000000000000271685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f471b7ae1155e06e2023-02-08 09:45:56.985root 11241100x8000000000000000271684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712e9444edbaafc2023-02-08 09:45:56.985root 11241100x8000000000000000271683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8852b06140cd60482023-02-08 09:45:56.985root 11241100x8000000000000000271682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c9c7327df330f32023-02-08 09:45:56.985root 11241100x8000000000000000271681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60615e3a257618362023-02-08 09:45:56.985root 11241100x8000000000000000271695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f69457cf8b5682023-02-08 09:45:56.986root 11241100x8000000000000000271694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f40fc57ef24b9e2023-02-08 09:45:56.986root 11241100x8000000000000000271693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f81ace61e517f882023-02-08 09:45:56.986root 11241100x8000000000000000271692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ef9942a015a9a82023-02-08 09:45:56.986root 11241100x8000000000000000271691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7c444567aa6dcd2023-02-08 09:45:56.986root 11241100x8000000000000000271690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5763c2e5e10ad7b2023-02-08 09:45:56.986root 11241100x8000000000000000271689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a96a2d005b4442023-02-08 09:45:56.986root 11241100x8000000000000000271688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515a5474d58b28992023-02-08 09:45:56.986root 11241100x8000000000000000271687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204bd3194f30a3ab2023-02-08 09:45:56.986root 11241100x8000000000000000271697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bc21a027868a362023-02-08 09:45:56.987root 11241100x8000000000000000271696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e963b64b3929c42023-02-08 09:45:56.987root 11241100x8000000000000000271700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246f2e77efa0b8302023-02-08 09:45:56.988root 11241100x8000000000000000271699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446aa906e9bcd7572023-02-08 09:45:56.988root 11241100x8000000000000000271698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba5bb2a2538c402023-02-08 09:45:56.988root 11241100x8000000000000000271706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc82da06501c8f3f2023-02-08 09:45:56.989root 11241100x8000000000000000271705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9ec73c9a45ccca2023-02-08 09:45:56.989root 11241100x8000000000000000271704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e17bdcc2013512023-02-08 09:45:56.989root 11241100x8000000000000000271703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92877f3589c37bc2023-02-08 09:45:56.989root 11241100x8000000000000000271702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46930a5c712f2dc2023-02-08 09:45:56.989root 11241100x8000000000000000271701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d32fb6f6f7f812023-02-08 09:45:56.989root 11241100x8000000000000000271710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f979012a5a53c5c82023-02-08 09:45:56.990root 11241100x8000000000000000271709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b87108b6adda0ff2023-02-08 09:45:56.990root 11241100x8000000000000000271708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a874e084e9f6b22023-02-08 09:45:56.990root 11241100x8000000000000000271707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9947486f1cc78412023-02-08 09:45:56.990root 11241100x8000000000000000271714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d154effd453d6492023-02-08 09:45:56.991root 11241100x8000000000000000271713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8b9f7e7e1876cd2023-02-08 09:45:56.991root 11241100x8000000000000000271712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688815be1ef984852023-02-08 09:45:56.991root 11241100x8000000000000000271711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d16dcdfe2eb5f22023-02-08 09:45:56.991root 354300x8000000000000000271715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.225{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-51976-false10.0.1.12-8000- 11241100x8000000000000000271718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99917e0961d0c5e2023-02-08 09:45:57.485root 11241100x8000000000000000271717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa61f447b417702023-02-08 09:45:57.485root 11241100x8000000000000000271716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea233d3c3622a1472023-02-08 09:45:57.485root 11241100x8000000000000000271727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a6fb3be475ec7b2023-02-08 09:45:57.486root 11241100x8000000000000000271726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14494f98b92433b2023-02-08 09:45:57.486root 11241100x8000000000000000271725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd95271ecdca93d2023-02-08 09:45:57.486root 11241100x8000000000000000271724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5ad6fb588580c22023-02-08 09:45:57.486root 11241100x8000000000000000271723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a725e83915a75cee2023-02-08 09:45:57.486root 11241100x8000000000000000271722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d74aba9ba1ff252023-02-08 09:45:57.486root 11241100x8000000000000000271721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9106b839a8f700c2023-02-08 09:45:57.486root 11241100x8000000000000000271720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ada6d52263af002023-02-08 09:45:57.486root 11241100x8000000000000000271719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69631fb14e2c7752023-02-08 09:45:57.486root 11241100x8000000000000000271734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3832b59eb3e2d1e72023-02-08 09:45:57.487root 11241100x8000000000000000271733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02ab2749426886b2023-02-08 09:45:57.487root 11241100x8000000000000000271732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1157fa64be3c3942023-02-08 09:45:57.487root 11241100x8000000000000000271731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996164e102c960182023-02-08 09:45:57.487root 11241100x8000000000000000271730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be2a2a41131fee2023-02-08 09:45:57.487root 11241100x8000000000000000271729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00904c52546191e92023-02-08 09:45:57.487root 11241100x8000000000000000271728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff29849a0b2a740e2023-02-08 09:45:57.487root 11241100x8000000000000000271741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3276b27a93b24e52023-02-08 09:45:57.488root 11241100x8000000000000000271740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454e9ecbf44371872023-02-08 09:45:57.488root 11241100x8000000000000000271739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79278be5772f74622023-02-08 09:45:57.488root 11241100x8000000000000000271738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9866a152f2c52f42023-02-08 09:45:57.488root 11241100x8000000000000000271737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a54321eeb35a8812023-02-08 09:45:57.488root 11241100x8000000000000000271736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7e814fadfba2c02023-02-08 09:45:57.488root 11241100x8000000000000000271735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b56ee6bdc9be642023-02-08 09:45:57.488root 11241100x8000000000000000271749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f501d9a21569d792023-02-08 09:45:57.489root 11241100x8000000000000000271748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b79ab1c1c13c0ba2023-02-08 09:45:57.489root 11241100x8000000000000000271747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a915454697086072023-02-08 09:45:57.489root 11241100x8000000000000000271746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa249fc3928c16822023-02-08 09:45:57.489root 11241100x8000000000000000271745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372b1219a30aa4022023-02-08 09:45:57.489root 11241100x8000000000000000271744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ea3c6743c2d2e02023-02-08 09:45:57.489root 11241100x8000000000000000271743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d1a3a7af87bbeb2023-02-08 09:45:57.489root 11241100x8000000000000000271742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064fe51866bc48c62023-02-08 09:45:57.489root 11241100x8000000000000000271750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a61cc46ef253062023-02-08 09:45:57.490root 11241100x8000000000000000271753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2dc96f83d5f332023-02-08 09:45:57.985root 11241100x8000000000000000271752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb83983af1dc24f2023-02-08 09:45:57.985root 11241100x8000000000000000271751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db3d77cf10c3e4a2023-02-08 09:45:57.985root 11241100x8000000000000000271760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267325edc4046fc2023-02-08 09:45:57.986root 11241100x8000000000000000271759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99afebe7b276fd5b2023-02-08 09:45:57.986root 11241100x8000000000000000271758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01197b43aea0aaee2023-02-08 09:45:57.986root 11241100x8000000000000000271757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d563da919e47a3c52023-02-08 09:45:57.986root 11241100x8000000000000000271756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4cca580dea11ef2023-02-08 09:45:57.986root 11241100x8000000000000000271755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32408a2ee0be74a22023-02-08 09:45:57.986root 11241100x8000000000000000271754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183af564069271692023-02-08 09:45:57.986root 11241100x8000000000000000271769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e88e1edcf0377232023-02-08 09:45:57.987root 11241100x8000000000000000271768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5bf7fc1193eb292023-02-08 09:45:57.987root 11241100x8000000000000000271767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7695dca1af0a99e2023-02-08 09:45:57.987root 11241100x8000000000000000271766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58e0d21719f69262023-02-08 09:45:57.987root 11241100x8000000000000000271765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a52010415ed5ab2023-02-08 09:45:57.987root 11241100x8000000000000000271764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc60d67ae1956e22023-02-08 09:45:57.987root 11241100x8000000000000000271763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da0f6617b68ca772023-02-08 09:45:57.987root 11241100x8000000000000000271762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac7a434860f5cb72023-02-08 09:45:57.987root 11241100x8000000000000000271761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a18f5e7d6418a02023-02-08 09:45:57.987root 11241100x8000000000000000271771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af003328f8000fe2023-02-08 09:45:57.988root 11241100x8000000000000000271770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ce3e45cc77bf562023-02-08 09:45:57.988root 11241100x8000000000000000271778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e027fb9122f2c2023-02-08 09:45:57.989root 11241100x8000000000000000271777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb7ca8b961507012023-02-08 09:45:57.989root 11241100x8000000000000000271776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d15f076e46212e2023-02-08 09:45:57.989root 11241100x8000000000000000271775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fb8f79a504d7082023-02-08 09:45:57.989root 11241100x8000000000000000271774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2625f1fdb050a2f2023-02-08 09:45:57.989root 11241100x8000000000000000271773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ea9de6552ce772023-02-08 09:45:57.989root 11241100x8000000000000000271772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7a54a3990b38772023-02-08 09:45:57.989root 11241100x8000000000000000271785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad2f9ed6e5aa5922023-02-08 09:45:57.990root 11241100x8000000000000000271784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1032ebfbce5aa82023-02-08 09:45:57.990root 11241100x8000000000000000271783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ff07c426d4ff82023-02-08 09:45:57.990root 11241100x8000000000000000271782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ddb53036cf56fd2023-02-08 09:45:57.990root 11241100x8000000000000000271781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b1dc3f0a7860122023-02-08 09:45:57.990root 11241100x8000000000000000271780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a865e392b53b9f602023-02-08 09:45:57.990root 11241100x8000000000000000271779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:57.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c652ffce5090c5e32023-02-08 09:45:57.990root 11241100x8000000000000000271791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081641fd1cf1d6492023-02-08 09:45:58.485root 11241100x8000000000000000271790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823db9a54840542e2023-02-08 09:45:58.485root 11241100x8000000000000000271789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fa104279b8119b2023-02-08 09:45:58.485root 11241100x8000000000000000271788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137127fad71549a22023-02-08 09:45:58.485root 11241100x8000000000000000271787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91092c657f1dc502023-02-08 09:45:58.485root 11241100x8000000000000000271786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35621c79c4172da32023-02-08 09:45:58.485root 11241100x8000000000000000271800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6617bb80b06a6ca2023-02-08 09:45:58.486root 11241100x8000000000000000271799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304b281b292295ee2023-02-08 09:45:58.486root 11241100x8000000000000000271798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e3c08b4f9e10982023-02-08 09:45:58.486root 11241100x8000000000000000271797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59fa09cf00d79492023-02-08 09:45:58.486root 11241100x8000000000000000271796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bb81b1e8e008c42023-02-08 09:45:58.486root 11241100x8000000000000000271795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1354025cfa7eeb2023-02-08 09:45:58.486root 11241100x8000000000000000271794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686d257f4148079f2023-02-08 09:45:58.486root 11241100x8000000000000000271793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4a9bce59626a9a2023-02-08 09:45:58.486root 11241100x8000000000000000271792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55919a0fd31877e52023-02-08 09:45:58.486root 11241100x8000000000000000271809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcb6e0e59d0cc0f2023-02-08 09:45:58.487root 11241100x8000000000000000271808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217a669d58abcf402023-02-08 09:45:58.487root 11241100x8000000000000000271807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc605eccde0cb72023-02-08 09:45:58.487root 11241100x8000000000000000271806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de33dbf3f69a31362023-02-08 09:45:58.487root 11241100x8000000000000000271805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1ec1d2370213382023-02-08 09:45:58.487root 11241100x8000000000000000271804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee953416b91c932023-02-08 09:45:58.487root 11241100x8000000000000000271803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef8d288c4930482023-02-08 09:45:58.487root 11241100x8000000000000000271802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc6c9b0716663692023-02-08 09:45:58.487root 11241100x8000000000000000271801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b6079b36c6666e2023-02-08 09:45:58.487root 11241100x8000000000000000271817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646ff6d04cc114752023-02-08 09:45:58.488root 11241100x8000000000000000271816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e153146964a4f82023-02-08 09:45:58.488root 11241100x8000000000000000271815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21659cf045304ef32023-02-08 09:45:58.488root 11241100x8000000000000000271814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6966c5cf38a32782023-02-08 09:45:58.488root 11241100x8000000000000000271813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02aff2d13da7c242023-02-08 09:45:58.488root 11241100x8000000000000000271812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b52410d77fc94d2023-02-08 09:45:58.488root 11241100x8000000000000000271811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365c5321072b948c2023-02-08 09:45:58.488root 11241100x8000000000000000271810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc640e1471246c8b2023-02-08 09:45:58.488root 11241100x8000000000000000271820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da519de4d5050a2023-02-08 09:45:58.489root 11241100x8000000000000000271819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37a56ad6d1755822023-02-08 09:45:58.489root 11241100x8000000000000000271818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb68b7a2a4b9d7c2023-02-08 09:45:58.489root 11241100x8000000000000000271825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821496c42bca8b6c2023-02-08 09:45:58.985root 11241100x8000000000000000271824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c995412ec6ba7baa2023-02-08 09:45:58.985root 11241100x8000000000000000271823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b78f89743970e02023-02-08 09:45:58.985root 11241100x8000000000000000271822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffed0982f7a743772023-02-08 09:45:58.985root 11241100x8000000000000000271821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52eaa37ac3f5a4a2023-02-08 09:45:58.985root 11241100x8000000000000000271833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab1db0e6a259cc22023-02-08 09:45:58.986root 11241100x8000000000000000271832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac72492fca776272023-02-08 09:45:58.986root 11241100x8000000000000000271831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c29ba37660759602023-02-08 09:45:58.986root 11241100x8000000000000000271830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d714481e7542f2022023-02-08 09:45:58.986root 11241100x8000000000000000271829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b898b653c05e0382023-02-08 09:45:58.986root 11241100x8000000000000000271828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cba54eefee54d5d2023-02-08 09:45:58.986root 11241100x8000000000000000271827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3369439d70555fc2023-02-08 09:45:58.986root 11241100x8000000000000000271826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b1e5525483daba2023-02-08 09:45:58.986root 11241100x8000000000000000271842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeb97988a7990ff2023-02-08 09:45:58.987root 11241100x8000000000000000271841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51d57c6c6b65e8a2023-02-08 09:45:58.987root 11241100x8000000000000000271840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fef8829e1040e92023-02-08 09:45:58.987root 11241100x8000000000000000271839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d7f03e3e4afc762023-02-08 09:45:58.987root 11241100x8000000000000000271838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee39b7785ac7e6072023-02-08 09:45:58.987root 11241100x8000000000000000271837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddec0bdf8a055c12023-02-08 09:45:58.987root 11241100x8000000000000000271836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b635ba8928c4ab32023-02-08 09:45:58.987root 11241100x8000000000000000271835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200e637be62b5f8b2023-02-08 09:45:58.987root 11241100x8000000000000000271834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567cf483696b9b4d2023-02-08 09:45:58.987root 11241100x8000000000000000271852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba17dfefe58c0e2f2023-02-08 09:45:58.988root 11241100x8000000000000000271851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782e6492abe85cbf2023-02-08 09:45:58.988root 11241100x8000000000000000271850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7befefb9c8036c92023-02-08 09:45:58.988root 11241100x8000000000000000271849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1226232a38b952023-02-08 09:45:58.988root 11241100x8000000000000000271848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13be0e27fe9cb21e2023-02-08 09:45:58.988root 11241100x8000000000000000271847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07139cef6fb18c4e2023-02-08 09:45:58.988root 11241100x8000000000000000271846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac40da9406a1ef82023-02-08 09:45:58.988root 11241100x8000000000000000271845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e33df77aaa14c52023-02-08 09:45:58.988root 11241100x8000000000000000271844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602a84d5821485202023-02-08 09:45:58.988root 11241100x8000000000000000271843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5c8aad06f802622023-02-08 09:45:58.988root 11241100x8000000000000000271855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f6e4aba22385452023-02-08 09:45:58.989root 11241100x8000000000000000271854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e89e24b71fad9d2023-02-08 09:45:58.989root 11241100x8000000000000000271853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45f5155923d6a862023-02-08 09:45:58.989root 11241100x8000000000000000271860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ba8ca10cd068342023-02-08 09:45:59.485root 11241100x8000000000000000271859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5795633d916112be2023-02-08 09:45:59.485root 11241100x8000000000000000271858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9a3e216160757c2023-02-08 09:45:59.485root 11241100x8000000000000000271857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949fde462138fe632023-02-08 09:45:59.485root 11241100x8000000000000000271856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfdb697f5f7f5232023-02-08 09:45:59.485root 11241100x8000000000000000271869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6d53818b7c1fed2023-02-08 09:45:59.486root 11241100x8000000000000000271868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd46061b6ea85a62023-02-08 09:45:59.486root 11241100x8000000000000000271867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe966092bd05dec2023-02-08 09:45:59.486root 11241100x8000000000000000271866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6710a343bdf7d762023-02-08 09:45:59.486root 11241100x8000000000000000271865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc18478c41212f22023-02-08 09:45:59.486root 11241100x8000000000000000271864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480fb51454db0bfa2023-02-08 09:45:59.486root 11241100x8000000000000000271863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4766641056c6b2023-02-08 09:45:59.486root 11241100x8000000000000000271862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0853f88875a14022023-02-08 09:45:59.486root 11241100x8000000000000000271861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072a6a196fa5545a2023-02-08 09:45:59.486root 11241100x8000000000000000271877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337f1cdd0dfd2b312023-02-08 09:45:59.487root 11241100x8000000000000000271876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fb4552fd8ac4df2023-02-08 09:45:59.487root 11241100x8000000000000000271875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7992858ac67b2c982023-02-08 09:45:59.487root 11241100x8000000000000000271874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaa8a13ae1117062023-02-08 09:45:59.487root 11241100x8000000000000000271873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb3b2228fdd78fd2023-02-08 09:45:59.487root 11241100x8000000000000000271872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be24affd52b1832023-02-08 09:45:59.487root 11241100x8000000000000000271871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832f231ab4fd2882023-02-08 09:45:59.487root 11241100x8000000000000000271870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c099ae4f54b32eb2023-02-08 09:45:59.487root 11241100x8000000000000000271886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0c8ca30af6e5392023-02-08 09:45:59.488root 11241100x8000000000000000271885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9553f6565fd1649b2023-02-08 09:45:59.488root 11241100x8000000000000000271884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672ead024d5fff02023-02-08 09:45:59.488root 11241100x8000000000000000271883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a40331f7c938c262023-02-08 09:45:59.488root 11241100x8000000000000000271882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faae5575385aa1992023-02-08 09:45:59.488root 11241100x8000000000000000271881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86760deee07db04b2023-02-08 09:45:59.488root 11241100x8000000000000000271880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e44c90bd628ab002023-02-08 09:45:59.488root 11241100x8000000000000000271879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78d2607e20143572023-02-08 09:45:59.488root 11241100x8000000000000000271878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39998016251be832023-02-08 09:45:59.488root 11241100x8000000000000000271890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d3bb5acc04e522023-02-08 09:45:59.489root 11241100x8000000000000000271889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16eddcd73af93362023-02-08 09:45:59.489root 11241100x8000000000000000271888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de57ea90298250322023-02-08 09:45:59.489root 11241100x8000000000000000271887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a71758c7869ac42023-02-08 09:45:59.489root 11241100x8000000000000000271893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040bde93b9f564fd2023-02-08 09:45:59.985root 11241100x8000000000000000271892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8915ceddb5f49f2023-02-08 09:45:59.985root 11241100x8000000000000000271891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b3f5dc5c2608192023-02-08 09:45:59.985root 11241100x8000000000000000271902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6eb1c54618affc2023-02-08 09:45:59.986root 11241100x8000000000000000271901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57461c1c5088e2822023-02-08 09:45:59.986root 11241100x8000000000000000271900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082998f82ebd45242023-02-08 09:45:59.986root 11241100x8000000000000000271899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d99c5611c77587a2023-02-08 09:45:59.986root 11241100x8000000000000000271898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e6897023186e9f2023-02-08 09:45:59.986root 11241100x8000000000000000271897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8883690875fbff92023-02-08 09:45:59.986root 11241100x8000000000000000271896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717eb46c433bdfe62023-02-08 09:45:59.986root 11241100x8000000000000000271895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49677c726b7a12932023-02-08 09:45:59.986root 11241100x8000000000000000271894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94965c90c1c52e402023-02-08 09:45:59.986root 11241100x8000000000000000271906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b726f91fe0c9508f2023-02-08 09:45:59.987root 11241100x8000000000000000271905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3228f11163b1e8692023-02-08 09:45:59.987root 11241100x8000000000000000271904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7263ece8f21b11f12023-02-08 09:45:59.987root 11241100x8000000000000000271903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1242703788e24e862023-02-08 09:45:59.987root 11241100x8000000000000000271912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf202b49e004812023-02-08 09:45:59.988root 11241100x8000000000000000271911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801c633a15dd7f292023-02-08 09:45:59.988root 11241100x8000000000000000271910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df683e279edb0e8c2023-02-08 09:45:59.988root 11241100x8000000000000000271909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceecfc56f8b6a6852023-02-08 09:45:59.988root 11241100x8000000000000000271908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b51cea824ed69cb2023-02-08 09:45:59.988root 11241100x8000000000000000271907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60566077c19612b52023-02-08 09:45:59.988root 11241100x8000000000000000271922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f757ca1c237f4cdb2023-02-08 09:45:59.989root 11241100x8000000000000000271921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9f0854efe0fe882023-02-08 09:45:59.989root 11241100x8000000000000000271920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14de07994234f1e2023-02-08 09:45:59.989root 11241100x8000000000000000271919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a30479bec2a24c72023-02-08 09:45:59.989root 11241100x8000000000000000271918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7285e5791795af3f2023-02-08 09:45:59.989root 11241100x8000000000000000271917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ce3fc7235a57122023-02-08 09:45:59.989root 11241100x8000000000000000271916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a20862d602ce572023-02-08 09:45:59.989root 11241100x8000000000000000271915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610d01c7565140122023-02-08 09:45:59.989root 11241100x8000000000000000271914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425c558b00e1626f2023-02-08 09:45:59.989root 11241100x8000000000000000271913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c9da80448c7f152023-02-08 09:45:59.989root 11241100x8000000000000000271923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a682e846d7163c52023-02-08 09:45:59.990root 11241100x8000000000000000271925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b02119dcccf0d742023-02-08 09:45:59.991root 11241100x8000000000000000271924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:45:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d207c3c4e12b7862023-02-08 09:45:59.991root 11241100x8000000000000000271930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdda376b01ce7eb62023-02-08 09:46:00.485root 11241100x8000000000000000271929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3659cd2f441b0c52023-02-08 09:46:00.485root 11241100x8000000000000000271928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e55db26aed47fb2023-02-08 09:46:00.485root 11241100x8000000000000000271927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac5a7c4fa17d18e2023-02-08 09:46:00.485root 11241100x8000000000000000271926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac370cb8d383a72023-02-08 09:46:00.485root 11241100x8000000000000000271938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500faaa17f6201802023-02-08 09:46:00.486root 11241100x8000000000000000271937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0f1b68dfa2c92b2023-02-08 09:46:00.486root 11241100x8000000000000000271936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e1730c0349452f2023-02-08 09:46:00.486root 11241100x8000000000000000271935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba29d569687eef2023-02-08 09:46:00.486root 11241100x8000000000000000271934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc42554dcb5017dc2023-02-08 09:46:00.486root 11241100x8000000000000000271933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1555dfecd42cf1e92023-02-08 09:46:00.486root 11241100x8000000000000000271932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760b27c5eb4b5b122023-02-08 09:46:00.486root 11241100x8000000000000000271931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6727204c4d4caca02023-02-08 09:46:00.486root 11241100x8000000000000000271942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a356f815d3bc572023-02-08 09:46:00.487root 11241100x8000000000000000271941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcb602dc16c66132023-02-08 09:46:00.487root 11241100x8000000000000000271940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9945026123044b572023-02-08 09:46:00.487root 11241100x8000000000000000271939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98761983ea79d41a2023-02-08 09:46:00.487root 11241100x8000000000000000271948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05bd276435aa32b2023-02-08 09:46:00.488root 11241100x8000000000000000271947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89379a6c10e9f2a12023-02-08 09:46:00.488root 11241100x8000000000000000271946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ccd574b66637a2023-02-08 09:46:00.488root 11241100x8000000000000000271945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94c2144106700072023-02-08 09:46:00.488root 11241100x8000000000000000271944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5881d0833b9b8382023-02-08 09:46:00.488root 11241100x8000000000000000271943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d23960c945397bc2023-02-08 09:46:00.488root 11241100x8000000000000000271953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4371f7b600025dda2023-02-08 09:46:00.489root 11241100x8000000000000000271952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879fabb4acd9ed2a2023-02-08 09:46:00.489root 11241100x8000000000000000271951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef89b73331e3d9c2023-02-08 09:46:00.489root 11241100x8000000000000000271950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373330322c15cf2f2023-02-08 09:46:00.489root 11241100x8000000000000000271949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ae0614ff39fd812023-02-08 09:46:00.489root 11241100x8000000000000000271959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a1deddaa29ff822023-02-08 09:46:00.490root 11241100x8000000000000000271958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e8cadb7477f2c2023-02-08 09:46:00.490root 11241100x8000000000000000271957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2284e96e486ca43c2023-02-08 09:46:00.490root 11241100x8000000000000000271956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4ca79a277b10822023-02-08 09:46:00.490root 11241100x8000000000000000271955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73635685210a53b2023-02-08 09:46:00.490root 11241100x8000000000000000271954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0114bc1f3ccca6952023-02-08 09:46:00.490root 11241100x8000000000000000271960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a2d09bdd381dc12023-02-08 09:46:00.491root 11241100x8000000000000000271963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf86d5754288dc52023-02-08 09:46:00.985root 11241100x8000000000000000271962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7264122ab3a9f95c2023-02-08 09:46:00.985root 11241100x8000000000000000271961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460a2bc9849eee0a2023-02-08 09:46:00.985root 11241100x8000000000000000271972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0095f9de68514b2023-02-08 09:46:00.986root 11241100x8000000000000000271971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf68387db82ad4e42023-02-08 09:46:00.986root 11241100x8000000000000000271970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f052e129a7f6ac52023-02-08 09:46:00.986root 11241100x8000000000000000271969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88421ac77c6030c2023-02-08 09:46:00.986root 11241100x8000000000000000271968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47589051b6e84f112023-02-08 09:46:00.986root 11241100x8000000000000000271967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e742671258a82f2023-02-08 09:46:00.986root 11241100x8000000000000000271966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dba7600c4d97b82023-02-08 09:46:00.986root 11241100x8000000000000000271965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc650c601e37b72b2023-02-08 09:46:00.986root 11241100x8000000000000000271964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafe10e52e9430172023-02-08 09:46:00.986root 11241100x8000000000000000271974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59110629ca6101c32023-02-08 09:46:00.987root 11241100x8000000000000000271973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5199dec3a78b782023-02-08 09:46:00.987root 11241100x8000000000000000271979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716bee308d9805f42023-02-08 09:46:00.988root 11241100x8000000000000000271978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68076bf979d624e62023-02-08 09:46:00.988root 11241100x8000000000000000271977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de9267b591a61d82023-02-08 09:46:00.988root 11241100x8000000000000000271976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d7627a327bb80e2023-02-08 09:46:00.988root 11241100x8000000000000000271975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0918c05f2fb94cc2023-02-08 09:46:00.988root 11241100x8000000000000000271993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c97a6bc8b229662023-02-08 09:46:00.989root 11241100x8000000000000000271992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304f9fc13c24de0f2023-02-08 09:46:00.989root 11241100x8000000000000000271991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690e3b59a27296b12023-02-08 09:46:00.989root 11241100x8000000000000000271990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9f1994ad07bb922023-02-08 09:46:00.989root 11241100x8000000000000000271989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153777f826584b7f2023-02-08 09:46:00.989root 11241100x8000000000000000271988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba92969335c045a12023-02-08 09:46:00.989root 11241100x8000000000000000271987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c959f26fd3218f92023-02-08 09:46:00.989root 11241100x8000000000000000271986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1257f15a36f13d882023-02-08 09:46:00.989root 11241100x8000000000000000271985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ddf0abbc56199b2023-02-08 09:46:00.989root 11241100x8000000000000000271984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403f323a953e21382023-02-08 09:46:00.989root 11241100x8000000000000000271983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592da0781b2b10192023-02-08 09:46:00.989root 11241100x8000000000000000271982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f5984b230397f2023-02-08 09:46:00.989root 11241100x8000000000000000271981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cec5777caa93922023-02-08 09:46:00.989root 11241100x8000000000000000271980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883202c08dbf04fd2023-02-08 09:46:00.989root 11241100x8000000000000000271995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebd1f76667657cd2023-02-08 09:46:00.990root 11241100x8000000000000000271994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cea315c11f1d812023-02-08 09:46:00.990root 11241100x8000000000000000271998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce541c44d252e0332023-02-08 09:46:01.485root 11241100x8000000000000000271997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c9059574a7d2172023-02-08 09:46:01.485root 11241100x8000000000000000271996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdbf8bbed0284902023-02-08 09:46:01.485root 11241100x8000000000000000272007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5921cda3872ef82023-02-08 09:46:01.486root 11241100x8000000000000000272006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7e87625b918dc32023-02-08 09:46:01.486root 11241100x8000000000000000272005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d94b28dcaa602852023-02-08 09:46:01.486root 11241100x8000000000000000272004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564519a2dde49a382023-02-08 09:46:01.486root 11241100x8000000000000000272003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f14e75a9054292023-02-08 09:46:01.486root 11241100x8000000000000000272002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9832cf7f75ca0452023-02-08 09:46:01.486root 11241100x8000000000000000272001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa1fda8985132842023-02-08 09:46:01.486root 11241100x8000000000000000272000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47cf1ac59f44ad72023-02-08 09:46:01.486root 11241100x8000000000000000271999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af30cc625dad1d32023-02-08 09:46:01.486root 11241100x8000000000000000272015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7478aaf47d075fd2023-02-08 09:46:01.487root 11241100x8000000000000000272014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c680313f2c1b4f2023-02-08 09:46:01.487root 11241100x8000000000000000272013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8582afb2af21bc6c2023-02-08 09:46:01.487root 11241100x8000000000000000272012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6042a2a5a6bbd7df2023-02-08 09:46:01.487root 11241100x8000000000000000272011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c2f89736d6eec32023-02-08 09:46:01.487root 11241100x8000000000000000272010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746e3918bba675bf2023-02-08 09:46:01.487root 11241100x8000000000000000272009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d75b63fac0c3d682023-02-08 09:46:01.487root 11241100x8000000000000000272008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f4643aa80cc02d2023-02-08 09:46:01.487root 11241100x8000000000000000272021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530edc6cefa7c47e2023-02-08 09:46:01.488root 11241100x8000000000000000272020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca4cd69e24c1fea2023-02-08 09:46:01.488root 11241100x8000000000000000272019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04be50c4d10a6502023-02-08 09:46:01.488root 11241100x8000000000000000272018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b7093988458082023-02-08 09:46:01.488root 11241100x8000000000000000272017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c11973aacc069e2023-02-08 09:46:01.488root 11241100x8000000000000000272016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2618ba0cf44cadea2023-02-08 09:46:01.488root 11241100x8000000000000000272030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ac004258adb6252023-02-08 09:46:01.489root 11241100x8000000000000000272029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b728bbb2c0baea3a2023-02-08 09:46:01.489root 11241100x8000000000000000272028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23abce819ac72afa2023-02-08 09:46:01.489root 11241100x8000000000000000272027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b3881cef6822d2023-02-08 09:46:01.489root 11241100x8000000000000000272026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecaf68cff0b51632023-02-08 09:46:01.489root 11241100x8000000000000000272025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f245b327630cf3692023-02-08 09:46:01.489root 11241100x8000000000000000272024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4229e19c3f890ad2023-02-08 09:46:01.489root 11241100x8000000000000000272023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cbf1177d3c45ba2023-02-08 09:46:01.489root 11241100x8000000000000000272022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c5b2f96e34f1f92023-02-08 09:46:01.489root 11241100x8000000000000000272034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6517c18283264e2023-02-08 09:46:01.985root 11241100x8000000000000000272033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381106b3196a89e2023-02-08 09:46:01.985root 11241100x8000000000000000272032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f852763e435bf092023-02-08 09:46:01.985root 11241100x8000000000000000272031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3219692349d95c9b2023-02-08 09:46:01.985root 11241100x8000000000000000272043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa9399e2ff9f03a2023-02-08 09:46:01.986root 11241100x8000000000000000272042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f6bee9d43ae9932023-02-08 09:46:01.986root 11241100x8000000000000000272041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cf561bc0ee064f2023-02-08 09:46:01.986root 11241100x8000000000000000272040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856b742fdf7d6dd22023-02-08 09:46:01.986root 11241100x8000000000000000272039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686ac3943e81af092023-02-08 09:46:01.986root 11241100x8000000000000000272038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1a4a4c3b61f5d42023-02-08 09:46:01.986root 11241100x8000000000000000272037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20c6db54f11108d2023-02-08 09:46:01.986root 11241100x8000000000000000272036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725a02941068092b2023-02-08 09:46:01.986root 11241100x8000000000000000272035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d145772b59f5a7da2023-02-08 09:46:01.986root 11241100x8000000000000000272050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddf9e0849caed792023-02-08 09:46:01.987root 11241100x8000000000000000272049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903bf30b21232e332023-02-08 09:46:01.987root 11241100x8000000000000000272048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bceac9011a1782023-02-08 09:46:01.987root 11241100x8000000000000000272047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406c80ad00f75e8a2023-02-08 09:46:01.987root 11241100x8000000000000000272046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d0896629ee5f642023-02-08 09:46:01.987root 11241100x8000000000000000272045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac50e84558326342023-02-08 09:46:01.987root 11241100x8000000000000000272044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debfec5dde696902023-02-08 09:46:01.987root 11241100x8000000000000000272061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c988ee8f8235182023-02-08 09:46:01.988root 11241100x8000000000000000272060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f3617d3e9cfa922023-02-08 09:46:01.988root 11241100x8000000000000000272059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4d1498431c3dd02023-02-08 09:46:01.988root 11241100x8000000000000000272058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e7e18c5bf348852023-02-08 09:46:01.988root 11241100x8000000000000000272057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395475717e3d99472023-02-08 09:46:01.988root 11241100x8000000000000000272056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9739590f03ff68b62023-02-08 09:46:01.988root 11241100x8000000000000000272055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df855183dc66c92023-02-08 09:46:01.988root 11241100x8000000000000000272054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38f40291d0e555d2023-02-08 09:46:01.988root 11241100x8000000000000000272053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cccca5030264dce2023-02-08 09:46:01.988root 11241100x8000000000000000272052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa0e3f76fa80dee2023-02-08 09:46:01.988root 11241100x8000000000000000272051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc511d8d0b610f62023-02-08 09:46:01.988root 11241100x8000000000000000272065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755fa03a85a85e62023-02-08 09:46:01.989root 11241100x8000000000000000272064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599977a02e5c48ab2023-02-08 09:46:01.989root 11241100x8000000000000000272063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724c47490ce93bec2023-02-08 09:46:01.989root 11241100x8000000000000000272062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:01.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e6f0434800e6922023-02-08 09:46:01.989root 11241100x8000000000000000272070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e5b6d1958503f22023-02-08 09:46:02.485root 11241100x8000000000000000272069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0de3fbe501224292023-02-08 09:46:02.485root 11241100x8000000000000000272068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba359b6a9f9067d2023-02-08 09:46:02.485root 11241100x8000000000000000272067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7f7de19ff9a3992023-02-08 09:46:02.485root 11241100x8000000000000000272066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdf3d5eab90be162023-02-08 09:46:02.485root 11241100x8000000000000000272074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba37b1df2bab7ab2023-02-08 09:46:02.486root 11241100x8000000000000000272073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaa7277f3f8f56b2023-02-08 09:46:02.486root 11241100x8000000000000000272072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec91da5974fa5a72023-02-08 09:46:02.486root 11241100x8000000000000000272071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796a0ef6acb7f9d22023-02-08 09:46:02.486root 11241100x8000000000000000272079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af0a4444d5a89a72023-02-08 09:46:02.488root 11241100x8000000000000000272078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836ea5bb6a945a82023-02-08 09:46:02.488root 11241100x8000000000000000272077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6709d08ff8ecc762023-02-08 09:46:02.488root 11241100x8000000000000000272076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe2b466b9560cbc2023-02-08 09:46:02.488root 11241100x8000000000000000272075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e019962d08763c312023-02-08 09:46:02.488root 11241100x8000000000000000272083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fa261b509e9a892023-02-08 09:46:02.489root 11241100x8000000000000000272082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895827c72aa83bf22023-02-08 09:46:02.489root 11241100x8000000000000000272081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326b7834775814f2023-02-08 09:46:02.489root 11241100x8000000000000000272080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e310c9f36b137682023-02-08 09:46:02.489root 11241100x8000000000000000272087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400b6b55c11281452023-02-08 09:46:02.490root 11241100x8000000000000000272086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ab202be98a7a552023-02-08 09:46:02.490root 11241100x8000000000000000272085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1833636473ce00122023-02-08 09:46:02.490root 11241100x8000000000000000272084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557473fe778710502023-02-08 09:46:02.490root 11241100x8000000000000000272090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3740ba47e3c5b0582023-02-08 09:46:02.491root 11241100x8000000000000000272089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555aaa085140c9262023-02-08 09:46:02.491root 11241100x8000000000000000272088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d9df6fb617f3cd2023-02-08 09:46:02.491root 11241100x8000000000000000272095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad61cafa732cfed2023-02-08 09:46:02.493root 11241100x8000000000000000272094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3476612926d5102023-02-08 09:46:02.493root 11241100x8000000000000000272093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0e06eabce90162023-02-08 09:46:02.493root 11241100x8000000000000000272092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69e838fc35504cb2023-02-08 09:46:02.493root 11241100x8000000000000000272091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5975a53f8b37982023-02-08 09:46:02.493root 11241100x8000000000000000272100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc86a89ca8d26cbf2023-02-08 09:46:02.494root 11241100x8000000000000000272099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f05230bce49e92023-02-08 09:46:02.494root 11241100x8000000000000000272098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2a026dc46905aa2023-02-08 09:46:02.494root 11241100x8000000000000000272097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b6578d4847398a2023-02-08 09:46:02.494root 11241100x8000000000000000272096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89008a97786ab89b2023-02-08 09:46:02.494root 11241100x8000000000000000272101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6d9ced4a576c712023-02-08 09:46:02.985root 11241100x8000000000000000272104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63ad470a5fd05e42023-02-08 09:46:02.986root 11241100x8000000000000000272103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb0fe44839da23d2023-02-08 09:46:02.986root 11241100x8000000000000000272102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85bad00f035e98a2023-02-08 09:46:02.986root 11241100x8000000000000000272110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca56c87efdf476bf2023-02-08 09:46:02.987root 11241100x8000000000000000272109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c736432b35dd60bc2023-02-08 09:46:02.987root 11241100x8000000000000000272108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83428b9f047abf932023-02-08 09:46:02.987root 11241100x8000000000000000272107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2eaa44020bbcbc2023-02-08 09:46:02.987root 11241100x8000000000000000272106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2352301472fc5502023-02-08 09:46:02.987root 11241100x8000000000000000272105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c83ef909ccd3d72023-02-08 09:46:02.987root 11241100x8000000000000000272123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89a6d992463a09f2023-02-08 09:46:02.988root 11241100x8000000000000000272122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c063fa292da55812023-02-08 09:46:02.988root 11241100x8000000000000000272121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d35ef5632f37152023-02-08 09:46:02.988root 11241100x8000000000000000272120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f2d0ea6315961b2023-02-08 09:46:02.988root 11241100x8000000000000000272119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b8cb07c911f8132023-02-08 09:46:02.988root 11241100x8000000000000000272118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aacdbc2e3541012023-02-08 09:46:02.988root 11241100x8000000000000000272117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d7a4f60f505ca12023-02-08 09:46:02.988root 11241100x8000000000000000272116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28be10c3ed0dc8b02023-02-08 09:46:02.988root 11241100x8000000000000000272115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf32e6f71e2c8e82023-02-08 09:46:02.988root 11241100x8000000000000000272114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd79dbd74695492023-02-08 09:46:02.988root 11241100x8000000000000000272113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8e40e0d95231772023-02-08 09:46:02.988root 11241100x8000000000000000272112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea201ded36669fa12023-02-08 09:46:02.988root 11241100x8000000000000000272111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea47e1390fba5f02023-02-08 09:46:02.988root 11241100x8000000000000000272128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055dcf2b3aa3f5542023-02-08 09:46:02.989root 11241100x8000000000000000272127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e05e61e56e935fd2023-02-08 09:46:02.989root 11241100x8000000000000000272126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8842a7ea7a3da2962023-02-08 09:46:02.989root 11241100x8000000000000000272125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03210e334b7af322023-02-08 09:46:02.989root 11241100x8000000000000000272124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6038e6b4b9fb2e2023-02-08 09:46:02.989root 11241100x8000000000000000272132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693538157a9ced492023-02-08 09:46:02.990root 11241100x8000000000000000272131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43db324574a205032023-02-08 09:46:02.990root 11241100x8000000000000000272130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51977055f5ab67cb2023-02-08 09:46:02.990root 11241100x8000000000000000272129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f0b7742a08487e2023-02-08 09:46:02.990root 11241100x8000000000000000272135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbf987137b354cc2023-02-08 09:46:02.994root 11241100x8000000000000000272134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efbf848d990bbc2023-02-08 09:46:02.994root 11241100x8000000000000000272133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:02.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21883a22843a988b2023-02-08 09:46:02.994root 354300x8000000000000000272136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.023{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41008-false10.0.1.12-8000- 11241100x8000000000000000272137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0b29ba7215cf9c2023-02-08 09:46:03.485root 11241100x8000000000000000272148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75859b099122dec2023-02-08 09:46:03.486root 11241100x8000000000000000272147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c30c084c43ae542023-02-08 09:46:03.486root 11241100x8000000000000000272146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5766818204a0002023-02-08 09:46:03.486root 11241100x8000000000000000272145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca11ec7dd48c03a2023-02-08 09:46:03.486root 11241100x8000000000000000272144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09226cf53be38d8a2023-02-08 09:46:03.486root 11241100x8000000000000000272143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9639a8703ff372382023-02-08 09:46:03.486root 11241100x8000000000000000272142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333618bdcf3ab7eb2023-02-08 09:46:03.486root 11241100x8000000000000000272141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec64915c50335eb2023-02-08 09:46:03.486root 11241100x8000000000000000272140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b18948d6eec2d02023-02-08 09:46:03.486root 11241100x8000000000000000272139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a921a0102e88eb3f2023-02-08 09:46:03.486root 11241100x8000000000000000272138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eef862e9e3df672023-02-08 09:46:03.486root 11241100x8000000000000000272161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00bd0b7befaec212023-02-08 09:46:03.487root 11241100x8000000000000000272160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9170f79140f180562023-02-08 09:46:03.487root 11241100x8000000000000000272159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcee82cc05cacdd2023-02-08 09:46:03.487root 11241100x8000000000000000272158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ae4c839b6e78d32023-02-08 09:46:03.487root 11241100x8000000000000000272157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168718c8cf3ab6e32023-02-08 09:46:03.487root 11241100x8000000000000000272156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5851e9a40d1832023-02-08 09:46:03.487root 11241100x8000000000000000272155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a7a2c14d7b15472023-02-08 09:46:03.487root 11241100x8000000000000000272154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1271253e7e81999a2023-02-08 09:46:03.487root 11241100x8000000000000000272153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfa3154b8d1efad2023-02-08 09:46:03.487root 11241100x8000000000000000272152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1e3583e4292efe2023-02-08 09:46:03.487root 11241100x8000000000000000272151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a1d954caa3979e2023-02-08 09:46:03.487root 11241100x8000000000000000272150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d6eeebbe4fdc682023-02-08 09:46:03.487root 11241100x8000000000000000272149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac2dcb52256e3d2023-02-08 09:46:03.487root 11241100x8000000000000000272172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5e0fdbba109e452023-02-08 09:46:03.488root 11241100x8000000000000000272171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef45068add1302f32023-02-08 09:46:03.488root 11241100x8000000000000000272170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00d5d5217f3c10f2023-02-08 09:46:03.488root 11241100x8000000000000000272169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d504a39c43a20d642023-02-08 09:46:03.488root 11241100x8000000000000000272168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ebc6515d902ea52023-02-08 09:46:03.488root 11241100x8000000000000000272167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da113600fed224672023-02-08 09:46:03.488root 11241100x8000000000000000272166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4289e3cc8fcf6e2023-02-08 09:46:03.488root 11241100x8000000000000000272165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f5924f6c54d84e2023-02-08 09:46:03.488root 11241100x8000000000000000272164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e976dbd67deabd592023-02-08 09:46:03.488root 11241100x8000000000000000272163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eda7022c24289d2023-02-08 09:46:03.488root 11241100x8000000000000000272162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ca311ae6428832023-02-08 09:46:03.488root 154100x8000000000000000272173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.981{ec2a0601-6f5b-63e3-68e4-985680550000}5811/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000272181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaaa52c3b9d29432023-02-08 09:46:03.982root 11241100x8000000000000000272180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b643e20f8c236afa2023-02-08 09:46:03.982root 11241100x8000000000000000272179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a329dc5e3b228932023-02-08 09:46:03.982root 11241100x8000000000000000272178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ae9db1757fd71a2023-02-08 09:46:03.982root 11241100x8000000000000000272177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82ccfc19c3345332023-02-08 09:46:03.982root 11241100x8000000000000000272176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ec79369d9fe16e2023-02-08 09:46:03.982root 11241100x8000000000000000272175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f337f0f8b585d92023-02-08 09:46:03.982root 11241100x8000000000000000272174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.982{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78eead5e67af3352023-02-08 09:46:03.982root 11241100x8000000000000000272196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9006c2a8946448672023-02-08 09:46:03.983root 11241100x8000000000000000272195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858406679e0aeaca2023-02-08 09:46:03.983root 11241100x8000000000000000272194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a097fd71f34662023-02-08 09:46:03.983root 11241100x8000000000000000272193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64857c9b9db7642f2023-02-08 09:46:03.983root 11241100x8000000000000000272192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e68ca22cd4681b2023-02-08 09:46:03.983root 11241100x8000000000000000272191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5034b9fde3317dc2023-02-08 09:46:03.983root 11241100x8000000000000000272190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dc65b2cb5889eb2023-02-08 09:46:03.983root 11241100x8000000000000000272189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f86c5f0e617d8072023-02-08 09:46:03.983root 11241100x8000000000000000272188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2743b082a1e5c9482023-02-08 09:46:03.983root 11241100x8000000000000000272187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321cc814c9370c6d2023-02-08 09:46:03.983root 11241100x8000000000000000272186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9cf63bcbd7a9ed2023-02-08 09:46:03.983root 11241100x8000000000000000272185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372c2e6464f2596d2023-02-08 09:46:03.983root 11241100x8000000000000000272184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd94e66573d16892023-02-08 09:46:03.983root 11241100x8000000000000000272183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8287119729f9185e2023-02-08 09:46:03.983root 11241100x8000000000000000272182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.983{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6202b607f7ab25f92023-02-08 09:46:03.983root 11241100x8000000000000000272210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadfa141ae6381f02023-02-08 09:46:03.984root 11241100x8000000000000000272209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034af7e0f259cd742023-02-08 09:46:03.984root 11241100x8000000000000000272208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76db440f69fdaaa2023-02-08 09:46:03.984root 11241100x8000000000000000272207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2266d60dfa6e9f792023-02-08 09:46:03.984root 11241100x8000000000000000272206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d534e3e42e4940f42023-02-08 09:46:03.984root 11241100x8000000000000000272205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd77664feb92569c2023-02-08 09:46:03.984root 11241100x8000000000000000272204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18ae982ac2489e82023-02-08 09:46:03.984root 11241100x8000000000000000272203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6b57fccaec79292023-02-08 09:46:03.984root 11241100x8000000000000000272202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c904fe13963b7822023-02-08 09:46:03.984root 11241100x8000000000000000272201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd35281d2be57c2023-02-08 09:46:03.984root 11241100x8000000000000000272200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322dd42ac7d25e092023-02-08 09:46:03.984root 11241100x8000000000000000272199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06469ec74a3403942023-02-08 09:46:03.984root 11241100x8000000000000000272198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d69eba0df931b7e2023-02-08 09:46:03.984root 11241100x8000000000000000272197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da3b6dc7881d8c62023-02-08 09:46:03.984root 534500x8000000000000000272211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:03.995{ec2a0601-6f5b-63e3-68e4-985680550000}5811/bin/psroot 11241100x8000000000000000272212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd05534f07f376c2023-02-08 09:46:04.235root 11241100x8000000000000000272222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a52a5d12564ef5a2023-02-08 09:46:04.236root 11241100x8000000000000000272221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be79d12f89556f92023-02-08 09:46:04.236root 11241100x8000000000000000272220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158dbd559a425ff52023-02-08 09:46:04.236root 11241100x8000000000000000272219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762846075e2c79fc2023-02-08 09:46:04.236root 11241100x8000000000000000272218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1ad0e00af1f3a2023-02-08 09:46:04.236root 11241100x8000000000000000272217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84d79dfaae733dd2023-02-08 09:46:04.236root 11241100x8000000000000000272216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3356e1092d4b882023-02-08 09:46:04.236root 11241100x8000000000000000272215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66996f322d81ac232023-02-08 09:46:04.236root 11241100x8000000000000000272214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726aeef9ce5386982023-02-08 09:46:04.236root 11241100x8000000000000000272213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8a17759222bcc82023-02-08 09:46:04.236root 11241100x8000000000000000272231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cb5c73d1f6126e2023-02-08 09:46:04.237root 11241100x8000000000000000272230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf5d68d2c45c5f22023-02-08 09:46:04.237root 11241100x8000000000000000272229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c1dcd8ad92499a2023-02-08 09:46:04.237root 11241100x8000000000000000272228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836dbac60073a68a2023-02-08 09:46:04.237root 11241100x8000000000000000272227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bc576bf1959dfc2023-02-08 09:46:04.237root 11241100x8000000000000000272226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ce9b236e783c42023-02-08 09:46:04.237root 11241100x8000000000000000272225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbac4bb3ab2d85b32023-02-08 09:46:04.237root 11241100x8000000000000000272224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba6e787d809b8822023-02-08 09:46:04.237root 11241100x8000000000000000272223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df68b45572cff38e2023-02-08 09:46:04.237root 11241100x8000000000000000272239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b5e3279ba8dc322023-02-08 09:46:04.238root 11241100x8000000000000000272238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675b2f6228db0462023-02-08 09:46:04.238root 11241100x8000000000000000272237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbbf09ae1ac28332023-02-08 09:46:04.238root 11241100x8000000000000000272236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ca436ae20157b2023-02-08 09:46:04.238root 11241100x8000000000000000272235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daf800c2e314e592023-02-08 09:46:04.238root 11241100x8000000000000000272234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872b795ebb0925a22023-02-08 09:46:04.238root 11241100x8000000000000000272233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afae2e2cb8016a72023-02-08 09:46:04.238root 11241100x8000000000000000272232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65800378bcce9a2023-02-08 09:46:04.238root 11241100x8000000000000000272245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0e34f048c240a02023-02-08 09:46:04.239root 11241100x8000000000000000272244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e0cfc57b24e8f22023-02-08 09:46:04.239root 11241100x8000000000000000272243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeef780d5b98de92023-02-08 09:46:04.239root 11241100x8000000000000000272242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c14808400fe98b62023-02-08 09:46:04.239root 11241100x8000000000000000272241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41812ac799928c0a2023-02-08 09:46:04.239root 11241100x8000000000000000272240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd99c1036b36805f2023-02-08 09:46:04.239root 11241100x8000000000000000272248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941b88065408f24f2023-02-08 09:46:04.240root 11241100x8000000000000000272247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d6d15f413aa2a52023-02-08 09:46:04.240root 11241100x8000000000000000272246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18de4cb48fd254062023-02-08 09:46:04.240root 11241100x8000000000000000272249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec64faa72ff6d6542023-02-08 09:46:04.241root 11241100x8000000000000000272250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f107031d240776772023-02-08 09:46:04.735root 11241100x8000000000000000272263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475c3942d1efcd632023-02-08 09:46:04.736root 11241100x8000000000000000272262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43673b5aefaf549e2023-02-08 09:46:04.736root 11241100x8000000000000000272261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd993a3bae3c9482023-02-08 09:46:04.736root 11241100x8000000000000000272260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b100a9e8113409c92023-02-08 09:46:04.736root 11241100x8000000000000000272259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6679af727215ce2023-02-08 09:46:04.736root 11241100x8000000000000000272258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688e5afa8d249f3a2023-02-08 09:46:04.736root 11241100x8000000000000000272257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ef2455a2104232023-02-08 09:46:04.736root 11241100x8000000000000000272256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1b28a27e9e5fd22023-02-08 09:46:04.736root 11241100x8000000000000000272255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67b6b6dfe21fa52023-02-08 09:46:04.736root 11241100x8000000000000000272254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423440258e981f72023-02-08 09:46:04.736root 11241100x8000000000000000272253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98903e1a4061d7ad2023-02-08 09:46:04.736root 11241100x8000000000000000272252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b394f6739bae6cf12023-02-08 09:46:04.736root 11241100x8000000000000000272251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa8ad9920665acf2023-02-08 09:46:04.736root 11241100x8000000000000000272274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6233e55bc1eea0bc2023-02-08 09:46:04.737root 11241100x8000000000000000272273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffefbf6621d4f602023-02-08 09:46:04.737root 11241100x8000000000000000272272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22817e17b1e19cf42023-02-08 09:46:04.737root 11241100x8000000000000000272271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc2396f494cbb0e2023-02-08 09:46:04.737root 11241100x8000000000000000272270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a56d6bbff41882023-02-08 09:46:04.737root 11241100x8000000000000000272269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976eb3bb0c79a6ad2023-02-08 09:46:04.737root 11241100x8000000000000000272268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae788949969cb9b2023-02-08 09:46:04.737root 11241100x8000000000000000272267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cbad4a267a5e1d2023-02-08 09:46:04.737root 11241100x8000000000000000272266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e22fd30aaf05e4c2023-02-08 09:46:04.737root 11241100x8000000000000000272265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2927e00e8c574ee82023-02-08 09:46:04.737root 11241100x8000000000000000272264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1b60180234658c2023-02-08 09:46:04.737root 11241100x8000000000000000272287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f53f076bbfe96e2023-02-08 09:46:04.738root 11241100x8000000000000000272286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ac4188510ee6ad2023-02-08 09:46:04.738root 11241100x8000000000000000272285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98b68ed301af7302023-02-08 09:46:04.738root 11241100x8000000000000000272284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b794789c4061ed2023-02-08 09:46:04.738root 11241100x8000000000000000272283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da2cb173bf51022023-02-08 09:46:04.738root 11241100x8000000000000000272282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec268e31c5df6cce2023-02-08 09:46:04.738root 11241100x8000000000000000272281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05cc4d12b904e672023-02-08 09:46:04.738root 11241100x8000000000000000272280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52c77f77cd515652023-02-08 09:46:04.738root 11241100x8000000000000000272279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7b80f231544c912023-02-08 09:46:04.738root 11241100x8000000000000000272278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6202af46fdcfcf9a2023-02-08 09:46:04.738root 11241100x8000000000000000272277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2db4e3331b0c382023-02-08 09:46:04.738root 11241100x8000000000000000272276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daf739f86a333542023-02-08 09:46:04.738root 11241100x8000000000000000272275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d850c65a9455892023-02-08 09:46:04.738root 11241100x8000000000000000272291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48fcda32c00dafc2023-02-08 09:46:05.235root 11241100x8000000000000000272290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168d81bab3eded22023-02-08 09:46:05.235root 11241100x8000000000000000272289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd88677f6d64cb92023-02-08 09:46:05.235root 11241100x8000000000000000272288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fff00ada292ae002023-02-08 09:46:05.235root 11241100x8000000000000000272304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed84cfb87ec12d2023-02-08 09:46:05.236root 11241100x8000000000000000272303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23c1e56599b6a52023-02-08 09:46:05.236root 11241100x8000000000000000272302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8a3cb27ac1c4272023-02-08 09:46:05.236root 11241100x8000000000000000272301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50211332f744e22f2023-02-08 09:46:05.236root 11241100x8000000000000000272300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5996ff855e0aa3e2023-02-08 09:46:05.236root 11241100x8000000000000000272299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776696f24055b39d2023-02-08 09:46:05.236root 11241100x8000000000000000272298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751a86af19e13cc2023-02-08 09:46:05.236root 11241100x8000000000000000272297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d061a8ffe5d9166c2023-02-08 09:46:05.236root 11241100x8000000000000000272296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34259b8e2447f12023-02-08 09:46:05.236root 11241100x8000000000000000272295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d7d5aed1c008ad2023-02-08 09:46:05.236root 11241100x8000000000000000272294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249daf3112fb6df52023-02-08 09:46:05.236root 11241100x8000000000000000272293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24811108d5521a282023-02-08 09:46:05.236root 11241100x8000000000000000272292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e5075f2ea0dad2023-02-08 09:46:05.236root 11241100x8000000000000000272316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2101a854dbbc1f232023-02-08 09:46:05.237root 11241100x8000000000000000272315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a02bf7944313942023-02-08 09:46:05.237root 11241100x8000000000000000272314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0b9b8b958b63d2023-02-08 09:46:05.237root 11241100x8000000000000000272313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a08d77d96f87fe22023-02-08 09:46:05.237root 11241100x8000000000000000272312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30170dc835f2faff2023-02-08 09:46:05.237root 11241100x8000000000000000272311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6effcaa5a12b022023-02-08 09:46:05.237root 11241100x8000000000000000272310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7876bbc943b5a7392023-02-08 09:46:05.237root 11241100x8000000000000000272309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c826effc0ef7285e2023-02-08 09:46:05.237root 11241100x8000000000000000272308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e1971c6bb124202023-02-08 09:46:05.237root 11241100x8000000000000000272307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e03172a7f346cbf2023-02-08 09:46:05.237root 11241100x8000000000000000272306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289f016dc8d33f602023-02-08 09:46:05.237root 11241100x8000000000000000272305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0c39ec28aeb5782023-02-08 09:46:05.237root 11241100x8000000000000000272321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a418f9e037516e452023-02-08 09:46:05.239root 11241100x8000000000000000272320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374fb1a419ddd42c2023-02-08 09:46:05.239root 11241100x8000000000000000272319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f75532be95108d2023-02-08 09:46:05.239root 11241100x8000000000000000272318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef8eeca424e27212023-02-08 09:46:05.239root 11241100x8000000000000000272317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a9d6972be9a04b2023-02-08 09:46:05.239root 11241100x8000000000000000272325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f179abfcb83159a2023-02-08 09:46:05.240root 11241100x8000000000000000272324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d4a0c815443b7e2023-02-08 09:46:05.240root 11241100x8000000000000000272323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2d06d93412bc5d2023-02-08 09:46:05.240root 11241100x8000000000000000272322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4db28a08c529bc2023-02-08 09:46:05.240root 11241100x8000000000000000272329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2663fd10458bc272023-02-08 09:46:05.735root 11241100x8000000000000000272328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5d7e6e9f3178592023-02-08 09:46:05.735root 11241100x8000000000000000272327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e385f59d4037a722023-02-08 09:46:05.735root 11241100x8000000000000000272326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b80834bd26e0e82023-02-08 09:46:05.735root 11241100x8000000000000000272345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b150e2f2b75b8fa12023-02-08 09:46:05.736root 11241100x8000000000000000272344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe00f83c68f7fc2023-02-08 09:46:05.736root 11241100x8000000000000000272343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bfe43fc82d87b2023-02-08 09:46:05.736root 11241100x8000000000000000272342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddac36fa3142d4732023-02-08 09:46:05.736root 11241100x8000000000000000272341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34f63c9100564262023-02-08 09:46:05.736root 11241100x8000000000000000272340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6218388fe79670972023-02-08 09:46:05.736root 11241100x8000000000000000272339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d90705b013b9082023-02-08 09:46:05.736root 11241100x8000000000000000272338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeb94f49c6c85422023-02-08 09:46:05.736root 11241100x8000000000000000272337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843d3f97f0df6a762023-02-08 09:46:05.736root 11241100x8000000000000000272336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de0661d72042c8b2023-02-08 09:46:05.736root 11241100x8000000000000000272335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7b17637199e5442023-02-08 09:46:05.736root 11241100x8000000000000000272334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb3c4de14f5066a2023-02-08 09:46:05.736root 11241100x8000000000000000272333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b989cb2b69d06fe2023-02-08 09:46:05.736root 11241100x8000000000000000272332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d8c19054e99ed2023-02-08 09:46:05.736root 11241100x8000000000000000272331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582df7361645580a2023-02-08 09:46:05.736root 11241100x8000000000000000272330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e1fdcbb4d508de2023-02-08 09:46:05.736root 11241100x8000000000000000272359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9846164c166033152023-02-08 09:46:05.737root 11241100x8000000000000000272358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a321559a33d2cf2023-02-08 09:46:05.737root 11241100x8000000000000000272357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5247a52daaa1b502023-02-08 09:46:05.737root 11241100x8000000000000000272356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0374c2c4f0efb542023-02-08 09:46:05.737root 11241100x8000000000000000272355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093c510bbd6601d92023-02-08 09:46:05.737root 11241100x8000000000000000272354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a661704796d172023-02-08 09:46:05.737root 11241100x8000000000000000272353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54d9981c7bb3fd82023-02-08 09:46:05.737root 11241100x8000000000000000272352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a719e2405d484a82023-02-08 09:46:05.737root 11241100x8000000000000000272351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21872ade034f7712023-02-08 09:46:05.737root 11241100x8000000000000000272350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969b5143f7115542023-02-08 09:46:05.737root 11241100x8000000000000000272349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f853a35be302f32023-02-08 09:46:05.737root 11241100x8000000000000000272348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac1b609d53854db2023-02-08 09:46:05.737root 11241100x8000000000000000272347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7ec8185062b8222023-02-08 09:46:05.737root 11241100x8000000000000000272346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d6be1762b351282023-02-08 09:46:05.737root 11241100x8000000000000000272363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c02e2719a0c08952023-02-08 09:46:05.738root 11241100x8000000000000000272362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71c825cce9975822023-02-08 09:46:05.738root 11241100x8000000000000000272361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b98c305d633ff2023-02-08 09:46:05.738root 11241100x8000000000000000272360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a21b3f321c9f562023-02-08 09:46:05.738root 11241100x8000000000000000272366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf4064d6384cf152023-02-08 09:46:06.235root 11241100x8000000000000000272365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b7acc4582ea2e62023-02-08 09:46:06.235root 11241100x8000000000000000272364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8870a5c64dd2b0442023-02-08 09:46:06.235root 11241100x8000000000000000272380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78fe18485f1e2cf2023-02-08 09:46:06.236root 11241100x8000000000000000272379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c335d148d61e6f2023-02-08 09:46:06.236root 11241100x8000000000000000272378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1b7a879fb68a7a2023-02-08 09:46:06.236root 11241100x8000000000000000272377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e553f509948e36f2023-02-08 09:46:06.236root 11241100x8000000000000000272376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab10848d118f3b92023-02-08 09:46:06.236root 11241100x8000000000000000272375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa96b281ffb81e32023-02-08 09:46:06.236root 11241100x8000000000000000272374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bfc1420b83506d2023-02-08 09:46:06.236root 11241100x8000000000000000272373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fee04f49f875df2023-02-08 09:46:06.236root 11241100x8000000000000000272372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f079bb3248c3102023-02-08 09:46:06.236root 11241100x8000000000000000272371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad9889c02f769f72023-02-08 09:46:06.236root 11241100x8000000000000000272370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a24a58bd97d106c2023-02-08 09:46:06.236root 11241100x8000000000000000272369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158629d1dec29fb42023-02-08 09:46:06.236root 11241100x8000000000000000272368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96714530036a07642023-02-08 09:46:06.236root 11241100x8000000000000000272367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548495080868aef42023-02-08 09:46:06.236root 11241100x8000000000000000272388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107301d793b30c72023-02-08 09:46:06.237root 11241100x8000000000000000272387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4719fc9ac44341b12023-02-08 09:46:06.237root 11241100x8000000000000000272386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9a89da5441e3f2023-02-08 09:46:06.237root 11241100x8000000000000000272385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f461d2a0758677f22023-02-08 09:46:06.237root 11241100x8000000000000000272384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7209e64a0e11312023-02-08 09:46:06.237root 11241100x8000000000000000272383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b229409491ddf22023-02-08 09:46:06.237root 11241100x8000000000000000272382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf0acef58a18702023-02-08 09:46:06.237root 11241100x8000000000000000272381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fcf63f552dfe632023-02-08 09:46:06.237root 11241100x8000000000000000272398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40856ec1adbb9c122023-02-08 09:46:06.238root 11241100x8000000000000000272397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11896fb8125e80e2023-02-08 09:46:06.238root 11241100x8000000000000000272396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9915496c493a12b2023-02-08 09:46:06.238root 11241100x8000000000000000272395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1487b17dc5548a12023-02-08 09:46:06.238root 11241100x8000000000000000272394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c691c10e58d59e2023-02-08 09:46:06.238root 11241100x8000000000000000272393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e05ab15cedb0a952023-02-08 09:46:06.238root 11241100x8000000000000000272392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8a3da95cb976352023-02-08 09:46:06.238root 11241100x8000000000000000272391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ab0b6444e7e2a72023-02-08 09:46:06.238root 11241100x8000000000000000272390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852147c32bfaccc02023-02-08 09:46:06.238root 11241100x8000000000000000272389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b4887d04a3ea32023-02-08 09:46:06.238root 11241100x8000000000000000272401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55c5c466c7f28152023-02-08 09:46:06.239root 11241100x8000000000000000272400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766d0771bde7eb952023-02-08 09:46:06.239root 11241100x8000000000000000272399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cadf8131b9e9dde2023-02-08 09:46:06.239root 11241100x8000000000000000272402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:46:06.363root 354300x8000000000000000272403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.722{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42528-false10.0.1.12-8089- 11241100x8000000000000000272416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e9ecf85701ac962023-02-08 09:46:06.723root 11241100x8000000000000000272415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06a8ee1593af9482023-02-08 09:46:06.723root 11241100x8000000000000000272414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2567869c78a7162023-02-08 09:46:06.723root 11241100x8000000000000000272413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca38ab7a1e6a7102023-02-08 09:46:06.723root 11241100x8000000000000000272412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199f4c189479a6632023-02-08 09:46:06.723root 11241100x8000000000000000272411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aca6d01aba7e512023-02-08 09:46:06.723root 11241100x8000000000000000272410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440f32a754bbe3a72023-02-08 09:46:06.723root 11241100x8000000000000000272409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d82cfcee78b3482023-02-08 09:46:06.723root 11241100x8000000000000000272408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a26bb09d4b48122023-02-08 09:46:06.723root 11241100x8000000000000000272407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0063bb36fcd3ad62023-02-08 09:46:06.723root 11241100x8000000000000000272406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8826b405fe083e5b2023-02-08 09:46:06.723root 11241100x8000000000000000272405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827047c1821b05e2023-02-08 09:46:06.723root 11241100x8000000000000000272404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37333c89fc0cded2023-02-08 09:46:06.723root 11241100x8000000000000000272429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da472ad31d6fa56f2023-02-08 09:46:06.724root 11241100x8000000000000000272428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defdf8459e49581f2023-02-08 09:46:06.724root 11241100x8000000000000000272427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf30b600cf9a3882023-02-08 09:46:06.724root 11241100x8000000000000000272426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4183e27cecf1e20c2023-02-08 09:46:06.724root 11241100x8000000000000000272425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896ac94b29b49faf2023-02-08 09:46:06.724root 11241100x8000000000000000272424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a3bbdec37b2e102023-02-08 09:46:06.724root 11241100x8000000000000000272423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47dd752529d2f2a2023-02-08 09:46:06.724root 11241100x8000000000000000272422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27320760975c97382023-02-08 09:46:06.724root 11241100x8000000000000000272421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647b6eee32372e5a2023-02-08 09:46:06.724root 11241100x8000000000000000272420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35993ae63b9621c22023-02-08 09:46:06.724root 11241100x8000000000000000272419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64f29cf99bfda842023-02-08 09:46:06.724root 11241100x8000000000000000272418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eef940088685d12023-02-08 09:46:06.724root 11241100x8000000000000000272417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d25303b53d1dd52023-02-08 09:46:06.724root 11241100x8000000000000000272435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d68993f2b4446b2023-02-08 09:46:06.725root 11241100x8000000000000000272434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a52dc201f386ddc2023-02-08 09:46:06.725root 11241100x8000000000000000272433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237ddbb7fd5e44e12023-02-08 09:46:06.725root 11241100x8000000000000000272432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2933cd57d5c8982023-02-08 09:46:06.725root 11241100x8000000000000000272431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a08e76651232952023-02-08 09:46:06.725root 11241100x8000000000000000272430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119fa42a2f78fec02023-02-08 09:46:06.725root 11241100x8000000000000000272440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9645c12d2d5bb1d42023-02-08 09:46:06.726root 11241100x8000000000000000272439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4633f50686c4b8d02023-02-08 09:46:06.726root 11241100x8000000000000000272438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3048c9523f3d93a2023-02-08 09:46:06.726root 11241100x8000000000000000272437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ed69a54c88a7b22023-02-08 09:46:06.726root 11241100x8000000000000000272436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be1a8772750952b2023-02-08 09:46:06.726root 11241100x8000000000000000272449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e765a53a48471d2023-02-08 09:46:06.727root 11241100x8000000000000000272448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca6d4497321cf962023-02-08 09:46:06.727root 11241100x8000000000000000272447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693109d56004d8712023-02-08 09:46:06.727root 11241100x8000000000000000272446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45631dc0ffdd4d842023-02-08 09:46:06.727root 11241100x8000000000000000272445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50930157a8e521782023-02-08 09:46:06.727root 11241100x8000000000000000272444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b002940495d4dbc12023-02-08 09:46:06.727root 11241100x8000000000000000272443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a03c030432024a2023-02-08 09:46:06.727root 11241100x8000000000000000272442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44abfd8be4c498f72023-02-08 09:46:06.727root 11241100x8000000000000000272441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1744f3c35cb1a52023-02-08 09:46:06.727root 11241100x8000000000000000272461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f8b5d8b7aa6e62023-02-08 09:46:06.728root 11241100x8000000000000000272460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918241cc13fa67032023-02-08 09:46:06.728root 11241100x8000000000000000272459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b0434e5ae79cc12023-02-08 09:46:06.728root 11241100x8000000000000000272458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33c3d33ab8fc4a42023-02-08 09:46:06.728root 11241100x8000000000000000272457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f617dc06b0b1032023-02-08 09:46:06.728root 11241100x8000000000000000272456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d6e4cf409c0c02023-02-08 09:46:06.728root 11241100x8000000000000000272455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7de97891d6c4b592023-02-08 09:46:06.728root 11241100x8000000000000000272454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bf2ee65675b8bb2023-02-08 09:46:06.728root 11241100x8000000000000000272453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12429937636d9c112023-02-08 09:46:06.728root 11241100x8000000000000000272452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c291f832e1f44b2023-02-08 09:46:06.728root 11241100x8000000000000000272451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0055f3d815230ce62023-02-08 09:46:06.728root 11241100x8000000000000000272450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f20dcf19c354e72023-02-08 09:46:06.728root 11241100x8000000000000000272463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ea6e06fa926c52023-02-08 09:46:06.729root 11241100x8000000000000000272462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb681263013ead2023-02-08 09:46:06.729root 11241100x8000000000000000272471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34aa546b5c0caab2023-02-08 09:46:06.730root 11241100x8000000000000000272470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb3014972df55b2023-02-08 09:46:06.730root 11241100x8000000000000000272469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07d19434cee9c332023-02-08 09:46:06.730root 11241100x8000000000000000272468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7bc2f100a7309c2023-02-08 09:46:06.730root 11241100x8000000000000000272467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395d1e73f93ca6dd2023-02-08 09:46:06.730root 11241100x8000000000000000272466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385ba3de3177a8e22023-02-08 09:46:06.730root 11241100x8000000000000000272465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fdbbb873a7f8012023-02-08 09:46:06.730root 11241100x8000000000000000272464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc9f3bb63f654522023-02-08 09:46:06.730root 11241100x8000000000000000272474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2213c067ed557d32023-02-08 09:46:06.985root 11241100x8000000000000000272473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e4da7759500a72023-02-08 09:46:06.985root 11241100x8000000000000000272472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46f371c87c8e4852023-02-08 09:46:06.985root 11241100x8000000000000000272488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d215ebe31828aa2023-02-08 09:46:06.986root 11241100x8000000000000000272487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d40434692229202023-02-08 09:46:06.986root 11241100x8000000000000000272486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69ef4d084a470922023-02-08 09:46:06.986root 11241100x8000000000000000272485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835a3c357c778bdd2023-02-08 09:46:06.986root 11241100x8000000000000000272484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08773a2c4b89cfaf2023-02-08 09:46:06.986root 11241100x8000000000000000272483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99503fc92a71c7ee2023-02-08 09:46:06.986root 11241100x8000000000000000272482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041c54b4d3d022222023-02-08 09:46:06.986root 11241100x8000000000000000272481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c54cdbb6cf38042023-02-08 09:46:06.986root 11241100x8000000000000000272480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd21fb4ce62fe2482023-02-08 09:46:06.986root 11241100x8000000000000000272479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3576f70980d77ad2023-02-08 09:46:06.986root 11241100x8000000000000000272478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e6eb8113a9c582023-02-08 09:46:06.986root 11241100x8000000000000000272477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0622f62a2ea44db2023-02-08 09:46:06.986root 11241100x8000000000000000272476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47543a9db38249592023-02-08 09:46:06.986root 11241100x8000000000000000272475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cbeb55c3d407712023-02-08 09:46:06.986root 11241100x8000000000000000272493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4aeafaa590db912023-02-08 09:46:06.987root 11241100x8000000000000000272492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce58d3b0fac50992023-02-08 09:46:06.987root 11241100x8000000000000000272491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438639a39890d4b52023-02-08 09:46:06.987root 11241100x8000000000000000272490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd5b66ef4e9f09b2023-02-08 09:46:06.987root 11241100x8000000000000000272489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8132b90a2ba81d32023-02-08 09:46:06.987root 11241100x8000000000000000272499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8e33396ade2c32023-02-08 09:46:06.988root 11241100x8000000000000000272498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335aae9801c069c72023-02-08 09:46:06.988root 11241100x8000000000000000272497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328745a7ade2b8c2023-02-08 09:46:06.988root 11241100x8000000000000000272496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c39c78b95b3192023-02-08 09:46:06.988root 11241100x8000000000000000272495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47f6f0643c41a992023-02-08 09:46:06.988root 11241100x8000000000000000272494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ed84b6b1be910a2023-02-08 09:46:06.988root 11241100x8000000000000000272507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29cc86bb98a497d2023-02-08 09:46:06.989root 11241100x8000000000000000272506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d07959907e9a0b2023-02-08 09:46:06.989root 11241100x8000000000000000272505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238aed73a7bc8012023-02-08 09:46:06.989root 11241100x8000000000000000272504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94266dab1b9270012023-02-08 09:46:06.989root 11241100x8000000000000000272503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644f92ebbfc6d6122023-02-08 09:46:06.989root 11241100x8000000000000000272502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f63060ee27766c12023-02-08 09:46:06.989root 11241100x8000000000000000272501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a06ad363f1be0002023-02-08 09:46:06.989root 11241100x8000000000000000272500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf115d830248e9c2023-02-08 09:46:06.989root 11241100x8000000000000000272508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b391c0b65f0f3392023-02-08 09:46:06.990root 11241100x8000000000000000272511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d2350bab9ef0b22023-02-08 09:46:06.991root 11241100x8000000000000000272510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ccbf68a35846b42023-02-08 09:46:06.991root 11241100x8000000000000000272509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:06.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3105dd4e22f319522023-02-08 09:46:06.991root 11241100x8000000000000000272513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d57141f13c939d2023-02-08 09:46:07.485root 11241100x8000000000000000272512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e919166fbde7e5f2023-02-08 09:46:07.485root 11241100x8000000000000000272518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71731e71ce8a0b2e2023-02-08 09:46:07.486root 11241100x8000000000000000272517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5372d5189e7fc52023-02-08 09:46:07.486root 11241100x8000000000000000272516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b0933df26ed592023-02-08 09:46:07.486root 11241100x8000000000000000272515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be748d81bcf9f3f92023-02-08 09:46:07.486root 11241100x8000000000000000272514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7543d0e3927f002023-02-08 09:46:07.486root 11241100x8000000000000000272523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ecb49fe17223722023-02-08 09:46:07.487root 11241100x8000000000000000272522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e4f0afce10d8d2023-02-08 09:46:07.487root 11241100x8000000000000000272521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fd22279870eb0f2023-02-08 09:46:07.487root 11241100x8000000000000000272520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f75ad05aac6ee2023-02-08 09:46:07.487root 11241100x8000000000000000272519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f3c4070af8ec52023-02-08 09:46:07.487root 11241100x8000000000000000272528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ada6ee89dbbd12d2023-02-08 09:46:07.488root 11241100x8000000000000000272527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a952c1a45f77edb2023-02-08 09:46:07.488root 11241100x8000000000000000272526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d668917b745f92023-02-08 09:46:07.488root 11241100x8000000000000000272525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6f65ff40c7c60a2023-02-08 09:46:07.488root 11241100x8000000000000000272524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204b8d53df652f822023-02-08 09:46:07.488root 11241100x8000000000000000272534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eccf2741eb2493d2023-02-08 09:46:07.489root 11241100x8000000000000000272533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ffcc0ea740d6e82023-02-08 09:46:07.489root 11241100x8000000000000000272532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25002492405bd6dd2023-02-08 09:46:07.489root 11241100x8000000000000000272531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53f0a197b15b9e32023-02-08 09:46:07.489root 11241100x8000000000000000272530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd8bd29f1d27b682023-02-08 09:46:07.489root 11241100x8000000000000000272529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a46ef5137c3d8062023-02-08 09:46:07.489root 11241100x8000000000000000272538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6795ba88fd9a042023-02-08 09:46:07.490root 11241100x8000000000000000272537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7000834aa9a44a562023-02-08 09:46:07.490root 11241100x8000000000000000272536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa93c06959d6f1e82023-02-08 09:46:07.490root 11241100x8000000000000000272535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12847077d506d382023-02-08 09:46:07.490root 11241100x8000000000000000272541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ce7af8ec6486132023-02-08 09:46:07.491root 11241100x8000000000000000272540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d54dabf1526ea442023-02-08 09:46:07.491root 11241100x8000000000000000272539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69937c8ec29e4cd12023-02-08 09:46:07.491root 11241100x8000000000000000272548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211ad50cfbcdc81a2023-02-08 09:46:07.492root 11241100x8000000000000000272547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a69a7c699074fd2023-02-08 09:46:07.492root 11241100x8000000000000000272546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a809014509bf9482023-02-08 09:46:07.492root 11241100x8000000000000000272545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b380dfd2d66177b02023-02-08 09:46:07.492root 11241100x8000000000000000272544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8191e61303742cd42023-02-08 09:46:07.492root 11241100x8000000000000000272543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c7bd70d1750f382023-02-08 09:46:07.492root 11241100x8000000000000000272542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac9df1842ffdf272023-02-08 09:46:07.492root 11241100x8000000000000000272551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eada1d959f67cf42023-02-08 09:46:07.493root 11241100x8000000000000000272550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444efddcbff949832023-02-08 09:46:07.493root 11241100x8000000000000000272549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a320e85daf048962023-02-08 09:46:07.493root 11241100x8000000000000000272552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cad9a7024613492023-02-08 09:46:07.985root 11241100x8000000000000000272558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebb72daffcaa40b2023-02-08 09:46:07.986root 11241100x8000000000000000272557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4689af71e16dda172023-02-08 09:46:07.986root 11241100x8000000000000000272556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66281708c12ef482023-02-08 09:46:07.986root 11241100x8000000000000000272555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1351dd94016212023-02-08 09:46:07.986root 11241100x8000000000000000272554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be1d09b4897ab32023-02-08 09:46:07.986root 11241100x8000000000000000272553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce498d1fbcdd00662023-02-08 09:46:07.986root 11241100x8000000000000000272561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63751a237d63da7c2023-02-08 09:46:07.987root 11241100x8000000000000000272560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5686cbdad140f2023-02-08 09:46:07.987root 11241100x8000000000000000272559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761b26899983b9b22023-02-08 09:46:07.987root 11241100x8000000000000000272566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3241b57b5aca1cc02023-02-08 09:46:07.988root 11241100x8000000000000000272565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d43d46071d6d62023-02-08 09:46:07.988root 11241100x8000000000000000272564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1df4d2c5dbac0412023-02-08 09:46:07.988root 11241100x8000000000000000272563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f37a2fba31eb5d72023-02-08 09:46:07.988root 11241100x8000000000000000272562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aee8b472c558972023-02-08 09:46:07.988root 11241100x8000000000000000272571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2193ed3646cedeab2023-02-08 09:46:07.989root 11241100x8000000000000000272570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101a3f09163d92312023-02-08 09:46:07.989root 11241100x8000000000000000272569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbb59bf0ba0ad572023-02-08 09:46:07.989root 11241100x8000000000000000272568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cdd555d68f5e6c2023-02-08 09:46:07.989root 11241100x8000000000000000272567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27098e4d9efb7f4c2023-02-08 09:46:07.989root 11241100x8000000000000000272577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6145087562cd7a5f2023-02-08 09:46:07.990root 11241100x8000000000000000272576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceceb245bf9f2bb2023-02-08 09:46:07.990root 11241100x8000000000000000272575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab704d08f80595e2023-02-08 09:46:07.990root 11241100x8000000000000000272574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d902021f10f9bb752023-02-08 09:46:07.990root 11241100x8000000000000000272573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b928cd2146aa41812023-02-08 09:46:07.990root 11241100x8000000000000000272572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c08b90fbab374722023-02-08 09:46:07.990root 11241100x8000000000000000272582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aff4010ef65e4222023-02-08 09:46:07.991root 11241100x8000000000000000272581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcc8a0c141892f02023-02-08 09:46:07.991root 11241100x8000000000000000272580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2f784af87ad1be2023-02-08 09:46:07.991root 11241100x8000000000000000272579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6427efe678a8cc3f2023-02-08 09:46:07.991root 11241100x8000000000000000272578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdce26f2b76f30542023-02-08 09:46:07.991root 11241100x8000000000000000272585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbc29ef7afe0ed52023-02-08 09:46:07.992root 11241100x8000000000000000272584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cbbf1d776de2112023-02-08 09:46:07.992root 11241100x8000000000000000272583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6572fe857109b5182023-02-08 09:46:07.992root 11241100x8000000000000000272591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e462e0b6fe62dcd2023-02-08 09:46:07.993root 11241100x8000000000000000272590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eba6f043ed127db2023-02-08 09:46:07.993root 11241100x8000000000000000272589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c769c045d074c7bf2023-02-08 09:46:07.993root 11241100x8000000000000000272588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2e75fa19ac0b5c2023-02-08 09:46:07.993root 11241100x8000000000000000272587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f79aecd90fda0d2023-02-08 09:46:07.993root 11241100x8000000000000000272586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:07.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811949adfdde22cd2023-02-08 09:46:07.993root 11241100x8000000000000000272594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15804156e5f17f822023-02-08 09:46:08.485root 11241100x8000000000000000272593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673e4ee9ff5a134b2023-02-08 09:46:08.485root 11241100x8000000000000000272592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f25f6baf4f3e6b2023-02-08 09:46:08.485root 11241100x8000000000000000272605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b06ce86ca0e16fd2023-02-08 09:46:08.486root 11241100x8000000000000000272604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf347cfbb54efe2023-02-08 09:46:08.486root 11241100x8000000000000000272603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3380afdf2b386d2023-02-08 09:46:08.486root 11241100x8000000000000000272602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4abc36cef414b152023-02-08 09:46:08.486root 11241100x8000000000000000272601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b0984f6ecc7f1b2023-02-08 09:46:08.486root 11241100x8000000000000000272600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c22cabb849f5d602023-02-08 09:46:08.486root 11241100x8000000000000000272599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52174640667ad9fb2023-02-08 09:46:08.486root 11241100x8000000000000000272598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa941c6f22c4d74d2023-02-08 09:46:08.486root 11241100x8000000000000000272597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95715412d59251ab2023-02-08 09:46:08.486root 11241100x8000000000000000272596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d286e699cfa5a382023-02-08 09:46:08.486root 11241100x8000000000000000272595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88dcbf5cb010b3a2023-02-08 09:46:08.486root 11241100x8000000000000000272613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6bfff471d32f1e2023-02-08 09:46:08.487root 11241100x8000000000000000272612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a806fe9676f46e912023-02-08 09:46:08.487root 11241100x8000000000000000272611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df3c74c07f0dd02023-02-08 09:46:08.487root 11241100x8000000000000000272610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64243c05c62fb7a2023-02-08 09:46:08.487root 11241100x8000000000000000272609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c1f7f8990e57572023-02-08 09:46:08.487root 11241100x8000000000000000272608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e6d3ead5d09012023-02-08 09:46:08.487root 11241100x8000000000000000272607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f1c3718c555b9c2023-02-08 09:46:08.487root 11241100x8000000000000000272606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf4621887e74d3c2023-02-08 09:46:08.487root 11241100x8000000000000000272622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8072a233ff7b782023-02-08 09:46:08.488root 11241100x8000000000000000272621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b1e818a98df882023-02-08 09:46:08.488root 11241100x8000000000000000272620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bab16c3aaf9b152023-02-08 09:46:08.488root 11241100x8000000000000000272619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595101ad843f067f2023-02-08 09:46:08.488root 11241100x8000000000000000272618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43063db3dbf40e412023-02-08 09:46:08.488root 11241100x8000000000000000272617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3522e7729d38139e2023-02-08 09:46:08.488root 11241100x8000000000000000272616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61562597525bfb4b2023-02-08 09:46:08.488root 11241100x8000000000000000272615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599973739204b0a52023-02-08 09:46:08.488root 11241100x8000000000000000272614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f28dbd1177917df2023-02-08 09:46:08.488root 11241100x8000000000000000272628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965220e797b8456a2023-02-08 09:46:08.489root 11241100x8000000000000000272627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa350a6154c75c2023-02-08 09:46:08.489root 11241100x8000000000000000272626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485d612a1edff69e2023-02-08 09:46:08.489root 11241100x8000000000000000272625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab02d1d1cc1f73f2023-02-08 09:46:08.489root 11241100x8000000000000000272624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62ef558e93d99292023-02-08 09:46:08.489root 11241100x8000000000000000272623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b71d18982c704a62023-02-08 09:46:08.489root 11241100x8000000000000000272631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47713d479332b43d2023-02-08 09:46:08.490root 11241100x8000000000000000272630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a2ce4e76f981bb2023-02-08 09:46:08.490root 11241100x8000000000000000272629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54a8929427b031e2023-02-08 09:46:08.490root 11241100x8000000000000000272635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282391334f2ccf272023-02-08 09:46:08.985root 11241100x8000000000000000272634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863bf80c0f150b342023-02-08 09:46:08.985root 11241100x8000000000000000272633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0867735328805daf2023-02-08 09:46:08.985root 11241100x8000000000000000272632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42dd6f5676d9ee2023-02-08 09:46:08.985root 11241100x8000000000000000272650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05bdbd5ffcef53d2023-02-08 09:46:08.986root 11241100x8000000000000000272649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b278e70c7b60d492023-02-08 09:46:08.986root 11241100x8000000000000000272648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829a8930a81acbcf2023-02-08 09:46:08.986root 11241100x8000000000000000272647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30606efa15d1e18d2023-02-08 09:46:08.986root 11241100x8000000000000000272646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422920904c23ba12023-02-08 09:46:08.986root 11241100x8000000000000000272645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7089da4c4181e2023-02-08 09:46:08.986root 11241100x8000000000000000272644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3128b85135f9ab2023-02-08 09:46:08.986root 11241100x8000000000000000272643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892773cde69504332023-02-08 09:46:08.986root 11241100x8000000000000000272642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a2816616d27ca2023-02-08 09:46:08.986root 11241100x8000000000000000272641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0cdc156a31b91c2023-02-08 09:46:08.986root 11241100x8000000000000000272640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8606d7d892c55342023-02-08 09:46:08.986root 11241100x8000000000000000272639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032f9e908d3cf5c62023-02-08 09:46:08.986root 11241100x8000000000000000272638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421da3dec61304d72023-02-08 09:46:08.986root 11241100x8000000000000000272637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370d23858a5bf9502023-02-08 09:46:08.986root 11241100x8000000000000000272636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4166b77d87f23c322023-02-08 09:46:08.986root 11241100x8000000000000000272664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d970d3affd4ca2c2023-02-08 09:46:08.987root 11241100x8000000000000000272663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7d2c2d1dc05c002023-02-08 09:46:08.987root 11241100x8000000000000000272662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d540999e063b450f2023-02-08 09:46:08.987root 11241100x8000000000000000272661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcdeb178c7d40ec2023-02-08 09:46:08.987root 11241100x8000000000000000272660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362f023dd4e09e172023-02-08 09:46:08.987root 11241100x8000000000000000272659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caa82f79b0804f82023-02-08 09:46:08.987root 11241100x8000000000000000272658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084d32caf7b37ac82023-02-08 09:46:08.987root 11241100x8000000000000000272657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c38660cffd0c3ff2023-02-08 09:46:08.987root 11241100x8000000000000000272656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1401ece777f1fb2023-02-08 09:46:08.987root 11241100x8000000000000000272655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33efba3a737d8bc52023-02-08 09:46:08.987root 11241100x8000000000000000272654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3934ec530632632023-02-08 09:46:08.987root 11241100x8000000000000000272653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0d1ecfd0f4f97e2023-02-08 09:46:08.987root 11241100x8000000000000000272652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8624349cb37d642023-02-08 09:46:08.987root 11241100x8000000000000000272651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6c0cd8837801b2023-02-08 09:46:08.987root 11241100x8000000000000000272671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24066816d46f03802023-02-08 09:46:08.988root 11241100x8000000000000000272670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39231c408f247ba22023-02-08 09:46:08.988root 11241100x8000000000000000272669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c4fa14e82701e42023-02-08 09:46:08.988root 11241100x8000000000000000272668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccfbc66fd21adc52023-02-08 09:46:08.988root 11241100x8000000000000000272667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a0e20d7ce9d7122023-02-08 09:46:08.988root 11241100x8000000000000000272666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ef20b0b10ae7e2023-02-08 09:46:08.988root 11241100x8000000000000000272665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdef530e239204562023-02-08 09:46:08.988root 354300x8000000000000000272672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.019{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49172-false10.0.1.12-8000- 11241100x8000000000000000272676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba1e171362a1aaa2023-02-08 09:46:09.364root 11241100x8000000000000000272675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130f77bf9dbbdd802023-02-08 09:46:09.364root 11241100x8000000000000000272674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10aeaab7110c4472023-02-08 09:46:09.364root 23542300x8000000000000000272673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000272691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f1f147c64d13662023-02-08 09:46:09.365root 11241100x8000000000000000272690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c34bd17770477ee2023-02-08 09:46:09.365root 11241100x8000000000000000272689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff662cb0c763bdb02023-02-08 09:46:09.365root 11241100x8000000000000000272688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894c1998b634a36b2023-02-08 09:46:09.365root 11241100x8000000000000000272687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f074e8f072407e0c2023-02-08 09:46:09.365root 11241100x8000000000000000272686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f986654aece8c82023-02-08 09:46:09.365root 11241100x8000000000000000272685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421cc1300426fc1d2023-02-08 09:46:09.365root 11241100x8000000000000000272684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9081b26da9f240252023-02-08 09:46:09.365root 11241100x8000000000000000272683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec675da22ff7772023-02-08 09:46:09.365root 11241100x8000000000000000272682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2557567cdfa9b72023-02-08 09:46:09.365root 11241100x8000000000000000272681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811a152755e96f832023-02-08 09:46:09.365root 11241100x8000000000000000272680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b408f30eca793842023-02-08 09:46:09.365root 11241100x8000000000000000272679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9f728af4d194a2023-02-08 09:46:09.365root 11241100x8000000000000000272678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6777e3db1778a1b2023-02-08 09:46:09.365root 11241100x8000000000000000272677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f179557d99d6d32023-02-08 09:46:09.365root 11241100x8000000000000000272708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa73021b31868a62023-02-08 09:46:09.366root 11241100x8000000000000000272707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfa56ef4e2316e62023-02-08 09:46:09.366root 11241100x8000000000000000272706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3cb1141bc6df262023-02-08 09:46:09.366root 11241100x8000000000000000272705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa11ed37e71d62422023-02-08 09:46:09.366root 11241100x8000000000000000272704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48169abd614225d2023-02-08 09:46:09.366root 11241100x8000000000000000272703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b975a0538dbb472023-02-08 09:46:09.366root 11241100x8000000000000000272702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05679b25344139512023-02-08 09:46:09.366root 11241100x8000000000000000272701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3f1e9220a237da2023-02-08 09:46:09.366root 11241100x8000000000000000272700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf5d6663cce3eb32023-02-08 09:46:09.366root 11241100x8000000000000000272699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58b75bc36dff6712023-02-08 09:46:09.366root 11241100x8000000000000000272698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f521a48a3894b52023-02-08 09:46:09.366root 11241100x8000000000000000272697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39d10835291f5e42023-02-08 09:46:09.366root 11241100x8000000000000000272696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695cfdf72c47fe292023-02-08 09:46:09.366root 11241100x8000000000000000272695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab2698cc2d6d2f2023-02-08 09:46:09.366root 11241100x8000000000000000272694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10266431d1d550152023-02-08 09:46:09.366root 11241100x8000000000000000272693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44cd6d83b12bc0b2023-02-08 09:46:09.366root 11241100x8000000000000000272692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074f9ba9e723f8cb2023-02-08 09:46:09.366root 11241100x8000000000000000272718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a39539a181b11f2023-02-08 09:46:09.367root 11241100x8000000000000000272717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62063f6b71a933ce2023-02-08 09:46:09.367root 11241100x8000000000000000272716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b36ad00a17a1622023-02-08 09:46:09.367root 11241100x8000000000000000272715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2e150de3c30d502023-02-08 09:46:09.367root 11241100x8000000000000000272714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab49bec5eef8d7c2023-02-08 09:46:09.367root 11241100x8000000000000000272713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e620d5d89120eb02023-02-08 09:46:09.367root 11241100x8000000000000000272712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa65295b274a9a32023-02-08 09:46:09.367root 11241100x8000000000000000272711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e909ebac31e1be2023-02-08 09:46:09.367root 11241100x8000000000000000272710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db2c82aaa4678652023-02-08 09:46:09.367root 11241100x8000000000000000272709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdb48a6a2cdfdb92023-02-08 09:46:09.367root 11241100x8000000000000000272735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af20699c1ddc6442023-02-08 09:46:09.368root 11241100x8000000000000000272734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dde233ced507e72023-02-08 09:46:09.368root 11241100x8000000000000000272733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef75c78c0b60e302023-02-08 09:46:09.368root 11241100x8000000000000000272732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e727f1ef19505172023-02-08 09:46:09.368root 11241100x8000000000000000272731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f8b618f5f45be42023-02-08 09:46:09.368root 11241100x8000000000000000272730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383d6c9efdfdcff82023-02-08 09:46:09.368root 11241100x8000000000000000272729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3de548323e420072023-02-08 09:46:09.368root 11241100x8000000000000000272728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d2645b482db3f92023-02-08 09:46:09.368root 11241100x8000000000000000272727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208d9251994fe1c2023-02-08 09:46:09.368root 11241100x8000000000000000272726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23225fbfb5eee62023-02-08 09:46:09.368root 11241100x8000000000000000272725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f0db90d43276262023-02-08 09:46:09.368root 11241100x8000000000000000272724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76efa7be0f5a0842023-02-08 09:46:09.368root 11241100x8000000000000000272723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca9a258df056f232023-02-08 09:46:09.368root 11241100x8000000000000000272722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed96971795281e842023-02-08 09:46:09.368root 11241100x8000000000000000272721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af637345f9925382023-02-08 09:46:09.368root 11241100x8000000000000000272720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95970339fb8cf472023-02-08 09:46:09.368root 11241100x8000000000000000272719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef5292d55b57bf62023-02-08 09:46:09.368root 11241100x8000000000000000272746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40488c1e6824ec492023-02-08 09:46:09.369root 11241100x8000000000000000272745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a264f072fe348cdb2023-02-08 09:46:09.369root 11241100x8000000000000000272744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9f169320f62f252023-02-08 09:46:09.369root 11241100x8000000000000000272743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7251d71116bda72c2023-02-08 09:46:09.369root 11241100x8000000000000000272742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d371a6c9fc45e4bd2023-02-08 09:46:09.369root 11241100x8000000000000000272741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92ef607cceb9f932023-02-08 09:46:09.369root 11241100x8000000000000000272740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51c9cc388c52d322023-02-08 09:46:09.369root 11241100x8000000000000000272739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a266bf7b8217a6c2023-02-08 09:46:09.369root 11241100x8000000000000000272738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d88bfe965a6af2023-02-08 09:46:09.369root 11241100x8000000000000000272737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7abcf59854b3112023-02-08 09:46:09.369root 11241100x8000000000000000272736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e114b70f5e4c642023-02-08 09:46:09.369root 11241100x8000000000000000272749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841d476468c840352023-02-08 09:46:09.736root 11241100x8000000000000000272748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61a648b9b493df72023-02-08 09:46:09.736root 11241100x8000000000000000272747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3837a1b5dbe6526e2023-02-08 09:46:09.736root 11241100x8000000000000000272754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696ca25ab933bb292023-02-08 09:46:09.737root 11241100x8000000000000000272753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff207ed642c5e7fb2023-02-08 09:46:09.737root 11241100x8000000000000000272752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf3c552a84c8c8e2023-02-08 09:46:09.737root 11241100x8000000000000000272751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20abbba47a8d44d72023-02-08 09:46:09.737root 11241100x8000000000000000272750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d6db18af5482182023-02-08 09:46:09.737root 11241100x8000000000000000272758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f23d748c0d57322023-02-08 09:46:09.738root 11241100x8000000000000000272757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dd821f2d30f4ff2023-02-08 09:46:09.738root 11241100x8000000000000000272756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd79228d3d5fdac62023-02-08 09:46:09.738root 11241100x8000000000000000272755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103e9f9bf95d7cb2023-02-08 09:46:09.738root 11241100x8000000000000000272759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8b96ffe9917a422023-02-08 09:46:09.739root 11241100x8000000000000000272762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790dd98a94580fbc2023-02-08 09:46:09.740root 11241100x8000000000000000272761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d197f5f20068ad9a2023-02-08 09:46:09.740root 11241100x8000000000000000272760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50c94529ea45bc2023-02-08 09:46:09.740root 11241100x8000000000000000272768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ec56eafeb9b132023-02-08 09:46:09.741root 11241100x8000000000000000272767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b428777978bfd62023-02-08 09:46:09.741root 11241100x8000000000000000272766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77a8711598a36342023-02-08 09:46:09.741root 11241100x8000000000000000272765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396270b549fb62662023-02-08 09:46:09.741root 11241100x8000000000000000272764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800e8c99a2fb64592023-02-08 09:46:09.741root 11241100x8000000000000000272763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314a8dcce20c3a302023-02-08 09:46:09.741root 11241100x8000000000000000272783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad436620bb592272023-02-08 09:46:09.742root 11241100x8000000000000000272782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15579cce9092b77e2023-02-08 09:46:09.742root 11241100x8000000000000000272781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f9f8be6c5c49402023-02-08 09:46:09.742root 11241100x8000000000000000272780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe54d461a449bc72023-02-08 09:46:09.742root 11241100x8000000000000000272779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016c5bda42c4f4532023-02-08 09:46:09.742root 11241100x8000000000000000272778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefd561032557fd42023-02-08 09:46:09.742root 11241100x8000000000000000272777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef11bf6324df9ef2023-02-08 09:46:09.742root 11241100x8000000000000000272776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae33da05d77135cf2023-02-08 09:46:09.742root 11241100x8000000000000000272775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cce81f158b5b862023-02-08 09:46:09.742root 11241100x8000000000000000272774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e98ab29bdf4b762023-02-08 09:46:09.742root 11241100x8000000000000000272773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e1e5945127d52c2023-02-08 09:46:09.742root 11241100x8000000000000000272772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2bfca6c94fb8272023-02-08 09:46:09.742root 11241100x8000000000000000272771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cf306ebe6756232023-02-08 09:46:09.742root 11241100x8000000000000000272770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3fe8540df3868e2023-02-08 09:46:09.742root 11241100x8000000000000000272769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7531b6d25db9e1b52023-02-08 09:46:09.742root 11241100x8000000000000000272788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9066c760ebb149502023-02-08 09:46:09.743root 11241100x8000000000000000272787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4020d126a762712023-02-08 09:46:09.743root 11241100x8000000000000000272786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d154eecd2ddfe72023-02-08 09:46:09.743root 11241100x8000000000000000272785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e066de9dd2ed6d2023-02-08 09:46:09.743root 11241100x8000000000000000272784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:09.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451fa01711e709c02023-02-08 09:46:09.743root 11241100x8000000000000000272800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3aad70f7ec1eae62023-02-08 09:46:10.236root 11241100x8000000000000000272799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ada46f5bfc95b582023-02-08 09:46:10.236root 11241100x8000000000000000272798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1440bbc8ecde498b2023-02-08 09:46:10.236root 11241100x8000000000000000272797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a624aa378a012e2023-02-08 09:46:10.236root 11241100x8000000000000000272796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9f057cd3d15cc92023-02-08 09:46:10.236root 11241100x8000000000000000272795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b347938b9d4e05b12023-02-08 09:46:10.236root 11241100x8000000000000000272794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e893fb20078452e12023-02-08 09:46:10.236root 11241100x8000000000000000272793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c19832536bc5a62023-02-08 09:46:10.236root 11241100x8000000000000000272792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daab3e29d8fcadb72023-02-08 09:46:10.236root 11241100x8000000000000000272791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553ce33b8234c48d2023-02-08 09:46:10.236root 11241100x8000000000000000272790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83c49c32e74d3c22023-02-08 09:46:10.236root 11241100x8000000000000000272789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc419ba65e879bdc2023-02-08 09:46:10.236root 11241100x8000000000000000272811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345979ff2bd076012023-02-08 09:46:10.237root 11241100x8000000000000000272810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd5b757ee69ba0d2023-02-08 09:46:10.237root 11241100x8000000000000000272809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a39a94e050fad72023-02-08 09:46:10.237root 11241100x8000000000000000272808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dc56a8e89386672023-02-08 09:46:10.237root 11241100x8000000000000000272807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df911f6600ec22c2023-02-08 09:46:10.237root 11241100x8000000000000000272806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9540258c8552bef2023-02-08 09:46:10.237root 11241100x8000000000000000272805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6bbd394eace74c2023-02-08 09:46:10.237root 11241100x8000000000000000272804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2ae1145b41728f2023-02-08 09:46:10.237root 11241100x8000000000000000272803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58033dd4b8dcd3b32023-02-08 09:46:10.237root 11241100x8000000000000000272802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b016f19f4bde84f02023-02-08 09:46:10.237root 11241100x8000000000000000272801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ec8c9aa64a38f02023-02-08 09:46:10.237root 11241100x8000000000000000272820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b3f558f2b7f0f2023-02-08 09:46:10.238root 11241100x8000000000000000272819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc7ade6ed2c53e32023-02-08 09:46:10.238root 11241100x8000000000000000272818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a25eee2a1671e252023-02-08 09:46:10.238root 11241100x8000000000000000272817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8116abf2f25b032023-02-08 09:46:10.238root 11241100x8000000000000000272816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97fb6e98492b1022023-02-08 09:46:10.238root 11241100x8000000000000000272815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ab42f342d71f7f2023-02-08 09:46:10.238root 11241100x8000000000000000272814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7d8af9d9550a832023-02-08 09:46:10.238root 11241100x8000000000000000272813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86f2f7593d017532023-02-08 09:46:10.238root 11241100x8000000000000000272812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedfbfe4803ef61e2023-02-08 09:46:10.238root 11241100x8000000000000000272830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cfbc430a69e9d22023-02-08 09:46:10.239root 11241100x8000000000000000272829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f4a0fa32fb3f302023-02-08 09:46:10.239root 11241100x8000000000000000272828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a811465007c31d2023-02-08 09:46:10.239root 11241100x8000000000000000272827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b91e3e94a446252023-02-08 09:46:10.239root 11241100x8000000000000000272826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d53b55f38b856f02023-02-08 09:46:10.239root 11241100x8000000000000000272825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48fc1bbe1dd47092023-02-08 09:46:10.239root 11241100x8000000000000000272824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd372aadafa5f1f2023-02-08 09:46:10.239root 11241100x8000000000000000272823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c723685137524b122023-02-08 09:46:10.239root 11241100x8000000000000000272822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5c6d9d80f2848b2023-02-08 09:46:10.239root 11241100x8000000000000000272821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2172e71fce03d3d82023-02-08 09:46:10.239root 11241100x8000000000000000272839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130330a02d9ff8132023-02-08 09:46:10.736root 11241100x8000000000000000272838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6231e83483ab642d2023-02-08 09:46:10.736root 11241100x8000000000000000272837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac9f45a8082ddc2023-02-08 09:46:10.736root 11241100x8000000000000000272836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2d7c93440e71bf2023-02-08 09:46:10.736root 11241100x8000000000000000272835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba55529cb26a1fa2023-02-08 09:46:10.736root 11241100x8000000000000000272834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61634f1fc41fa172023-02-08 09:46:10.736root 11241100x8000000000000000272833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e0fc8be009efe2023-02-08 09:46:10.736root 11241100x8000000000000000272832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccce1b4c7a7367d2023-02-08 09:46:10.736root 11241100x8000000000000000272831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102a1da6f7534a8f2023-02-08 09:46:10.736root 11241100x8000000000000000272844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d31ea6892ba57c62023-02-08 09:46:10.737root 11241100x8000000000000000272843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ab561ff1e5b232023-02-08 09:46:10.737root 11241100x8000000000000000272842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6459001a34772f2023-02-08 09:46:10.737root 11241100x8000000000000000272841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c155e766ab39cbee2023-02-08 09:46:10.737root 11241100x8000000000000000272840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc387f5dc25391d02023-02-08 09:46:10.737root 11241100x8000000000000000272853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3858f313e779f02023-02-08 09:46:10.738root 11241100x8000000000000000272852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfeea8fb2631ecf2023-02-08 09:46:10.738root 11241100x8000000000000000272851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72800f222c4902692023-02-08 09:46:10.738root 11241100x8000000000000000272850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77ee6484c3dc2782023-02-08 09:46:10.738root 11241100x8000000000000000272849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde25be51934f4852023-02-08 09:46:10.738root 11241100x8000000000000000272848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c2c2c16270a7fb2023-02-08 09:46:10.738root 11241100x8000000000000000272847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd64ecc2789b96e2023-02-08 09:46:10.738root 11241100x8000000000000000272846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680e3f39dd7b63bc2023-02-08 09:46:10.738root 11241100x8000000000000000272845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955e008c7cfb36732023-02-08 09:46:10.738root 11241100x8000000000000000272858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfee0da41fabf8de2023-02-08 09:46:10.739root 11241100x8000000000000000272857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4278f9d0bd9b25732023-02-08 09:46:10.739root 11241100x8000000000000000272856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1675f91d4b70894c2023-02-08 09:46:10.739root 11241100x8000000000000000272855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6cc8dab8cc48022023-02-08 09:46:10.739root 11241100x8000000000000000272854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472e4f7b8aa5398d2023-02-08 09:46:10.739root 11241100x8000000000000000272869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90c745476cef18e2023-02-08 09:46:10.740root 11241100x8000000000000000272868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2e75204fa956b02023-02-08 09:46:10.740root 11241100x8000000000000000272867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4971d15f5fa199f2023-02-08 09:46:10.740root 11241100x8000000000000000272866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109609463ed993d2023-02-08 09:46:10.740root 11241100x8000000000000000272865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca078204cd32229a2023-02-08 09:46:10.740root 11241100x8000000000000000272864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bb9b03d1a51d572023-02-08 09:46:10.740root 11241100x8000000000000000272863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272893c9208e05b32023-02-08 09:46:10.740root 11241100x8000000000000000272862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52be7244ced7d252023-02-08 09:46:10.740root 11241100x8000000000000000272861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bac9b27ccc888f2023-02-08 09:46:10.740root 11241100x8000000000000000272860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e47a457b139aa12023-02-08 09:46:10.740root 11241100x8000000000000000272859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75acd634c20265b82023-02-08 09:46:10.740root 11241100x8000000000000000272872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd9212686542712023-02-08 09:46:10.741root 11241100x8000000000000000272871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6120af1d052e9482023-02-08 09:46:10.741root 11241100x8000000000000000272870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2ae94dc697d43f2023-02-08 09:46:10.741root 11241100x8000000000000000272880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1dd86c52c4070f2023-02-08 09:46:11.234root 11241100x8000000000000000272879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e3db6957512d212023-02-08 09:46:11.234root 11241100x8000000000000000272878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02a4567bf41fcc42023-02-08 09:46:11.234root 11241100x8000000000000000272877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecd004f37e918be2023-02-08 09:46:11.234root 11241100x8000000000000000272876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102381cbb0dc59512023-02-08 09:46:11.234root 11241100x8000000000000000272875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6b8f31ea4c03182023-02-08 09:46:11.234root 11241100x8000000000000000272874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efac69a7e7dc5562023-02-08 09:46:11.234root 11241100x8000000000000000272873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfa8b71fa51b20e2023-02-08 09:46:11.234root 11241100x8000000000000000272896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af379d635dbd132023-02-08 09:46:11.235root 11241100x8000000000000000272895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3358b7bc7299cee92023-02-08 09:46:11.235root 11241100x8000000000000000272894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66895c566069f1c72023-02-08 09:46:11.235root 11241100x8000000000000000272893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70237da8dad84722023-02-08 09:46:11.235root 11241100x8000000000000000272892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de647ec786a1288d2023-02-08 09:46:11.235root 11241100x8000000000000000272891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1fe0b9ec9d5ae12023-02-08 09:46:11.235root 11241100x8000000000000000272890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8847a65a45cf220e2023-02-08 09:46:11.235root 11241100x8000000000000000272889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044f23987f0bcca42023-02-08 09:46:11.235root 11241100x8000000000000000272888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c61cb12d0ac6b882023-02-08 09:46:11.235root 11241100x8000000000000000272887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e07aef57a8b7932023-02-08 09:46:11.235root 11241100x8000000000000000272886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242153bd70266f5e2023-02-08 09:46:11.235root 11241100x8000000000000000272885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be030b345a93416b2023-02-08 09:46:11.235root 11241100x8000000000000000272884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee56c46ffbd9e642023-02-08 09:46:11.235root 11241100x8000000000000000272883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92273855ef656622023-02-08 09:46:11.235root 11241100x8000000000000000272882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4063e72de5ce03682023-02-08 09:46:11.235root 11241100x8000000000000000272881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5882dc6ad4369c82023-02-08 09:46:11.235root 11241100x8000000000000000272909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26cbd61e9a9708d2023-02-08 09:46:11.236root 11241100x8000000000000000272908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d5f66b74fb9ffb2023-02-08 09:46:11.236root 11241100x8000000000000000272907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4318c0010b44c4d52023-02-08 09:46:11.236root 11241100x8000000000000000272906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f3a7c76996a7852023-02-08 09:46:11.236root 11241100x8000000000000000272905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e31dd1677c2b42023-02-08 09:46:11.236root 11241100x8000000000000000272904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5565e8d9f221c722023-02-08 09:46:11.236root 11241100x8000000000000000272903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1af95c4512e918a2023-02-08 09:46:11.236root 11241100x8000000000000000272902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528cf84ca0ae25a12023-02-08 09:46:11.236root 11241100x8000000000000000272901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d985cc3c618b00f2023-02-08 09:46:11.236root 11241100x8000000000000000272900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ecb410eb49b2392023-02-08 09:46:11.236root 11241100x8000000000000000272899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b83e997ec837b902023-02-08 09:46:11.236root 11241100x8000000000000000272898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71328eefccc5b1d22023-02-08 09:46:11.236root 11241100x8000000000000000272897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5df6f4ddd3061092023-02-08 09:46:11.236root 11241100x8000000000000000272919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e769912947e6e4db2023-02-08 09:46:11.237root 11241100x8000000000000000272918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9ecd25fbc9cef32023-02-08 09:46:11.237root 11241100x8000000000000000272917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbc8b2f095c49a12023-02-08 09:46:11.237root 11241100x8000000000000000272916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258aded88ed062ed2023-02-08 09:46:11.237root 11241100x8000000000000000272915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b76bdd59aabea62023-02-08 09:46:11.237root 11241100x8000000000000000272914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b6edabb052588e2023-02-08 09:46:11.237root 11241100x8000000000000000272913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72370c1896c22e22023-02-08 09:46:11.237root 11241100x8000000000000000272912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737e51e774a895e2023-02-08 09:46:11.237root 11241100x8000000000000000272911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd65a34b05d45352023-02-08 09:46:11.237root 11241100x8000000000000000272910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b262981816d7fa2023-02-08 09:46:11.237root 11241100x8000000000000000272921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2d046d4d486992023-02-08 09:46:11.238root 11241100x8000000000000000272920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c50408080af3c92023-02-08 09:46:11.238root 11241100x8000000000000000272933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18237f09a12f137c2023-02-08 09:46:11.239root 11241100x8000000000000000272932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d935fcf12619ce6b2023-02-08 09:46:11.239root 11241100x8000000000000000272931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9652fffd3e9529fd2023-02-08 09:46:11.239root 11241100x8000000000000000272930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0a8117823ae4c32023-02-08 09:46:11.239root 11241100x8000000000000000272929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ff09483aa32c672023-02-08 09:46:11.239root 11241100x8000000000000000272928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd2f5b72fa5412c2023-02-08 09:46:11.239root 11241100x8000000000000000272927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfbf380850d1bb12023-02-08 09:46:11.239root 11241100x8000000000000000272926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71953a17b4fc978b2023-02-08 09:46:11.239root 11241100x8000000000000000272925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baea3aab95ffcb62023-02-08 09:46:11.239root 11241100x8000000000000000272924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5034d676e70db92023-02-08 09:46:11.239root 11241100x8000000000000000272923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccf86e996d7391e2023-02-08 09:46:11.239root 11241100x8000000000000000272922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857fe96d904e55762023-02-08 09:46:11.239root 11241100x8000000000000000272934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e6e871226470a72023-02-08 09:46:11.734root 11241100x8000000000000000272940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba92257b2f5d62732023-02-08 09:46:11.735root 11241100x8000000000000000272939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c2a416746b18282023-02-08 09:46:11.735root 11241100x8000000000000000272938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca07476ffb76ce132023-02-08 09:46:11.735root 11241100x8000000000000000272937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4938f66bb8d13f92023-02-08 09:46:11.735root 11241100x8000000000000000272936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99631eccdacc0122023-02-08 09:46:11.735root 11241100x8000000000000000272935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5515a9738a5ec6ae2023-02-08 09:46:11.735root 11241100x8000000000000000272950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c0a0180d18169c2023-02-08 09:46:11.736root 11241100x8000000000000000272949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c72602e92c9d742023-02-08 09:46:11.736root 11241100x8000000000000000272948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3479a002f08496342023-02-08 09:46:11.736root 11241100x8000000000000000272947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4924debd75d71e2023-02-08 09:46:11.736root 11241100x8000000000000000272946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b8f8f77b9a49d22023-02-08 09:46:11.736root 11241100x8000000000000000272945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f96bfafd4f8b1472023-02-08 09:46:11.736root 11241100x8000000000000000272944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c4a6552759e66b2023-02-08 09:46:11.736root 11241100x8000000000000000272943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56262813775db33d2023-02-08 09:46:11.736root 11241100x8000000000000000272942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0ab28c67a9e0cc2023-02-08 09:46:11.736root 11241100x8000000000000000272941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edb7234ba7ee9192023-02-08 09:46:11.736root 11241100x8000000000000000272956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d13d14c924b4df2023-02-08 09:46:11.737root 11241100x8000000000000000272955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0e97153260f8ea2023-02-08 09:46:11.737root 11241100x8000000000000000272954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a11f9de92c1032023-02-08 09:46:11.737root 11241100x8000000000000000272953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9402bf9102fd8b072023-02-08 09:46:11.737root 11241100x8000000000000000272952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1b1ad8eaec8fb2023-02-08 09:46:11.737root 11241100x8000000000000000272951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ee3072224a97d02023-02-08 09:46:11.737root 11241100x8000000000000000272969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab4eb156d3031682023-02-08 09:46:11.738root 11241100x8000000000000000272968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c08d043686f50f2023-02-08 09:46:11.738root 11241100x8000000000000000272967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e27e9d3e4eeb6e42023-02-08 09:46:11.738root 11241100x8000000000000000272966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea107279712c48b02023-02-08 09:46:11.738root 11241100x8000000000000000272965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2d509f23de0ed32023-02-08 09:46:11.738root 11241100x8000000000000000272964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4f98a4fac0edfd2023-02-08 09:46:11.738root 11241100x8000000000000000272963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ede87402fb13fb2023-02-08 09:46:11.738root 11241100x8000000000000000272962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfa280e0cbda242023-02-08 09:46:11.738root 11241100x8000000000000000272961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea858b3747bed122023-02-08 09:46:11.738root 11241100x8000000000000000272960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d933360b8e298fd12023-02-08 09:46:11.738root 11241100x8000000000000000272959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c09d4c47cad2422023-02-08 09:46:11.738root 11241100x8000000000000000272958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67f37454aeb35662023-02-08 09:46:11.738root 11241100x8000000000000000272957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d5c18dfb38ae062023-02-08 09:46:11.738root 11241100x8000000000000000272980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d1bb68b8f52322023-02-08 09:46:11.739root 11241100x8000000000000000272979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77587a312cf245cc2023-02-08 09:46:11.739root 11241100x8000000000000000272978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97100c98d8bdbb92023-02-08 09:46:11.739root 11241100x8000000000000000272977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f35c84a78413642023-02-08 09:46:11.739root 11241100x8000000000000000272976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076856224ba8ba6d2023-02-08 09:46:11.739root 11241100x8000000000000000272975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc84f11f7a85e5d2023-02-08 09:46:11.739root 11241100x8000000000000000272974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4502a6a016c1d46b2023-02-08 09:46:11.739root 11241100x8000000000000000272973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7d8dcff4ad36542023-02-08 09:46:11.739root 11241100x8000000000000000272972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f10b9f808847002023-02-08 09:46:11.739root 11241100x8000000000000000272971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d9c17888c11c472023-02-08 09:46:11.739root 11241100x8000000000000000272970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e271b8b6fc663e2023-02-08 09:46:11.739root 11241100x8000000000000000272981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1c9f7251e757fb2023-02-08 09:46:11.741root 11241100x8000000000000000272988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcff4eb37f372a372023-02-08 09:46:12.235root 11241100x8000000000000000272987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859cfc8ca07aed592023-02-08 09:46:12.235root 11241100x8000000000000000272986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc278e734a99f19f2023-02-08 09:46:12.235root 11241100x8000000000000000272985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90cd61b1d9368522023-02-08 09:46:12.235root 11241100x8000000000000000272984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3273c323c41453c2023-02-08 09:46:12.235root 11241100x8000000000000000272983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d6d018c6eaf0e92023-02-08 09:46:12.235root 11241100x8000000000000000272982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc74f8e4b327f712023-02-08 09:46:12.235root 11241100x8000000000000000273003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55dc129a5176d2992023-02-08 09:46:12.236root 11241100x8000000000000000273002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bc72ebcfbc22262023-02-08 09:46:12.236root 11241100x8000000000000000273001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73520b3e1023912023-02-08 09:46:12.236root 11241100x8000000000000000273000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72814e9203c8d3c2023-02-08 09:46:12.236root 11241100x8000000000000000272999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ec5eb49b8954132023-02-08 09:46:12.236root 11241100x8000000000000000272998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c785a1d713c7852023-02-08 09:46:12.236root 11241100x8000000000000000272997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b288eae84310f52023-02-08 09:46:12.236root 11241100x8000000000000000272996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11f42d49d1fca8a2023-02-08 09:46:12.236root 11241100x8000000000000000272995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d1ca6c7b8354802023-02-08 09:46:12.236root 11241100x8000000000000000272994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e3485aa4d8ef132023-02-08 09:46:12.236root 11241100x8000000000000000272993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c4f16fe17256d92023-02-08 09:46:12.236root 11241100x8000000000000000272992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9b0a2a9b15ff042023-02-08 09:46:12.236root 11241100x8000000000000000272991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fa869260a146822023-02-08 09:46:12.236root 11241100x8000000000000000272990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb639828d44356012023-02-08 09:46:12.236root 11241100x8000000000000000272989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af2b009bf871fc2023-02-08 09:46:12.236root 11241100x8000000000000000273017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba39e5a1a361b94b2023-02-08 09:46:12.237root 11241100x8000000000000000273016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ca6ac37ac55d92023-02-08 09:46:12.237root 11241100x8000000000000000273015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5050a63c3c907c2023-02-08 09:46:12.237root 11241100x8000000000000000273014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099c6e4eeff932432023-02-08 09:46:12.237root 11241100x8000000000000000273013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9decc75db2b1e8b52023-02-08 09:46:12.237root 11241100x8000000000000000273012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c457ec88641be4122023-02-08 09:46:12.237root 11241100x8000000000000000273011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44162ab5376256742023-02-08 09:46:12.237root 11241100x8000000000000000273010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a877cdf06d05a92023-02-08 09:46:12.237root 11241100x8000000000000000273009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2149060d0439e032023-02-08 09:46:12.237root 11241100x8000000000000000273008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa4e301e7089a822023-02-08 09:46:12.237root 11241100x8000000000000000273007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0318f14258df1332023-02-08 09:46:12.237root 11241100x8000000000000000273006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0538ca38e430f012023-02-08 09:46:12.237root 11241100x8000000000000000273005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137c42334419ea362023-02-08 09:46:12.237root 11241100x8000000000000000273004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a90dbb4367b51ff2023-02-08 09:46:12.237root 11241100x8000000000000000273023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ede7dcb65b7e5e2023-02-08 09:46:12.238root 11241100x8000000000000000273022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd09556e696a2f32023-02-08 09:46:12.238root 11241100x8000000000000000273021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a2002bfc8a65d72023-02-08 09:46:12.238root 11241100x8000000000000000273020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c733b467cbca0ab2023-02-08 09:46:12.238root 11241100x8000000000000000273019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64893c2f8635a3612023-02-08 09:46:12.238root 11241100x8000000000000000273018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d88c15ae6a79c02023-02-08 09:46:12.238root 11241100x8000000000000000273024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9711186774e0a262023-02-08 09:46:12.240root 11241100x8000000000000000273025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92db11597382ec02023-02-08 09:46:12.735root 11241100x8000000000000000273033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea0cf0c359b6662023-02-08 09:46:12.736root 11241100x8000000000000000273032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15fc434e3657e12023-02-08 09:46:12.736root 11241100x8000000000000000273031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8057d4c29c53c4ea2023-02-08 09:46:12.736root 11241100x8000000000000000273030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbc0590e708554c2023-02-08 09:46:12.736root 11241100x8000000000000000273029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c339b9a150174a3f2023-02-08 09:46:12.736root 11241100x8000000000000000273028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5aa8f805e241542023-02-08 09:46:12.736root 11241100x8000000000000000273027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee15175b81bad592023-02-08 09:46:12.736root 11241100x8000000000000000273026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dc5cce5009bb1e2023-02-08 09:46:12.736root 11241100x8000000000000000273038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcace2c624fe16182023-02-08 09:46:12.737root 11241100x8000000000000000273037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960cd882eed686082023-02-08 09:46:12.737root 11241100x8000000000000000273036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb7106306ad3f3e2023-02-08 09:46:12.737root 11241100x8000000000000000273035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790b07eb30690e732023-02-08 09:46:12.737root 11241100x8000000000000000273034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32cf210866c373e2023-02-08 09:46:12.737root 11241100x8000000000000000273046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08833300e96069b2023-02-08 09:46:12.738root 11241100x8000000000000000273045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25d4fde5a8a8fc12023-02-08 09:46:12.738root 11241100x8000000000000000273044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a09799e9e474f82023-02-08 09:46:12.738root 11241100x8000000000000000273043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41bcb88755a9112023-02-08 09:46:12.738root 11241100x8000000000000000273042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2510efdbc4a0ff4b2023-02-08 09:46:12.738root 11241100x8000000000000000273041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9455b0868c96a37b2023-02-08 09:46:12.738root 11241100x8000000000000000273040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d53af5b2e02afe22023-02-08 09:46:12.738root 11241100x8000000000000000273039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169181a0e6ded5172023-02-08 09:46:12.738root 11241100x8000000000000000273053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65a09ee411c5f0b2023-02-08 09:46:12.739root 11241100x8000000000000000273052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204b7e9ce512e562023-02-08 09:46:12.739root 11241100x8000000000000000273051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c131b35c1aaa6792023-02-08 09:46:12.739root 11241100x8000000000000000273050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f9f751b9373a032023-02-08 09:46:12.739root 11241100x8000000000000000273049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb4e0b4f054d1922023-02-08 09:46:12.739root 11241100x8000000000000000273048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c07ee4cc9a8662023-02-08 09:46:12.739root 11241100x8000000000000000273047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99acb2cc93e508a2023-02-08 09:46:12.739root 11241100x8000000000000000273060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6684a5a422c3242023-02-08 09:46:12.740root 11241100x8000000000000000273059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a231c0e9b3bb5632023-02-08 09:46:12.740root 11241100x8000000000000000273058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11337214f3c483382023-02-08 09:46:12.740root 11241100x8000000000000000273057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be3e847a7bc2c5b2023-02-08 09:46:12.740root 11241100x8000000000000000273056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dbad075c9c96802023-02-08 09:46:12.740root 11241100x8000000000000000273055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b40a6b438fd5fc2023-02-08 09:46:12.740root 11241100x8000000000000000273054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cbd0db2f6fdd732023-02-08 09:46:12.740root 11241100x8000000000000000273066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e9051d0004048d2023-02-08 09:46:12.741root 11241100x8000000000000000273065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf9047de2442c0b2023-02-08 09:46:12.741root 11241100x8000000000000000273064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3857cfd54af50eb22023-02-08 09:46:12.741root 11241100x8000000000000000273063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fda9298bf2fd9452023-02-08 09:46:12.741root 11241100x8000000000000000273062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdd3ac0eb2c2e32023-02-08 09:46:12.741root 11241100x8000000000000000273061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:12.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aecedb1a95f52cf2023-02-08 09:46:12.741root 11241100x8000000000000000273072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514025cbccf9ba6c2023-02-08 09:46:13.236root 11241100x8000000000000000273071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd2a6fa4c651542023-02-08 09:46:13.236root 11241100x8000000000000000273070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcfaadb8f5d44ab2023-02-08 09:46:13.236root 11241100x8000000000000000273069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4609c20fdc69fae32023-02-08 09:46:13.236root 11241100x8000000000000000273068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c7beef9ecb242c2023-02-08 09:46:13.236root 11241100x8000000000000000273067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ef32bae2e93caa2023-02-08 09:46:13.236root 11241100x8000000000000000273086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921b0c590d5bf3dc2023-02-08 09:46:13.237root 11241100x8000000000000000273085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d2a290fe928a8f2023-02-08 09:46:13.237root 11241100x8000000000000000273084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca413544bc0b98f42023-02-08 09:46:13.237root 11241100x8000000000000000273083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467cbda75966f64e2023-02-08 09:46:13.237root 11241100x8000000000000000273082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccc94d4dfb085c72023-02-08 09:46:13.237root 11241100x8000000000000000273081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da19a841cc6c71732023-02-08 09:46:13.237root 11241100x8000000000000000273080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be4c06b843251732023-02-08 09:46:13.237root 11241100x8000000000000000273079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5893b6bc4631d32023-02-08 09:46:13.237root 11241100x8000000000000000273078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7500cf33159b17072023-02-08 09:46:13.237root 11241100x8000000000000000273077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8159baccb279778c2023-02-08 09:46:13.237root 11241100x8000000000000000273076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1777819a54bf8bd72023-02-08 09:46:13.237root 11241100x8000000000000000273075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee037484104564aa2023-02-08 09:46:13.237root 11241100x8000000000000000273074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d10910f5693cf1a2023-02-08 09:46:13.237root 11241100x8000000000000000273073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c604e329619f92023-02-08 09:46:13.237root 11241100x8000000000000000273090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb054486fa0639fb2023-02-08 09:46:13.238root 11241100x8000000000000000273089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86c0af4ec7f6282023-02-08 09:46:13.238root 11241100x8000000000000000273088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3935d05ddf4ea6d82023-02-08 09:46:13.238root 11241100x8000000000000000273087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed72b2a4d4e90e382023-02-08 09:46:13.238root 11241100x8000000000000000273101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619b06acc71ed1c72023-02-08 09:46:13.239root 11241100x8000000000000000273100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f139a0434cc63f312023-02-08 09:46:13.239root 11241100x8000000000000000273099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5cb4a07e671f412023-02-08 09:46:13.239root 11241100x8000000000000000273098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bba438143ead12023-02-08 09:46:13.239root 11241100x8000000000000000273097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180334e65b598082023-02-08 09:46:13.239root 11241100x8000000000000000273096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230e79ace85a3cd12023-02-08 09:46:13.239root 11241100x8000000000000000273095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a205f2d758d9ee42023-02-08 09:46:13.239root 11241100x8000000000000000273094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c65c61cd039e292023-02-08 09:46:13.239root 11241100x8000000000000000273093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410f0e7a9e64df2a2023-02-08 09:46:13.239root 11241100x8000000000000000273092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b791afa875adc74c2023-02-08 09:46:13.239root 11241100x8000000000000000273091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e719f13c14df172a2023-02-08 09:46:13.239root 11241100x8000000000000000273105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6fcc8d4c850e3c2023-02-08 09:46:13.240root 11241100x8000000000000000273104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dd32df60b04b112023-02-08 09:46:13.240root 11241100x8000000000000000273103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc0aeef994a7dd12023-02-08 09:46:13.240root 11241100x8000000000000000273102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d97c22ed095a02023-02-08 09:46:13.240root 11241100x8000000000000000273108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc25e70b4e700ad2023-02-08 09:46:13.241root 11241100x8000000000000000273107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7169f178dfccdc2023-02-08 09:46:13.241root 11241100x8000000000000000273106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1619162cee73742023-02-08 09:46:13.241root 11241100x8000000000000000273116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e6f44c970255c2023-02-08 09:46:13.736root 11241100x8000000000000000273115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c9c31152c0ab5c2023-02-08 09:46:13.736root 11241100x8000000000000000273114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef59fe12bdfc67e92023-02-08 09:46:13.736root 11241100x8000000000000000273113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001872fe7150892d2023-02-08 09:46:13.736root 11241100x8000000000000000273112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f69823f909a3fa2023-02-08 09:46:13.736root 11241100x8000000000000000273111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197cd0ce5881f7072023-02-08 09:46:13.736root 11241100x8000000000000000273110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a41fc210c3d892c2023-02-08 09:46:13.736root 11241100x8000000000000000273109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed18cf06153a5fb92023-02-08 09:46:13.736root 11241100x8000000000000000273123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506834912e361b52023-02-08 09:46:13.737root 11241100x8000000000000000273122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad099654ab2e340f2023-02-08 09:46:13.737root 11241100x8000000000000000273121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e001f62451f95a82023-02-08 09:46:13.737root 11241100x8000000000000000273120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaebf5d1c62123e2023-02-08 09:46:13.737root 11241100x8000000000000000273119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5389f3d15be1852023-02-08 09:46:13.737root 11241100x8000000000000000273118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91e3dcfdca3bf8c2023-02-08 09:46:13.737root 11241100x8000000000000000273117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7ca9bb9c218d252023-02-08 09:46:13.737root 11241100x8000000000000000273128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef4a1c081f5a74e2023-02-08 09:46:13.738root 11241100x8000000000000000273127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bceb238fb308e82023-02-08 09:46:13.738root 11241100x8000000000000000273126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091c7833746b0b22023-02-08 09:46:13.738root 11241100x8000000000000000273125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e34c4b08abd72692023-02-08 09:46:13.738root 11241100x8000000000000000273124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8cbb06d6d607d82023-02-08 09:46:13.738root 11241100x8000000000000000273134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2f700e9efdd37d2023-02-08 09:46:13.739root 11241100x8000000000000000273133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66603f04a2c691242023-02-08 09:46:13.739root 11241100x8000000000000000273132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7395b15883660e32023-02-08 09:46:13.739root 11241100x8000000000000000273131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7b0cbefcd430e72023-02-08 09:46:13.739root 11241100x8000000000000000273130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1958a2a704a6782023-02-08 09:46:13.739root 11241100x8000000000000000273129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25bd6e7d9e372012023-02-08 09:46:13.739root 11241100x8000000000000000273138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40052c9707d843502023-02-08 09:46:13.740root 11241100x8000000000000000273137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ce343829fdf432023-02-08 09:46:13.740root 11241100x8000000000000000273136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce62bfabd6660882023-02-08 09:46:13.740root 11241100x8000000000000000273135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26835be3f9c82e6e2023-02-08 09:46:13.740root 11241100x8000000000000000273145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef11f6d7a6ec2f32023-02-08 09:46:13.741root 11241100x8000000000000000273144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1145dab392452fd42023-02-08 09:46:13.741root 11241100x8000000000000000273143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90116e84f1a203c2023-02-08 09:46:13.741root 11241100x8000000000000000273142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cd38a08ba7b2e32023-02-08 09:46:13.741root 11241100x8000000000000000273141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5697a745d3efcabf2023-02-08 09:46:13.741root 11241100x8000000000000000273140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ecf3e5800664d52023-02-08 09:46:13.741root 11241100x8000000000000000273139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ea55540971b4042023-02-08 09:46:13.741root 11241100x8000000000000000273150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d63b298cddba222023-02-08 09:46:13.742root 11241100x8000000000000000273149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4f8fb7daccfc9e2023-02-08 09:46:13.742root 11241100x8000000000000000273148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4397b2fcdfa9df2023-02-08 09:46:13.742root 11241100x8000000000000000273147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458947252960f2ee2023-02-08 09:46:13.742root 11241100x8000000000000000273146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:13.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f912481ec91adc2c2023-02-08 09:46:13.742root 354300x8000000000000000273151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.045{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-49182-false10.0.1.12-8000- 11241100x8000000000000000273152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.048{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fc26912ef91bd42023-02-08 09:46:14.048root 11241100x8000000000000000273153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.049{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167bdc1c093c298b2023-02-08 09:46:14.049root 11241100x8000000000000000273155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.050{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d6e6f4ee881a782023-02-08 09:46:14.050root 11241100x8000000000000000273154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.050{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb0221b91b1b4aa2023-02-08 09:46:14.050root 11241100x8000000000000000273158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.051{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52da9731d5cd74c2023-02-08 09:46:14.051root 11241100x8000000000000000273157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.051{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe1e76c24aceddb2023-02-08 09:46:14.051root 11241100x8000000000000000273156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.051{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d2efff01cc727a2023-02-08 09:46:14.051root 11241100x8000000000000000273169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89de32a2507799d22023-02-08 09:46:14.052root 11241100x8000000000000000273168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a514e42ac357c562023-02-08 09:46:14.052root 11241100x8000000000000000273167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1fb9b1e0994f772023-02-08 09:46:14.052root 11241100x8000000000000000273166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dd4578ac655dea2023-02-08 09:46:14.052root 11241100x8000000000000000273165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba303875d5cf12272023-02-08 09:46:14.052root 11241100x8000000000000000273164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008426c7ae607b2a2023-02-08 09:46:14.052root 11241100x8000000000000000273163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237410d7245a77892023-02-08 09:46:14.052root 11241100x8000000000000000273162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc14aa1eb8c1bb572023-02-08 09:46:14.052root 11241100x8000000000000000273161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909f055953bd03532023-02-08 09:46:14.052root 11241100x8000000000000000273160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c2a7233730c432023-02-08 09:46:14.052root 11241100x8000000000000000273159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.052{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684bb4747cd2cec2023-02-08 09:46:14.052root 11241100x8000000000000000273184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeb685207632e952023-02-08 09:46:14.053root 11241100x8000000000000000273183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ff1790cc8ac0f72023-02-08 09:46:14.053root 11241100x8000000000000000273182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0cab17bd78e8192023-02-08 09:46:14.053root 11241100x8000000000000000273181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fe9546fb5f8edb2023-02-08 09:46:14.053root 11241100x8000000000000000273180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50784eb847b66262023-02-08 09:46:14.053root 11241100x8000000000000000273179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1a1eba49d40ce52023-02-08 09:46:14.053root 11241100x8000000000000000273178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72d0bbc69cee08d2023-02-08 09:46:14.053root 11241100x8000000000000000273177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57005fa7e0a73312023-02-08 09:46:14.053root 11241100x8000000000000000273176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53119d3e43d432a82023-02-08 09:46:14.053root 11241100x8000000000000000273175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e2694ee7386c512023-02-08 09:46:14.053root 11241100x8000000000000000273174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2230732175812ec12023-02-08 09:46:14.053root 11241100x8000000000000000273173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bec9811cb59eae2023-02-08 09:46:14.053root 11241100x8000000000000000273172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3a935c8757a1f42023-02-08 09:46:14.053root 11241100x8000000000000000273171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c41b0a6bdb250c2023-02-08 09:46:14.053root 11241100x8000000000000000273170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.053{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2c5edd94361022023-02-08 09:46:14.053root 11241100x8000000000000000273193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4b8cfd6ca08c92023-02-08 09:46:14.054root 11241100x8000000000000000273192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ba6575dd1475052023-02-08 09:46:14.054root 11241100x8000000000000000273191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639cdc6534da06d02023-02-08 09:46:14.054root 11241100x8000000000000000273190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996c17d86332c9172023-02-08 09:46:14.054root 11241100x8000000000000000273189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4536ba7305b9f05d2023-02-08 09:46:14.054root 11241100x8000000000000000273188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6651348ad2e5fdf2023-02-08 09:46:14.054root 11241100x8000000000000000273187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c91428a3403192023-02-08 09:46:14.054root 11241100x8000000000000000273186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc709c82159fb452023-02-08 09:46:14.054root 11241100x8000000000000000273185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.054{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f4020f4d075e3c2023-02-08 09:46:14.054root 11241100x8000000000000000273194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.055{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbb51d82d9124c2023-02-08 09:46:14.055root 11241100x8000000000000000273200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44bcfa47e9128f42023-02-08 09:46:14.486root 11241100x8000000000000000273199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5637c659350eae7a2023-02-08 09:46:14.486root 11241100x8000000000000000273198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8cf512bf026e842023-02-08 09:46:14.486root 11241100x8000000000000000273197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730e7692d66c032c2023-02-08 09:46:14.486root 11241100x8000000000000000273196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e781817de6e4e2023-02-08 09:46:14.486root 11241100x8000000000000000273195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42c4909367439812023-02-08 09:46:14.486root 11241100x8000000000000000273213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdadea7df0be5be2023-02-08 09:46:14.487root 11241100x8000000000000000273212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31e62ff5333c1012023-02-08 09:46:14.487root 11241100x8000000000000000273211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57742accc64378df2023-02-08 09:46:14.487root 11241100x8000000000000000273210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a20b5b553d6f0372023-02-08 09:46:14.487root 11241100x8000000000000000273209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fb254d0a1935342023-02-08 09:46:14.487root 11241100x8000000000000000273208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edea2345bff324df2023-02-08 09:46:14.487root 11241100x8000000000000000273207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32027866b0e8a5fb2023-02-08 09:46:14.487root 11241100x8000000000000000273206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083f471c769a1c2e2023-02-08 09:46:14.487root 11241100x8000000000000000273205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d05b91badad8b12023-02-08 09:46:14.487root 11241100x8000000000000000273204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4478b485084e642023-02-08 09:46:14.487root 11241100x8000000000000000273203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967589bfdceafa4d2023-02-08 09:46:14.487root 11241100x8000000000000000273202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f7bf494e7ba1b12023-02-08 09:46:14.487root 11241100x8000000000000000273201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c21a44a56268a8a2023-02-08 09:46:14.487root 11241100x8000000000000000273228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03910bd447f5237f2023-02-08 09:46:14.488root 11241100x8000000000000000273227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0959ea46d543e67b2023-02-08 09:46:14.488root 11241100x8000000000000000273226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86427edd5f69d8522023-02-08 09:46:14.488root 11241100x8000000000000000273225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf9cc079cc616042023-02-08 09:46:14.488root 11241100x8000000000000000273224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a607ad8e464cf5b2023-02-08 09:46:14.488root 11241100x8000000000000000273223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7dc3a403d539332023-02-08 09:46:14.488root 11241100x8000000000000000273222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c9c019330c24c22023-02-08 09:46:14.488root 11241100x8000000000000000273221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586826022d310a4a2023-02-08 09:46:14.488root 11241100x8000000000000000273220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a7622e483f8d12023-02-08 09:46:14.488root 11241100x8000000000000000273219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5ac9d1c97b48692023-02-08 09:46:14.488root 11241100x8000000000000000273218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27f13ff5eb152e2023-02-08 09:46:14.488root 11241100x8000000000000000273217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf8bb70f1551792023-02-08 09:46:14.488root 11241100x8000000000000000273216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea71c7c566c0ae32023-02-08 09:46:14.488root 11241100x8000000000000000273215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89429e051ac9afbf2023-02-08 09:46:14.488root 11241100x8000000000000000273214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ce4609b0a4df7f2023-02-08 09:46:14.488root 11241100x8000000000000000273237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc9722a9b60fbe82023-02-08 09:46:14.489root 11241100x8000000000000000273236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261a84836349dad52023-02-08 09:46:14.489root 11241100x8000000000000000273235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade63f9e698488bc2023-02-08 09:46:14.489root 11241100x8000000000000000273234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6680e497b4ea849c2023-02-08 09:46:14.489root 11241100x8000000000000000273233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c302e62608fec182023-02-08 09:46:14.489root 11241100x8000000000000000273232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d449cdc83f092bf2023-02-08 09:46:14.489root 11241100x8000000000000000273231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b1aeb3afc0b6c2023-02-08 09:46:14.489root 11241100x8000000000000000273230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d917d1f05bb13a322023-02-08 09:46:14.489root 11241100x8000000000000000273229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba989bfcc34e4082023-02-08 09:46:14.489root 11241100x8000000000000000273241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4c3f50de1b7f012023-02-08 09:46:14.985root 11241100x8000000000000000273240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed275bbe9120e902023-02-08 09:46:14.985root 11241100x8000000000000000273239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17174c8a06f82d0d2023-02-08 09:46:14.985root 11241100x8000000000000000273238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e8e065001aeaa92023-02-08 09:46:14.985root 11241100x8000000000000000273254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f826eeaa12846862023-02-08 09:46:14.986root 11241100x8000000000000000273253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb0e4a3ab29d6fc2023-02-08 09:46:14.986root 11241100x8000000000000000273252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003b818c0edb7f412023-02-08 09:46:14.986root 11241100x8000000000000000273251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a376bf51a76f93582023-02-08 09:46:14.986root 11241100x8000000000000000273250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb67af531196a12023-02-08 09:46:14.986root 11241100x8000000000000000273249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f80c2ec4c8c8ee2023-02-08 09:46:14.986root 11241100x8000000000000000273248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f30da827aaa0f762023-02-08 09:46:14.986root 11241100x8000000000000000273247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5077b0e9c8e4c492023-02-08 09:46:14.986root 11241100x8000000000000000273246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf98590f5cd91222023-02-08 09:46:14.986root 11241100x8000000000000000273245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b077b285564c1682023-02-08 09:46:14.986root 11241100x8000000000000000273244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b446f9b399d942023-02-08 09:46:14.986root 11241100x8000000000000000273243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287bb9c36b093782023-02-08 09:46:14.986root 11241100x8000000000000000273242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c244921ff49da52023-02-08 09:46:14.986root 11241100x8000000000000000273269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc75dc8c55067172023-02-08 09:46:14.987root 11241100x8000000000000000273268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f772913f93970d2023-02-08 09:46:14.987root 11241100x8000000000000000273267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e231c4c68b95a2023-02-08 09:46:14.987root 11241100x8000000000000000273266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750c2f83d353fe7d2023-02-08 09:46:14.987root 11241100x8000000000000000273265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817b5584e70b2fb32023-02-08 09:46:14.987root 11241100x8000000000000000273264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ecb7f6b5544642023-02-08 09:46:14.987root 11241100x8000000000000000273263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc66db89b0474bc42023-02-08 09:46:14.987root 11241100x8000000000000000273262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0006e6cbf8ae2f2023-02-08 09:46:14.987root 11241100x8000000000000000273261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96c903cf164ac032023-02-08 09:46:14.987root 11241100x8000000000000000273260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bf30b9bd907df22023-02-08 09:46:14.987root 11241100x8000000000000000273259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a71c5843b936e082023-02-08 09:46:14.987root 11241100x8000000000000000273258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8e189998c7ae72023-02-08 09:46:14.987root 11241100x8000000000000000273257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcec283d7bfe9592023-02-08 09:46:14.987root 11241100x8000000000000000273256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11b5153fdd04a6c2023-02-08 09:46:14.987root 11241100x8000000000000000273255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f646f3eab178572023-02-08 09:46:14.987root 11241100x8000000000000000273280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e61999e565bfa42023-02-08 09:46:14.988root 11241100x8000000000000000273279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbbddf3b1dbf5152023-02-08 09:46:14.988root 11241100x8000000000000000273278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dc2c3c7d3deabf2023-02-08 09:46:14.988root 11241100x8000000000000000273277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709cbff36469025f2023-02-08 09:46:14.988root 11241100x8000000000000000273276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1352e27147bb2f5c2023-02-08 09:46:14.988root 11241100x8000000000000000273275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf1779dd610b6732023-02-08 09:46:14.988root 11241100x8000000000000000273274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c83d4db3a3c3c2023-02-08 09:46:14.988root 11241100x8000000000000000273273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e24fae08cc51142023-02-08 09:46:14.988root 11241100x8000000000000000273272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813f6df39b86c7032023-02-08 09:46:14.988root 11241100x8000000000000000273271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d395ca6d2598352023-02-08 09:46:14.988root 11241100x8000000000000000273270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc08e60f5fcd6a2023-02-08 09:46:14.988root 11241100x8000000000000000273281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4aad7b3f1b97c2023-02-08 09:46:15.485root 11241100x8000000000000000273295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299730d7d3f2d9a52023-02-08 09:46:15.486root 11241100x8000000000000000273294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c455abab4c6be2f2023-02-08 09:46:15.486root 11241100x8000000000000000273293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124908f8ff9909db2023-02-08 09:46:15.486root 11241100x8000000000000000273292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f110c4d230dc142023-02-08 09:46:15.486root 11241100x8000000000000000273291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f468905f263e8ee2023-02-08 09:46:15.486root 11241100x8000000000000000273290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe7fd394a9ee2c52023-02-08 09:46:15.486root 11241100x8000000000000000273289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba8213d790b2792023-02-08 09:46:15.486root 11241100x8000000000000000273288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3863d6af39f097c72023-02-08 09:46:15.486root 11241100x8000000000000000273287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7bda1a10efb5412023-02-08 09:46:15.486root 11241100x8000000000000000273286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3283d7008a7511d62023-02-08 09:46:15.486root 11241100x8000000000000000273285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ad0bc589dd1a132023-02-08 09:46:15.486root 11241100x8000000000000000273284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf6cbf71abc2ef62023-02-08 09:46:15.486root 11241100x8000000000000000273283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa9ae0859a0d5b2023-02-08 09:46:15.486root 11241100x8000000000000000273282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b692249c053bf72023-02-08 09:46:15.486root 11241100x8000000000000000273310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4801cdd025ea9d2023-02-08 09:46:15.487root 11241100x8000000000000000273309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4413ffad896a4f732023-02-08 09:46:15.487root 11241100x8000000000000000273308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a61b3fb945904a22023-02-08 09:46:15.487root 11241100x8000000000000000273307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b936fe8b1b8fa7e22023-02-08 09:46:15.487root 11241100x8000000000000000273306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af820ae78d33c2302023-02-08 09:46:15.487root 11241100x8000000000000000273305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d52ea6ad034f0b62023-02-08 09:46:15.487root 11241100x8000000000000000273304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ceb333bc5736812023-02-08 09:46:15.487root 11241100x8000000000000000273303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e4ad619bd810842023-02-08 09:46:15.487root 11241100x8000000000000000273302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9eba705f5c05c412023-02-08 09:46:15.487root 11241100x8000000000000000273301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b22299d64367a2023-02-08 09:46:15.487root 11241100x8000000000000000273300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eed7ff8db8f37a2023-02-08 09:46:15.487root 11241100x8000000000000000273299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9b0a2bd4422d382023-02-08 09:46:15.487root 11241100x8000000000000000273298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174c3876623fdf762023-02-08 09:46:15.487root 11241100x8000000000000000273297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b424c333acbe6a2023-02-08 09:46:15.487root 11241100x8000000000000000273296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf0dcafb49b99c2023-02-08 09:46:15.487root 11241100x8000000000000000273323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c78f0efc6fb5052023-02-08 09:46:15.488root 11241100x8000000000000000273322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42430ad773ce6dad2023-02-08 09:46:15.488root 11241100x8000000000000000273321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7224b08d0a4a8b812023-02-08 09:46:15.488root 11241100x8000000000000000273320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e0ffda0ac9c3a12023-02-08 09:46:15.488root 11241100x8000000000000000273319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d02096c0bc268222023-02-08 09:46:15.488root 11241100x8000000000000000273318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69d3da83befeb9e2023-02-08 09:46:15.488root 11241100x8000000000000000273317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864f47886ba2ac02023-02-08 09:46:15.488root 11241100x8000000000000000273316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b17d23d97495e2023-02-08 09:46:15.488root 11241100x8000000000000000273315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976952b1f4b85c772023-02-08 09:46:15.488root 11241100x8000000000000000273314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e69366ec90942be2023-02-08 09:46:15.488root 11241100x8000000000000000273313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1e13b78a4ddb562023-02-08 09:46:15.488root 11241100x8000000000000000273312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f914452acb3436f2023-02-08 09:46:15.488root 11241100x8000000000000000273311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ff4f201407a6532023-02-08 09:46:15.488root 11241100x8000000000000000273324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88039bff661e3a142023-02-08 09:46:15.985root 11241100x8000000000000000273337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0596db599019ee2023-02-08 09:46:15.986root 11241100x8000000000000000273336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9111ddb6918d63e32023-02-08 09:46:15.986root 11241100x8000000000000000273335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db51f8a07439de2023-02-08 09:46:15.986root 11241100x8000000000000000273334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4248f231b7ded1e2023-02-08 09:46:15.986root 11241100x8000000000000000273333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2196a3222d6c0c2e2023-02-08 09:46:15.986root 11241100x8000000000000000273332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3c42e5973e41122023-02-08 09:46:15.986root 11241100x8000000000000000273331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d476b6221603390c2023-02-08 09:46:15.986root 11241100x8000000000000000273330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2796583a08b2882023-02-08 09:46:15.986root 11241100x8000000000000000273329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36ff38a9cf03602023-02-08 09:46:15.986root 11241100x8000000000000000273328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429a0e9925f003de2023-02-08 09:46:15.986root 11241100x8000000000000000273327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c879a671b51102023-02-08 09:46:15.986root 11241100x8000000000000000273326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc87f582f23e69472023-02-08 09:46:15.986root 11241100x8000000000000000273325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63833f1739b297b2023-02-08 09:46:15.986root 11241100x8000000000000000273350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939faa315fdfeba42023-02-08 09:46:15.987root 11241100x8000000000000000273349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd8844c25dad372023-02-08 09:46:15.987root 11241100x8000000000000000273348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c50aa4e50072252023-02-08 09:46:15.987root 11241100x8000000000000000273347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ebaca74594c93a2023-02-08 09:46:15.987root 11241100x8000000000000000273346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c702f29549c6cf02023-02-08 09:46:15.987root 11241100x8000000000000000273345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2944eb8a1400412023-02-08 09:46:15.987root 11241100x8000000000000000273344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e4f3df71c738f02023-02-08 09:46:15.987root 11241100x8000000000000000273343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b968a654888b372023-02-08 09:46:15.987root 11241100x8000000000000000273342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd58e8d606def1cf2023-02-08 09:46:15.987root 11241100x8000000000000000273341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec8a07d1eb4f482023-02-08 09:46:15.987root 11241100x8000000000000000273340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa8963a7914c5132023-02-08 09:46:15.987root 11241100x8000000000000000273339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d26313aa193023c2023-02-08 09:46:15.987root 11241100x8000000000000000273338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad51e97380d35072023-02-08 09:46:15.987root 11241100x8000000000000000273365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da84331d80d95f412023-02-08 09:46:15.988root 11241100x8000000000000000273364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a022d2dbb3ca2e2023-02-08 09:46:15.988root 11241100x8000000000000000273363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87286aa0b72b76cf2023-02-08 09:46:15.988root 11241100x8000000000000000273362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24169b15c89ad6752023-02-08 09:46:15.988root 11241100x8000000000000000273361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4ca45bf9cabbd12023-02-08 09:46:15.988root 11241100x8000000000000000273360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de11687ab009e2df2023-02-08 09:46:15.988root 11241100x8000000000000000273359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657a0ca6a268f4e22023-02-08 09:46:15.988root 11241100x8000000000000000273358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c691e355c7c40d2023-02-08 09:46:15.988root 11241100x8000000000000000273357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae5e91950712132023-02-08 09:46:15.988root 11241100x8000000000000000273356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f43efb38dcc4fcf2023-02-08 09:46:15.988root 11241100x8000000000000000273355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6870771b219b3e42023-02-08 09:46:15.988root 11241100x8000000000000000273354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8eb9c619f735fb2023-02-08 09:46:15.988root 11241100x8000000000000000273353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247d6e131268b7cf2023-02-08 09:46:15.988root 11241100x8000000000000000273352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03a79ce9983cf092023-02-08 09:46:15.988root 11241100x8000000000000000273351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9570c9f581da75be2023-02-08 09:46:15.988root 11241100x8000000000000000273366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:15.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad6694c955cf3852023-02-08 09:46:15.989root 11241100x8000000000000000273368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca2010eecffc622023-02-08 09:46:16.484root 11241100x8000000000000000273367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929165a11ea9b92e2023-02-08 09:46:16.484root 11241100x8000000000000000273379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22053ca3b97c0292023-02-08 09:46:16.485root 11241100x8000000000000000273378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d140add5738fc9de2023-02-08 09:46:16.485root 11241100x8000000000000000273377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce2f93ff4d748872023-02-08 09:46:16.485root 11241100x8000000000000000273376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecbae47d6df04642023-02-08 09:46:16.485root 11241100x8000000000000000273375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dac589b07f86e52023-02-08 09:46:16.485root 11241100x8000000000000000273374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5618a66c9cc6b32023-02-08 09:46:16.485root 11241100x8000000000000000273373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520969c25fc0d59a2023-02-08 09:46:16.485root 11241100x8000000000000000273372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70ee29da356a7292023-02-08 09:46:16.485root 11241100x8000000000000000273371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccbc835da88904b2023-02-08 09:46:16.485root 11241100x8000000000000000273370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cf49034c2ad0312023-02-08 09:46:16.485root 11241100x8000000000000000273369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00c6ba6a40880b12023-02-08 09:46:16.485root 11241100x8000000000000000273390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fc938e64bdd2922023-02-08 09:46:16.486root 11241100x8000000000000000273389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb0cb6a502d88002023-02-08 09:46:16.486root 11241100x8000000000000000273388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f584b0377de48a12023-02-08 09:46:16.486root 11241100x8000000000000000273387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e4ee961d22c77a2023-02-08 09:46:16.486root 11241100x8000000000000000273386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4026cf9b5173df2023-02-08 09:46:16.486root 11241100x8000000000000000273385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1cc3f6ff50a8d82023-02-08 09:46:16.486root 11241100x8000000000000000273384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8f69bdd7ee89792023-02-08 09:46:16.486root 11241100x8000000000000000273383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f432422d096412c12023-02-08 09:46:16.486root 11241100x8000000000000000273382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa748f9b253ff2892023-02-08 09:46:16.486root 11241100x8000000000000000273381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db8ac8bc4f832c02023-02-08 09:46:16.486root 11241100x8000000000000000273380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4339d624b0e81e2023-02-08 09:46:16.486root 11241100x8000000000000000273399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e0f493d05ea5772023-02-08 09:46:16.487root 11241100x8000000000000000273398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ab07279afbea02023-02-08 09:46:16.487root 11241100x8000000000000000273397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255e3531b55a04b2023-02-08 09:46:16.487root 11241100x8000000000000000273396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e1c2655df8b70b2023-02-08 09:46:16.487root 11241100x8000000000000000273395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60431b8ace7bb682023-02-08 09:46:16.487root 11241100x8000000000000000273394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4574f24024b10fc52023-02-08 09:46:16.487root 11241100x8000000000000000273393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eb88cf6d8b9c1f2023-02-08 09:46:16.487root 11241100x8000000000000000273392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861104290a06ef792023-02-08 09:46:16.487root 11241100x8000000000000000273391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b7ab159dbb2ab2023-02-08 09:46:16.487root 11241100x8000000000000000273405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b315b11b9579152023-02-08 09:46:16.488root 11241100x8000000000000000273404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7800d4373b1cdd0a2023-02-08 09:46:16.488root 11241100x8000000000000000273403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25796b86e11050662023-02-08 09:46:16.488root 11241100x8000000000000000273402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df981dede83649f2023-02-08 09:46:16.488root 11241100x8000000000000000273401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ca84911329d4372023-02-08 09:46:16.488root 11241100x8000000000000000273400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2d9407607b5faf2023-02-08 09:46:16.488root 11241100x8000000000000000273415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a0dfdcbc002f0a2023-02-08 09:46:16.489root 11241100x8000000000000000273414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1393ad59a7443ab22023-02-08 09:46:16.489root 11241100x8000000000000000273413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2fe1ecbae6b072023-02-08 09:46:16.489root 11241100x8000000000000000273412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0600f493b579d2023-02-08 09:46:16.489root 11241100x8000000000000000273411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36652b857234deb32023-02-08 09:46:16.489root 11241100x8000000000000000273410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988ee4a2640bc3392023-02-08 09:46:16.489root 11241100x8000000000000000273409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0db4cea54b6bae2023-02-08 09:46:16.489root 11241100x8000000000000000273408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016140f2a94c20c42023-02-08 09:46:16.489root 11241100x8000000000000000273407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64625e9cf9ae85ca2023-02-08 09:46:16.489root 11241100x8000000000000000273406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3313105b339acfe82023-02-08 09:46:16.489root 11241100x8000000000000000273425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889cb1f04c26061f2023-02-08 09:46:16.490root 11241100x8000000000000000273424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0ea4e98e1d40a92023-02-08 09:46:16.490root 11241100x8000000000000000273423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c9c21adb48434b2023-02-08 09:46:16.490root 11241100x8000000000000000273422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8c1c6b0b3a248c2023-02-08 09:46:16.490root 11241100x8000000000000000273421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0f77925c805db2023-02-08 09:46:16.490root 11241100x8000000000000000273420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba509a4c4b3f0ec2023-02-08 09:46:16.490root 11241100x8000000000000000273419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0eb770ec1d173db2023-02-08 09:46:16.490root 11241100x8000000000000000273418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387235e7f8352f6e2023-02-08 09:46:16.490root 11241100x8000000000000000273417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718b6ce65103e9aa2023-02-08 09:46:16.490root 11241100x8000000000000000273416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535eb171b3acdac82023-02-08 09:46:16.490root 11241100x8000000000000000273427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e437b86b06da3ebd2023-02-08 09:46:16.491root 11241100x8000000000000000273426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc2b42271d6b1672023-02-08 09:46:16.491root 11241100x8000000000000000273429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78526d4f42eeca032023-02-08 09:46:16.492root 11241100x8000000000000000273428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02528f8139f805d32023-02-08 09:46:16.492root 11241100x8000000000000000273436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2b959e548adf892023-02-08 09:46:16.493root 11241100x8000000000000000273435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17751b01877183c2023-02-08 09:46:16.493root 11241100x8000000000000000273434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7aa3ec24bce3b22023-02-08 09:46:16.493root 11241100x8000000000000000273433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4f5120430d31722023-02-08 09:46:16.493root 11241100x8000000000000000273432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d2deb3ec77397f2023-02-08 09:46:16.493root 11241100x8000000000000000273431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b536ba135ff9ae62023-02-08 09:46:16.493root 11241100x8000000000000000273430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009dcb9e0a9048862023-02-08 09:46:16.493root 11241100x8000000000000000273441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3999d88503f3b42023-02-08 09:46:16.494root 11241100x8000000000000000273440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dab4cf1327d0f02023-02-08 09:46:16.494root 11241100x8000000000000000273439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c84d045d151dddb2023-02-08 09:46:16.494root 11241100x8000000000000000273438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f5fc43b85043ee2023-02-08 09:46:16.494root 11241100x8000000000000000273437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c719fd6e5af1e32023-02-08 09:46:16.494root 11241100x8000000000000000273449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6edab6b6478c2e2023-02-08 09:46:16.495root 11241100x8000000000000000273448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ef4df3362a9e342023-02-08 09:46:16.495root 11241100x8000000000000000273447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a405793152c4722023-02-08 09:46:16.495root 11241100x8000000000000000273446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c2b96942da5e52023-02-08 09:46:16.495root 11241100x8000000000000000273445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee77a0930f782e82023-02-08 09:46:16.495root 11241100x8000000000000000273444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13abd4643aa69b0c2023-02-08 09:46:16.495root 11241100x8000000000000000273443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418c5aa62d183032023-02-08 09:46:16.495root 11241100x8000000000000000273442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16d19253debbb192023-02-08 09:46:16.495root 11241100x8000000000000000273451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09251da7378423292023-02-08 09:46:16.496root 11241100x8000000000000000273450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0637da76644e22023-02-08 09:46:16.496root 11241100x8000000000000000273453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db8fa0c0c0ee7c42023-02-08 09:46:16.497root 11241100x8000000000000000273452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c73cd34b981c9d2023-02-08 09:46:16.497root 11241100x8000000000000000273458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a60f25418cee10e2023-02-08 09:46:16.501root 11241100x8000000000000000273457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2f6caf70834b982023-02-08 09:46:16.501root 11241100x8000000000000000273456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517f00ca70da6dfd2023-02-08 09:46:16.501root 11241100x8000000000000000273455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2102ad027b6b4bc52023-02-08 09:46:16.501root 11241100x8000000000000000273454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53acf59698057932023-02-08 09:46:16.501root 11241100x8000000000000000273465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ed5f12b11c85362023-02-08 09:46:16.502root 11241100x8000000000000000273464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f171aed12c8292023-02-08 09:46:16.502root 11241100x8000000000000000273463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ccf17a0c55fe4d2023-02-08 09:46:16.502root 11241100x8000000000000000273462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2032d64634df022023-02-08 09:46:16.502root 11241100x8000000000000000273461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1b98b02a6a14192023-02-08 09:46:16.502root 11241100x8000000000000000273460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2664ec969077592023-02-08 09:46:16.502root 11241100x8000000000000000273459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82514f3bf7addc02023-02-08 09:46:16.502root 11241100x8000000000000000273469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37faddd7f83e6992023-02-08 09:46:16.503root 11241100x8000000000000000273468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0823ac2f518451332023-02-08 09:46:16.503root 11241100x8000000000000000273467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c49ef8dc4e43b02023-02-08 09:46:16.503root 11241100x8000000000000000273466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494a613d7268ee62023-02-08 09:46:16.503root 11241100x8000000000000000273477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fba9257de3cec5e2023-02-08 09:46:16.504root 11241100x8000000000000000273476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ff2a2eb5f120ab2023-02-08 09:46:16.504root 11241100x8000000000000000273475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e657d521092be62023-02-08 09:46:16.504root 11241100x8000000000000000273474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a547bdbcaa27ff162023-02-08 09:46:16.504root 11241100x8000000000000000273473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce30f4560fc64eef2023-02-08 09:46:16.504root 11241100x8000000000000000273472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8b849c83109992023-02-08 09:46:16.504root 11241100x8000000000000000273471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72aa680a0a6854e32023-02-08 09:46:16.504root 11241100x8000000000000000273470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815fe81625ca466c2023-02-08 09:46:16.504root 11241100x8000000000000000273481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3cee50b4227db2023-02-08 09:46:16.505root 11241100x8000000000000000273480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1061a2274c8ceeb2023-02-08 09:46:16.505root 11241100x8000000000000000273479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244aef8e7cec44d52023-02-08 09:46:16.505root 11241100x8000000000000000273478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c5b483923ea85b2023-02-08 09:46:16.505root 11241100x8000000000000000273487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4890b602e5bf31942023-02-08 09:46:16.506root 11241100x8000000000000000273486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1042d415b9c89c8e2023-02-08 09:46:16.506root 11241100x8000000000000000273485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e000a9ec091467e2023-02-08 09:46:16.506root 11241100x8000000000000000273484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274de6860aa0f8022023-02-08 09:46:16.506root 11241100x8000000000000000273483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ae403c935c0ea92023-02-08 09:46:16.506root 11241100x8000000000000000273482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd98f1357e7459f2023-02-08 09:46:16.506root 11241100x8000000000000000273489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a68bc43418ae382023-02-08 09:46:16.507root 11241100x8000000000000000273488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270fbe1ae2d70b6e2023-02-08 09:46:16.507root 11241100x8000000000000000273494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0015a8a2578ffe492023-02-08 09:46:16.510root 11241100x8000000000000000273493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e4b62a65e01dd32023-02-08 09:46:16.510root 11241100x8000000000000000273492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bdc043e5fb413d2023-02-08 09:46:16.510root 11241100x8000000000000000273491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27014b40a816acf2023-02-08 09:46:16.510root 11241100x8000000000000000273490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab967e75d1869962023-02-08 09:46:16.510root 11241100x8000000000000000273495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9695d9b780340a2023-02-08 09:46:16.511root 11241100x8000000000000000273496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.512{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505fda8e03209fe2023-02-08 09:46:16.512root 11241100x8000000000000000273510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c5c21233abaf412023-02-08 09:46:16.986root 11241100x8000000000000000273509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec23abe6e202ff282023-02-08 09:46:16.986root 11241100x8000000000000000273508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d6c685c401e3cd2023-02-08 09:46:16.986root 11241100x8000000000000000273507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f900b204da032fb2023-02-08 09:46:16.986root 11241100x8000000000000000273506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fde312ff200cbf2023-02-08 09:46:16.986root 11241100x8000000000000000273505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d10e7e99aa8e862023-02-08 09:46:16.986root 11241100x8000000000000000273504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b716cec1b17716b2023-02-08 09:46:16.986root 11241100x8000000000000000273503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943b27caa2adf152023-02-08 09:46:16.986root 11241100x8000000000000000273502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d865580cb3042192023-02-08 09:46:16.986root 11241100x8000000000000000273501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ec99ee0e3e1f792023-02-08 09:46:16.986root 11241100x8000000000000000273500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8e9162e01a90142023-02-08 09:46:16.986root 11241100x8000000000000000273499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d34567524c38492023-02-08 09:46:16.986root 11241100x8000000000000000273498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b621c8282977b92023-02-08 09:46:16.986root 11241100x8000000000000000273497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749c9210b254f902023-02-08 09:46:16.986root 11241100x8000000000000000273526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee84ac36e67b1272023-02-08 09:46:16.987root 11241100x8000000000000000273525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0c550c3c89eadb2023-02-08 09:46:16.987root 11241100x8000000000000000273524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b35c9ab97b7a022023-02-08 09:46:16.987root 11241100x8000000000000000273523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760706f0b6d9362b2023-02-08 09:46:16.987root 11241100x8000000000000000273522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a5b2bf3154faa12023-02-08 09:46:16.987root 11241100x8000000000000000273521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e910390f98467b912023-02-08 09:46:16.987root 11241100x8000000000000000273520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd544b4caa5023d92023-02-08 09:46:16.987root 11241100x8000000000000000273519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065504e0fabc5ea42023-02-08 09:46:16.987root 11241100x8000000000000000273518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88f430dbcb9f2f42023-02-08 09:46:16.987root 11241100x8000000000000000273517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069b88668f06d07f2023-02-08 09:46:16.987root 11241100x8000000000000000273516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07304d5cd2080d1d2023-02-08 09:46:16.987root 11241100x8000000000000000273515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d147d144c433bda12023-02-08 09:46:16.987root 11241100x8000000000000000273514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82df315a8f88a642023-02-08 09:46:16.987root 11241100x8000000000000000273513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2461482057d80d2e2023-02-08 09:46:16.987root 11241100x8000000000000000273512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556c383059bb0e452023-02-08 09:46:16.987root 11241100x8000000000000000273511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7334b822676087c42023-02-08 09:46:16.987root 11241100x8000000000000000273539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc362a2e01d11992023-02-08 09:46:16.988root 11241100x8000000000000000273538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce22a2e9f82df4782023-02-08 09:46:16.988root 11241100x8000000000000000273537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea085421c2667eb2023-02-08 09:46:16.988root 11241100x8000000000000000273536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669a0f2b0682db12023-02-08 09:46:16.988root 11241100x8000000000000000273535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652adb6d313805b72023-02-08 09:46:16.988root 11241100x8000000000000000273534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf82508bb9a6090c2023-02-08 09:46:16.988root 11241100x8000000000000000273533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55d5bd95fa3259a2023-02-08 09:46:16.988root 11241100x8000000000000000273532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395c2eb6514e9c02023-02-08 09:46:16.988root 11241100x8000000000000000273531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435a1a59cae53f2d2023-02-08 09:46:16.988root 11241100x8000000000000000273530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f39301c98ea8fd82023-02-08 09:46:16.988root 11241100x8000000000000000273529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e9dc1189d7ad262023-02-08 09:46:16.988root 11241100x8000000000000000273528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4440ebbc5fbcfdd2023-02-08 09:46:16.988root 11241100x8000000000000000273527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294c14cabf60df8e2023-02-08 09:46:16.988root 11241100x8000000000000000273540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1e3e3cb71ea8ef2023-02-08 09:46:17.484root 11241100x8000000000000000273543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ec62e7da5a33e72023-02-08 09:46:17.485root 11241100x8000000000000000273542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f673198d92538142023-02-08 09:46:17.485root 11241100x8000000000000000273541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7775e8840eb1462023-02-08 09:46:17.485root 11241100x8000000000000000273545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e083d625f72e329f2023-02-08 09:46:17.486root 11241100x8000000000000000273544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e12bcc2499310f82023-02-08 09:46:17.486root 11241100x8000000000000000273548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af7b81e16ccff82023-02-08 09:46:17.487root 11241100x8000000000000000273547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e0154f49cd0302023-02-08 09:46:17.487root 11241100x8000000000000000273546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575140f868b8a21b2023-02-08 09:46:17.487root 11241100x8000000000000000273552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e536bdf391a54fb92023-02-08 09:46:17.488root 11241100x8000000000000000273551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9c0d68b93737592023-02-08 09:46:17.488root 11241100x8000000000000000273550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab21be19e697b482023-02-08 09:46:17.488root 11241100x8000000000000000273549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d74e02a55ea6822023-02-08 09:46:17.488root 11241100x8000000000000000273556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d9104ed122174a2023-02-08 09:46:17.489root 11241100x8000000000000000273555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98803f57c2387952023-02-08 09:46:17.489root 11241100x8000000000000000273554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b740acf08f6972023-02-08 09:46:17.489root 11241100x8000000000000000273553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98353811a35096fc2023-02-08 09:46:17.489root 11241100x8000000000000000273562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a1dbf5cb3f26c92023-02-08 09:46:17.490root 11241100x8000000000000000273561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7f2a2bd4d3dba52023-02-08 09:46:17.490root 11241100x8000000000000000273560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835c708be3fcf8fb2023-02-08 09:46:17.490root 11241100x8000000000000000273559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9229afa2078782b2023-02-08 09:46:17.490root 11241100x8000000000000000273558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11e23d05766b4ee2023-02-08 09:46:17.490root 11241100x8000000000000000273557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fa4b6c2a8c62b52023-02-08 09:46:17.490root 11241100x8000000000000000273567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300cc9d00d0de3282023-02-08 09:46:17.491root 11241100x8000000000000000273566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6958676f6a0b12023-02-08 09:46:17.491root 11241100x8000000000000000273565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb64474f9d272ffb2023-02-08 09:46:17.491root 11241100x8000000000000000273564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c350806f8661d842023-02-08 09:46:17.491root 11241100x8000000000000000273563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c791cfed6692d2023-02-08 09:46:17.491root 11241100x8000000000000000273569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafe4faec34246a42023-02-08 09:46:17.492root 11241100x8000000000000000273568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b295c12d940d4f9d2023-02-08 09:46:17.492root 11241100x8000000000000000273572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffa3931094999f92023-02-08 09:46:17.493root 11241100x8000000000000000273571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398bd6eb0ba1c55a2023-02-08 09:46:17.493root 11241100x8000000000000000273570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f175e9c0308d412023-02-08 09:46:17.493root 11241100x8000000000000000273579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442a0f7175678e5d2023-02-08 09:46:17.494root 11241100x8000000000000000273578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308703e103115a2a2023-02-08 09:46:17.494root 11241100x8000000000000000273577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae4c55b72cd9412023-02-08 09:46:17.494root 11241100x8000000000000000273576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bb414593d845f22023-02-08 09:46:17.494root 11241100x8000000000000000273575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b88d2558bb39ce82023-02-08 09:46:17.494root 11241100x8000000000000000273574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42b856ddea892652023-02-08 09:46:17.494root 11241100x8000000000000000273573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006f4e30024468702023-02-08 09:46:17.494root 11241100x8000000000000000273584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c7c777634a97722023-02-08 09:46:17.495root 11241100x8000000000000000273583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87c6565e9f24ede2023-02-08 09:46:17.495root 11241100x8000000000000000273582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7001f31468ea8f2023-02-08 09:46:17.495root 11241100x8000000000000000273581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6049e7751f5512202023-02-08 09:46:17.495root 11241100x8000000000000000273580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f83c0f76afefcf2023-02-08 09:46:17.495root 11241100x8000000000000000273587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3729cb83ee5f6bb2023-02-08 09:46:17.985root 11241100x8000000000000000273586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7728a256657c7bf2023-02-08 09:46:17.985root 11241100x8000000000000000273585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7071f4f4a3103582023-02-08 09:46:17.985root 11241100x8000000000000000273598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5699f61704df41082023-02-08 09:46:17.986root 11241100x8000000000000000273597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b60aea90901d522023-02-08 09:46:17.986root 11241100x8000000000000000273596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0acce81b31e46722023-02-08 09:46:17.986root 11241100x8000000000000000273595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ecaceb762a32642023-02-08 09:46:17.986root 11241100x8000000000000000273594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e07f26bcbb2c662023-02-08 09:46:17.986root 11241100x8000000000000000273593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e168382e9e6fd2023-02-08 09:46:17.986root 11241100x8000000000000000273592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23023e0f723789bc2023-02-08 09:46:17.986root 11241100x8000000000000000273591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1671bc22d0b9350b2023-02-08 09:46:17.986root 11241100x8000000000000000273590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa22339c0ed79b2023-02-08 09:46:17.986root 11241100x8000000000000000273589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b78054b3bfa0b62023-02-08 09:46:17.986root 11241100x8000000000000000273588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac32c71a9cc388e2023-02-08 09:46:17.986root 11241100x8000000000000000273606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314445e258c08ec62023-02-08 09:46:17.987root 11241100x8000000000000000273605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988573d07b78a8262023-02-08 09:46:17.987root 11241100x8000000000000000273604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9e270fc151df4d2023-02-08 09:46:17.987root 11241100x8000000000000000273603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f125de1b7264f02023-02-08 09:46:17.987root 11241100x8000000000000000273602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a2312286e0a602023-02-08 09:46:17.987root 11241100x8000000000000000273601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b742a4904dd2b5ee2023-02-08 09:46:17.987root 11241100x8000000000000000273600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9f6862bd24d972023-02-08 09:46:17.987root 11241100x8000000000000000273599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9ab18a383f94f2023-02-08 09:46:17.987root 11241100x8000000000000000273615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda23204a2f5a1992023-02-08 09:46:17.988root 11241100x8000000000000000273614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d789d9c4e302ee2023-02-08 09:46:17.988root 11241100x8000000000000000273613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0223643d997b772023-02-08 09:46:17.988root 11241100x8000000000000000273612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b934f5c92add5de2023-02-08 09:46:17.988root 11241100x8000000000000000273611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5121b2d0f7804bd62023-02-08 09:46:17.988root 11241100x8000000000000000273610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c12e8b3bbba2de92023-02-08 09:46:17.988root 11241100x8000000000000000273609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1154562312047b2023-02-08 09:46:17.988root 11241100x8000000000000000273608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818b5e91f33319a32023-02-08 09:46:17.988root 11241100x8000000000000000273607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32625aa9c85c52a2023-02-08 09:46:17.988root 11241100x8000000000000000273621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac613d418ccc8982023-02-08 09:46:17.989root 11241100x8000000000000000273620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd9dbfbd84da0182023-02-08 09:46:17.989root 11241100x8000000000000000273619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8830c0d6e0b7ea92023-02-08 09:46:17.989root 11241100x8000000000000000273618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2710494c454b98eb2023-02-08 09:46:17.989root 11241100x8000000000000000273617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e3451bd320fb192023-02-08 09:46:17.989root 11241100x8000000000000000273616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5bdf54e04c66642023-02-08 09:46:17.989root 11241100x8000000000000000273627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9605280a07890c332023-02-08 09:46:17.990root 11241100x8000000000000000273626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbd8b861a6b26822023-02-08 09:46:17.990root 11241100x8000000000000000273625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c049da2d27ec0f32023-02-08 09:46:17.990root 11241100x8000000000000000273624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0a0c0a951ebb82023-02-08 09:46:17.990root 11241100x8000000000000000273623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935d13144733d1d82023-02-08 09:46:17.990root 11241100x8000000000000000273622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08c370198859c832023-02-08 09:46:17.990root 11241100x8000000000000000273629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0cf7abd1680e312023-02-08 09:46:18.484root 11241100x8000000000000000273628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67ca0f01eccd3a72023-02-08 09:46:18.484root 11241100x8000000000000000273637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1598c1d13e2962d2023-02-08 09:46:18.485root 11241100x8000000000000000273636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f72e21d6e133b552023-02-08 09:46:18.485root 11241100x8000000000000000273635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99db1be5f5931aae2023-02-08 09:46:18.485root 11241100x8000000000000000273634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7da0bd5a3797432023-02-08 09:46:18.485root 11241100x8000000000000000273633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d2cd7fa104849b2023-02-08 09:46:18.485root 11241100x8000000000000000273632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb565dcae25110a12023-02-08 09:46:18.485root 11241100x8000000000000000273631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c90f519ef9ea3582023-02-08 09:46:18.485root 11241100x8000000000000000273630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f470307b98f6b60a2023-02-08 09:46:18.485root 11241100x8000000000000000273647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e638ee64b15c6db12023-02-08 09:46:18.486root 11241100x8000000000000000273646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995950219b5ec2d2023-02-08 09:46:18.486root 11241100x8000000000000000273645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10c71f6441ea2452023-02-08 09:46:18.486root 11241100x8000000000000000273644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8286c1327f9582e82023-02-08 09:46:18.486root 11241100x8000000000000000273643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2942f4fd5ab4ef2023-02-08 09:46:18.486root 11241100x8000000000000000273642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5f4122f257e7302023-02-08 09:46:18.486root 11241100x8000000000000000273641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d5636850c41bde2023-02-08 09:46:18.486root 11241100x8000000000000000273640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ee88c1b77f1a452023-02-08 09:46:18.486root 11241100x8000000000000000273639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90f5c6695281172023-02-08 09:46:18.486root 11241100x8000000000000000273638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e948feee7738412023-02-08 09:46:18.486root 11241100x8000000000000000273655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359a863a2a5674a2023-02-08 09:46:18.487root 11241100x8000000000000000273654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2518144e1f8ed02023-02-08 09:46:18.487root 11241100x8000000000000000273653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db922558e1d0c5ac2023-02-08 09:46:18.487root 11241100x8000000000000000273652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52830a277bcfa1642023-02-08 09:46:18.487root 11241100x8000000000000000273651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b267965348193cf22023-02-08 09:46:18.487root 11241100x8000000000000000273650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8749b6043cd46e32023-02-08 09:46:18.487root 11241100x8000000000000000273649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e7f6987c6d27d52023-02-08 09:46:18.487root 11241100x8000000000000000273648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18600b964b98c1502023-02-08 09:46:18.487root 11241100x8000000000000000273664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20988fd592f7536c2023-02-08 09:46:18.488root 11241100x8000000000000000273663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf0c2061e6b58602023-02-08 09:46:18.488root 11241100x8000000000000000273662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8525add20ef182023-02-08 09:46:18.488root 11241100x8000000000000000273661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d58c3eca340f332023-02-08 09:46:18.488root 11241100x8000000000000000273660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f20f4ca1e883792023-02-08 09:46:18.488root 11241100x8000000000000000273659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b926e5028a039c2023-02-08 09:46:18.488root 11241100x8000000000000000273658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010acaa8f3f6a4dc2023-02-08 09:46:18.488root 11241100x8000000000000000273657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6999cf7e6f4e5ce2023-02-08 09:46:18.488root 11241100x8000000000000000273656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc285a9b53258dd92023-02-08 09:46:18.488root 11241100x8000000000000000273673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba1f330923af4e12023-02-08 09:46:18.489root 11241100x8000000000000000273672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f573b18e288ada262023-02-08 09:46:18.489root 11241100x8000000000000000273671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235ebe1fa94dc3dd2023-02-08 09:46:18.489root 11241100x8000000000000000273670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eb90538a0168732023-02-08 09:46:18.489root 11241100x8000000000000000273669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52300871469b0672023-02-08 09:46:18.489root 11241100x8000000000000000273668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae4729274634e02023-02-08 09:46:18.489root 11241100x8000000000000000273667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0572563a0fb758f2023-02-08 09:46:18.489root 11241100x8000000000000000273666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e177b3b2704704d2023-02-08 09:46:18.489root 11241100x8000000000000000273665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fed2d47a1d15872023-02-08 09:46:18.489root 11241100x8000000000000000273674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15e2ade8fe90ce12023-02-08 09:46:18.490root 11241100x8000000000000000273682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006a9ef6ff0ef19b2023-02-08 09:46:18.984root 11241100x8000000000000000273681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03089669616c47562023-02-08 09:46:18.984root 11241100x8000000000000000273680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a1b8f8f93536c2023-02-08 09:46:18.984root 11241100x8000000000000000273679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a98693a542ece2023-02-08 09:46:18.984root 11241100x8000000000000000273678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161208ebc7f17b072023-02-08 09:46:18.984root 11241100x8000000000000000273677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00cb461698770ed2023-02-08 09:46:18.984root 11241100x8000000000000000273676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e65fa9eb5548d2023-02-08 09:46:18.984root 11241100x8000000000000000273675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9467c145c6dfd62023-02-08 09:46:18.984root 11241100x8000000000000000273695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156c40e3a90ef2e42023-02-08 09:46:18.985root 11241100x8000000000000000273694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade6df31e4351d442023-02-08 09:46:18.985root 11241100x8000000000000000273693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe7c5a43e72a8e32023-02-08 09:46:18.985root 11241100x8000000000000000273692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092db5c68a68636d2023-02-08 09:46:18.985root 11241100x8000000000000000273691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0833a4800d32f43b2023-02-08 09:46:18.985root 11241100x8000000000000000273690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596d8173eaf8d35c2023-02-08 09:46:18.985root 11241100x8000000000000000273689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cd46c4c91db5062023-02-08 09:46:18.985root 11241100x8000000000000000273688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b18abb88b0e7f682023-02-08 09:46:18.985root 11241100x8000000000000000273687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ddd43af3734f272023-02-08 09:46:18.985root 11241100x8000000000000000273686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32e60c07dcbefb62023-02-08 09:46:18.985root 11241100x8000000000000000273685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d96d73f1f38312c2023-02-08 09:46:18.985root 11241100x8000000000000000273684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabfbe256bc7645e2023-02-08 09:46:18.985root 11241100x8000000000000000273683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b429a8eae0734152023-02-08 09:46:18.985root 11241100x8000000000000000273707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89842346efab5e1d2023-02-08 09:46:18.986root 11241100x8000000000000000273706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0c697c82b7a9952023-02-08 09:46:18.986root 11241100x8000000000000000273705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7141c3f811190a2023-02-08 09:46:18.986root 11241100x8000000000000000273704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c45c1763b4f3f12023-02-08 09:46:18.986root 11241100x8000000000000000273703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1e8d903b41b3bf2023-02-08 09:46:18.986root 11241100x8000000000000000273702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81863b2a4d19f4132023-02-08 09:46:18.986root 11241100x8000000000000000273701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39148fc1ead8a61d2023-02-08 09:46:18.986root 11241100x8000000000000000273700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bfe584f47a378a2023-02-08 09:46:18.986root 11241100x8000000000000000273699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9826099c4eb83edf2023-02-08 09:46:18.986root 11241100x8000000000000000273698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f258f559f061b23b2023-02-08 09:46:18.986root 11241100x8000000000000000273697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ba57c55c8846812023-02-08 09:46:18.986root 11241100x8000000000000000273696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8989337e0c92fe42023-02-08 09:46:18.986root 11241100x8000000000000000273718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f560504ace171bf12023-02-08 09:46:18.987root 11241100x8000000000000000273717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bda7b87aa5d803a2023-02-08 09:46:18.987root 11241100x8000000000000000273716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1180f78c6f2b6612023-02-08 09:46:18.987root 11241100x8000000000000000273715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d0e4b3cdb413d42023-02-08 09:46:18.987root 11241100x8000000000000000273714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addf28a644416cfb2023-02-08 09:46:18.987root 11241100x8000000000000000273713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c018b6b40306d162023-02-08 09:46:18.987root 11241100x8000000000000000273712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b702f1586da942023-02-08 09:46:18.987root 11241100x8000000000000000273711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e71a6ebc9aebee2023-02-08 09:46:18.987root 11241100x8000000000000000273710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aec6358583b23dc2023-02-08 09:46:18.987root 11241100x8000000000000000273709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256db28fe86574502023-02-08 09:46:18.987root 11241100x8000000000000000273708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2874976c7b561d672023-02-08 09:46:18.987root 11241100x8000000000000000273726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9f712e6e06720f2023-02-08 09:46:18.988root 11241100x8000000000000000273725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21074c5bb4c63ed12023-02-08 09:46:18.988root 11241100x8000000000000000273724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ba40e32a214ad2023-02-08 09:46:18.988root 11241100x8000000000000000273723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822973c8eaaddbbd2023-02-08 09:46:18.988root 11241100x8000000000000000273722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8be3bdb315525e2023-02-08 09:46:18.988root 11241100x8000000000000000273721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d774c2c5d22515672023-02-08 09:46:18.988root 11241100x8000000000000000273720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bad5527a87110692023-02-08 09:46:18.988root 11241100x8000000000000000273719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e651fdf24dd86542023-02-08 09:46:18.988root 11241100x8000000000000000273728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f2c2c3103da35c2023-02-08 09:46:18.990root 11241100x8000000000000000273727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5c8fe630b06cd32023-02-08 09:46:18.990root 11241100x8000000000000000273739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f83c619fec1cc562023-02-08 09:46:18.991root 11241100x8000000000000000273738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4952610d8af8fc2023-02-08 09:46:18.991root 11241100x8000000000000000273737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79557a4f24f0b8642023-02-08 09:46:18.991root 11241100x8000000000000000273736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3b0ccdc5b1c8992023-02-08 09:46:18.991root 11241100x8000000000000000273735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e9d2b0903ffcbd2023-02-08 09:46:18.991root 11241100x8000000000000000273734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fefbb0d16555202023-02-08 09:46:18.991root 11241100x8000000000000000273733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa604c50275125dd2023-02-08 09:46:18.991root 11241100x8000000000000000273732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159f26a96f32c6092023-02-08 09:46:18.991root 11241100x8000000000000000273731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c822e694cb296b82023-02-08 09:46:18.991root 11241100x8000000000000000273730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4c815a62b8ec342023-02-08 09:46:18.991root 11241100x8000000000000000273729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a413267d83a3070a2023-02-08 09:46:18.991root 11241100x8000000000000000273749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c007d532ad5133d2023-02-08 09:46:18.992root 11241100x8000000000000000273748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d63e9239bf5ab12023-02-08 09:46:18.992root 11241100x8000000000000000273747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df766313883aa78c2023-02-08 09:46:18.992root 11241100x8000000000000000273746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce09b3b8c2e2afc2023-02-08 09:46:18.992root 11241100x8000000000000000273745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d765439271b732f2023-02-08 09:46:18.992root 11241100x8000000000000000273744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768d7de9caa7f0992023-02-08 09:46:18.992root 11241100x8000000000000000273743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9e112a226d6cf62023-02-08 09:46:18.992root 11241100x8000000000000000273742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8371dd608df9bc0d2023-02-08 09:46:18.992root 11241100x8000000000000000273741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3624fe18c262a42023-02-08 09:46:18.992root 11241100x8000000000000000273740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2604253841b2b422023-02-08 09:46:18.992root 11241100x8000000000000000273758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bbb4cec5e3981d2023-02-08 09:46:18.993root 11241100x8000000000000000273757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a4fbc15331f7d2023-02-08 09:46:18.993root 11241100x8000000000000000273756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79d81cc158b8c82023-02-08 09:46:18.993root 11241100x8000000000000000273755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ecc6612ab168602023-02-08 09:46:18.993root 11241100x8000000000000000273754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9d9b21c6e3350c2023-02-08 09:46:18.993root 11241100x8000000000000000273753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8820f13d06a48ed2023-02-08 09:46:18.993root 11241100x8000000000000000273752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318322e14318734a2023-02-08 09:46:18.993root 11241100x8000000000000000273751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549df901cbcbf95d2023-02-08 09:46:18.993root 11241100x8000000000000000273750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c7ea94a1b1bca52023-02-08 09:46:18.993root 11241100x8000000000000000273760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9b7313de120a742023-02-08 09:46:18.994root 11241100x8000000000000000273759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:18.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623085219d376d482023-02-08 09:46:18.994root 354300x8000000000000000273761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.145{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46718-false10.0.1.12-8000- 11241100x8000000000000000273762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5782a1d1f0cc2a2023-02-08 09:46:19.484root 11241100x8000000000000000273766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb36c222b59602142023-02-08 09:46:19.485root 11241100x8000000000000000273765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d710d85e4c88fde2023-02-08 09:46:19.485root 11241100x8000000000000000273764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180f95884a6d9bf2023-02-08 09:46:19.485root 11241100x8000000000000000273763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e141923247cf8222023-02-08 09:46:19.485root 11241100x8000000000000000273770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2558ca68850a032023-02-08 09:46:19.486root 11241100x8000000000000000273769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac30c7b82c84fa72023-02-08 09:46:19.486root 11241100x8000000000000000273768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4bf977fea2be0b2023-02-08 09:46:19.486root 11241100x8000000000000000273767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5251072ae9005b2023-02-08 09:46:19.486root 11241100x8000000000000000273774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b2e04971439792023-02-08 09:46:19.487root 11241100x8000000000000000273773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d90f1019723aea32023-02-08 09:46:19.487root 11241100x8000000000000000273772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec185ecf136c3fc02023-02-08 09:46:19.487root 11241100x8000000000000000273771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1d317ec830aa22023-02-08 09:46:19.487root 11241100x8000000000000000273775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf98989d54f6ba2023-02-08 09:46:19.488root 11241100x8000000000000000273780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b925001e2869b82023-02-08 09:46:19.489root 11241100x8000000000000000273779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0617fd4392d52f02023-02-08 09:46:19.489root 11241100x8000000000000000273778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f504fcc1c2766de52023-02-08 09:46:19.489root 11241100x8000000000000000273777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318644b242f143b2023-02-08 09:46:19.489root 11241100x8000000000000000273776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37849d1d4e658ca12023-02-08 09:46:19.489root 11241100x8000000000000000273788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de52cacd795a7df2023-02-08 09:46:19.490root 11241100x8000000000000000273787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3e747596559da2023-02-08 09:46:19.490root 11241100x8000000000000000273786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d51951da0c1bfad2023-02-08 09:46:19.490root 11241100x8000000000000000273785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3172dce88a70d54f2023-02-08 09:46:19.490root 11241100x8000000000000000273784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768bcf76d07060082023-02-08 09:46:19.490root 11241100x8000000000000000273783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2e1d981f3d43922023-02-08 09:46:19.490root 11241100x8000000000000000273782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecd2ca066d634fc2023-02-08 09:46:19.490root 11241100x8000000000000000273781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df446ab52c5ce36e2023-02-08 09:46:19.490root 11241100x8000000000000000273790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a788f50b3bfce72023-02-08 09:46:19.491root 11241100x8000000000000000273789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25732c3a94525ff32023-02-08 09:46:19.491root 11241100x8000000000000000273801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4158e99600d8d6b62023-02-08 09:46:19.492root 11241100x8000000000000000273800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d800f858f3f6f9102023-02-08 09:46:19.492root 11241100x8000000000000000273799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4787096243bbe6af2023-02-08 09:46:19.492root 11241100x8000000000000000273798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53268e11481ab282023-02-08 09:46:19.492root 11241100x8000000000000000273797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab8ffb9e36f204b2023-02-08 09:46:19.492root 11241100x8000000000000000273796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170a902a69371132023-02-08 09:46:19.492root 11241100x8000000000000000273795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b393b660d329b8202023-02-08 09:46:19.492root 11241100x8000000000000000273794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d32bc8624f304132023-02-08 09:46:19.492root 11241100x8000000000000000273793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3817dd84730de15c2023-02-08 09:46:19.492root 11241100x8000000000000000273792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81412fff02280ad2023-02-08 09:46:19.492root 11241100x8000000000000000273791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0018d4fbd6efeadb2023-02-08 09:46:19.492root 11241100x8000000000000000273808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a361d78fa161f82023-02-08 09:46:19.493root 11241100x8000000000000000273807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e22e6332cc6e0792023-02-08 09:46:19.493root 11241100x8000000000000000273806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb4a3554d8f29422023-02-08 09:46:19.493root 11241100x8000000000000000273805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea7ded33fa7913d2023-02-08 09:46:19.493root 11241100x8000000000000000273804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045f258aee56dcb92023-02-08 09:46:19.493root 11241100x8000000000000000273803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf62edc2b62235e32023-02-08 09:46:19.493root 11241100x8000000000000000273802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0ee7bc718b6c9b2023-02-08 09:46:19.493root 11241100x8000000000000000273810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a1b2445555ff732023-02-08 09:46:19.494root 11241100x8000000000000000273809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acfab28c211ad302023-02-08 09:46:19.494root 11241100x8000000000000000273819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eff687003d4dbfd2023-02-08 09:46:19.984root 11241100x8000000000000000273818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5b51bd247202542023-02-08 09:46:19.984root 11241100x8000000000000000273817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21ea5c6110e92da2023-02-08 09:46:19.984root 11241100x8000000000000000273816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f06e1cff4328e32023-02-08 09:46:19.984root 11241100x8000000000000000273815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0613142504848aa42023-02-08 09:46:19.984root 11241100x8000000000000000273814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b68b6669f94f84e2023-02-08 09:46:19.984root 11241100x8000000000000000273813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0779b73e489d142023-02-08 09:46:19.984root 11241100x8000000000000000273812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd4eb1b911552622023-02-08 09:46:19.984root 11241100x8000000000000000273811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d720ee3c7e6c6b132023-02-08 09:46:19.984root 11241100x8000000000000000273825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954cedd14b93a08c2023-02-08 09:46:19.985root 11241100x8000000000000000273824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c752954022ed1c022023-02-08 09:46:19.985root 11241100x8000000000000000273823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b71e0bd98d1b59c2023-02-08 09:46:19.985root 11241100x8000000000000000273822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9cef550209f9f72023-02-08 09:46:19.985root 11241100x8000000000000000273821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d95d598a9de3a2023-02-08 09:46:19.985root 11241100x8000000000000000273820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0044ba632b3e61982023-02-08 09:46:19.985root 11241100x8000000000000000273833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dacb1ceb17918c2023-02-08 09:46:19.986root 11241100x8000000000000000273832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a2fa0d931afc6e2023-02-08 09:46:19.986root 11241100x8000000000000000273831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23888cb841a3cb6d2023-02-08 09:46:19.986root 11241100x8000000000000000273830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a9137eb2450222023-02-08 09:46:19.986root 11241100x8000000000000000273829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c038391744bd5e642023-02-08 09:46:19.986root 11241100x8000000000000000273828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc265ea82d854532023-02-08 09:46:19.986root 11241100x8000000000000000273827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117bc59b01d16b1c2023-02-08 09:46:19.986root 11241100x8000000000000000273826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdd30fbbcc12ef2023-02-08 09:46:19.986root 11241100x8000000000000000273843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c573a0c291cd2ba22023-02-08 09:46:19.987root 11241100x8000000000000000273842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7413e0fd3798812023-02-08 09:46:19.987root 11241100x8000000000000000273841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc0b86d8745edc2023-02-08 09:46:19.987root 11241100x8000000000000000273840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce7acd4129745e2023-02-08 09:46:19.987root 11241100x8000000000000000273839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c1967044c64d742023-02-08 09:46:19.987root 11241100x8000000000000000273838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c705482ff7f0192023-02-08 09:46:19.987root 11241100x8000000000000000273837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6aa081b833b922023-02-08 09:46:19.987root 11241100x8000000000000000273836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7324d94edcf4902023-02-08 09:46:19.987root 11241100x8000000000000000273835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866e8e9a4269a9b2023-02-08 09:46:19.987root 11241100x8000000000000000273834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef645f88178629062023-02-08 09:46:19.987root 11241100x8000000000000000273853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8462e6c9345a42023-02-08 09:46:19.988root 11241100x8000000000000000273852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee8703b51cc17e2023-02-08 09:46:19.988root 11241100x8000000000000000273851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77d4c91948781272023-02-08 09:46:19.988root 11241100x8000000000000000273850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc27978b024ef1922023-02-08 09:46:19.988root 11241100x8000000000000000273849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfaf2ecc8ea9f4c2023-02-08 09:46:19.988root 11241100x8000000000000000273848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c2d6d81f5327b42023-02-08 09:46:19.988root 11241100x8000000000000000273847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabf2f155d409a242023-02-08 09:46:19.988root 11241100x8000000000000000273846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6006b2d6f96e98e82023-02-08 09:46:19.988root 11241100x8000000000000000273845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0b04678fe5fe492023-02-08 09:46:19.988root 11241100x8000000000000000273844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e629d63ceb1f5d2023-02-08 09:46:19.988root 11241100x8000000000000000273863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67837d8dbd05b0432023-02-08 09:46:19.989root 11241100x8000000000000000273862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e62ef9946e33812023-02-08 09:46:19.989root 11241100x8000000000000000273861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb61c5f01ca2cb02023-02-08 09:46:19.989root 11241100x8000000000000000273860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf64c768d42670f2023-02-08 09:46:19.989root 11241100x8000000000000000273859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13786dc15bb1814f2023-02-08 09:46:19.989root 11241100x8000000000000000273858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b4c936207aa532023-02-08 09:46:19.989root 11241100x8000000000000000273857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e518314909332cd2023-02-08 09:46:19.989root 11241100x8000000000000000273856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c6617f0109c0b02023-02-08 09:46:19.989root 11241100x8000000000000000273855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465f60ec22080902023-02-08 09:46:19.989root 11241100x8000000000000000273854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176b40a8c28804aa2023-02-08 09:46:19.989root 11241100x8000000000000000273869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454753efb5b1ddd92023-02-08 09:46:19.990root 11241100x8000000000000000273868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6857e0a67f62a8ac2023-02-08 09:46:19.990root 11241100x8000000000000000273867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a9040cc9d3220e2023-02-08 09:46:19.990root 11241100x8000000000000000273866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f3c86911f24c7e2023-02-08 09:46:19.990root 11241100x8000000000000000273865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88221e7f5b9d9e682023-02-08 09:46:19.990root 11241100x8000000000000000273864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5301add977869c542023-02-08 09:46:19.990root 11241100x8000000000000000273871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef4571ce21c218e2023-02-08 09:46:19.991root 11241100x8000000000000000273870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f4fc21158406282023-02-08 09:46:19.991root 11241100x8000000000000000273873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553255befa939e6d2023-02-08 09:46:19.992root 11241100x8000000000000000273872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f9c8d2b8db541b2023-02-08 09:46:19.992root 11241100x8000000000000000273874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333b9716633ac7b82023-02-08 09:46:19.993root 11241100x8000000000000000273875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee7b7a20c1d8a32023-02-08 09:46:20.484root 11241100x8000000000000000273880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2dc699a83f4dc52023-02-08 09:46:20.485root 11241100x8000000000000000273879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7683e56dc995d0d92023-02-08 09:46:20.485root 11241100x8000000000000000273878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99d545cf38e23a72023-02-08 09:46:20.485root 11241100x8000000000000000273877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f05a4704efbe0be2023-02-08 09:46:20.485root 11241100x8000000000000000273876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb0e581c28ebcf12023-02-08 09:46:20.485root 11241100x8000000000000000273895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361059f4360158092023-02-08 09:46:20.486root 11241100x8000000000000000273894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46a9ac570ee3af42023-02-08 09:46:20.486root 11241100x8000000000000000273893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a21daf049caeff62023-02-08 09:46:20.486root 11241100x8000000000000000273892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fb9725ada375002023-02-08 09:46:20.486root 11241100x8000000000000000273891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371aea836468c3d72023-02-08 09:46:20.486root 11241100x8000000000000000273890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e723d6403151dba2023-02-08 09:46:20.486root 11241100x8000000000000000273889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182e9397a33952f72023-02-08 09:46:20.486root 11241100x8000000000000000273888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701b66908c181292023-02-08 09:46:20.486root 11241100x8000000000000000273887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0727a4a5bd36cd8a2023-02-08 09:46:20.486root 11241100x8000000000000000273886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fed9462e56dc3352023-02-08 09:46:20.486root 11241100x8000000000000000273885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61907af859dc1d102023-02-08 09:46:20.486root 11241100x8000000000000000273884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392957fbdacf83dc2023-02-08 09:46:20.486root 11241100x8000000000000000273883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117278e0c0a6e6a02023-02-08 09:46:20.486root 11241100x8000000000000000273882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a458a93fd458e0d2023-02-08 09:46:20.486root 11241100x8000000000000000273881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da97cc405b336a52023-02-08 09:46:20.486root 11241100x8000000000000000273910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf4b6109bf397912023-02-08 09:46:20.487root 11241100x8000000000000000273909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5694338a7423de4a2023-02-08 09:46:20.487root 11241100x8000000000000000273908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d8758d4a3b5de52023-02-08 09:46:20.487root 11241100x8000000000000000273907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21198fe4d58a59a02023-02-08 09:46:20.487root 11241100x8000000000000000273906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b50ad902101fe2023-02-08 09:46:20.487root 11241100x8000000000000000273905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5153d24b1f3648bd2023-02-08 09:46:20.487root 11241100x8000000000000000273904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2608e051b88f636d2023-02-08 09:46:20.487root 11241100x8000000000000000273903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9726f374ec3e803a2023-02-08 09:46:20.487root 11241100x8000000000000000273902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28da20f41a84d3202023-02-08 09:46:20.487root 11241100x8000000000000000273901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc5b883a043a7302023-02-08 09:46:20.487root 11241100x8000000000000000273900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc431165c082bc832023-02-08 09:46:20.487root 11241100x8000000000000000273899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0395274fd3d0112023-02-08 09:46:20.487root 11241100x8000000000000000273898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941beaa82dafcabe2023-02-08 09:46:20.487root 11241100x8000000000000000273897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de62bf1a2bdc7ea2023-02-08 09:46:20.487root 11241100x8000000000000000273896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60da3525779eac42023-02-08 09:46:20.487root 11241100x8000000000000000273924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2457015d1e1ce6b2023-02-08 09:46:20.488root 11241100x8000000000000000273923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebca46008b1426432023-02-08 09:46:20.488root 11241100x8000000000000000273922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4856628148421aef2023-02-08 09:46:20.488root 11241100x8000000000000000273921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6637d0e0b22d2262023-02-08 09:46:20.488root 11241100x8000000000000000273920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ea27eaa095b9e02023-02-08 09:46:20.488root 11241100x8000000000000000273919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57b7a07421c3e1a2023-02-08 09:46:20.488root 11241100x8000000000000000273918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a97adfd6719cf3e2023-02-08 09:46:20.488root 11241100x8000000000000000273917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78387edfe8dc7de2023-02-08 09:46:20.488root 11241100x8000000000000000273916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a42198f17ec2c342023-02-08 09:46:20.488root 11241100x8000000000000000273915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247938f72259e922023-02-08 09:46:20.488root 11241100x8000000000000000273914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe08f6e1505bcfd2023-02-08 09:46:20.488root 11241100x8000000000000000273913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6767f48ea341c1332023-02-08 09:46:20.488root 11241100x8000000000000000273912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5908fea60a5d8a2023-02-08 09:46:20.488root 11241100x8000000000000000273911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3cb4f3a923f4aa2023-02-08 09:46:20.488root 11241100x8000000000000000273926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb371689b4d11fa2023-02-08 09:46:20.984root 11241100x8000000000000000273925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c6ca0d126accfa2023-02-08 09:46:20.984root 11241100x8000000000000000273940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb82cec18709cd92023-02-08 09:46:20.985root 11241100x8000000000000000273939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a135c39967ac23752023-02-08 09:46:20.985root 11241100x8000000000000000273938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2fd92275ec9c3c2023-02-08 09:46:20.985root 11241100x8000000000000000273937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a24e9123ae71482023-02-08 09:46:20.985root 11241100x8000000000000000273936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b6b200bd6f4b892023-02-08 09:46:20.985root 11241100x8000000000000000273935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eff973e27fad182023-02-08 09:46:20.985root 11241100x8000000000000000273934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e508ab6eb5642482023-02-08 09:46:20.985root 11241100x8000000000000000273933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e461273ff57f1d2023-02-08 09:46:20.985root 11241100x8000000000000000273932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38849edce7474fb2023-02-08 09:46:20.985root 11241100x8000000000000000273931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393355b10ec123682023-02-08 09:46:20.985root 11241100x8000000000000000273930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e7a52be3227e152023-02-08 09:46:20.985root 11241100x8000000000000000273929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa51034d1731b302023-02-08 09:46:20.985root 11241100x8000000000000000273928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ed00b22385aa32023-02-08 09:46:20.985root 11241100x8000000000000000273927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b846f8d3ad244d2023-02-08 09:46:20.985root 11241100x8000000000000000273950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76a46852f71ba22023-02-08 09:46:20.986root 11241100x8000000000000000273949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebdaca237a5f2422023-02-08 09:46:20.986root 11241100x8000000000000000273948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1cf10d20f657ff2023-02-08 09:46:20.986root 11241100x8000000000000000273947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc175cf15a27f55b2023-02-08 09:46:20.986root 11241100x8000000000000000273946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208ff5e72a5f2af32023-02-08 09:46:20.986root 11241100x8000000000000000273945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b247fec105e4ec42023-02-08 09:46:20.986root 11241100x8000000000000000273944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3d3c3de7d30b172023-02-08 09:46:20.986root 11241100x8000000000000000273943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd9bc113b969d822023-02-08 09:46:20.986root 11241100x8000000000000000273942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df28369679b713f42023-02-08 09:46:20.986root 11241100x8000000000000000273941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e902ba58ea45e562023-02-08 09:46:20.986root 11241100x8000000000000000273958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbaedb6613c5d472023-02-08 09:46:20.987root 11241100x8000000000000000273957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07659c57c875f372023-02-08 09:46:20.987root 11241100x8000000000000000273956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0452f4abbc43132023-02-08 09:46:20.987root 11241100x8000000000000000273955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf26a86717d60e82023-02-08 09:46:20.987root 11241100x8000000000000000273954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84dbec1faea33412023-02-08 09:46:20.987root 11241100x8000000000000000273953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4264331c4865e1cc2023-02-08 09:46:20.987root 11241100x8000000000000000273952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2948208cb941192023-02-08 09:46:20.987root 11241100x8000000000000000273951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f58a663a6792bc2023-02-08 09:46:20.987root 11241100x8000000000000000273964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d2bad8847cf6542023-02-08 09:46:20.988root 11241100x8000000000000000273963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedbb2ef2d41cb832023-02-08 09:46:20.988root 11241100x8000000000000000273962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea241d872b4823b2023-02-08 09:46:20.988root 11241100x8000000000000000273961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8db78791e264e832023-02-08 09:46:20.988root 11241100x8000000000000000273960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e75a63ffd41cb982023-02-08 09:46:20.988root 11241100x8000000000000000273959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbf23fab14e73472023-02-08 09:46:20.988root 11241100x8000000000000000273970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639871eae1396b622023-02-08 09:46:20.989root 11241100x8000000000000000273969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d444f3468a28af6d2023-02-08 09:46:20.989root 11241100x8000000000000000273968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263ecede1d5eb2742023-02-08 09:46:20.989root 11241100x8000000000000000273967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f4343b44afca42023-02-08 09:46:20.989root 11241100x8000000000000000273966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b7136ccf75df42023-02-08 09:46:20.989root 11241100x8000000000000000273965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6d7e5819ea7cfb2023-02-08 09:46:20.989root 11241100x8000000000000000273974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dad9d2f62e720c42023-02-08 09:46:20.990root 11241100x8000000000000000273973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca84049058c06952023-02-08 09:46:20.990root 11241100x8000000000000000273972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363c19fdc606f4d42023-02-08 09:46:20.990root 11241100x8000000000000000273971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8f5cb788886182023-02-08 09:46:20.990root 11241100x8000000000000000273975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9ae8e73a373ef72023-02-08 09:46:20.991root 11241100x8000000000000000273984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd002804736ff8312023-02-08 09:46:20.992root 11241100x8000000000000000273983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab68e4163b0bf742023-02-08 09:46:20.992root 11241100x8000000000000000273982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2d5df3992d62d2023-02-08 09:46:20.992root 11241100x8000000000000000273981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96a01e5341273d32023-02-08 09:46:20.992root 11241100x8000000000000000273980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5800d5c7fa7f1a8e2023-02-08 09:46:20.992root 11241100x8000000000000000273979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d701faa31821852023-02-08 09:46:20.992root 11241100x8000000000000000273978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c90202772c842182023-02-08 09:46:20.992root 11241100x8000000000000000273977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1f9ec4286fb7432023-02-08 09:46:20.992root 11241100x8000000000000000273976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb900999eee9f92023-02-08 09:46:20.992root 11241100x8000000000000000273992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845c8603077d96062023-02-08 09:46:20.993root 11241100x8000000000000000273991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c379232843bd22023-02-08 09:46:20.993root 11241100x8000000000000000273990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03153075d472cd7c2023-02-08 09:46:20.993root 11241100x8000000000000000273989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cfd081cf7161fa2023-02-08 09:46:20.993root 11241100x8000000000000000273988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d5a1d3936b57832023-02-08 09:46:20.993root 11241100x8000000000000000273987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ba69e61d93d1b2023-02-08 09:46:20.993root 11241100x8000000000000000273986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef25f1f65be13292023-02-08 09:46:20.993root 11241100x8000000000000000273985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a165cd3a3e96e62023-02-08 09:46:20.993root 11241100x8000000000000000273994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbba651e6938fec2023-02-08 09:46:20.994root 11241100x8000000000000000273993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:20.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f01504984511f72023-02-08 09:46:20.994root 11241100x8000000000000000274000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf839f387647102023-02-08 09:46:21.484root 11241100x8000000000000000273999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0924acb6eab7de32023-02-08 09:46:21.484root 11241100x8000000000000000273998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f319504858af6502023-02-08 09:46:21.484root 11241100x8000000000000000273997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255ddf740fd504f32023-02-08 09:46:21.484root 11241100x8000000000000000273996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cfd703d0ebbdb92023-02-08 09:46:21.484root 11241100x8000000000000000273995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6735a71c7ca19f452023-02-08 09:46:21.484root 11241100x8000000000000000274004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c630f71a3e7a3acb2023-02-08 09:46:21.485root 11241100x8000000000000000274003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a1c3bea9d4d5d52023-02-08 09:46:21.485root 11241100x8000000000000000274002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9696c9fd8e6bd9172023-02-08 09:46:21.485root 11241100x8000000000000000274001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c27d5e8edd7a1722023-02-08 09:46:21.485root 11241100x8000000000000000274013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c1752d5064e722023-02-08 09:46:21.486root 11241100x8000000000000000274012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92bc6539f3e0f902023-02-08 09:46:21.486root 11241100x8000000000000000274011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de8cd0bf31c5b602023-02-08 09:46:21.486root 11241100x8000000000000000274010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20346792ee2b95632023-02-08 09:46:21.486root 11241100x8000000000000000274009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa6f5a555022422023-02-08 09:46:21.486root 11241100x8000000000000000274008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00822c92b6a8de9c2023-02-08 09:46:21.486root 11241100x8000000000000000274007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4eb5e9f6cb8d1b2023-02-08 09:46:21.486root 11241100x8000000000000000274006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2954b77d54cc56362023-02-08 09:46:21.486root 11241100x8000000000000000274005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97f4bdbc1b18d22023-02-08 09:46:21.486root 11241100x8000000000000000274019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71525651091d8ef82023-02-08 09:46:21.487root 11241100x8000000000000000274018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885527224d1764402023-02-08 09:46:21.487root 11241100x8000000000000000274017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1adb809ca2eccf2023-02-08 09:46:21.487root 11241100x8000000000000000274016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa9f2f70a498c6a2023-02-08 09:46:21.487root 11241100x8000000000000000274015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de569e415589a29c2023-02-08 09:46:21.487root 11241100x8000000000000000274014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36a4276176832432023-02-08 09:46:21.487root 11241100x8000000000000000274027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21853bdeeaa346422023-02-08 09:46:21.488root 11241100x8000000000000000274026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e864f9ff81a97f2023-02-08 09:46:21.488root 11241100x8000000000000000274025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0f1464e0cc8e8b2023-02-08 09:46:21.488root 11241100x8000000000000000274024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79911287440fdbe02023-02-08 09:46:21.488root 11241100x8000000000000000274023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58410681e24c3062023-02-08 09:46:21.488root 11241100x8000000000000000274022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc58ffd8b7ebbb92023-02-08 09:46:21.488root 11241100x8000000000000000274021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eb4edac6d7e0ae2023-02-08 09:46:21.488root 11241100x8000000000000000274020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007d776c1ef73b592023-02-08 09:46:21.488root 11241100x8000000000000000274034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fcf4397e02bd792023-02-08 09:46:21.489root 11241100x8000000000000000274033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5f23d6ad2555da2023-02-08 09:46:21.489root 11241100x8000000000000000274032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c162e22d783e23a92023-02-08 09:46:21.489root 11241100x8000000000000000274031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfcb51ff8f85aea2023-02-08 09:46:21.489root 11241100x8000000000000000274030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1a2140c72ae772023-02-08 09:46:21.489root 11241100x8000000000000000274029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368fabe3a3600e8a2023-02-08 09:46:21.489root 11241100x8000000000000000274028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f784315d8db43d092023-02-08 09:46:21.489root 11241100x8000000000000000274042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08507ab76b181c362023-02-08 09:46:21.490root 11241100x8000000000000000274041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c73ff77e9b89d2023-02-08 09:46:21.490root 11241100x8000000000000000274040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07cf87aa2e63b632023-02-08 09:46:21.490root 11241100x8000000000000000274039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f267b588ceda462023-02-08 09:46:21.490root 11241100x8000000000000000274038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209c3c52bc7fbff12023-02-08 09:46:21.490root 11241100x8000000000000000274037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486e8206a0bd72942023-02-08 09:46:21.490root 11241100x8000000000000000274036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14797202bec819bf2023-02-08 09:46:21.490root 11241100x8000000000000000274035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce5794bb94c2bce2023-02-08 09:46:21.490root 11241100x8000000000000000274045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a9b45249b7406e2023-02-08 09:46:21.491root 11241100x8000000000000000274044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3643848f58ef75b12023-02-08 09:46:21.491root 11241100x8000000000000000274043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc1ee14f41fe3662023-02-08 09:46:21.491root 11241100x8000000000000000274050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ebd488ac4188592023-02-08 09:46:21.984root 11241100x8000000000000000274049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba509749cb3babc2023-02-08 09:46:21.984root 11241100x8000000000000000274048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e89dd6f19ca01d2023-02-08 09:46:21.984root 11241100x8000000000000000274047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fea18144ea3d632023-02-08 09:46:21.984root 11241100x8000000000000000274046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5fc148a43708b22023-02-08 09:46:21.984root 11241100x8000000000000000274057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85231cabb531ac5f2023-02-08 09:46:21.985root 11241100x8000000000000000274056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bc435728ae52932023-02-08 09:46:21.985root 11241100x8000000000000000274055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c12a2bea0ac60c2023-02-08 09:46:21.985root 11241100x8000000000000000274054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc2767a7b129c12023-02-08 09:46:21.985root 11241100x8000000000000000274053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14bb1a8a7be2f202023-02-08 09:46:21.985root 11241100x8000000000000000274052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286285bfd696d3d62023-02-08 09:46:21.985root 11241100x8000000000000000274051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5f6518a2ad04752023-02-08 09:46:21.985root 11241100x8000000000000000274066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527af2696e22fb3a2023-02-08 09:46:21.986root 11241100x8000000000000000274065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e6fee5bcb4be132023-02-08 09:46:21.986root 11241100x8000000000000000274064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229970e31faf6d402023-02-08 09:46:21.986root 11241100x8000000000000000274063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c9a8dc3c0ecd22023-02-08 09:46:21.986root 11241100x8000000000000000274062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fee3551ac0cd1832023-02-08 09:46:21.986root 11241100x8000000000000000274061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7474c87c32d882023-02-08 09:46:21.986root 11241100x8000000000000000274060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f3d318a94d18542023-02-08 09:46:21.986root 11241100x8000000000000000274059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e7fbecb9a6f0aa2023-02-08 09:46:21.986root 11241100x8000000000000000274058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c333cee8aa41a502023-02-08 09:46:21.986root 11241100x8000000000000000274081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b414a04c97a5c392023-02-08 09:46:21.987root 11241100x8000000000000000274080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b234553d8eb611a22023-02-08 09:46:21.987root 11241100x8000000000000000274079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5ef4735a55b2832023-02-08 09:46:21.987root 11241100x8000000000000000274078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b247d0c6002c6b2d2023-02-08 09:46:21.987root 11241100x8000000000000000274077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6eb357d7c0c5482023-02-08 09:46:21.987root 11241100x8000000000000000274076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba68ba27cb56ff32023-02-08 09:46:21.987root 11241100x8000000000000000274075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0a4256ccb91a2e2023-02-08 09:46:21.987root 11241100x8000000000000000274074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1638c90a6447381d2023-02-08 09:46:21.987root 11241100x8000000000000000274073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3dda8461885a0e2023-02-08 09:46:21.987root 11241100x8000000000000000274072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931b8e276ee276332023-02-08 09:46:21.987root 11241100x8000000000000000274071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cb2f42fb9aef732023-02-08 09:46:21.987root 11241100x8000000000000000274070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0174001f872e0f2023-02-08 09:46:21.987root 11241100x8000000000000000274069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dd8c2a74e348e62023-02-08 09:46:21.987root 11241100x8000000000000000274068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc8765414a302122023-02-08 09:46:21.987root 11241100x8000000000000000274067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fa4c10903cfc2e2023-02-08 09:46:21.987root 11241100x8000000000000000274094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b301d65479043aee2023-02-08 09:46:21.988root 11241100x8000000000000000274093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854ed163a798a8312023-02-08 09:46:21.988root 11241100x8000000000000000274092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e78e83c598d0f2023-02-08 09:46:21.988root 11241100x8000000000000000274091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c50396506953762023-02-08 09:46:21.988root 11241100x8000000000000000274090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6243aabe5bba9d2023-02-08 09:46:21.988root 11241100x8000000000000000274089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f3b29194aa0022023-02-08 09:46:21.988root 11241100x8000000000000000274088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b32bb6b15aed5ce2023-02-08 09:46:21.988root 11241100x8000000000000000274087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f126d6e180184efb2023-02-08 09:46:21.988root 11241100x8000000000000000274086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b1ac1afb643442023-02-08 09:46:21.988root 11241100x8000000000000000274085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93462904d8ec120d2023-02-08 09:46:21.988root 11241100x8000000000000000274084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e2fbfcd034f3342023-02-08 09:46:21.988root 11241100x8000000000000000274083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd256d003fbeef42023-02-08 09:46:21.988root 11241100x8000000000000000274082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f03d16bf57abefb2023-02-08 09:46:21.988root 11241100x8000000000000000274105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9984c4abee84b82b2023-02-08 09:46:21.989root 11241100x8000000000000000274104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a4189a57ed26572023-02-08 09:46:21.989root 11241100x8000000000000000274103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d6b21ebbfe6db2023-02-08 09:46:21.989root 11241100x8000000000000000274102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4e96d34ad8aff92023-02-08 09:46:21.989root 11241100x8000000000000000274101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd67ea23cfb600bf2023-02-08 09:46:21.989root 11241100x8000000000000000274100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5641ba74f599112023-02-08 09:46:21.989root 11241100x8000000000000000274099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac4e5434fb692922023-02-08 09:46:21.989root 11241100x8000000000000000274098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d248ee409aaddc042023-02-08 09:46:21.989root 11241100x8000000000000000274097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d49a84fc0853172023-02-08 09:46:21.989root 11241100x8000000000000000274096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e839ec81085b7a82023-02-08 09:46:21.989root 11241100x8000000000000000274095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1bcfa3035fd9432023-02-08 09:46:21.989root 11241100x8000000000000000274114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58359c358e74e0c02023-02-08 09:46:21.990root 11241100x8000000000000000274113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4b2e4bd6ce60632023-02-08 09:46:21.990root 11241100x8000000000000000274112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fad174d607d3942023-02-08 09:46:21.990root 11241100x8000000000000000274111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5decd701e769998f2023-02-08 09:46:21.990root 11241100x8000000000000000274110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee7b91c79233cdf2023-02-08 09:46:21.990root 11241100x8000000000000000274109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4b4e6105e9d8502023-02-08 09:46:21.990root 11241100x8000000000000000274108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dd31fc239761e02023-02-08 09:46:21.990root 11241100x8000000000000000274107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775b9b09d674cfbc2023-02-08 09:46:21.990root 11241100x8000000000000000274106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fceed6f093e689d2023-02-08 09:46:21.990root 11241100x8000000000000000274122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a8ce8e72a9388a2023-02-08 09:46:22.484root 11241100x8000000000000000274121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2c48e468c420782023-02-08 09:46:22.484root 11241100x8000000000000000274120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb1978210b381892023-02-08 09:46:22.484root 11241100x8000000000000000274119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b5122ae09010022023-02-08 09:46:22.484root 11241100x8000000000000000274118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897ababd634bb49c2023-02-08 09:46:22.484root 11241100x8000000000000000274117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377a26954fd359a52023-02-08 09:46:22.484root 11241100x8000000000000000274116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215e1716cb0a62c2023-02-08 09:46:22.484root 11241100x8000000000000000274115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9e4c842331e5532023-02-08 09:46:22.484root 11241100x8000000000000000274133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1557519629184cf12023-02-08 09:46:22.485root 11241100x8000000000000000274132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea74f49581347b2023-02-08 09:46:22.485root 11241100x8000000000000000274131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfd299497afce92023-02-08 09:46:22.485root 11241100x8000000000000000274130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd45adc77fab36142023-02-08 09:46:22.485root 11241100x8000000000000000274129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee44c3de5eae0f32023-02-08 09:46:22.485root 11241100x8000000000000000274128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881019b90d61b7e92023-02-08 09:46:22.485root 11241100x8000000000000000274127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e35a124b190a07b2023-02-08 09:46:22.485root 11241100x8000000000000000274126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1cf648c49dde752023-02-08 09:46:22.485root 11241100x8000000000000000274125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db58fb5a4fceed22023-02-08 09:46:22.485root 11241100x8000000000000000274124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c464f1edda769c12023-02-08 09:46:22.485root 11241100x8000000000000000274123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be4964d0ffb4512023-02-08 09:46:22.485root 11241100x8000000000000000274148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e9f76608c6fa7b2023-02-08 09:46:22.486root 11241100x8000000000000000274147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ba4d4ea34ad6f82023-02-08 09:46:22.486root 11241100x8000000000000000274146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c28be2ad61363a52023-02-08 09:46:22.486root 11241100x8000000000000000274145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c440b7f8c731422023-02-08 09:46:22.486root 11241100x8000000000000000274144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c11fc093845b6e12023-02-08 09:46:22.486root 11241100x8000000000000000274143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c822de07c95fa9c2023-02-08 09:46:22.486root 11241100x8000000000000000274142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0017d12c2ea0943f2023-02-08 09:46:22.486root 11241100x8000000000000000274141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7098baa927bd80df2023-02-08 09:46:22.486root 11241100x8000000000000000274140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862a706be2f71c642023-02-08 09:46:22.486root 11241100x8000000000000000274139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f9fdb1d6eb99042023-02-08 09:46:22.486root 11241100x8000000000000000274138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee975eaf6f4c9e2023-02-08 09:46:22.486root 11241100x8000000000000000274137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c970a52ecbd3ea762023-02-08 09:46:22.486root 11241100x8000000000000000274136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb029353d0eadcc12023-02-08 09:46:22.486root 11241100x8000000000000000274135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7018febf81d0a82023-02-08 09:46:22.486root 11241100x8000000000000000274134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616df719478d9dec2023-02-08 09:46:22.486root 11241100x8000000000000000274161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9b29a052c892492023-02-08 09:46:22.487root 11241100x8000000000000000274160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022267cf82c0d3f2023-02-08 09:46:22.487root 11241100x8000000000000000274159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5dd3543d15cb972023-02-08 09:46:22.487root 11241100x8000000000000000274158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96533685cdfb3c92023-02-08 09:46:22.487root 11241100x8000000000000000274157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa33642088db8e22023-02-08 09:46:22.487root 11241100x8000000000000000274156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b268f6ae4b9694cf2023-02-08 09:46:22.487root 11241100x8000000000000000274155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3f962a1867b482023-02-08 09:46:22.487root 11241100x8000000000000000274154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a1d1bb75be582e2023-02-08 09:46:22.487root 11241100x8000000000000000274153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eb223dbbd9c2cf2023-02-08 09:46:22.487root 11241100x8000000000000000274152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f540f26e6b6de12023-02-08 09:46:22.487root 11241100x8000000000000000274151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe953d90f77c7d342023-02-08 09:46:22.487root 11241100x8000000000000000274150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0720f72e6d8c782023-02-08 09:46:22.487root 11241100x8000000000000000274149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f7940ad17a2de22023-02-08 09:46:22.487root 11241100x8000000000000000274174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb88aac958b9c7a02023-02-08 09:46:22.488root 11241100x8000000000000000274173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84129a76d205c4a2023-02-08 09:46:22.488root 11241100x8000000000000000274172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7b40d1969355f82023-02-08 09:46:22.488root 11241100x8000000000000000274171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c714dbd2e973cd7d2023-02-08 09:46:22.488root 11241100x8000000000000000274170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984225b155c845032023-02-08 09:46:22.488root 11241100x8000000000000000274169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfcb50d64e8137f2023-02-08 09:46:22.488root 11241100x8000000000000000274168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9201984280e78bac2023-02-08 09:46:22.488root 11241100x8000000000000000274167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0899aa847be85fd32023-02-08 09:46:22.488root 11241100x8000000000000000274166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3971af3daf288c972023-02-08 09:46:22.488root 11241100x8000000000000000274165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4216ee6a5bf379912023-02-08 09:46:22.488root 11241100x8000000000000000274164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083c9cdcd94e97342023-02-08 09:46:22.488root 11241100x8000000000000000274163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e761a467aca2802023-02-08 09:46:22.488root 11241100x8000000000000000274162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976eb59073f619332023-02-08 09:46:22.488root 11241100x8000000000000000274175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b4236e2b6d8ffb2023-02-08 09:46:22.489root 11241100x8000000000000000274178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197215d108535332023-02-08 09:46:22.984root 11241100x8000000000000000274177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95c5ede81806c6c2023-02-08 09:46:22.984root 11241100x8000000000000000274176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2606fb5a4ada6aa12023-02-08 09:46:22.984root 11241100x8000000000000000274190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3278e331f687f52c2023-02-08 09:46:22.985root 11241100x8000000000000000274189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147c95189efcd6c02023-02-08 09:46:22.985root 11241100x8000000000000000274188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d0e735703f0f02023-02-08 09:46:22.985root 11241100x8000000000000000274187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9070a011c78752e2023-02-08 09:46:22.985root 11241100x8000000000000000274186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4607c6520e30672023-02-08 09:46:22.985root 11241100x8000000000000000274185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cda99ad8c449882023-02-08 09:46:22.985root 11241100x8000000000000000274184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0973b80de222612023-02-08 09:46:22.985root 11241100x8000000000000000274183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808e3c5c650983c02023-02-08 09:46:22.985root 11241100x8000000000000000274182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bda72c29cf6bae12023-02-08 09:46:22.985root 11241100x8000000000000000274181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9d6c2263c6913e2023-02-08 09:46:22.985root 11241100x8000000000000000274180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d8dcfe3ac688fc2023-02-08 09:46:22.985root 11241100x8000000000000000274179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe549a44767372b2023-02-08 09:46:22.985root 11241100x8000000000000000274199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed68e737859548b42023-02-08 09:46:22.986root 11241100x8000000000000000274198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ae4e7b0ea678d2023-02-08 09:46:22.986root 11241100x8000000000000000274197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54e2eca26c804402023-02-08 09:46:22.986root 11241100x8000000000000000274196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee884f9408d79f1c2023-02-08 09:46:22.986root 11241100x8000000000000000274195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9c4d00ad0a3b92023-02-08 09:46:22.986root 11241100x8000000000000000274194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203ef84f09c8388f2023-02-08 09:46:22.986root 11241100x8000000000000000274193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03509f4ccb36bcd2023-02-08 09:46:22.986root 11241100x8000000000000000274192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454569c46b6266322023-02-08 09:46:22.986root 11241100x8000000000000000274191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9712549f4cc3412023-02-08 09:46:22.986root 11241100x8000000000000000274208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c3d36dda15a8032023-02-08 09:46:22.987root 11241100x8000000000000000274207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97efd607421c4a022023-02-08 09:46:22.987root 11241100x8000000000000000274206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd9150c477403b62023-02-08 09:46:22.987root 11241100x8000000000000000274205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dee1b97ceb778c32023-02-08 09:46:22.987root 11241100x8000000000000000274204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2b20b8c40932a2023-02-08 09:46:22.987root 11241100x8000000000000000274203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cc7ec560bbe2092023-02-08 09:46:22.987root 11241100x8000000000000000274202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df876b8f82131dee2023-02-08 09:46:22.987root 11241100x8000000000000000274201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198cc18cdf4dc7052023-02-08 09:46:22.987root 11241100x8000000000000000274200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6f2546311ad3ca2023-02-08 09:46:22.987root 11241100x8000000000000000274220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d2ef9690d65e1e2023-02-08 09:46:22.988root 11241100x8000000000000000274219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95a997b20d7c7102023-02-08 09:46:22.988root 11241100x8000000000000000274218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aee4e3d15fe11942023-02-08 09:46:22.988root 11241100x8000000000000000274217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a81bd1055685652023-02-08 09:46:22.988root 11241100x8000000000000000274216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4abf3bdc0568772023-02-08 09:46:22.988root 11241100x8000000000000000274215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ffca98f460ae722023-02-08 09:46:22.988root 11241100x8000000000000000274214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfccf68eef1725e2023-02-08 09:46:22.988root 11241100x8000000000000000274213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9526b14c7f10f2e82023-02-08 09:46:22.988root 11241100x8000000000000000274212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1927dd2c443b432023-02-08 09:46:22.988root 11241100x8000000000000000274211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60a29a16948c2ea2023-02-08 09:46:22.988root 11241100x8000000000000000274210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2f2322d6b7445e2023-02-08 09:46:22.988root 11241100x8000000000000000274209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241342e3890c8e2e2023-02-08 09:46:22.988root 11241100x8000000000000000274229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0764439232880b432023-02-08 09:46:22.989root 11241100x8000000000000000274228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53633d0e83dd4f8e2023-02-08 09:46:22.989root 11241100x8000000000000000274227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755243168c83f8772023-02-08 09:46:22.989root 11241100x8000000000000000274226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184eaefe904cda62023-02-08 09:46:22.989root 11241100x8000000000000000274225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9097130ef78134c72023-02-08 09:46:22.989root 11241100x8000000000000000274224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670c524027b30cf32023-02-08 09:46:22.989root 11241100x8000000000000000274223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0614d3d5e6004c12023-02-08 09:46:22.989root 11241100x8000000000000000274222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a9ba60e0bdc98a2023-02-08 09:46:22.989root 11241100x8000000000000000274221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54bc53c37814dd42023-02-08 09:46:22.989root 11241100x8000000000000000274242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f567ed2ea9c666e2023-02-08 09:46:22.990root 11241100x8000000000000000274241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7103cb6415e2a91f2023-02-08 09:46:22.990root 11241100x8000000000000000274240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82401507fff42f5e2023-02-08 09:46:22.990root 11241100x8000000000000000274239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d5bca7128cafeb2023-02-08 09:46:22.990root 11241100x8000000000000000274238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeea2ba05485395f2023-02-08 09:46:22.990root 11241100x8000000000000000274237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e5c054ed525a262023-02-08 09:46:22.990root 11241100x8000000000000000274236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b3e4ce25f825822023-02-08 09:46:22.990root 11241100x8000000000000000274235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52590ceed002d0192023-02-08 09:46:22.990root 11241100x8000000000000000274234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d330174cff4c42b2023-02-08 09:46:22.990root 11241100x8000000000000000274233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d813cda72fddab2023-02-08 09:46:22.990root 11241100x8000000000000000274232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb94ba8327bb2b9a2023-02-08 09:46:22.990root 11241100x8000000000000000274231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c41ecf8478d4ad22023-02-08 09:46:22.990root 11241100x8000000000000000274230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156bcc3d2ab66fb02023-02-08 09:46:22.990root 11241100x8000000000000000274255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c399cfa02f634bce2023-02-08 09:46:22.991root 11241100x8000000000000000274254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443a70716e4afa0a2023-02-08 09:46:22.991root 11241100x8000000000000000274253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0637b81767dddc2023-02-08 09:46:22.991root 11241100x8000000000000000274252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a21426aeea066312023-02-08 09:46:22.991root 11241100x8000000000000000274251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e99f2a882a6aa2023-02-08 09:46:22.991root 11241100x8000000000000000274250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd868fa9cc58622023-02-08 09:46:22.991root 11241100x8000000000000000274249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f21e37b23f6e702023-02-08 09:46:22.991root 11241100x8000000000000000274248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf6091e9a5219b2023-02-08 09:46:22.991root 11241100x8000000000000000274247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2f007cdf2522b2023-02-08 09:46:22.991root 11241100x8000000000000000274246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba183befac83c12023-02-08 09:46:22.991root 11241100x8000000000000000274245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d133b3f4149bc82023-02-08 09:46:22.991root 11241100x8000000000000000274244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29f454c342d6b02023-02-08 09:46:22.991root 11241100x8000000000000000274243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5247b0d28a45cf2023-02-08 09:46:22.991root 11241100x8000000000000000274267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919a74ca83d6ffca2023-02-08 09:46:22.992root 11241100x8000000000000000274266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a88b89f5103a102023-02-08 09:46:22.992root 11241100x8000000000000000274265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebaf34de73317b42023-02-08 09:46:22.992root 11241100x8000000000000000274264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbc2cb7feb89efb2023-02-08 09:46:22.992root 11241100x8000000000000000274263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560f50b3f9583bc42023-02-08 09:46:22.992root 11241100x8000000000000000274262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5f8525d90b7dc32023-02-08 09:46:22.992root 11241100x8000000000000000274261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385793d2ca6f01e62023-02-08 09:46:22.992root 11241100x8000000000000000274260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bd4e40207b815a2023-02-08 09:46:22.992root 11241100x8000000000000000274259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387431f23345bcd52023-02-08 09:46:22.992root 11241100x8000000000000000274258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b9583d9c3ae65c2023-02-08 09:46:22.992root 11241100x8000000000000000274257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e359b88e447920652023-02-08 09:46:22.992root 11241100x8000000000000000274256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ed8394a89e0482023-02-08 09:46:22.992root 11241100x8000000000000000274279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2b9d1f857dc9d92023-02-08 09:46:22.993root 11241100x8000000000000000274278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b5c9084e098c762023-02-08 09:46:22.993root 11241100x8000000000000000274277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f362f809f237a72023-02-08 09:46:22.993root 11241100x8000000000000000274276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ced6af8ac35d1312023-02-08 09:46:22.993root 11241100x8000000000000000274275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d292ddd2f01fe482023-02-08 09:46:22.993root 11241100x8000000000000000274274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8e39089e875a952023-02-08 09:46:22.993root 11241100x8000000000000000274273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215700772724616b2023-02-08 09:46:22.993root 11241100x8000000000000000274272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d63d879589d489b2023-02-08 09:46:22.993root 11241100x8000000000000000274271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed27a3ae088255e2023-02-08 09:46:22.993root 11241100x8000000000000000274270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5997296db35346042023-02-08 09:46:22.993root 11241100x8000000000000000274269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e62c44023ce36592023-02-08 09:46:22.993root 11241100x8000000000000000274268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fef93ecdb8c0602023-02-08 09:46:22.993root 11241100x8000000000000000274287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc23fc5eba0aa42023-02-08 09:46:22.994root 11241100x8000000000000000274286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61da1f287aecb6972023-02-08 09:46:22.994root 11241100x8000000000000000274285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808b421bd56434b2023-02-08 09:46:22.994root 11241100x8000000000000000274284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f5ceca9b579322023-02-08 09:46:22.994root 11241100x8000000000000000274283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddba6f91085610a2023-02-08 09:46:22.994root 11241100x8000000000000000274282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a623c6c09bd4ef912023-02-08 09:46:22.994root 11241100x8000000000000000274281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d4bc8d279e4a1c2023-02-08 09:46:22.994root 11241100x8000000000000000274280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9100222662c741a82023-02-08 09:46:22.994root 11241100x8000000000000000274291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b889696cb274502023-02-08 09:46:22.995root 11241100x8000000000000000274290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e057de0082e431452023-02-08 09:46:22.995root 11241100x8000000000000000274289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd345f7e59d1e1a2023-02-08 09:46:22.995root 11241100x8000000000000000274288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:22.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10029ee3f89f06712023-02-08 09:46:22.995root 11241100x8000000000000000274293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b52c2b351848b662023-02-08 09:46:23.484root 11241100x8000000000000000274292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da53db72ba9d56e2023-02-08 09:46:23.484root 11241100x8000000000000000274298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6347bb6a1e85e1342023-02-08 09:46:23.485root 11241100x8000000000000000274297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2b263974548d532023-02-08 09:46:23.485root 11241100x8000000000000000274296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4dd213f4ab41472023-02-08 09:46:23.485root 11241100x8000000000000000274295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b42ea8fcc7ae02023-02-08 09:46:23.485root 11241100x8000000000000000274294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1548c7da28d2bc112023-02-08 09:46:23.485root 11241100x8000000000000000274305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d490a3d966a862023-02-08 09:46:23.486root 11241100x8000000000000000274304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec2d0e9c3cdf1e92023-02-08 09:46:23.486root 11241100x8000000000000000274303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ea5fb384a5f4232023-02-08 09:46:23.486root 11241100x8000000000000000274302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2258180d7d534082023-02-08 09:46:23.486root 11241100x8000000000000000274301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7e5a54cbeb00a2023-02-08 09:46:23.486root 11241100x8000000000000000274300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e3fd966d4321032023-02-08 09:46:23.486root 11241100x8000000000000000274299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26747fbe34cb0922023-02-08 09:46:23.486root 11241100x8000000000000000274314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2454c4a8367f112023-02-08 09:46:23.487root 11241100x8000000000000000274313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38f7be3d7cac1c52023-02-08 09:46:23.487root 11241100x8000000000000000274312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003142b14f1d8d7e2023-02-08 09:46:23.487root 11241100x8000000000000000274311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b030a209639a8e732023-02-08 09:46:23.487root 11241100x8000000000000000274310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222e346d40b9861d2023-02-08 09:46:23.487root 11241100x8000000000000000274309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0bdea0136c81ac2023-02-08 09:46:23.487root 11241100x8000000000000000274308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9700f7c92f70e3662023-02-08 09:46:23.487root 11241100x8000000000000000274307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2edfdcbd4bf189b2023-02-08 09:46:23.487root 11241100x8000000000000000274306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aef39f402f8c0df2023-02-08 09:46:23.487root 11241100x8000000000000000274324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40be3b467738b6ad2023-02-08 09:46:23.488root 11241100x8000000000000000274323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d73579715b0a4972023-02-08 09:46:23.488root 11241100x8000000000000000274322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940688fc9e2e307e2023-02-08 09:46:23.488root 11241100x8000000000000000274321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54660a6b7aeb8162023-02-08 09:46:23.488root 11241100x8000000000000000274320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d39b3782ca89bf2023-02-08 09:46:23.488root 11241100x8000000000000000274319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faaae2de00868892023-02-08 09:46:23.488root 11241100x8000000000000000274318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a636af24da49ba42023-02-08 09:46:23.488root 11241100x8000000000000000274317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52fd19c0751bbf22023-02-08 09:46:23.488root 11241100x8000000000000000274316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11896242b2d356e22023-02-08 09:46:23.488root 11241100x8000000000000000274315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b58e9b7f67b9912023-02-08 09:46:23.488root 11241100x8000000000000000274333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7cc8e5a4fcdb972023-02-08 09:46:23.489root 11241100x8000000000000000274332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f8599ad3cdbd1f2023-02-08 09:46:23.489root 11241100x8000000000000000274331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5662c970e2a6289b2023-02-08 09:46:23.489root 11241100x8000000000000000274330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cece78bf7596885e2023-02-08 09:46:23.489root 11241100x8000000000000000274329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34feb558da4552fe2023-02-08 09:46:23.489root 11241100x8000000000000000274328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449f292030474b5c2023-02-08 09:46:23.489root 11241100x8000000000000000274327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a6edd9ec99a9d42023-02-08 09:46:23.489root 11241100x8000000000000000274326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d622faf0814a282023-02-08 09:46:23.489root 11241100x8000000000000000274325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ffbb45ea9ce212023-02-08 09:46:23.489root 11241100x8000000000000000274343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342ef7b4bd49e892023-02-08 09:46:23.490root 11241100x8000000000000000274342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774ccf37609b3d02023-02-08 09:46:23.490root 11241100x8000000000000000274341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983d315640656e022023-02-08 09:46:23.490root 11241100x8000000000000000274340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be937407b86019892023-02-08 09:46:23.490root 11241100x8000000000000000274339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7872170930ee421c2023-02-08 09:46:23.490root 11241100x8000000000000000274338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a7fc0979ad62af2023-02-08 09:46:23.490root 11241100x8000000000000000274337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98f99f774716f52023-02-08 09:46:23.490root 11241100x8000000000000000274336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c5ae62d642f592023-02-08 09:46:23.490root 11241100x8000000000000000274335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86791fbc266cdf4b2023-02-08 09:46:23.490root 11241100x8000000000000000274334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9269b6a926f2c8b22023-02-08 09:46:23.490root 11241100x8000000000000000274349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14a17a5e5f2dc492023-02-08 09:46:23.491root 11241100x8000000000000000274348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0156a6412bf8256f2023-02-08 09:46:23.491root 11241100x8000000000000000274347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cb18e63bf4d2182023-02-08 09:46:23.491root 11241100x8000000000000000274346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb59a63d1863bc92023-02-08 09:46:23.491root 11241100x8000000000000000274345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6569388e3f93512023-02-08 09:46:23.491root 11241100x8000000000000000274344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15eba254a53d70ae2023-02-08 09:46:23.491root 11241100x8000000000000000274361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cb9135463e7c692023-02-08 09:46:23.984root 11241100x8000000000000000274360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0402aa8c0f3312023-02-08 09:46:23.984root 11241100x8000000000000000274359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db580291c77e33372023-02-08 09:46:23.984root 11241100x8000000000000000274358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28df0b4e2c4477902023-02-08 09:46:23.984root 11241100x8000000000000000274357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b5aa99ce8f81472023-02-08 09:46:23.984root 11241100x8000000000000000274356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e029e83f4dc4f52023-02-08 09:46:23.984root 11241100x8000000000000000274355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee7700d0ec963a2023-02-08 09:46:23.984root 11241100x8000000000000000274354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b781992fad88242023-02-08 09:46:23.984root 11241100x8000000000000000274353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad85a6a081fa1642023-02-08 09:46:23.984root 11241100x8000000000000000274352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973bb531803850b52023-02-08 09:46:23.984root 11241100x8000000000000000274351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e635b1ae536764b2023-02-08 09:46:23.984root 11241100x8000000000000000274350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4355bd65993dc42023-02-08 09:46:23.984root 11241100x8000000000000000274363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af95a34d78c33bfe2023-02-08 09:46:23.985root 11241100x8000000000000000274362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e3363ddcc5cbbf2023-02-08 09:46:23.985root 11241100x8000000000000000274369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ec5a6e130557d52023-02-08 09:46:23.986root 11241100x8000000000000000274368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21308a7132eba8d12023-02-08 09:46:23.986root 11241100x8000000000000000274367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6915ba2eef379b2e2023-02-08 09:46:23.986root 11241100x8000000000000000274366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af287122e9ceb62023-02-08 09:46:23.986root 11241100x8000000000000000274365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80602e13c11687bf2023-02-08 09:46:23.986root 11241100x8000000000000000274364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b2765546fe67782023-02-08 09:46:23.986root 11241100x8000000000000000274376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b25fe6a320358ca2023-02-08 09:46:23.987root 11241100x8000000000000000274375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b26e108dd2e492023-02-08 09:46:23.987root 11241100x8000000000000000274374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5459be5c1d483d182023-02-08 09:46:23.987root 11241100x8000000000000000274373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4da46d750d5ec72023-02-08 09:46:23.987root 11241100x8000000000000000274372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33acb83b0bc88c92023-02-08 09:46:23.987root 11241100x8000000000000000274371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ea6c1d2ce94062023-02-08 09:46:23.987root 11241100x8000000000000000274370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00738092033026cc2023-02-08 09:46:23.987root 11241100x8000000000000000274381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec79da52c1099f12023-02-08 09:46:23.988root 11241100x8000000000000000274380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f194b632dd857522023-02-08 09:46:23.988root 11241100x8000000000000000274379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d63dc4053e4c2e2023-02-08 09:46:23.988root 11241100x8000000000000000274378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c3168d631968a32023-02-08 09:46:23.988root 11241100x8000000000000000274377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e93b4f88bcb0792023-02-08 09:46:23.988root 11241100x8000000000000000274390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1272f1c802b572023-02-08 09:46:23.989root 11241100x8000000000000000274389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df6ea36656a3e502023-02-08 09:46:23.989root 11241100x8000000000000000274388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeffeb3f368044d42023-02-08 09:46:23.989root 11241100x8000000000000000274387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7384656e184be4be2023-02-08 09:46:23.989root 11241100x8000000000000000274386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb6bf503257c9f82023-02-08 09:46:23.989root 11241100x8000000000000000274385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe7fbaff62c9aa22023-02-08 09:46:23.989root 11241100x8000000000000000274384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ca438197840a832023-02-08 09:46:23.989root 11241100x8000000000000000274383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5ce70a7d7c5acb2023-02-08 09:46:23.989root 11241100x8000000000000000274382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d93918951f04cdc2023-02-08 09:46:23.989root 11241100x8000000000000000274400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f339c11d2145a242023-02-08 09:46:23.990root 11241100x8000000000000000274399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6d93e4e4231cb72023-02-08 09:46:23.990root 11241100x8000000000000000274398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f5844b34b939cf2023-02-08 09:46:23.990root 11241100x8000000000000000274397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cc6dbb3f4762482023-02-08 09:46:23.990root 11241100x8000000000000000274396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf31fe9dbed2b9382023-02-08 09:46:23.990root 11241100x8000000000000000274395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172b8694ea46f61b2023-02-08 09:46:23.990root 11241100x8000000000000000274394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e8f2aff4db06372023-02-08 09:46:23.990root 11241100x8000000000000000274393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cbdaa989014c5c2023-02-08 09:46:23.990root 11241100x8000000000000000274392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c2a49ecc6126302023-02-08 09:46:23.990root 11241100x8000000000000000274391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc0b32a5d7078f02023-02-08 09:46:23.990root 11241100x8000000000000000274407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a2a715db5db0822023-02-08 09:46:23.991root 11241100x8000000000000000274406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5497ca2a5d6aeba22023-02-08 09:46:23.991root 11241100x8000000000000000274405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c272748faf4bb8a92023-02-08 09:46:23.991root 11241100x8000000000000000274404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d0e3b1605c60c32023-02-08 09:46:23.991root 11241100x8000000000000000274403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d07fb9a6d7e5542023-02-08 09:46:23.991root 11241100x8000000000000000274402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2edc50b6be78762023-02-08 09:46:23.991root 11241100x8000000000000000274401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac82a1fc9c29ed02023-02-08 09:46:23.991root 11241100x8000000000000000274415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66a4a41f7debb32023-02-08 09:46:23.992root 11241100x8000000000000000274414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84bfd9058c3060f2023-02-08 09:46:23.992root 11241100x8000000000000000274413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6372fb2c9f1e02023-02-08 09:46:23.992root 11241100x8000000000000000274412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b235762cf8b6c2023-02-08 09:46:23.992root 11241100x8000000000000000274411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d420a7af34ceb42023-02-08 09:46:23.992root 11241100x8000000000000000274410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03b4cc62080ca32023-02-08 09:46:23.992root 11241100x8000000000000000274409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9af4fb764bd0c12023-02-08 09:46:23.992root 11241100x8000000000000000274408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815f4b8b4e4c90de2023-02-08 09:46:23.992root 11241100x8000000000000000274424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7fa4a0f1f4cdd42023-02-08 09:46:23.993root 11241100x8000000000000000274423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e87312a1ba611b72023-02-08 09:46:23.993root 11241100x8000000000000000274422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a32e841359bc312023-02-08 09:46:23.993root 11241100x8000000000000000274421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecefbe208d6d2622023-02-08 09:46:23.993root 11241100x8000000000000000274420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28df35b18fe9d92023-02-08 09:46:23.993root 11241100x8000000000000000274419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76050deee751b8e22023-02-08 09:46:23.993root 11241100x8000000000000000274418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599cac4e0bfc3902023-02-08 09:46:23.993root 11241100x8000000000000000274417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35d6713e45418a52023-02-08 09:46:23.993root 11241100x8000000000000000274416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4a0facd039a34f2023-02-08 09:46:23.993root 354300x8000000000000000274425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.148{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46732-false10.0.1.12-8000- 11241100x8000000000000000274427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098f4b8f52ebb292023-02-08 09:46:24.484root 11241100x8000000000000000274426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a0006cdaf6fac02023-02-08 09:46:24.484root 11241100x8000000000000000274432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27b4353e7aba3882023-02-08 09:46:24.485root 11241100x8000000000000000274431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b682c8848358cbc2023-02-08 09:46:24.485root 11241100x8000000000000000274430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c214a098b435b2023-02-08 09:46:24.485root 11241100x8000000000000000274429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a004cb3520ef52023-02-08 09:46:24.485root 11241100x8000000000000000274428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0939870999a76bb42023-02-08 09:46:24.485root 11241100x8000000000000000274445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6afe97a51a4307c2023-02-08 09:46:24.486root 11241100x8000000000000000274444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd915ce3ea7e7f92023-02-08 09:46:24.486root 11241100x8000000000000000274443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41be28139b9c3dec2023-02-08 09:46:24.486root 11241100x8000000000000000274442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a6f5f26c5503ea2023-02-08 09:46:24.486root 11241100x8000000000000000274441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f19911f780bfe22023-02-08 09:46:24.486root 11241100x8000000000000000274440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8589136f2112a7422023-02-08 09:46:24.486root 11241100x8000000000000000274439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fac52fa1aaf0542023-02-08 09:46:24.486root 11241100x8000000000000000274438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e4817daee53e622023-02-08 09:46:24.486root 11241100x8000000000000000274437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f54b8d0776dcf662023-02-08 09:46:24.486root 11241100x8000000000000000274436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78b91bad54fe57d2023-02-08 09:46:24.486root 11241100x8000000000000000274435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b074b18636d11092023-02-08 09:46:24.486root 11241100x8000000000000000274434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd13a11346bf60e2023-02-08 09:46:24.486root 11241100x8000000000000000274433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a51e6df1dbde142023-02-08 09:46:24.486root 11241100x8000000000000000274459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cf5a7d138609232023-02-08 09:46:24.487root 11241100x8000000000000000274458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc2ade28a832c932023-02-08 09:46:24.487root 11241100x8000000000000000274457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0aae1d03b393f92023-02-08 09:46:24.487root 11241100x8000000000000000274456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779ad2277c2910662023-02-08 09:46:24.487root 11241100x8000000000000000274455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142811197f647bbb2023-02-08 09:46:24.487root 11241100x8000000000000000274454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30beeca9955e5f52023-02-08 09:46:24.487root 11241100x8000000000000000274453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3920e2d77897b92023-02-08 09:46:24.487root 11241100x8000000000000000274452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c560dfef2658eaec2023-02-08 09:46:24.487root 11241100x8000000000000000274451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95400cc370d83a9e2023-02-08 09:46:24.487root 11241100x8000000000000000274450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069fe81f357a9c292023-02-08 09:46:24.487root 11241100x8000000000000000274449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaa167456a657b42023-02-08 09:46:24.487root 11241100x8000000000000000274448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af440aaf38d6870a2023-02-08 09:46:24.487root 11241100x8000000000000000274447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4ab68720b5c9d22023-02-08 09:46:24.487root 11241100x8000000000000000274446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df2ca942fc5918a2023-02-08 09:46:24.487root 11241100x8000000000000000274472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d577686dcafeb3432023-02-08 09:46:24.488root 11241100x8000000000000000274471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6eba00d8b80ece2023-02-08 09:46:24.488root 11241100x8000000000000000274470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2deed17f8d1cf652023-02-08 09:46:24.488root 11241100x8000000000000000274469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc0d8de1f5d6f3f2023-02-08 09:46:24.488root 11241100x8000000000000000274468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c608f4978cfbbb032023-02-08 09:46:24.488root 11241100x8000000000000000274467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f401b72e7e245cb12023-02-08 09:46:24.488root 11241100x8000000000000000274466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7a5185034989112023-02-08 09:46:24.488root 11241100x8000000000000000274465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fe18b3652c02aa2023-02-08 09:46:24.488root 11241100x8000000000000000274464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c1288b968a16952023-02-08 09:46:24.488root 11241100x8000000000000000274463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06323714a81fd782023-02-08 09:46:24.488root 11241100x8000000000000000274462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ae2e4cb15ba9ff2023-02-08 09:46:24.488root 11241100x8000000000000000274461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3c4a8fc6673e3c2023-02-08 09:46:24.488root 11241100x8000000000000000274460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db480fa9996249262023-02-08 09:46:24.488root 11241100x8000000000000000274477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0db789db3f85622023-02-08 09:46:24.489root 11241100x8000000000000000274476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a039d9fc7cb7ad422023-02-08 09:46:24.489root 11241100x8000000000000000274475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3b2bf87c664dba2023-02-08 09:46:24.489root 11241100x8000000000000000274474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f9d49e9df32ecb2023-02-08 09:46:24.489root 11241100x8000000000000000274473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4372efb7eab9ddc82023-02-08 09:46:24.489root 11241100x8000000000000000274484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e574282dffd9472023-02-08 09:46:24.984root 11241100x8000000000000000274483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8efd8bbb00baec2023-02-08 09:46:24.984root 11241100x8000000000000000274482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8688ea3fd8a267b2023-02-08 09:46:24.984root 11241100x8000000000000000274481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a66bacdfb2298d12023-02-08 09:46:24.984root 11241100x8000000000000000274480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0225a920c1817c252023-02-08 09:46:24.984root 11241100x8000000000000000274479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f533cfa44b89ab2023-02-08 09:46:24.984root 11241100x8000000000000000274478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c415751c00d63b2023-02-08 09:46:24.984root 11241100x8000000000000000274491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348fbe2a5361c6402023-02-08 09:46:24.985root 11241100x8000000000000000274490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f153ce5c130add512023-02-08 09:46:24.985root 11241100x8000000000000000274489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b843d1d2b77d1eb2023-02-08 09:46:24.985root 11241100x8000000000000000274488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc5b3d1db158d472023-02-08 09:46:24.985root 11241100x8000000000000000274487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a24aa4763edc8f2023-02-08 09:46:24.985root 11241100x8000000000000000274486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71428baa91eebd72023-02-08 09:46:24.985root 11241100x8000000000000000274485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cefecb9d791f1402023-02-08 09:46:24.985root 11241100x8000000000000000274500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be36e00ad121012023-02-08 09:46:24.986root 11241100x8000000000000000274499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630a7f8bfefae7f32023-02-08 09:46:24.986root 11241100x8000000000000000274498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78819beeeb4ce5c22023-02-08 09:46:24.986root 11241100x8000000000000000274497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65f79ab9df67f62023-02-08 09:46:24.986root 11241100x8000000000000000274496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc9c77ea2f930bc2023-02-08 09:46:24.986root 11241100x8000000000000000274495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bca4003cfae5fee2023-02-08 09:46:24.986root 11241100x8000000000000000274494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d691d9c7d4be8e222023-02-08 09:46:24.986root 11241100x8000000000000000274493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5171882e364be1df2023-02-08 09:46:24.986root 11241100x8000000000000000274492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97b462eccf9cd902023-02-08 09:46:24.986root 11241100x8000000000000000274516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9934e160fa65adb32023-02-08 09:46:24.987root 11241100x8000000000000000274515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7b737fffce7a4a2023-02-08 09:46:24.987root 11241100x8000000000000000274514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f98cd92edc084c2023-02-08 09:46:24.987root 11241100x8000000000000000274513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4036b1cbb60ce9302023-02-08 09:46:24.987root 11241100x8000000000000000274512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74411f7d35eacc242023-02-08 09:46:24.987root 11241100x8000000000000000274511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0baf79bc1d8b912023-02-08 09:46:24.987root 11241100x8000000000000000274510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91bad79efd11ea2023-02-08 09:46:24.987root 11241100x8000000000000000274509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b232628a2078762023-02-08 09:46:24.987root 11241100x8000000000000000274508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95a5227a3c346e2023-02-08 09:46:24.987root 11241100x8000000000000000274507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acee1c377125b7f62023-02-08 09:46:24.987root 11241100x8000000000000000274506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecb647cc19b857d2023-02-08 09:46:24.987root 11241100x8000000000000000274505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f01009377e8bce52023-02-08 09:46:24.987root 11241100x8000000000000000274504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3170aa69fd412732023-02-08 09:46:24.987root 11241100x8000000000000000274503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2187e066b6cdedc2023-02-08 09:46:24.987root 11241100x8000000000000000274502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a78660c1cee97ae2023-02-08 09:46:24.987root 11241100x8000000000000000274501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2587779129776f52023-02-08 09:46:24.987root 11241100x8000000000000000274526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef7f0414e34bb192023-02-08 09:46:24.988root 11241100x8000000000000000274525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e0e1149f86d2a2023-02-08 09:46:24.988root 11241100x8000000000000000274524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6015f55f3ad96c2023-02-08 09:46:24.988root 11241100x8000000000000000274523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e0784d778a297d2023-02-08 09:46:24.988root 11241100x8000000000000000274522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8e91c123d0cfa92023-02-08 09:46:24.988root 11241100x8000000000000000274521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dff849265192752023-02-08 09:46:24.988root 11241100x8000000000000000274520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a1be74012e4ab72023-02-08 09:46:24.988root 11241100x8000000000000000274519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f65e41abef80a022023-02-08 09:46:24.988root 11241100x8000000000000000274518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe97b6ce3aa3d6b2023-02-08 09:46:24.988root 11241100x8000000000000000274517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd7382ba2d346322023-02-08 09:46:24.988root 11241100x8000000000000000274538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6cba65098640cd2023-02-08 09:46:24.989root 11241100x8000000000000000274537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3743914b216513792023-02-08 09:46:24.989root 11241100x8000000000000000274536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c093b581d7b5dabb2023-02-08 09:46:24.989root 11241100x8000000000000000274535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92350eb06a2285b72023-02-08 09:46:24.989root 11241100x8000000000000000274534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249ca2e366c5c4cd2023-02-08 09:46:24.989root 11241100x8000000000000000274533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b1b0da54df4a532023-02-08 09:46:24.989root 11241100x8000000000000000274532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73291099c75b3402023-02-08 09:46:24.989root 11241100x8000000000000000274531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c475d22b8396f8212023-02-08 09:46:24.989root 11241100x8000000000000000274530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03592efc4b849fe2023-02-08 09:46:24.989root 11241100x8000000000000000274529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4348080361bd341b2023-02-08 09:46:24.989root 11241100x8000000000000000274528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44af9fa4adb7d23b2023-02-08 09:46:24.989root 11241100x8000000000000000274527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e43f8b175cf3652023-02-08 09:46:24.989root 11241100x8000000000000000274545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75369073fb2b222023-02-08 09:46:25.484root 11241100x8000000000000000274544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f54826de62700522023-02-08 09:46:25.484root 11241100x8000000000000000274543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373f3d4086875f92023-02-08 09:46:25.484root 11241100x8000000000000000274542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb516c74c7d26ff72023-02-08 09:46:25.484root 11241100x8000000000000000274541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb59acd58425efb72023-02-08 09:46:25.484root 11241100x8000000000000000274540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1453b95f5b8a4de42023-02-08 09:46:25.484root 11241100x8000000000000000274539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d28ca181e25c8372023-02-08 09:46:25.484root 11241100x8000000000000000274550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780d63f06bda33082023-02-08 09:46:25.485root 11241100x8000000000000000274549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0acaa375f0bcad2023-02-08 09:46:25.485root 11241100x8000000000000000274548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4d623df8ae33812023-02-08 09:46:25.485root 11241100x8000000000000000274547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11f807306e57f222023-02-08 09:46:25.485root 11241100x8000000000000000274546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b8d1aff6946aaa2023-02-08 09:46:25.485root 11241100x8000000000000000274556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57217129df4314ae2023-02-08 09:46:25.486root 11241100x8000000000000000274555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9924aeb9445421392023-02-08 09:46:25.486root 11241100x8000000000000000274554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f4e413318c36162023-02-08 09:46:25.486root 11241100x8000000000000000274553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a3da82ce8587c32023-02-08 09:46:25.486root 11241100x8000000000000000274552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b8a69bb53cbd422023-02-08 09:46:25.486root 11241100x8000000000000000274551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52a1481c4a5b1f52023-02-08 09:46:25.486root 11241100x8000000000000000274562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dda43a9c4a625002023-02-08 09:46:25.487root 11241100x8000000000000000274561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c17dc39b057aa2023-02-08 09:46:25.487root 11241100x8000000000000000274560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f217d61ea986bf2023-02-08 09:46:25.487root 11241100x8000000000000000274559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11251f9788debe432023-02-08 09:46:25.487root 11241100x8000000000000000274558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda8e50c6791681e2023-02-08 09:46:25.487root 11241100x8000000000000000274557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556f22b4293814612023-02-08 09:46:25.487root 11241100x8000000000000000274573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972ae8ead72ece92023-02-08 09:46:25.488root 11241100x8000000000000000274572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1dd02dfb2d6a052023-02-08 09:46:25.488root 11241100x8000000000000000274571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b11c5cf30bdcd62023-02-08 09:46:25.488root 11241100x8000000000000000274570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576df23a66d7ff142023-02-08 09:46:25.488root 11241100x8000000000000000274569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4ac378b95014b12023-02-08 09:46:25.488root 11241100x8000000000000000274568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02d323319107e622023-02-08 09:46:25.488root 11241100x8000000000000000274567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c46478cdb08d62023-02-08 09:46:25.488root 11241100x8000000000000000274566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa694a10246349c2023-02-08 09:46:25.488root 11241100x8000000000000000274565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248d66dc3bd67fb12023-02-08 09:46:25.488root 11241100x8000000000000000274564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9bfdbe212bc94a2023-02-08 09:46:25.488root 11241100x8000000000000000274563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d260bca39efae02023-02-08 09:46:25.488root 11241100x8000000000000000274587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f39dadea5d387d82023-02-08 09:46:25.489root 11241100x8000000000000000274586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66019d74b10915ed2023-02-08 09:46:25.489root 11241100x8000000000000000274585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df78eb850994d1562023-02-08 09:46:25.489root 11241100x8000000000000000274584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1ea3e9d9328ae52023-02-08 09:46:25.489root 11241100x8000000000000000274583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341242f5f07d43182023-02-08 09:46:25.489root 11241100x8000000000000000274582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d60a27649f00b2023-02-08 09:46:25.489root 11241100x8000000000000000274581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd7b19771912b972023-02-08 09:46:25.489root 11241100x8000000000000000274580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd79e6a1285f3d1d2023-02-08 09:46:25.489root 11241100x8000000000000000274579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30809e6a9250345a2023-02-08 09:46:25.489root 11241100x8000000000000000274578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed666ead275fd02023-02-08 09:46:25.489root 11241100x8000000000000000274577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bbe53d64fa54372023-02-08 09:46:25.489root 11241100x8000000000000000274576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ad415b3564ece2023-02-08 09:46:25.489root 11241100x8000000000000000274575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c0c45a3d852342023-02-08 09:46:25.489root 11241100x8000000000000000274574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b0814f654bf2e12023-02-08 09:46:25.489root 11241100x8000000000000000274602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a2dfdc484da5c2023-02-08 09:46:25.490root 11241100x8000000000000000274601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a96098e829a433c2023-02-08 09:46:25.490root 11241100x8000000000000000274600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243380c02fd7f8682023-02-08 09:46:25.490root 11241100x8000000000000000274599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6027856ba6503f2023-02-08 09:46:25.490root 11241100x8000000000000000274598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98fb81efae17ac32023-02-08 09:46:25.490root 11241100x8000000000000000274597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21c71e8fd8b42572023-02-08 09:46:25.490root 11241100x8000000000000000274596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e47235eae9ff0e12023-02-08 09:46:25.490root 11241100x8000000000000000274595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba24110a3fc8898f2023-02-08 09:46:25.490root 11241100x8000000000000000274594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115f180fff7ce0bf2023-02-08 09:46:25.490root 11241100x8000000000000000274593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5d4a514fdae0c72023-02-08 09:46:25.490root 11241100x8000000000000000274592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba85406471ab2e2023-02-08 09:46:25.490root 11241100x8000000000000000274591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861293f6e5ffc59c2023-02-08 09:46:25.490root 11241100x8000000000000000274590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a21343a7a8c592023-02-08 09:46:25.490root 11241100x8000000000000000274589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5128ff36da1f2d1b2023-02-08 09:46:25.490root 11241100x8000000000000000274588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a6d0d86c065e92023-02-08 09:46:25.490root 11241100x8000000000000000274603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067746ff1037bb652023-02-08 09:46:25.491root 11241100x8000000000000000274604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cdc7f9eaccbc1a2023-02-08 09:46:25.985root 11241100x8000000000000000274612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadcc5c9716b8e302023-02-08 09:46:25.986root 11241100x8000000000000000274611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da374f4389632092023-02-08 09:46:25.986root 11241100x8000000000000000274610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5da359ae8851ca2023-02-08 09:46:25.986root 11241100x8000000000000000274609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1342af2a1df1a8772023-02-08 09:46:25.986root 11241100x8000000000000000274608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0dd6112bd07ec2023-02-08 09:46:25.986root 11241100x8000000000000000274607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ec1ab4eff197952023-02-08 09:46:25.986root 11241100x8000000000000000274606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a252811c36a3262023-02-08 09:46:25.986root 11241100x8000000000000000274605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb77f66e961db02023-02-08 09:46:25.986root 11241100x8000000000000000274619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0339633b04ab46342023-02-08 09:46:25.987root 11241100x8000000000000000274618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1790dabf3000eaa2023-02-08 09:46:25.987root 11241100x8000000000000000274617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65fbaf7408f466f2023-02-08 09:46:25.987root 11241100x8000000000000000274616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dcd826f73f50472023-02-08 09:46:25.987root 11241100x8000000000000000274615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa16a370bf1f762023-02-08 09:46:25.987root 11241100x8000000000000000274614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62edbc29a4c3e6b2023-02-08 09:46:25.987root 11241100x8000000000000000274613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080676b09bd831312023-02-08 09:46:25.987root 11241100x8000000000000000274623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccbdf65ea6783c92023-02-08 09:46:25.988root 11241100x8000000000000000274622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd3c77ebf4ed78e2023-02-08 09:46:25.988root 11241100x8000000000000000274621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb556cc02c6d0a642023-02-08 09:46:25.988root 11241100x8000000000000000274620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a17e8671521b152023-02-08 09:46:25.988root 11241100x8000000000000000274626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4200198c9c9022023-02-08 09:46:25.989root 11241100x8000000000000000274625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579480f7f12599ca2023-02-08 09:46:25.989root 11241100x8000000000000000274624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff285d651e1de7952023-02-08 09:46:25.989root 11241100x8000000000000000274636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8c81533835f9462023-02-08 09:46:25.990root 11241100x8000000000000000274635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1d8f13c0008d72023-02-08 09:46:25.990root 11241100x8000000000000000274634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba96a52dc021b782023-02-08 09:46:25.990root 11241100x8000000000000000274633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06c794e883e95ba2023-02-08 09:46:25.990root 11241100x8000000000000000274632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dc885a491ed77a2023-02-08 09:46:25.990root 11241100x8000000000000000274631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871a2cd94fee4352023-02-08 09:46:25.990root 11241100x8000000000000000274630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ee40a8129697182023-02-08 09:46:25.990root 11241100x8000000000000000274629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444733810286dbac2023-02-08 09:46:25.990root 11241100x8000000000000000274628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240917debde48af32023-02-08 09:46:25.990root 11241100x8000000000000000274627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1426535ad8769da2023-02-08 09:46:25.990root 11241100x8000000000000000274648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96a31b95fb378942023-02-08 09:46:25.991root 11241100x8000000000000000274647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9809ab9dc8894e2023-02-08 09:46:25.991root 11241100x8000000000000000274646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732531e9f989a7122023-02-08 09:46:25.991root 11241100x8000000000000000274645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69892e2fd92160a12023-02-08 09:46:25.991root 11241100x8000000000000000274644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2055895974566f262023-02-08 09:46:25.991root 11241100x8000000000000000274643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9132e9678dfe6ff2023-02-08 09:46:25.991root 11241100x8000000000000000274642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e68c5f361cc2432023-02-08 09:46:25.991root 11241100x8000000000000000274641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269e838cbc4ddb942023-02-08 09:46:25.991root 11241100x8000000000000000274640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551e415889be3c502023-02-08 09:46:25.991root 11241100x8000000000000000274639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fa4f4712a8d7702023-02-08 09:46:25.991root 11241100x8000000000000000274638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bdbb4429c1e0d82023-02-08 09:46:25.991root 11241100x8000000000000000274637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c497c19546ccaba2023-02-08 09:46:25.991root 11241100x8000000000000000274657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600cada3570c8f942023-02-08 09:46:26.485root 11241100x8000000000000000274656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d156be8f28b3472023-02-08 09:46:26.485root 11241100x8000000000000000274655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0811814a42c6a642023-02-08 09:46:26.485root 11241100x8000000000000000274654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7db082692570c82023-02-08 09:46:26.485root 11241100x8000000000000000274653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615f0de0dd7394602023-02-08 09:46:26.485root 11241100x8000000000000000274652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4079c3833f5753b12023-02-08 09:46:26.485root 11241100x8000000000000000274651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baeb04b822d32972023-02-08 09:46:26.485root 11241100x8000000000000000274650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daef61f69caa1aa2023-02-08 09:46:26.485root 11241100x8000000000000000274649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ad115550b4f8092023-02-08 09:46:26.485root 11241100x8000000000000000274666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589f5f0529a3e982023-02-08 09:46:26.486root 11241100x8000000000000000274665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c570473ff60c0892023-02-08 09:46:26.486root 11241100x8000000000000000274664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecce1ae08c895b32023-02-08 09:46:26.486root 11241100x8000000000000000274663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acba4ff94faefacd2023-02-08 09:46:26.486root 11241100x8000000000000000274662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c2b86037f00f2c2023-02-08 09:46:26.486root 11241100x8000000000000000274661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6449a07ae719d82023-02-08 09:46:26.486root 11241100x8000000000000000274660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb8e4675434ac322023-02-08 09:46:26.486root 11241100x8000000000000000274659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00bb15abd9b4cb02023-02-08 09:46:26.486root 11241100x8000000000000000274658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb589a703dbaef402023-02-08 09:46:26.486root 11241100x8000000000000000274670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fde8df7aaf40832023-02-08 09:46:26.487root 11241100x8000000000000000274669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68811da78093de582023-02-08 09:46:26.487root 11241100x8000000000000000274668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3ff32210abcd702023-02-08 09:46:26.487root 11241100x8000000000000000274667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bddd7d7bfd3b1d2023-02-08 09:46:26.487root 11241100x8000000000000000274678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec4c0b3fc6be2b2023-02-08 09:46:26.488root 11241100x8000000000000000274677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38555d1145a477952023-02-08 09:46:26.488root 11241100x8000000000000000274676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43243610ca636d2c2023-02-08 09:46:26.488root 11241100x8000000000000000274675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b086331a3bdc97b22023-02-08 09:46:26.488root 11241100x8000000000000000274674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70295814c3a636bb2023-02-08 09:46:26.488root 11241100x8000000000000000274673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08818c7db51250b22023-02-08 09:46:26.488root 11241100x8000000000000000274672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05102679b314db42023-02-08 09:46:26.488root 11241100x8000000000000000274671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8e4e1069f44e342023-02-08 09:46:26.488root 11241100x8000000000000000274686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b54497b67560b2023-02-08 09:46:26.489root 11241100x8000000000000000274685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dff3851915c7372023-02-08 09:46:26.489root 11241100x8000000000000000274684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf64dfc8245faab2023-02-08 09:46:26.489root 11241100x8000000000000000274683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0783379ec7b6a62023-02-08 09:46:26.489root 11241100x8000000000000000274682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60ed9c2698e9eca2023-02-08 09:46:26.489root 11241100x8000000000000000274681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c841d0610b603fda2023-02-08 09:46:26.489root 11241100x8000000000000000274680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a9ebf1c9acba5d2023-02-08 09:46:26.489root 11241100x8000000000000000274679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5a068ec714c9e2023-02-08 09:46:26.489root 11241100x8000000000000000274695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb832ba6bcc932ee2023-02-08 09:46:26.490root 11241100x8000000000000000274694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90adb34e09e73d992023-02-08 09:46:26.490root 11241100x8000000000000000274693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3315225cfe328612023-02-08 09:46:26.490root 11241100x8000000000000000274692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeae13cb57f22aa62023-02-08 09:46:26.490root 11241100x8000000000000000274691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f7da6e19c9b5dc2023-02-08 09:46:26.490root 11241100x8000000000000000274690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f30a699b2b5a5732023-02-08 09:46:26.490root 11241100x8000000000000000274689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901175646c5552142023-02-08 09:46:26.490root 11241100x8000000000000000274688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98bd8978b27e3ca2023-02-08 09:46:26.490root 11241100x8000000000000000274687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9965f985fa7834082023-02-08 09:46:26.490root 11241100x8000000000000000274697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0b180e2b967c52023-02-08 09:46:26.491root 11241100x8000000000000000274696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff11c937d01bb9202023-02-08 09:46:26.491root 11241100x8000000000000000274705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008d1709b694ee22023-02-08 09:46:26.984root 11241100x8000000000000000274704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0329d1c322ecd71c2023-02-08 09:46:26.984root 11241100x8000000000000000274703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577cbf1de2546bd02023-02-08 09:46:26.984root 11241100x8000000000000000274702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d0d8b73627dd1a2023-02-08 09:46:26.984root 11241100x8000000000000000274701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b275feb8ed3a7b2023-02-08 09:46:26.984root 11241100x8000000000000000274700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fc8dcd620969692023-02-08 09:46:26.984root 11241100x8000000000000000274699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10ba5387021fb012023-02-08 09:46:26.984root 11241100x8000000000000000274698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581186c5ec8024f32023-02-08 09:46:26.984root 11241100x8000000000000000274711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fd3484d9a355ec2023-02-08 09:46:26.985root 11241100x8000000000000000274710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e8d686c22c97902023-02-08 09:46:26.985root 11241100x8000000000000000274709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d301943ea9456d2023-02-08 09:46:26.985root 11241100x8000000000000000274708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5b819e4fa52192023-02-08 09:46:26.985root 11241100x8000000000000000274707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd8a203de3962312023-02-08 09:46:26.985root 11241100x8000000000000000274706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78629faa6e986e4f2023-02-08 09:46:26.985root 11241100x8000000000000000274719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4affe059d711942023-02-08 09:46:26.986root 11241100x8000000000000000274718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47818d3b396b7952023-02-08 09:46:26.986root 11241100x8000000000000000274717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1185260208440d802023-02-08 09:46:26.986root 11241100x8000000000000000274716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaa3e73707cbea82023-02-08 09:46:26.986root 11241100x8000000000000000274715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ae3ed7b83aa5fe2023-02-08 09:46:26.986root 11241100x8000000000000000274714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bce30b558414632023-02-08 09:46:26.986root 11241100x8000000000000000274713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e49a86d3425592023-02-08 09:46:26.986root 11241100x8000000000000000274712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a088a28a9ca41b2023-02-08 09:46:26.986root 11241100x8000000000000000274722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25741415481052652023-02-08 09:46:26.987root 11241100x8000000000000000274721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb7403b6a745ae42023-02-08 09:46:26.987root 11241100x8000000000000000274720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e483501787d002023-02-08 09:46:26.987root 11241100x8000000000000000274730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7b0cb0e393c40c2023-02-08 09:46:26.988root 11241100x8000000000000000274729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deb0982c876a0772023-02-08 09:46:26.988root 11241100x8000000000000000274728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b54feec67137822023-02-08 09:46:26.988root 11241100x8000000000000000274727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c630d237524067442023-02-08 09:46:26.988root 11241100x8000000000000000274726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b3ccf36d2239e2023-02-08 09:46:26.988root 11241100x8000000000000000274725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32928bbc0c50c392023-02-08 09:46:26.988root 11241100x8000000000000000274724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cdba3abc9865252023-02-08 09:46:26.988root 11241100x8000000000000000274723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c7a9f29d6d1672023-02-08 09:46:26.988root 11241100x8000000000000000274737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597270c3c6d96e032023-02-08 09:46:26.989root 11241100x8000000000000000274736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdf7ecd6246b8672023-02-08 09:46:26.989root 11241100x8000000000000000274735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc09281f40a5a472023-02-08 09:46:26.989root 11241100x8000000000000000274734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661931cb1fb749e52023-02-08 09:46:26.989root 11241100x8000000000000000274733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe636be5cd5d7582023-02-08 09:46:26.989root 11241100x8000000000000000274732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b42faff877f63a2023-02-08 09:46:26.989root 11241100x8000000000000000274731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d296932bac073c2023-02-08 09:46:26.989root 11241100x8000000000000000274742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13491efbb8c63c742023-02-08 09:46:26.990root 11241100x8000000000000000274741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24af3b935adc81662023-02-08 09:46:26.990root 11241100x8000000000000000274740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529180dcf1acc7622023-02-08 09:46:26.990root 11241100x8000000000000000274739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa50bc119fdacf2023-02-08 09:46:26.990root 11241100x8000000000000000274738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fc1301ad1469062023-02-08 09:46:26.990root 11241100x8000000000000000274748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac948ed14e508f2023-02-08 09:46:26.991root 11241100x8000000000000000274747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57609c45bcf89a32023-02-08 09:46:26.991root 11241100x8000000000000000274746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41722463e94dc82c2023-02-08 09:46:26.991root 11241100x8000000000000000274745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aa00f7d228e3302023-02-08 09:46:26.991root 11241100x8000000000000000274744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568ef9033c6c534f2023-02-08 09:46:26.991root 11241100x8000000000000000274743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c438f45186ef712023-02-08 09:46:26.991root 11241100x8000000000000000274755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99fb8c58f2ba3972023-02-08 09:46:26.992root 11241100x8000000000000000274754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ad319fedcf6f52023-02-08 09:46:26.992root 11241100x8000000000000000274753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7934eb2b9529332023-02-08 09:46:26.992root 11241100x8000000000000000274752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4920e937015e682023-02-08 09:46:26.992root 11241100x8000000000000000274751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af8e670f7a27ce22023-02-08 09:46:26.992root 11241100x8000000000000000274750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288bd9cc5c05b1de2023-02-08 09:46:26.992root 11241100x8000000000000000274749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97083f090bbbdd902023-02-08 09:46:26.992root 11241100x8000000000000000274760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85124ca86007d2052023-02-08 09:46:26.993root 11241100x8000000000000000274759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c841b8bc6eec8eb82023-02-08 09:46:26.993root 11241100x8000000000000000274758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27792a7e49c54c4a2023-02-08 09:46:26.993root 11241100x8000000000000000274757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d623eda5f88d9a2023-02-08 09:46:26.993root 11241100x8000000000000000274756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a1ceae79106b202023-02-08 09:46:26.993root 11241100x8000000000000000274764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c64dfd78d6f7d2023-02-08 09:46:26.994root 11241100x8000000000000000274763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7475044ba52dfd2023-02-08 09:46:26.994root 11241100x8000000000000000274762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d97a8f730a1078f2023-02-08 09:46:26.994root 11241100x8000000000000000274761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:26.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a282d38300480a02023-02-08 09:46:26.994root 11241100x8000000000000000274765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407924948a7e99fe2023-02-08 09:46:27.485root 11241100x8000000000000000274781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3342c9c808e8f8a2023-02-08 09:46:27.486root 11241100x8000000000000000274780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e72f402b0566142023-02-08 09:46:27.486root 11241100x8000000000000000274779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce935f9a182ae9962023-02-08 09:46:27.486root 11241100x8000000000000000274778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee010a61176d6172023-02-08 09:46:27.486root 11241100x8000000000000000274777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082e413ef81b66692023-02-08 09:46:27.486root 11241100x8000000000000000274776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480a6a3a59e1608b2023-02-08 09:46:27.486root 11241100x8000000000000000274775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418a4ce0b35554c2023-02-08 09:46:27.486root 11241100x8000000000000000274774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb545b62887217142023-02-08 09:46:27.486root 11241100x8000000000000000274773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b46dc5affe39ad32023-02-08 09:46:27.486root 11241100x8000000000000000274772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5245623cb5b5ea2023-02-08 09:46:27.486root 11241100x8000000000000000274771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67fa02b2d2f089f2023-02-08 09:46:27.486root 11241100x8000000000000000274770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064827455ca460bc2023-02-08 09:46:27.486root 11241100x8000000000000000274769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe96308f232a19e2023-02-08 09:46:27.486root 11241100x8000000000000000274768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c709265331c6922023-02-08 09:46:27.486root 11241100x8000000000000000274767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc485a193131d952023-02-08 09:46:27.486root 11241100x8000000000000000274766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6acee8988b0431d2023-02-08 09:46:27.486root 11241100x8000000000000000274793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c41175e8e33d52023-02-08 09:46:27.487root 11241100x8000000000000000274792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5029807a1702c5e2023-02-08 09:46:27.487root 11241100x8000000000000000274791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77acb8a7c1dc63f82023-02-08 09:46:27.487root 11241100x8000000000000000274790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebddbacedefc6fe2023-02-08 09:46:27.487root 11241100x8000000000000000274789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af09ce6d912197712023-02-08 09:46:27.487root 11241100x8000000000000000274788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9983edcc7c2caf232023-02-08 09:46:27.487root 11241100x8000000000000000274787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc99904848282542023-02-08 09:46:27.487root 11241100x8000000000000000274786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93af7b02f43e03282023-02-08 09:46:27.487root 11241100x8000000000000000274785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3b89445120bcd2023-02-08 09:46:27.487root 11241100x8000000000000000274784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa6e1c61f49cdf2023-02-08 09:46:27.487root 11241100x8000000000000000274783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ffa7b0f6d84abf2023-02-08 09:46:27.487root 11241100x8000000000000000274782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b8a275f46cf3d02023-02-08 09:46:27.487root 11241100x8000000000000000274807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81901a8f84d907932023-02-08 09:46:27.488root 11241100x8000000000000000274806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04054b4b1438fab62023-02-08 09:46:27.488root 11241100x8000000000000000274805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d03e8888e92eeb02023-02-08 09:46:27.488root 11241100x8000000000000000274804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b721cd59b0012bb2023-02-08 09:46:27.488root 11241100x8000000000000000274803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d6eabba7429b842023-02-08 09:46:27.488root 11241100x8000000000000000274802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f883cfc51735fed2023-02-08 09:46:27.488root 11241100x8000000000000000274801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abcc6350240c0a52023-02-08 09:46:27.488root 11241100x8000000000000000274800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21d506f6a70af4d2023-02-08 09:46:27.488root 11241100x8000000000000000274799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70d15e938b87a2a2023-02-08 09:46:27.488root 11241100x8000000000000000274798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61b058716544c92023-02-08 09:46:27.488root 11241100x8000000000000000274797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd14a066e63a2842023-02-08 09:46:27.488root 11241100x8000000000000000274796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d59c10638813b2023-02-08 09:46:27.488root 11241100x8000000000000000274795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058f2cbeb2c66f012023-02-08 09:46:27.488root 11241100x8000000000000000274794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e64f67fc8398c02023-02-08 09:46:27.488root 11241100x8000000000000000274816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94261598b876d55c2023-02-08 09:46:27.489root 11241100x8000000000000000274815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458a9fb60e5b48532023-02-08 09:46:27.489root 11241100x8000000000000000274814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64db9b202a8f29172023-02-08 09:46:27.489root 11241100x8000000000000000274813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a347eceaac60e5372023-02-08 09:46:27.489root 11241100x8000000000000000274812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61a6197ca69aa4b2023-02-08 09:46:27.489root 11241100x8000000000000000274811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754bda158ae2c7842023-02-08 09:46:27.489root 11241100x8000000000000000274810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8fe270325933f32023-02-08 09:46:27.489root 11241100x8000000000000000274809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a570fb2956102da12023-02-08 09:46:27.489root 11241100x8000000000000000274808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0bb38c521651d2023-02-08 09:46:27.489root 11241100x8000000000000000274828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ed90604937d712023-02-08 09:46:27.986root 11241100x8000000000000000274827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bebe9d190c49482023-02-08 09:46:27.986root 11241100x8000000000000000274826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e5a08ac474edf02023-02-08 09:46:27.986root 11241100x8000000000000000274825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1629ec7d8cf79232023-02-08 09:46:27.986root 11241100x8000000000000000274824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5909e80d3cc1f7ce2023-02-08 09:46:27.986root 11241100x8000000000000000274823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55083224178a1cf12023-02-08 09:46:27.986root 11241100x8000000000000000274822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d38d03b3c4c2a02023-02-08 09:46:27.986root 11241100x8000000000000000274821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d5001178b11342023-02-08 09:46:27.986root 11241100x8000000000000000274820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e03dbd1f11b6b592023-02-08 09:46:27.986root 11241100x8000000000000000274819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3c2a43e1f844e52023-02-08 09:46:27.986root 11241100x8000000000000000274818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772050b5fe55d1ac2023-02-08 09:46:27.986root 11241100x8000000000000000274817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa39e01f95212cd2023-02-08 09:46:27.986root 11241100x8000000000000000274844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a340734a140139e2023-02-08 09:46:27.987root 11241100x8000000000000000274843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623f37e6790f49722023-02-08 09:46:27.987root 11241100x8000000000000000274842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3741eee1ca80f52023-02-08 09:46:27.987root 11241100x8000000000000000274841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b7dd9f1c6ed9c2023-02-08 09:46:27.987root 11241100x8000000000000000274840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1627acae81c807e72023-02-08 09:46:27.987root 11241100x8000000000000000274839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71367cd99a92c3ce2023-02-08 09:46:27.987root 11241100x8000000000000000274838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57edbbc739f45942023-02-08 09:46:27.987root 11241100x8000000000000000274837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c47b84a346aeea2023-02-08 09:46:27.987root 11241100x8000000000000000274836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da92b2d4858c8e272023-02-08 09:46:27.987root 11241100x8000000000000000274835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b0d3284f6bebac2023-02-08 09:46:27.987root 11241100x8000000000000000274834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4520863116e4ae2023-02-08 09:46:27.987root 11241100x8000000000000000274833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979434c538e3e93f2023-02-08 09:46:27.987root 11241100x8000000000000000274832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ee5a5336ada912023-02-08 09:46:27.987root 11241100x8000000000000000274831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1825a30c9ebf287e2023-02-08 09:46:27.987root 11241100x8000000000000000274830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135d326071089e512023-02-08 09:46:27.987root 11241100x8000000000000000274829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68bb66ad271af1c2023-02-08 09:46:27.987root 11241100x8000000000000000274859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bb87675fead11b2023-02-08 09:46:27.988root 11241100x8000000000000000274858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12c08763dcf93f62023-02-08 09:46:27.988root 11241100x8000000000000000274857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959b1c8fe1273b62023-02-08 09:46:27.988root 11241100x8000000000000000274856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8529a9cfc309b52023-02-08 09:46:27.988root 11241100x8000000000000000274855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019068bf8b525d8a2023-02-08 09:46:27.988root 11241100x8000000000000000274854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2638ea83362610192023-02-08 09:46:27.988root 11241100x8000000000000000274853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6300738058d18092023-02-08 09:46:27.988root 11241100x8000000000000000274852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66104377d796af002023-02-08 09:46:27.988root 11241100x8000000000000000274851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349553d52f2ffd1c2023-02-08 09:46:27.988root 11241100x8000000000000000274850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb7ffabf8addbc92023-02-08 09:46:27.988root 11241100x8000000000000000274849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1358a852affc6d2023-02-08 09:46:27.988root 11241100x8000000000000000274848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa85701b78ef3e792023-02-08 09:46:27.988root 11241100x8000000000000000274847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4b2fd4e5829eb12023-02-08 09:46:27.988root 11241100x8000000000000000274846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f18e141f30ec35c2023-02-08 09:46:27.988root 11241100x8000000000000000274845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096e562edacf6e482023-02-08 09:46:27.988root 11241100x8000000000000000274861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461dbffd74c66e22023-02-08 09:46:27.989root 11241100x8000000000000000274860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0446dc481b75b2023-02-08 09:46:27.989root 11241100x8000000000000000274862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344a129df512d4ec2023-02-08 09:46:28.485root 11241100x8000000000000000274869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c629ddbbf953e5c2023-02-08 09:46:28.486root 11241100x8000000000000000274868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df3a8f934408872023-02-08 09:46:28.486root 11241100x8000000000000000274867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6701025812666bcf2023-02-08 09:46:28.486root 11241100x8000000000000000274866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae1e93d526522f02023-02-08 09:46:28.486root 11241100x8000000000000000274865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91a002218eb1c582023-02-08 09:46:28.486root 11241100x8000000000000000274864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d311b37555e0f6af2023-02-08 09:46:28.486root 11241100x8000000000000000274863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c59bc096c05a702023-02-08 09:46:28.486root 11241100x8000000000000000274876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f9f174602842b2023-02-08 09:46:28.487root 11241100x8000000000000000274875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfed36444801aac2023-02-08 09:46:28.487root 11241100x8000000000000000274874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb13a4a8e887e1222023-02-08 09:46:28.487root 11241100x8000000000000000274873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd79b78d63404122023-02-08 09:46:28.487root 11241100x8000000000000000274872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405cdcc279d3921d2023-02-08 09:46:28.487root 11241100x8000000000000000274871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40c67a03c758932023-02-08 09:46:28.487root 11241100x8000000000000000274870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d737c47febf932a12023-02-08 09:46:28.487root 11241100x8000000000000000274878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7b60da7c2df922023-02-08 09:46:28.488root 11241100x8000000000000000274877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9fb82869d9cc772023-02-08 09:46:28.488root 11241100x8000000000000000274887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ecb4530613cc702023-02-08 09:46:28.489root 11241100x8000000000000000274886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120f905241e823a92023-02-08 09:46:28.489root 11241100x8000000000000000274885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cb6f70d25d0eb62023-02-08 09:46:28.489root 11241100x8000000000000000274884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5dd181d69328342023-02-08 09:46:28.489root 11241100x8000000000000000274883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f56abde6c9117db2023-02-08 09:46:28.489root 11241100x8000000000000000274882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e9222190a5fdf52023-02-08 09:46:28.489root 11241100x8000000000000000274881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51fe8be253af2582023-02-08 09:46:28.489root 11241100x8000000000000000274880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257432166fe170db2023-02-08 09:46:28.489root 11241100x8000000000000000274879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3373971df53a9b2c2023-02-08 09:46:28.489root 11241100x8000000000000000274899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c01afca968b00ec2023-02-08 09:46:28.490root 11241100x8000000000000000274898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3308c39ace9677fa2023-02-08 09:46:28.490root 11241100x8000000000000000274897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fceb9fed9f22f202023-02-08 09:46:28.490root 11241100x8000000000000000274896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13c1baa375645d2023-02-08 09:46:28.490root 11241100x8000000000000000274895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0bb672503e57242023-02-08 09:46:28.490root 11241100x8000000000000000274894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e13b39408467c42023-02-08 09:46:28.490root 11241100x8000000000000000274893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee3eb1bce4bef4c2023-02-08 09:46:28.490root 11241100x8000000000000000274892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7bf423160a91282023-02-08 09:46:28.490root 11241100x8000000000000000274891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c0dd5dfde1fcd2023-02-08 09:46:28.490root 11241100x8000000000000000274890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefa031ee40bd722023-02-08 09:46:28.490root 11241100x8000000000000000274889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7691d072eb0ed5d22023-02-08 09:46:28.490root 11241100x8000000000000000274888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21bc8b8905247a62023-02-08 09:46:28.490root 11241100x8000000000000000274909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83487dedefbad3c2023-02-08 09:46:28.491root 11241100x8000000000000000274908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc1a67fe3a55722023-02-08 09:46:28.491root 11241100x8000000000000000274907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab79393810dca302023-02-08 09:46:28.491root 11241100x8000000000000000274906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d8f68dcd649ab72023-02-08 09:46:28.491root 11241100x8000000000000000274905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef5d1e2496847812023-02-08 09:46:28.491root 11241100x8000000000000000274904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c675132a2108dd872023-02-08 09:46:28.491root 11241100x8000000000000000274903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bad1549f4db194a2023-02-08 09:46:28.491root 11241100x8000000000000000274902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5826346a363e8b2023-02-08 09:46:28.491root 11241100x8000000000000000274901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119be735a3b5afb52023-02-08 09:46:28.491root 11241100x8000000000000000274900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3639a868176c1eca2023-02-08 09:46:28.491root 11241100x8000000000000000274919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb71fddb66eaf8ba2023-02-08 09:46:28.492root 11241100x8000000000000000274918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c550b58e69e7412023-02-08 09:46:28.492root 11241100x8000000000000000274917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b5a03905c2873d2023-02-08 09:46:28.492root 11241100x8000000000000000274916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33ec948fe264ec22023-02-08 09:46:28.492root 11241100x8000000000000000274915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73ff47acf73f7cb2023-02-08 09:46:28.492root 11241100x8000000000000000274914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abb41c7a2ca57f22023-02-08 09:46:28.492root 11241100x8000000000000000274913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56bab275d0bfcbf2023-02-08 09:46:28.492root 11241100x8000000000000000274912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48064c8c7324c812023-02-08 09:46:28.492root 11241100x8000000000000000274911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b8fe06ae3bcaf2023-02-08 09:46:28.492root 11241100x8000000000000000274910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862631f7400d4a382023-02-08 09:46:28.492root 11241100x8000000000000000274920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee5ef8d42575b3f2023-02-08 09:46:28.493root 11241100x8000000000000000274925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb69f6c58714e1e22023-02-08 09:46:28.984root 11241100x8000000000000000274924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45acb92626d57482023-02-08 09:46:28.984root 11241100x8000000000000000274923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c355ae8220bbc2d92023-02-08 09:46:28.984root 11241100x8000000000000000274922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d16e472dd0ff1e2023-02-08 09:46:28.984root 11241100x8000000000000000274921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185fabbd482463102023-02-08 09:46:28.984root 11241100x8000000000000000274935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5195c544105dd932023-02-08 09:46:28.985root 11241100x8000000000000000274934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0368187113107bcc2023-02-08 09:46:28.985root 11241100x8000000000000000274933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd4713198fb2882023-02-08 09:46:28.985root 11241100x8000000000000000274932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e154664561e5932023-02-08 09:46:28.985root 11241100x8000000000000000274931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a612ae60168fdda42023-02-08 09:46:28.985root 11241100x8000000000000000274930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acfd497d890c7332023-02-08 09:46:28.985root 11241100x8000000000000000274929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86203a52060668c42023-02-08 09:46:28.985root 11241100x8000000000000000274928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41671fb768892cf2023-02-08 09:46:28.985root 11241100x8000000000000000274927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29ceefd6e1cf4032023-02-08 09:46:28.985root 11241100x8000000000000000274926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2b5c50fac6641d2023-02-08 09:46:28.985root 11241100x8000000000000000274943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566dd5bbd9b514f52023-02-08 09:46:28.986root 11241100x8000000000000000274942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c971af3a9cf5c762023-02-08 09:46:28.986root 11241100x8000000000000000274941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc247a3a51f689f12023-02-08 09:46:28.986root 11241100x8000000000000000274940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af4f1982338f4912023-02-08 09:46:28.986root 11241100x8000000000000000274939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac921bcac71498912023-02-08 09:46:28.986root 11241100x8000000000000000274938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0ccd8f1afe76fc2023-02-08 09:46:28.986root 11241100x8000000000000000274937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0961d1da892e1d7c2023-02-08 09:46:28.986root 11241100x8000000000000000274936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de5cf3e27baddc2023-02-08 09:46:28.986root 11241100x8000000000000000274953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fef70fbe5504ed12023-02-08 09:46:28.987root 11241100x8000000000000000274952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3c4082c0ad27ce2023-02-08 09:46:28.987root 11241100x8000000000000000274951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fac3daf024c2df2023-02-08 09:46:28.987root 11241100x8000000000000000274950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617504f36541e3592023-02-08 09:46:28.987root 11241100x8000000000000000274949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcd5a2285c756112023-02-08 09:46:28.987root 11241100x8000000000000000274948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfb842a0a59c9aa2023-02-08 09:46:28.987root 11241100x8000000000000000274947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418735e12cf768292023-02-08 09:46:28.987root 11241100x8000000000000000274946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396a8400b621e1162023-02-08 09:46:28.987root 11241100x8000000000000000274945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826b4762b4dbbc742023-02-08 09:46:28.987root 11241100x8000000000000000274944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55668bb9b6fb69912023-02-08 09:46:28.987root 11241100x8000000000000000274963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb89f7a79f767f9f2023-02-08 09:46:28.988root 11241100x8000000000000000274962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73e42b1a8c152132023-02-08 09:46:28.988root 11241100x8000000000000000274961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0855d3912118fe282023-02-08 09:46:28.988root 11241100x8000000000000000274960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa819de4b9d00f822023-02-08 09:46:28.988root 11241100x8000000000000000274959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2f66abf943df92023-02-08 09:46:28.988root 11241100x8000000000000000274958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ec59ec51c530ef2023-02-08 09:46:28.988root 11241100x8000000000000000274957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155c6436a74bde92023-02-08 09:46:28.988root 11241100x8000000000000000274956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115bc92b65eec9302023-02-08 09:46:28.988root 11241100x8000000000000000274955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9562aae4db8316192023-02-08 09:46:28.988root 11241100x8000000000000000274954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149fe39a3654c3a82023-02-08 09:46:28.988root 11241100x8000000000000000274972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa8223dc79c8e8b2023-02-08 09:46:28.989root 11241100x8000000000000000274971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5a449a9d149e002023-02-08 09:46:28.989root 11241100x8000000000000000274970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe6a71eb497015d2023-02-08 09:46:28.989root 11241100x8000000000000000274969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6209c9fd1b9b8dad2023-02-08 09:46:28.989root 11241100x8000000000000000274968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae21886f32a54842023-02-08 09:46:28.989root 11241100x8000000000000000274967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7451da2f3ff0152023-02-08 09:46:28.989root 11241100x8000000000000000274966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e65bc2a3c6f3582023-02-08 09:46:28.989root 11241100x8000000000000000274965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2401d403416082da2023-02-08 09:46:28.989root 11241100x8000000000000000274964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87919b1664991fc82023-02-08 09:46:28.989root 11241100x8000000000000000274982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8117f2a890f35072023-02-08 09:46:28.990root 11241100x8000000000000000274981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd539a0bdec07762023-02-08 09:46:28.990root 11241100x8000000000000000274980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d543fc18cda1d9c02023-02-08 09:46:28.990root 11241100x8000000000000000274979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381ed0531c5ebd3a2023-02-08 09:46:28.990root 11241100x8000000000000000274978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43b4259dfbb8c452023-02-08 09:46:28.990root 11241100x8000000000000000274977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc90712cd6ca85f2023-02-08 09:46:28.990root 11241100x8000000000000000274976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a351f43d50df02023-02-08 09:46:28.990root 11241100x8000000000000000274975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c24ba1d7361a7e2023-02-08 09:46:28.990root 11241100x8000000000000000274974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742bdc7a15cb98b2023-02-08 09:46:28.990root 11241100x8000000000000000274973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949bef232e2840d52023-02-08 09:46:28.990root 11241100x8000000000000000274989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51aea2fa70ded7c62023-02-08 09:46:28.991root 11241100x8000000000000000274988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae8144cde0dca82023-02-08 09:46:28.991root 11241100x8000000000000000274987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038182c8178b4f752023-02-08 09:46:28.991root 11241100x8000000000000000274986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687d3c58844f5e5a2023-02-08 09:46:28.991root 11241100x8000000000000000274985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa96bcb8dd58f002023-02-08 09:46:28.991root 11241100x8000000000000000274984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ff0191c6ef614a2023-02-08 09:46:28.991root 11241100x8000000000000000274983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe21036fa481a0122023-02-08 09:46:28.991root 11241100x8000000000000000274998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f06a512c3149c872023-02-08 09:46:28.992root 11241100x8000000000000000274997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb22ca7a84ee0a62023-02-08 09:46:28.992root 11241100x8000000000000000274996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49782635c750b81d2023-02-08 09:46:28.992root 11241100x8000000000000000274995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acdd1f08b6af3fa2023-02-08 09:46:28.992root 11241100x8000000000000000274994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d023e924fb8fcb2023-02-08 09:46:28.992root 11241100x8000000000000000274993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b1f178edaf66c22023-02-08 09:46:28.992root 11241100x8000000000000000274992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae9b8abaf90d9952023-02-08 09:46:28.992root 11241100x8000000000000000274991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f7709777443f752023-02-08 09:46:28.992root 11241100x8000000000000000274990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:28.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e24a6e4d459d752023-02-08 09:46:28.992root 11241100x8000000000000000275000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3266071395c6a5022023-02-08 09:46:29.484root 11241100x8000000000000000274999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a4090ae82ca7ce2023-02-08 09:46:29.484root 11241100x8000000000000000275004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ade59edf3dc8eeb2023-02-08 09:46:29.485root 11241100x8000000000000000275003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b3f5279ed1d1c72023-02-08 09:46:29.485root 11241100x8000000000000000275002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8ceb46dd3d3e812023-02-08 09:46:29.485root 11241100x8000000000000000275001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29793de7c2a55ad62023-02-08 09:46:29.485root 11241100x8000000000000000275007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db056fecc8da0c422023-02-08 09:46:29.486root 11241100x8000000000000000275006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2ffaafde6d9bcf2023-02-08 09:46:29.486root 11241100x8000000000000000275005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c0d1bae322d852023-02-08 09:46:29.486root 11241100x8000000000000000275017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a898788feb20892023-02-08 09:46:29.488root 11241100x8000000000000000275016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e600ce3c917cba92023-02-08 09:46:29.488root 11241100x8000000000000000275015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bef59c1e01958b2023-02-08 09:46:29.488root 11241100x8000000000000000275014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414fc15dad4e4aa52023-02-08 09:46:29.488root 11241100x8000000000000000275013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73ac0ab3912dde72023-02-08 09:46:29.488root 11241100x8000000000000000275012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5650cf2989cfdcf2023-02-08 09:46:29.488root 11241100x8000000000000000275011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a934ce8aa474762023-02-08 09:46:29.488root 11241100x8000000000000000275010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3aac6f1ab7c7172023-02-08 09:46:29.488root 11241100x8000000000000000275009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e130c02ae365e52023-02-08 09:46:29.488root 11241100x8000000000000000275008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5515b17d646ecfb42023-02-08 09:46:29.488root 11241100x8000000000000000275029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c6f6be2b6c40b92023-02-08 09:46:29.489root 11241100x8000000000000000275028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390b67cb112488292023-02-08 09:46:29.489root 11241100x8000000000000000275027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35db7caf3458310d2023-02-08 09:46:29.489root 11241100x8000000000000000275026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1321f20b4b2453b2023-02-08 09:46:29.489root 11241100x8000000000000000275025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb3b45b068d9b492023-02-08 09:46:29.489root 11241100x8000000000000000275024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1326f2b95510bfa62023-02-08 09:46:29.489root 11241100x8000000000000000275023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056821059435a5ea2023-02-08 09:46:29.489root 11241100x8000000000000000275022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0f6b9f5953a0182023-02-08 09:46:29.489root 11241100x8000000000000000275021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f99b3a48c6b4c62023-02-08 09:46:29.489root 11241100x8000000000000000275020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec2adb76c3bf8cf2023-02-08 09:46:29.489root 11241100x8000000000000000275019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4e3de3ce1a1ac32023-02-08 09:46:29.489root 11241100x8000000000000000275018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf80525169d0d852023-02-08 09:46:29.489root 11241100x8000000000000000275031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a84db5ee782d0a2023-02-08 09:46:29.491root 11241100x8000000000000000275030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd2b14edb5c3d4a2023-02-08 09:46:29.491root 11241100x8000000000000000275033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5141a801c7f40a542023-02-08 09:46:29.495root 11241100x8000000000000000275032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109ab60f8ea806a42023-02-08 09:46:29.495root 11241100x8000000000000000275045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fd8bb44252afdc2023-02-08 09:46:29.496root 11241100x8000000000000000275044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7ae9dbfcce855b2023-02-08 09:46:29.496root 11241100x8000000000000000275043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fda91077ed4bb382023-02-08 09:46:29.496root 11241100x8000000000000000275042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989487392b4e00232023-02-08 09:46:29.496root 11241100x8000000000000000275041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fb84a53a0b11ba2023-02-08 09:46:29.496root 11241100x8000000000000000275040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9bb3d6fd065fb72023-02-08 09:46:29.496root 11241100x8000000000000000275039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54de921a306004e22023-02-08 09:46:29.496root 11241100x8000000000000000275038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01631aa8887cfa262023-02-08 09:46:29.496root 11241100x8000000000000000275037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a986fb027fcdce412023-02-08 09:46:29.496root 11241100x8000000000000000275036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df2ed05d59c5d232023-02-08 09:46:29.496root 11241100x8000000000000000275035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8745431cc066312023-02-08 09:46:29.496root 11241100x8000000000000000275034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ca1b9ea7aa5c522023-02-08 09:46:29.496root 11241100x8000000000000000275052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b2522e48ec6f532023-02-08 09:46:29.498root 11241100x8000000000000000275051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd377b47ad7d1372023-02-08 09:46:29.498root 11241100x8000000000000000275050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31385a3b4bdc3d2023-02-08 09:46:29.498root 11241100x8000000000000000275049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c19a29cee3b3a2023-02-08 09:46:29.498root 11241100x8000000000000000275048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb4bb3115b4c812023-02-08 09:46:29.498root 11241100x8000000000000000275047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26040a53afb90c052023-02-08 09:46:29.498root 11241100x8000000000000000275046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3da0f2008f68552023-02-08 09:46:29.498root 11241100x8000000000000000275059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f966a8e25b0a72023-02-08 09:46:29.984root 11241100x8000000000000000275058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b9fc7896a77802023-02-08 09:46:29.984root 11241100x8000000000000000275057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181c89481ce3f23c2023-02-08 09:46:29.984root 11241100x8000000000000000275056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f169284f55d9fb202023-02-08 09:46:29.984root 11241100x8000000000000000275055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701a1681851c3b332023-02-08 09:46:29.984root 11241100x8000000000000000275054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d546f92944569f792023-02-08 09:46:29.984root 11241100x8000000000000000275053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467ca533b80706af2023-02-08 09:46:29.984root 11241100x8000000000000000275073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c3a5ab649ad3be2023-02-08 09:46:29.985root 11241100x8000000000000000275072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96706a73bb1acb62023-02-08 09:46:29.985root 11241100x8000000000000000275071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928301d5681f41232023-02-08 09:46:29.985root 11241100x8000000000000000275070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddef76cce7a97572023-02-08 09:46:29.985root 11241100x8000000000000000275069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68cff2dcbafdf192023-02-08 09:46:29.985root 11241100x8000000000000000275068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3639adaa2f8b14cf2023-02-08 09:46:29.985root 11241100x8000000000000000275067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ac4891ec5478d22023-02-08 09:46:29.985root 11241100x8000000000000000275066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaedfcd525325522023-02-08 09:46:29.985root 11241100x8000000000000000275065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637948a5f5d54ea12023-02-08 09:46:29.985root 11241100x8000000000000000275064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6fbeab3304b4852023-02-08 09:46:29.985root 11241100x8000000000000000275063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea4eb77c84c91952023-02-08 09:46:29.985root 11241100x8000000000000000275062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59381f5220487aa2023-02-08 09:46:29.985root 11241100x8000000000000000275061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a6c5a32660a3a22023-02-08 09:46:29.985root 11241100x8000000000000000275060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6ee2189cd927f72023-02-08 09:46:29.985root 11241100x8000000000000000275085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ec272a939f6d22023-02-08 09:46:29.986root 11241100x8000000000000000275084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699b6f4fd766d6192023-02-08 09:46:29.986root 11241100x8000000000000000275083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7094417017372dee2023-02-08 09:46:29.986root 11241100x8000000000000000275082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a2c2e3f55de5f82023-02-08 09:46:29.986root 11241100x8000000000000000275081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baec7cf5816780602023-02-08 09:46:29.986root 11241100x8000000000000000275080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfbd9e46be2b2812023-02-08 09:46:29.986root 11241100x8000000000000000275079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3433193fb45da2023-02-08 09:46:29.986root 11241100x8000000000000000275078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c05076d481bdf42023-02-08 09:46:29.986root 11241100x8000000000000000275077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b151bdd2657f43e2023-02-08 09:46:29.986root 11241100x8000000000000000275076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ee0900f22a1e222023-02-08 09:46:29.986root 11241100x8000000000000000275075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df78f3008a2f2c82023-02-08 09:46:29.986root 11241100x8000000000000000275074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba43753f696d5d72023-02-08 09:46:29.986root 11241100x8000000000000000275097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65b67ddd5a10142023-02-08 09:46:29.987root 11241100x8000000000000000275096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8561b040a90604ce2023-02-08 09:46:29.987root 11241100x8000000000000000275095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373cf91a2b47304e2023-02-08 09:46:29.987root 11241100x8000000000000000275094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c530251532aebf2023-02-08 09:46:29.987root 11241100x8000000000000000275093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cc2694f271b2702023-02-08 09:46:29.987root 11241100x8000000000000000275092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017b8a3df4a9b9a42023-02-08 09:46:29.987root 11241100x8000000000000000275091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60621b52927d452023-02-08 09:46:29.987root 11241100x8000000000000000275090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9850be323a7d30122023-02-08 09:46:29.987root 11241100x8000000000000000275089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6816ea62346af0af2023-02-08 09:46:29.987root 11241100x8000000000000000275088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad9323b11207e462023-02-08 09:46:29.987root 11241100x8000000000000000275087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6a0f21fb50f9882023-02-08 09:46:29.987root 11241100x8000000000000000275086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351fd9f9c855b7ad2023-02-08 09:46:29.987root 11241100x8000000000000000275108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867d7c9af4d70372023-02-08 09:46:29.988root 11241100x8000000000000000275107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2c290fbdd9e9482023-02-08 09:46:29.988root 11241100x8000000000000000275106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf87c37016c7a6f2023-02-08 09:46:29.988root 11241100x8000000000000000275105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fdfbe4be7dc6852023-02-08 09:46:29.988root 11241100x8000000000000000275104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b814ca043dffc82023-02-08 09:46:29.988root 11241100x8000000000000000275103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250dd30cfeb060e52023-02-08 09:46:29.988root 11241100x8000000000000000275102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2351c32af2430b812023-02-08 09:46:29.988root 11241100x8000000000000000275101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51428160f58fa2012023-02-08 09:46:29.988root 11241100x8000000000000000275100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a88ccf74046bf32023-02-08 09:46:29.988root 11241100x8000000000000000275099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de87af8251bfd812023-02-08 09:46:29.988root 11241100x8000000000000000275098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca130725ae076c2023-02-08 09:46:29.988root 11241100x8000000000000000275117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f0fb3c02e086842023-02-08 09:46:29.989root 11241100x8000000000000000275116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c4d39ec69d10c2023-02-08 09:46:29.989root 11241100x8000000000000000275115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5070070c9fb6b31c2023-02-08 09:46:29.989root 11241100x8000000000000000275114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265668f77500345e2023-02-08 09:46:29.989root 11241100x8000000000000000275113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62c59844cd469d02023-02-08 09:46:29.989root 11241100x8000000000000000275112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fb3d3a42780f92023-02-08 09:46:29.989root 11241100x8000000000000000275111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c3386d76b3c5bf2023-02-08 09:46:29.989root 11241100x8000000000000000275110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67215130929a762023-02-08 09:46:29.989root 11241100x8000000000000000275109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6beb60ef6a10dba2023-02-08 09:46:29.989root 11241100x8000000000000000275121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b91bec9d397f2c2023-02-08 09:46:29.990root 11241100x8000000000000000275120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f9c9c59eca48d62023-02-08 09:46:29.990root 11241100x8000000000000000275119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38320e24334b57822023-02-08 09:46:29.990root 11241100x8000000000000000275118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:29.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf72157ac3944d2023-02-08 09:46:29.990root 354300x8000000000000000275122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.119{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33002-false10.0.1.12-8000- 11241100x8000000000000000275127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2936ca84826de732023-02-08 09:46:30.484root 11241100x8000000000000000275126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8846fbfb7a4f22c2023-02-08 09:46:30.484root 11241100x8000000000000000275125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaebdac5c83dd1d2023-02-08 09:46:30.484root 11241100x8000000000000000275124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1083d611c29a706b2023-02-08 09:46:30.484root 11241100x8000000000000000275123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95cdb4fba6bfbd52023-02-08 09:46:30.484root 11241100x8000000000000000275137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c90cb096177b422023-02-08 09:46:30.485root 11241100x8000000000000000275136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f14cfd30f12ee482023-02-08 09:46:30.485root 11241100x8000000000000000275135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6e6d4073ab204c2023-02-08 09:46:30.485root 11241100x8000000000000000275134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501cf3041fc05ae52023-02-08 09:46:30.485root 11241100x8000000000000000275133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33756bc1501d7bf72023-02-08 09:46:30.485root 11241100x8000000000000000275132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de328e55f5ec5aa92023-02-08 09:46:30.485root 11241100x8000000000000000275131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56f130d20bd0682023-02-08 09:46:30.485root 11241100x8000000000000000275130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bb702ecaba97e2023-02-08 09:46:30.485root 11241100x8000000000000000275129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902fef61e52ce0792023-02-08 09:46:30.485root 11241100x8000000000000000275128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a258b40a0d150962023-02-08 09:46:30.485root 11241100x8000000000000000275148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1b8f382951008f2023-02-08 09:46:30.486root 11241100x8000000000000000275147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16cfe5db7338502023-02-08 09:46:30.486root 11241100x8000000000000000275146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061eebfb111e661a2023-02-08 09:46:30.486root 11241100x8000000000000000275145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57616356d1b092812023-02-08 09:46:30.486root 11241100x8000000000000000275144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87679cc2210cb442023-02-08 09:46:30.486root 11241100x8000000000000000275143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff6f291da01cf72023-02-08 09:46:30.486root 11241100x8000000000000000275142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7f024715eeb64d2023-02-08 09:46:30.486root 11241100x8000000000000000275141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4564a192adfec6422023-02-08 09:46:30.486root 11241100x8000000000000000275140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83a1ce904e62ac42023-02-08 09:46:30.486root 11241100x8000000000000000275139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8461db70fc0db882023-02-08 09:46:30.486root 11241100x8000000000000000275138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb3f24ff8e682e92023-02-08 09:46:30.486root 11241100x8000000000000000275160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc7bbabb604be472023-02-08 09:46:30.487root 11241100x8000000000000000275159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3be779d928e97a2023-02-08 09:46:30.487root 11241100x8000000000000000275158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593dfb623f0c4eae2023-02-08 09:46:30.487root 11241100x8000000000000000275157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848ee5f75a073b9e2023-02-08 09:46:30.487root 11241100x8000000000000000275156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21011a4ea102a00f2023-02-08 09:46:30.487root 11241100x8000000000000000275155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9956dbc5fe00cdc2023-02-08 09:46:30.487root 11241100x8000000000000000275154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343c0924c16d65d72023-02-08 09:46:30.487root 11241100x8000000000000000275153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed77e876e555b1a42023-02-08 09:46:30.487root 11241100x8000000000000000275152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62967e5d33f48e072023-02-08 09:46:30.487root 11241100x8000000000000000275151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba2e0fa8e7f6f5d2023-02-08 09:46:30.487root 11241100x8000000000000000275150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9847803fbf6728c2023-02-08 09:46:30.487root 11241100x8000000000000000275149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc71737c6f5da1d2023-02-08 09:46:30.487root 11241100x8000000000000000275176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a5b286f25b4f842023-02-08 09:46:30.488root 11241100x8000000000000000275175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbdaee2717010522023-02-08 09:46:30.488root 11241100x8000000000000000275174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6acd0f03a5ace82023-02-08 09:46:30.488root 11241100x8000000000000000275173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c4a82d354dd9642023-02-08 09:46:30.488root 11241100x8000000000000000275172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053dcf4bc6b3668e2023-02-08 09:46:30.488root 11241100x8000000000000000275171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18737c83102de4b92023-02-08 09:46:30.488root 11241100x8000000000000000275170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faaa276b5e7c16c42023-02-08 09:46:30.488root 11241100x8000000000000000275169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02040a2d3582d4302023-02-08 09:46:30.488root 11241100x8000000000000000275168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b59aab2081cfaa72023-02-08 09:46:30.488root 11241100x8000000000000000275167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78356c3db44641ef2023-02-08 09:46:30.488root 11241100x8000000000000000275166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149d7773ed8eeefc2023-02-08 09:46:30.488root 11241100x8000000000000000275165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220134b139dcb172023-02-08 09:46:30.488root 11241100x8000000000000000275164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404c88ff9a24be652023-02-08 09:46:30.488root 11241100x8000000000000000275163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6fbded83df4902023-02-08 09:46:30.488root 11241100x8000000000000000275162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f4cb23b603d2d82023-02-08 09:46:30.488root 11241100x8000000000000000275161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6325028871b9582023-02-08 09:46:30.488root 11241100x8000000000000000275189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7294d91f6074062023-02-08 09:46:30.489root 11241100x8000000000000000275188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10387106b63034182023-02-08 09:46:30.489root 11241100x8000000000000000275187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c8b9425ce818f22023-02-08 09:46:30.489root 11241100x8000000000000000275186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159941ca53c781fb2023-02-08 09:46:30.489root 11241100x8000000000000000275185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62559d45880e8b472023-02-08 09:46:30.489root 11241100x8000000000000000275184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af9353fa26fda42023-02-08 09:46:30.489root 11241100x8000000000000000275183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ec5f6b43c878912023-02-08 09:46:30.489root 11241100x8000000000000000275182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae43a730203c58322023-02-08 09:46:30.489root 11241100x8000000000000000275181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a52adbec0a3ad82023-02-08 09:46:30.489root 11241100x8000000000000000275180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bffed06197f839c2023-02-08 09:46:30.489root 11241100x8000000000000000275179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa3e2f393aec8da2023-02-08 09:46:30.489root 11241100x8000000000000000275178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0632753659fc62652023-02-08 09:46:30.489root 11241100x8000000000000000275177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd22f2e7d55efbe2023-02-08 09:46:30.489root 11241100x8000000000000000275195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2493079c1846458e2023-02-08 09:46:30.984root 11241100x8000000000000000275194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b2c106cd90c55f2023-02-08 09:46:30.984root 11241100x8000000000000000275193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753c0b362e7541aa2023-02-08 09:46:30.984root 11241100x8000000000000000275192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b96b7a0c2a96122023-02-08 09:46:30.984root 11241100x8000000000000000275191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ccf9944ed676b2023-02-08 09:46:30.984root 11241100x8000000000000000275190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3250e68e3b4ba75d2023-02-08 09:46:30.984root 11241100x8000000000000000275200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6497ca294521bb4b2023-02-08 09:46:30.985root 11241100x8000000000000000275199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c59a28cf82f6a2023-02-08 09:46:30.985root 11241100x8000000000000000275198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8c4b8b40e1cc232023-02-08 09:46:30.985root 11241100x8000000000000000275197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3736ec7a33e1f92023-02-08 09:46:30.985root 11241100x8000000000000000275196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79c72b3204e9c002023-02-08 09:46:30.985root 11241100x8000000000000000275203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa32a84e110a24422023-02-08 09:46:30.986root 11241100x8000000000000000275202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c982ce896cf9ea2023-02-08 09:46:30.986root 11241100x8000000000000000275201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da8487076e1871c2023-02-08 09:46:30.986root 11241100x8000000000000000275207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c068a1df29c8006f2023-02-08 09:46:30.987root 11241100x8000000000000000275206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51968845324ca46b2023-02-08 09:46:30.987root 11241100x8000000000000000275205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d2fbfa85e9dece2023-02-08 09:46:30.987root 11241100x8000000000000000275204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f0f6de16e7fe212023-02-08 09:46:30.987root 11241100x8000000000000000275222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a521781fede55a82023-02-08 09:46:30.988root 11241100x8000000000000000275221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f7b0bcd5de25582023-02-08 09:46:30.988root 11241100x8000000000000000275220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c403623ed76d22023-02-08 09:46:30.988root 11241100x8000000000000000275219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b11ccce3ad30c2023-02-08 09:46:30.988root 11241100x8000000000000000275218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f6a42360a44692023-02-08 09:46:30.988root 11241100x8000000000000000275217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5902f771c321afce2023-02-08 09:46:30.988root 11241100x8000000000000000275216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beac8c21b0d59262023-02-08 09:46:30.988root 11241100x8000000000000000275215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d39311156d15e62023-02-08 09:46:30.988root 11241100x8000000000000000275214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc255577c48ce41a2023-02-08 09:46:30.988root 11241100x8000000000000000275213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eed5107c1e82abd2023-02-08 09:46:30.988root 11241100x8000000000000000275212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1ac3c5f0f58e382023-02-08 09:46:30.988root 11241100x8000000000000000275211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e28e3da11726be12023-02-08 09:46:30.988root 11241100x8000000000000000275210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aeb45e251a66982023-02-08 09:46:30.988root 11241100x8000000000000000275209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1f64fb9784b412023-02-08 09:46:30.988root 11241100x8000000000000000275208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a3998efd7c383f2023-02-08 09:46:30.988root 11241100x8000000000000000275225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7697fcb483b50e402023-02-08 09:46:30.989root 11241100x8000000000000000275224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6734570627fbcd2023-02-08 09:46:30.989root 11241100x8000000000000000275223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53218f9a539daee02023-02-08 09:46:30.989root 11241100x8000000000000000275234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5d9d9560837fb12023-02-08 09:46:30.990root 11241100x8000000000000000275233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ac8a40e59888772023-02-08 09:46:30.990root 11241100x8000000000000000275232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb3ae85e4fa3e762023-02-08 09:46:30.990root 11241100x8000000000000000275231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08d98a34c2012d92023-02-08 09:46:30.990root 11241100x8000000000000000275230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b35aaeb0951c2842023-02-08 09:46:30.990root 11241100x8000000000000000275229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095ab86d89927d102023-02-08 09:46:30.990root 11241100x8000000000000000275228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf44083b6702b5e2023-02-08 09:46:30.990root 11241100x8000000000000000275227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ead4bd69302f6412023-02-08 09:46:30.990root 11241100x8000000000000000275226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34ea71f2974dc072023-02-08 09:46:30.990root 11241100x8000000000000000275248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fde380a44269e432023-02-08 09:46:30.991root 11241100x8000000000000000275247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0add4b905609efcc2023-02-08 09:46:30.991root 11241100x8000000000000000275246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd8d7dc8b62b6502023-02-08 09:46:30.991root 11241100x8000000000000000275245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534386af1e23eb932023-02-08 09:46:30.991root 11241100x8000000000000000275244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d595448e512b9c962023-02-08 09:46:30.991root 11241100x8000000000000000275243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222fad45fd08c5fa2023-02-08 09:46:30.991root 11241100x8000000000000000275242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d772b503ab8c0c2023-02-08 09:46:30.991root 11241100x8000000000000000275241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb79aeee9556c9d12023-02-08 09:46:30.991root 11241100x8000000000000000275240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6bbcb086b6f8512023-02-08 09:46:30.991root 11241100x8000000000000000275239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85374e95e9aff9592023-02-08 09:46:30.991root 11241100x8000000000000000275238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c400a036b05f70f2023-02-08 09:46:30.991root 11241100x8000000000000000275237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23881a94c1d1bb22023-02-08 09:46:30.991root 11241100x8000000000000000275236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b2b510c821d1822023-02-08 09:46:30.991root 11241100x8000000000000000275235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b429b1bdb0ac82023-02-08 09:46:30.991root 11241100x8000000000000000275252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf6c3de97b97482023-02-08 09:46:30.992root 11241100x8000000000000000275251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4310597c2c721cc2023-02-08 09:46:30.992root 11241100x8000000000000000275250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c17cff57430e652023-02-08 09:46:30.992root 11241100x8000000000000000275249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:30.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62524e4758febcb2023-02-08 09:46:30.992root 11241100x8000000000000000275258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eff86dabf3344332023-02-08 09:46:31.484root 11241100x8000000000000000275257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c33d1eb9502ad412023-02-08 09:46:31.484root 11241100x8000000000000000275256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc20508c7a4cc6da2023-02-08 09:46:31.484root 11241100x8000000000000000275255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a687e5af2220b62023-02-08 09:46:31.484root 11241100x8000000000000000275254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5042c0e95de123702023-02-08 09:46:31.484root 11241100x8000000000000000275253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33daf4195c0df6812023-02-08 09:46:31.484root 11241100x8000000000000000275266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24385eed41ab9d02023-02-08 09:46:31.485root 11241100x8000000000000000275265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ed52c4352cea602023-02-08 09:46:31.485root 11241100x8000000000000000275264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76eb0123b462192023-02-08 09:46:31.485root 11241100x8000000000000000275263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cd1d90052ebfa62023-02-08 09:46:31.485root 11241100x8000000000000000275262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4449faa024cb08f72023-02-08 09:46:31.485root 11241100x8000000000000000275261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9489fd4737239f5e2023-02-08 09:46:31.485root 11241100x8000000000000000275260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3584a1c1e9da2b7b2023-02-08 09:46:31.485root 11241100x8000000000000000275259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a136b933299316532023-02-08 09:46:31.485root 11241100x8000000000000000275273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2bb7de700decb12023-02-08 09:46:31.486root 11241100x8000000000000000275272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cb2566a896799d2023-02-08 09:46:31.486root 11241100x8000000000000000275271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16f2de2828e9a172023-02-08 09:46:31.486root 11241100x8000000000000000275270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16de31c69981cb2023-02-08 09:46:31.486root 11241100x8000000000000000275269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9411c51a1d68b1c42023-02-08 09:46:31.486root 11241100x8000000000000000275268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18edb3400abe9a5d2023-02-08 09:46:31.486root 11241100x8000000000000000275267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b4c1e4ceb9dbc92023-02-08 09:46:31.486root 11241100x8000000000000000275282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db300c54dcad9802023-02-08 09:46:31.487root 11241100x8000000000000000275281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c4d34c75092eaa2023-02-08 09:46:31.487root 11241100x8000000000000000275280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ca50a3ddc4b022023-02-08 09:46:31.487root 11241100x8000000000000000275279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8560d56cb4265982023-02-08 09:46:31.487root 11241100x8000000000000000275278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574059a52bd89d5a2023-02-08 09:46:31.487root 11241100x8000000000000000275277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f1c4acecae9d562023-02-08 09:46:31.487root 11241100x8000000000000000275276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd9d9e8bf106dc2023-02-08 09:46:31.487root 11241100x8000000000000000275275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2f0ee8392485c12023-02-08 09:46:31.487root 11241100x8000000000000000275274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922a57115ef84242023-02-08 09:46:31.487root 11241100x8000000000000000275289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90501bb75d73d98e2023-02-08 09:46:31.488root 11241100x8000000000000000275288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062ec38b337d29032023-02-08 09:46:31.488root 11241100x8000000000000000275287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b8223a8c0b7052023-02-08 09:46:31.488root 11241100x8000000000000000275286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00501b52e5c5c842023-02-08 09:46:31.488root 11241100x8000000000000000275285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44784e64733ad8f02023-02-08 09:46:31.488root 11241100x8000000000000000275284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7393d9ed2584092023-02-08 09:46:31.488root 11241100x8000000000000000275283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491bf6d1bbe3283a2023-02-08 09:46:31.488root 11241100x8000000000000000275294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570e37e00fd74cab2023-02-08 09:46:31.489root 11241100x8000000000000000275293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d20fb0993650732023-02-08 09:46:31.489root 11241100x8000000000000000275292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2831bdaec330032023-02-08 09:46:31.489root 11241100x8000000000000000275291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054a8db3400e90272023-02-08 09:46:31.489root 11241100x8000000000000000275290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5877ae4f0e981e882023-02-08 09:46:31.489root 11241100x8000000000000000275300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3515e7c247d9442023-02-08 09:46:31.490root 11241100x8000000000000000275299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8dc8801a2b68502023-02-08 09:46:31.490root 11241100x8000000000000000275298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9310567ad34f9e0a2023-02-08 09:46:31.490root 11241100x8000000000000000275297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce85d0ef5917fb8e2023-02-08 09:46:31.490root 11241100x8000000000000000275296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3515673aef43af2023-02-08 09:46:31.490root 11241100x8000000000000000275295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42b845baed05dfe2023-02-08 09:46:31.490root 11241100x8000000000000000275306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431b5f61e29b26632023-02-08 09:46:31.491root 11241100x8000000000000000275305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d9b32786e564452023-02-08 09:46:31.491root 11241100x8000000000000000275304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762e9c10986d7e2e2023-02-08 09:46:31.491root 11241100x8000000000000000275303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a1a151b3d6a302023-02-08 09:46:31.491root 11241100x8000000000000000275302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319b80a85c663acc2023-02-08 09:46:31.491root 11241100x8000000000000000275301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fc02885d9e67f62023-02-08 09:46:31.491root 11241100x8000000000000000275312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75786fcc7c0396b2023-02-08 09:46:31.492root 11241100x8000000000000000275311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5f20ca6d94f5b02023-02-08 09:46:31.492root 11241100x8000000000000000275310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f27f4fc9dd399962023-02-08 09:46:31.492root 11241100x8000000000000000275309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669485e26d214c482023-02-08 09:46:31.492root 11241100x8000000000000000275308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3167de47c395d97a2023-02-08 09:46:31.492root 11241100x8000000000000000275307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6c781fc634a72a2023-02-08 09:46:31.492root 11241100x8000000000000000275322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b31523764e6e072023-02-08 09:46:31.493root 11241100x8000000000000000275321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502fc551ae5841082023-02-08 09:46:31.493root 11241100x8000000000000000275320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459638e5a65033db2023-02-08 09:46:31.493root 11241100x8000000000000000275319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81269fe075b330f2023-02-08 09:46:31.493root 11241100x8000000000000000275318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9000a4248e392d12023-02-08 09:46:31.493root 11241100x8000000000000000275317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d122ced3c1f964572023-02-08 09:46:31.493root 11241100x8000000000000000275316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be3b326fbeaae362023-02-08 09:46:31.493root 11241100x8000000000000000275315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013061e557afabcd2023-02-08 09:46:31.493root 11241100x8000000000000000275314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6db6a337b1d5a992023-02-08 09:46:31.493root 11241100x8000000000000000275313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654a2bf64a8939032023-02-08 09:46:31.493root 11241100x8000000000000000275331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5d6ca550bc1b3c2023-02-08 09:46:31.494root 11241100x8000000000000000275330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e26a426ab56a02023-02-08 09:46:31.494root 11241100x8000000000000000275329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78c53c0012719802023-02-08 09:46:31.494root 11241100x8000000000000000275328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5331c39dd374d72023-02-08 09:46:31.494root 11241100x8000000000000000275327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c282d4a04d2f3642023-02-08 09:46:31.494root 11241100x8000000000000000275326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8de9c791761932023-02-08 09:46:31.494root 11241100x8000000000000000275325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4881df2caa77e1232023-02-08 09:46:31.494root 11241100x8000000000000000275324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788ed8d9a63536542023-02-08 09:46:31.494root 11241100x8000000000000000275323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e5dc6e0be18c972023-02-08 09:46:31.494root 11241100x8000000000000000275343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fba5c32674ff382023-02-08 09:46:31.984root 11241100x8000000000000000275342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f95aac03c75b92023-02-08 09:46:31.984root 11241100x8000000000000000275341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a032ac48d9ee90bc2023-02-08 09:46:31.984root 11241100x8000000000000000275340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd47640d8c2cbec52023-02-08 09:46:31.984root 11241100x8000000000000000275339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccad9314879aacd92023-02-08 09:46:31.984root 11241100x8000000000000000275338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f850d951b2581762023-02-08 09:46:31.984root 11241100x8000000000000000275337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c9a9780b3a3332023-02-08 09:46:31.984root 11241100x8000000000000000275336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fdd8338e0674752023-02-08 09:46:31.984root 11241100x8000000000000000275335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea90492165a053e2023-02-08 09:46:31.984root 11241100x8000000000000000275334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ae564871e81de2023-02-08 09:46:31.984root 11241100x8000000000000000275333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b366db24d51ee2aa2023-02-08 09:46:31.984root 11241100x8000000000000000275332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93bba93b263df112023-02-08 09:46:31.984root 11241100x8000000000000000275353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8649a832d2ed4a82023-02-08 09:46:31.985root 11241100x8000000000000000275352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45699f0c3e90e3db2023-02-08 09:46:31.985root 11241100x8000000000000000275351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a43763dbb754f2023-02-08 09:46:31.985root 11241100x8000000000000000275350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d82d639771c832023-02-08 09:46:31.985root 11241100x8000000000000000275349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbeb0aff9c3b8402023-02-08 09:46:31.985root 11241100x8000000000000000275348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866957b938256392023-02-08 09:46:31.985root 11241100x8000000000000000275347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bfd4b974012b9a2023-02-08 09:46:31.985root 11241100x8000000000000000275346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851db266709623e42023-02-08 09:46:31.985root 11241100x8000000000000000275345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76371eb686e0ec372023-02-08 09:46:31.985root 11241100x8000000000000000275344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2def00ad8e338f12023-02-08 09:46:31.985root 11241100x8000000000000000275368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df68a0968b60db02023-02-08 09:46:31.986root 11241100x8000000000000000275367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276d8a580e08d49c2023-02-08 09:46:31.986root 11241100x8000000000000000275366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b9035d607f37792023-02-08 09:46:31.986root 11241100x8000000000000000275365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e1309f2790fe192023-02-08 09:46:31.986root 11241100x8000000000000000275364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a5702d8739f112023-02-08 09:46:31.986root 11241100x8000000000000000275363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435f24472f545ac12023-02-08 09:46:31.986root 11241100x8000000000000000275362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5689a17c6c5452f2023-02-08 09:46:31.986root 11241100x8000000000000000275361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d43bae0a9b421b2023-02-08 09:46:31.986root 11241100x8000000000000000275360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a8232e42234c942023-02-08 09:46:31.986root 11241100x8000000000000000275359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332a8b6ac05410c52023-02-08 09:46:31.986root 11241100x8000000000000000275358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a6027f597d26762023-02-08 09:46:31.986root 11241100x8000000000000000275357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4456e707e0dbd92023-02-08 09:46:31.986root 11241100x8000000000000000275356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a7ba87004216f2023-02-08 09:46:31.986root 11241100x8000000000000000275355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faafd7a10958d52e2023-02-08 09:46:31.986root 11241100x8000000000000000275354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d362b913d6aceda2023-02-08 09:46:31.986root 11241100x8000000000000000275376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3b5afd1620f232023-02-08 09:46:31.987root 11241100x8000000000000000275375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7821b2b8b3a6978c2023-02-08 09:46:31.987root 11241100x8000000000000000275374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f774754cbb07e92023-02-08 09:46:31.987root 11241100x8000000000000000275373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043c61c41679dd572023-02-08 09:46:31.987root 11241100x8000000000000000275372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5709b1e88d14ee762023-02-08 09:46:31.987root 11241100x8000000000000000275371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86e080d4b261a562023-02-08 09:46:31.987root 11241100x8000000000000000275370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c83f4b36778d9f42023-02-08 09:46:31.987root 11241100x8000000000000000275369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86fcbaf76ee09452023-02-08 09:46:31.987root 11241100x8000000000000000275392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649de01268de615a2023-02-08 09:46:31.988root 11241100x8000000000000000275391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aede4ee199c094d2023-02-08 09:46:31.988root 11241100x8000000000000000275390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31014ad9f97e6bda2023-02-08 09:46:31.988root 11241100x8000000000000000275389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc6c37e07d9598d2023-02-08 09:46:31.988root 11241100x8000000000000000275388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d12ca4830c26322023-02-08 09:46:31.988root 11241100x8000000000000000275387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae95406b6645b282023-02-08 09:46:31.988root 11241100x8000000000000000275386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601d509a89e193f32023-02-08 09:46:31.988root 11241100x8000000000000000275385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6494a25824700f2023-02-08 09:46:31.988root 11241100x8000000000000000275384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e4564022f77b72023-02-08 09:46:31.988root 11241100x8000000000000000275383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f0df3d0eb198cf2023-02-08 09:46:31.988root 11241100x8000000000000000275382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126613fe2f0c0d6f2023-02-08 09:46:31.988root 11241100x8000000000000000275381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bda4ebcac765e7d2023-02-08 09:46:31.988root 11241100x8000000000000000275380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bd9d943d0a67472023-02-08 09:46:31.988root 11241100x8000000000000000275379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77395b23a57376432023-02-08 09:46:31.988root 11241100x8000000000000000275378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7478a8a10e6421b2023-02-08 09:46:31.988root 11241100x8000000000000000275377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306884ea85d6aac82023-02-08 09:46:31.988root 11241100x8000000000000000275402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcbf99750eec8a82023-02-08 09:46:31.989root 11241100x8000000000000000275401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e003ecf6f29e7f72023-02-08 09:46:31.989root 11241100x8000000000000000275400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac2ad50b842f672023-02-08 09:46:31.989root 11241100x8000000000000000275399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ca81f2d0e1fcb22023-02-08 09:46:31.989root 11241100x8000000000000000275398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2389ba549ac1bb12023-02-08 09:46:31.989root 11241100x8000000000000000275397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66632c8a0c9b8e792023-02-08 09:46:31.989root 11241100x8000000000000000275396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b59758b3b2905f2023-02-08 09:46:31.989root 11241100x8000000000000000275395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7388b41c1675a642023-02-08 09:46:31.989root 11241100x8000000000000000275394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b701a4a09d17f1f2023-02-08 09:46:31.989root 11241100x8000000000000000275393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f36fa890a3d3742023-02-08 09:46:31.989root 23542300x8000000000000000275451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:39.364{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000275452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6977b0d51731f2092023-02-08 09:46:39.734root 11241100x8000000000000000275453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a489f2e15eae7bf2023-02-08 09:46:40.234root 11241100x8000000000000000275454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44744793307fb7052023-02-08 09:46:40.734root 11241100x8000000000000000275456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd908df3ea4335af2023-02-08 09:46:41.098root 354300x8000000000000000275455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.098{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34038-false10.0.1.12-8000- 11241100x8000000000000000275458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b711eda5736782023-02-08 09:46:41.484root 11241100x8000000000000000275457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9e14ac5f4468f52023-02-08 09:46:41.484root 11241100x8000000000000000275460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49873729683d97942023-02-08 09:46:41.984root 11241100x8000000000000000275459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2074401e4f7eb62023-02-08 09:46:41.984root 11241100x8000000000000000275462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f4139676ad1aee2023-02-08 09:46:42.484root 11241100x8000000000000000275461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd72b9143ff21e2023-02-08 09:46:42.484root 11241100x8000000000000000275464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6863feb72a82611e2023-02-08 09:46:42.984root 11241100x8000000000000000275463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3be564cfbc78cc2023-02-08 09:46:42.984root 11241100x8000000000000000275466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca2bc7a19abf362023-02-08 09:46:43.484root 11241100x8000000000000000275465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d57013cd72ab9212023-02-08 09:46:43.484root 11241100x8000000000000000275468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2158472fa6e5edd92023-02-08 09:46:43.984root 11241100x8000000000000000275467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec7cde7018ebea2023-02-08 09:46:43.984root 11241100x8000000000000000275470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1283f962fc25d3e2023-02-08 09:46:44.484root 11241100x8000000000000000275469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9198ca35c26394a32023-02-08 09:46:44.484root 11241100x8000000000000000275472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913d75fae8475a982023-02-08 09:46:44.984root 11241100x8000000000000000275471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9637c2620348bd2023-02-08 09:46:44.984root 11241100x8000000000000000275474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648755cee84a0a802023-02-08 09:46:45.484root 11241100x8000000000000000275473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2602264f314cad6b2023-02-08 09:46:45.484root 11241100x8000000000000000275476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4d82c8ce4c1c692023-02-08 09:46:45.984root 11241100x8000000000000000275475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0093c28b46b3ed2023-02-08 09:46:45.984root 11241100x8000000000000000275478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a969faa4fb5ab92023-02-08 09:46:46.484root 11241100x8000000000000000275477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a438cea0432aae3b2023-02-08 09:46:46.484root 11241100x8000000000000000275480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7871c81bd8e010172023-02-08 09:46:46.984root 11241100x8000000000000000275479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3148e991c2d75d2023-02-08 09:46:46.984root 354300x8000000000000000275481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.085{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34040-false10.0.1.12-8000- 11241100x8000000000000000275484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0140434c9ff9602023-02-08 09:46:47.484root 11241100x8000000000000000275483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c29a6e5e729b2eb2023-02-08 09:46:47.484root 11241100x8000000000000000275482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e85a21abd29ed1e2023-02-08 09:46:47.484root 11241100x8000000000000000275487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f68c71cca32cd3e2023-02-08 09:46:47.984root 11241100x8000000000000000275486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25805f0200f0c12e2023-02-08 09:46:47.984root 11241100x8000000000000000275485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977d3a2bd2c2bc142023-02-08 09:46:47.984root 11241100x8000000000000000275490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a527fdce0c9db8b82023-02-08 09:46:48.484root 11241100x8000000000000000275489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61838753663a40302023-02-08 09:46:48.484root 11241100x8000000000000000275488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755afa24f0e66fad2023-02-08 09:46:48.484root 11241100x8000000000000000275493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da9a8430e4b5e2f2023-02-08 09:46:48.984root 11241100x8000000000000000275492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82c5c181a50e6b72023-02-08 09:46:48.984root 11241100x8000000000000000275491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d324579377dba952023-02-08 09:46:48.984root 11241100x8000000000000000275496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2fc739f846db202023-02-08 09:46:49.484root 11241100x8000000000000000275495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69471e1c91ff77352023-02-08 09:46:49.484root 11241100x8000000000000000275494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb95f3c5ab87cb62023-02-08 09:46:49.484root 11241100x8000000000000000275499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0298ed0b3ef64a2023-02-08 09:46:49.984root 11241100x8000000000000000275498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f6bba601850f402023-02-08 09:46:49.984root 11241100x8000000000000000275497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75271c0769e1d722023-02-08 09:46:49.984root 11241100x8000000000000000275502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b691fbc42b23bb822023-02-08 09:46:50.484root 11241100x8000000000000000275501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931f8229fbee664a2023-02-08 09:46:50.484root 11241100x8000000000000000275500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28302ef4c48775c82023-02-08 09:46:50.484root 11241100x8000000000000000275505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfeaa089bce2a602023-02-08 09:46:50.984root 11241100x8000000000000000275504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db8846fe539a1d42023-02-08 09:46:50.984root 11241100x8000000000000000275503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee38c38fc722dd3d2023-02-08 09:46:50.984root 11241100x8000000000000000275508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ba1858828b00002023-02-08 09:46:51.484root 11241100x8000000000000000275507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284a5990dc103ab52023-02-08 09:46:51.484root 11241100x8000000000000000275506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5c9810fb732dbb2023-02-08 09:46:51.484root 11241100x8000000000000000275511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b08cc63ab5605dd2023-02-08 09:46:51.984root 11241100x8000000000000000275510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0272a38132309c3b2023-02-08 09:46:51.984root 11241100x8000000000000000275509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa200c4b55ef9a872023-02-08 09:46:51.984root 354300x8000000000000000275512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.119{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-48792-false10.0.1.12-8000- 11241100x8000000000000000275516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eca465a5e5bfd22023-02-08 09:46:52.484root 11241100x8000000000000000275515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b04671a5e9b9342023-02-08 09:46:52.484root 11241100x8000000000000000275514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f29fab25b88852023-02-08 09:46:52.484root 11241100x8000000000000000275513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49414cee3b2cc5792023-02-08 09:46:52.484root 11241100x8000000000000000275519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7408f9e3fb7dfbb2023-02-08 09:46:52.984root 11241100x8000000000000000275518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f19b18c89af432023-02-08 09:46:52.984root 11241100x8000000000000000275517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8275aae51d7b3a2023-02-08 09:46:52.984root 11241100x8000000000000000275520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812607ac571b82532023-02-08 09:46:52.985root 11241100x8000000000000000275524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e954522c8aaf86f2023-02-08 09:46:53.484root 11241100x8000000000000000275523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58162facaba9b03d2023-02-08 09:46:53.484root 11241100x8000000000000000275522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5132f3fd447745dc2023-02-08 09:46:53.484root 11241100x8000000000000000275521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5109602b148adcc92023-02-08 09:46:53.484root 11241100x8000000000000000275528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d1c112090f72292023-02-08 09:46:53.984root 11241100x8000000000000000275527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a31cbb870f12d62023-02-08 09:46:53.984root 11241100x8000000000000000275526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d72f0a0a3b4ae542023-02-08 09:46:53.984root 11241100x8000000000000000275525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d6ff80ba2f79662023-02-08 09:46:53.984root 11241100x8000000000000000275532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7ef30e5c6ff6992023-02-08 09:46:54.484root 11241100x8000000000000000275531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd96d8a5e693522023-02-08 09:46:54.484root 11241100x8000000000000000275530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7033a7ecba5cde02023-02-08 09:46:54.484root 11241100x8000000000000000275529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab93823fa04d69cd2023-02-08 09:46:54.484root 11241100x8000000000000000275536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993fc3569c03a1dd2023-02-08 09:46:54.984root 11241100x8000000000000000275535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b7c4a7f5284c152023-02-08 09:46:54.984root 11241100x8000000000000000275534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c2cb5e8c13fe3c2023-02-08 09:46:54.984root 11241100x8000000000000000275533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778cf150bbecc57b2023-02-08 09:46:54.984root 11241100x8000000000000000275540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca998b70db53172023-02-08 09:46:55.485root 11241100x8000000000000000275539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d809576499591a2023-02-08 09:46:55.485root 11241100x8000000000000000275538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adaec8120028452023-02-08 09:46:55.485root 11241100x8000000000000000275537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea65fa960b6209462023-02-08 09:46:55.485root 11241100x8000000000000000275544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c84f8e3034531c2023-02-08 09:46:55.984root 11241100x8000000000000000275543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d15ca7b06b1c9dc2023-02-08 09:46:55.984root 11241100x8000000000000000275542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126f00e4999bef72023-02-08 09:46:55.984root 11241100x8000000000000000275541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6b0e5926a7f65e2023-02-08 09:46:55.984root 11241100x8000000000000000275548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d095f2ada245ac3e2023-02-08 09:46:56.484root 11241100x8000000000000000275547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a6b2c13ad3bb962023-02-08 09:46:56.484root 11241100x8000000000000000275546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0603d9dcc0312e2023-02-08 09:46:56.484root 11241100x8000000000000000275545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d94a64b8c7daf2023-02-08 09:46:56.484root 11241100x8000000000000000275552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc13b99fff6f2ac2023-02-08 09:46:56.984root 11241100x8000000000000000275551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74142127ff9f5f82023-02-08 09:46:56.984root 11241100x8000000000000000275550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6433cbf7fbcd1a82023-02-08 09:46:56.984root 11241100x8000000000000000275549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c579bd3d7505f7842023-02-08 09:46:56.984root 11241100x8000000000000000275556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202a829bf91714262023-02-08 09:46:57.485root 11241100x8000000000000000275555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae0785f028099b02023-02-08 09:46:57.485root 11241100x8000000000000000275554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84ce440ee2d9e4a2023-02-08 09:46:57.485root 11241100x8000000000000000275553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45dab936d37d8062023-02-08 09:46:57.485root 11241100x8000000000000000275560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b38d27971fb82f32023-02-08 09:46:57.984root 11241100x8000000000000000275559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba95f78094b15862023-02-08 09:46:57.984root 11241100x8000000000000000275558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb02d33012614d32023-02-08 09:46:57.984root 11241100x8000000000000000275557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a86fdd8278bed2023-02-08 09:46:57.984root 354300x8000000000000000275561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.086{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50278-false10.0.1.12-8000- 11241100x8000000000000000275566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685a1b45375b62442023-02-08 09:46:58.484root 11241100x8000000000000000275565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa8ac2a53ff2ff82023-02-08 09:46:58.484root 11241100x8000000000000000275564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e0333cf0822f92023-02-08 09:46:58.484root 11241100x8000000000000000275563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15b60f2da1d28a12023-02-08 09:46:58.484root 11241100x8000000000000000275562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d1136efbe69d7b2023-02-08 09:46:58.484root 11241100x8000000000000000275571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8447a1e270bd929e2023-02-08 09:46:58.984root 11241100x8000000000000000275570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108467791593ea222023-02-08 09:46:58.984root 11241100x8000000000000000275569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd39774f7e21bcb2023-02-08 09:46:58.984root 11241100x8000000000000000275568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069738c20fea5c172023-02-08 09:46:58.984root 11241100x8000000000000000275567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ca2bc62ce1e21e2023-02-08 09:46:58.984root 11241100x8000000000000000275576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0578ea96b9e84cc2023-02-08 09:46:59.484root 11241100x8000000000000000275575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862f365b7d2f9672023-02-08 09:46:59.484root 11241100x8000000000000000275574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bf180cd2636922023-02-08 09:46:59.484root 11241100x8000000000000000275573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f968ad03ae74f1f2023-02-08 09:46:59.484root 11241100x8000000000000000275572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3721555e6ae1cc2023-02-08 09:46:59.484root 11241100x8000000000000000275581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dba6503c75b6fa2023-02-08 09:46:59.984root 11241100x8000000000000000275580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aed0fcfeb476e4d2023-02-08 09:46:59.984root 11241100x8000000000000000275579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00735c287c59f532023-02-08 09:46:59.984root 11241100x8000000000000000275578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df5b387ea1665ea2023-02-08 09:46:59.984root 11241100x8000000000000000275577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:46:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaf1689e6e2c52b2023-02-08 09:46:59.984root 11241100x8000000000000000275586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e44cface9c8943e2023-02-08 09:47:00.484root 11241100x8000000000000000275585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e61d1c85e3bfe722023-02-08 09:47:00.484root 11241100x8000000000000000275584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c51babd6adaf5f2023-02-08 09:47:00.484root 11241100x8000000000000000275583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246c525b89894762023-02-08 09:47:00.484root 11241100x8000000000000000275582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d85cb0fd395bedb2023-02-08 09:47:00.484root 11241100x8000000000000000275591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3df71f3fb2fc602023-02-08 09:47:00.984root 11241100x8000000000000000275590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d8d9d21f5bfab2023-02-08 09:47:00.984root 11241100x8000000000000000275589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cadd16caa7bc102023-02-08 09:47:00.984root 11241100x8000000000000000275588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d67da8501131d362023-02-08 09:47:00.984root 11241100x8000000000000000275587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d05472261cc06f2023-02-08 09:47:00.984root 11241100x8000000000000000275596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3194e7b81c6512023-02-08 09:47:01.484root 11241100x8000000000000000275595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ecd64c2d60f6222023-02-08 09:47:01.484root 11241100x8000000000000000275594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3572480d439cd68a2023-02-08 09:47:01.484root 11241100x8000000000000000275593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1222e04e8b3ecd3e2023-02-08 09:47:01.484root 11241100x8000000000000000275592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8e5117148921d62023-02-08 09:47:01.484root 11241100x8000000000000000275601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183b3175121a8de92023-02-08 09:47:01.984root 11241100x8000000000000000275600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9443b907b7b3b0932023-02-08 09:47:01.984root 11241100x8000000000000000275599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910d470a2c37589f2023-02-08 09:47:01.984root 11241100x8000000000000000275598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bae533e37f5314d2023-02-08 09:47:01.984root 11241100x8000000000000000275597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f5d468aafec8c72023-02-08 09:47:01.984root 11241100x8000000000000000275606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e96ad4a3f08c02023-02-08 09:47:02.484root 11241100x8000000000000000275605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3857225f8f8ce12023-02-08 09:47:02.484root 11241100x8000000000000000275604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb245708899e04a2023-02-08 09:47:02.484root 11241100x8000000000000000275603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef724d313d427fd2023-02-08 09:47:02.484root 11241100x8000000000000000275602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e975365c85d8f822023-02-08 09:47:02.484root 11241100x8000000000000000275610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa49415cb3e6d562023-02-08 09:47:02.984root 11241100x8000000000000000275609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472d3f2daf1aebd2023-02-08 09:47:02.984root 11241100x8000000000000000275608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee0822e5522506c2023-02-08 09:47:02.984root 11241100x8000000000000000275607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da122a5551e369b2023-02-08 09:47:02.984root 11241100x8000000000000000275611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d50c736f553e562023-02-08 09:47:02.985root 354300x8000000000000000275612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.129{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50284-false10.0.1.12-8000- 354300x8000000000000000275613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.271{ec2a0601-5c40-63e3-e0d7-aea203560000}1305/usr/sbin/sshdroottcpfalsefalse212.187.221.34-50831-false10.0.1.20-22- 11241100x8000000000000000275616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.272{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3e9a3b63fd5b682023-02-08 09:47:03.272root 154100x8000000000000000275615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.272{ec2a0601-6f97-63e3-e0b7-389257550000}5812/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1305--- 11241100x8000000000000000275614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.272{ec2a0601-6f97-63e3-0000-000000000000}5812/usr/sbin/sshd/proc/5812/oom_score_adj2023-02-08 09:47:03.272root 11241100x8000000000000000275620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.273{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f399a0f511b825c12023-02-08 09:47:03.273root 11241100x8000000000000000275619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.273{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2c5a33621210972023-02-08 09:47:03.273root 11241100x8000000000000000275618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.273{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d747332db0d0637e2023-02-08 09:47:03.273root 11241100x8000000000000000275617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.273{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b400dd9a421cd8532023-02-08 09:47:03.273root 11241100x8000000000000000275621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.274{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e983217afe52e32023-02-08 09:47:03.274root 11241100x8000000000000000275625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f8a92f24f9ad832023-02-08 09:47:03.734root 11241100x8000000000000000275624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4856dcd67a4281252023-02-08 09:47:03.734root 11241100x8000000000000000275623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39695859af78db2023-02-08 09:47:03.734root 11241100x8000000000000000275622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba808c5ef18be3f2023-02-08 09:47:03.734root 11241100x8000000000000000275630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcac6b06a97d52e2023-02-08 09:47:03.735root 11241100x8000000000000000275629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4801877db28e62023-02-08 09:47:03.735root 11241100x8000000000000000275628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9497393e26c884d72023-02-08 09:47:03.735root 11241100x8000000000000000275627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24235f50bb98b3072023-02-08 09:47:03.735root 11241100x8000000000000000275626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985e1f967190e162023-02-08 09:47:03.735root 11241100x8000000000000000275634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9379d0cc003586d2023-02-08 09:47:04.234root 11241100x8000000000000000275633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3a97c2f27ac5a32023-02-08 09:47:04.234root 11241100x8000000000000000275632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e671de098e23ca2023-02-08 09:47:04.234root 11241100x8000000000000000275631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ffd408258780bb2023-02-08 09:47:04.234root 11241100x8000000000000000275639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1d4684481bd6a62023-02-08 09:47:04.235root 11241100x8000000000000000275638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8cb1a40627d3832023-02-08 09:47:04.235root 11241100x8000000000000000275637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e761953a64fa112023-02-08 09:47:04.235root 11241100x8000000000000000275636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3af6c9d9d3b2acc2023-02-08 09:47:04.235root 11241100x8000000000000000275635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0400e3ecc7afeafe2023-02-08 09:47:04.235root 11241100x8000000000000000275644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a19e0ac962a1a2a2023-02-08 09:47:04.734root 11241100x8000000000000000275643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201cfc187665a232023-02-08 09:47:04.734root 11241100x8000000000000000275642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249bcf64fa9a65632023-02-08 09:47:04.734root 11241100x8000000000000000275641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf52687e31c894ca2023-02-08 09:47:04.734root 11241100x8000000000000000275640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c792e00d9a38a42023-02-08 09:47:04.734root 11241100x8000000000000000275648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bbaaccadbeb7992023-02-08 09:47:04.735root 11241100x8000000000000000275647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d527b5419f78c2e42023-02-08 09:47:04.735root 11241100x8000000000000000275646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104868aa0b6c2222023-02-08 09:47:04.735root 11241100x8000000000000000275645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f204aab3498328b22023-02-08 09:47:04.735root 11241100x8000000000000000275650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.055{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b0fdce8a144f02023-02-08 09:47:05.055root 154100x8000000000000000275649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.055{ec2a0601-6f99-63e3-6844-fb7985550000}5814/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000275654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.056{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a23a3c4023cbf432023-02-08 09:47:05.056root 11241100x8000000000000000275653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.056{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b2a004effe07e72023-02-08 09:47:05.056root 11241100x8000000000000000275652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.056{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50253ffc67f413b02023-02-08 09:47:05.056root 11241100x8000000000000000275651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.056{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d36224262fe7d8d2023-02-08 09:47:05.056root 11241100x8000000000000000275659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.057{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117a870b8ec06a4c2023-02-08 09:47:05.057root 11241100x8000000000000000275658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.057{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3106ecdcd77efb352023-02-08 09:47:05.057root 11241100x8000000000000000275657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.057{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21e639ed1dc1bc92023-02-08 09:47:05.057root 11241100x8000000000000000275656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.057{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1324508930a85f072023-02-08 09:47:05.057root 11241100x8000000000000000275655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.057{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a43871d960995632023-02-08 09:47:05.057root 534500x8000000000000000275660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.067{ec2a0601-6f99-63e3-6844-fb7985550000}5814/bin/psroot 11241100x8000000000000000275666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef070920461a9a2023-02-08 09:47:05.484root 11241100x8000000000000000275665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb8d9b6b057a2e82023-02-08 09:47:05.484root 11241100x8000000000000000275664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82689cc51e1d7fcb2023-02-08 09:47:05.484root 11241100x8000000000000000275663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64773da83acad6b02023-02-08 09:47:05.484root 11241100x8000000000000000275662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34106be29ab8df342023-02-08 09:47:05.484root 11241100x8000000000000000275661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84318f7a6a9c5be2023-02-08 09:47:05.484root 11241100x8000000000000000275671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e7092a5b9d460c2023-02-08 09:47:05.485root 11241100x8000000000000000275670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036de7bc88a44e652023-02-08 09:47:05.485root 11241100x8000000000000000275669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f847465853d6f2023-02-08 09:47:05.485root 11241100x8000000000000000275668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dfd711a92b2e132023-02-08 09:47:05.485root 11241100x8000000000000000275667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da80fbb6a0727df12023-02-08 09:47:05.485root 11241100x8000000000000000275674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e1013aeee767c22023-02-08 09:47:05.984root 11241100x8000000000000000275673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b9f00fa3e526472023-02-08 09:47:05.984root 11241100x8000000000000000275672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df9e6d0cdd13b592023-02-08 09:47:05.984root 11241100x8000000000000000275678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b614a49ab24ee3f62023-02-08 09:47:05.985root 11241100x8000000000000000275677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e7c65811e34d3a2023-02-08 09:47:05.985root 11241100x8000000000000000275676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cb9eaceec31e2e2023-02-08 09:47:05.985root 11241100x8000000000000000275675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb894ce9993f0602023-02-08 09:47:05.985root 11241100x8000000000000000275682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c943816218e251072023-02-08 09:47:05.986root 11241100x8000000000000000275681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759e312a5e04c4282023-02-08 09:47:05.986root 11241100x8000000000000000275680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3390d85b9f4b83a2023-02-08 09:47:05.986root 11241100x8000000000000000275679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16e1af7ffffbd882023-02-08 09:47:05.986root 11241100x8000000000000000275683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:47:06.362root 11241100x8000000000000000275686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7372f9605d8fdf9b2023-02-08 09:47:06.363root 11241100x8000000000000000275685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd64111bf183db002023-02-08 09:47:06.363root 11241100x8000000000000000275684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b327e00d09e91a2023-02-08 09:47:06.363root 11241100x8000000000000000275694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7bd08a109440f92023-02-08 09:47:06.364root 11241100x8000000000000000275693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af3bf2d0792c1912023-02-08 09:47:06.364root 11241100x8000000000000000275692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abca1d723131705a2023-02-08 09:47:06.364root 11241100x8000000000000000275691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778378d7c8d3016c2023-02-08 09:47:06.364root 11241100x8000000000000000275690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90d8cae665daabf2023-02-08 09:47:06.364root 11241100x8000000000000000275689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f9578587c1a742023-02-08 09:47:06.364root 11241100x8000000000000000275688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7cd29fc0c75ea52023-02-08 09:47:06.364root 11241100x8000000000000000275687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f0fca9f5ec15f02023-02-08 09:47:06.364root 11241100x8000000000000000275695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce139d500e077ecf2023-02-08 09:47:06.365root 11241100x8000000000000000275698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0c14606a3773aa2023-02-08 09:47:06.728root 11241100x8000000000000000275697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25581c19433dace2023-02-08 09:47:06.728root 354300x8000000000000000275696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.728{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-34228-false10.0.1.12-8089- 11241100x8000000000000000275706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4675631b1b5cccf62023-02-08 09:47:06.729root 11241100x8000000000000000275705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b54636d533d362023-02-08 09:47:06.729root 11241100x8000000000000000275704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca65dc31e84a0d62023-02-08 09:47:06.729root 11241100x8000000000000000275703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a5b12a8244db82023-02-08 09:47:06.729root 11241100x8000000000000000275702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324441720aadfc022023-02-08 09:47:06.729root 11241100x8000000000000000275701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c3939b51c406d2023-02-08 09:47:06.729root 11241100x8000000000000000275700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b1c1ab0b3220b22023-02-08 09:47:06.729root 11241100x8000000000000000275699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5e1ec051dbdfbc2023-02-08 09:47:06.729root 11241100x8000000000000000275709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ebbe36ed33fe772023-02-08 09:47:06.730root 11241100x8000000000000000275708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6962a29537988d7a2023-02-08 09:47:06.730root 11241100x8000000000000000275707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264725509ff69ee62023-02-08 09:47:06.730root 11241100x8000000000000000275720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac278b8d38af20172023-02-08 09:47:06.984root 11241100x8000000000000000275719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896a196b36bfad9d2023-02-08 09:47:06.984root 11241100x8000000000000000275718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44df86ee27cc3132023-02-08 09:47:06.984root 11241100x8000000000000000275717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a797b9f99c1cfcc22023-02-08 09:47:06.984root 11241100x8000000000000000275716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9929e15a7c5c022023-02-08 09:47:06.984root 11241100x8000000000000000275715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6761c09f8038cf832023-02-08 09:47:06.984root 11241100x8000000000000000275714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878d70c2039fa36f2023-02-08 09:47:06.984root 11241100x8000000000000000275713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246926e99690cda42023-02-08 09:47:06.984root 11241100x8000000000000000275712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f6335f26e9f6d82023-02-08 09:47:06.984root 11241100x8000000000000000275711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ced2af659f0472023-02-08 09:47:06.984root 11241100x8000000000000000275710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58d93a2592e4e622023-02-08 09:47:06.984root 11241100x8000000000000000275722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafb609eb9e1d1e12023-02-08 09:47:06.985root 11241100x8000000000000000275721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:06.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bebe227f75988382023-02-08 09:47:06.985root 11241100x8000000000000000275727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6c6e818769bff92023-02-08 09:47:07.484root 11241100x8000000000000000275726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b073b0b642fefecb2023-02-08 09:47:07.484root 11241100x8000000000000000275725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527925a3bc09424e2023-02-08 09:47:07.484root 11241100x8000000000000000275724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4388b152d59cb2023-02-08 09:47:07.484root 11241100x8000000000000000275723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1593c0fa96fd860f2023-02-08 09:47:07.484root 11241100x8000000000000000275735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f08bc99368556e2023-02-08 09:47:07.485root 11241100x8000000000000000275734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02aab391ae9eda232023-02-08 09:47:07.485root 11241100x8000000000000000275733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca89c75005477fe32023-02-08 09:47:07.485root 11241100x8000000000000000275732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca053398822a86b2023-02-08 09:47:07.485root 11241100x8000000000000000275731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebfac9b5914214b2023-02-08 09:47:07.485root 11241100x8000000000000000275730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a24a90816f8b8802023-02-08 09:47:07.485root 11241100x8000000000000000275729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564b16fc5653019c2023-02-08 09:47:07.485root 11241100x8000000000000000275728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc55894dbe1301e62023-02-08 09:47:07.485root 11241100x8000000000000000275741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee45263c3881865f2023-02-08 09:47:07.984root 11241100x8000000000000000275740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a448748280479422023-02-08 09:47:07.984root 11241100x8000000000000000275739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c5d9732afb2622023-02-08 09:47:07.984root 11241100x8000000000000000275738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536956ab85fbd1d82023-02-08 09:47:07.984root 11241100x8000000000000000275737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034af914bc030a3b2023-02-08 09:47:07.984root 11241100x8000000000000000275736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde354dd4266beb42023-02-08 09:47:07.984root 11241100x8000000000000000275748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f0c5ca6f941ae2023-02-08 09:47:07.985root 11241100x8000000000000000275747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c5a84dda6314ca2023-02-08 09:47:07.985root 11241100x8000000000000000275746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be266d4d4adbb4d2023-02-08 09:47:07.985root 11241100x8000000000000000275745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1b5b1827883f4a2023-02-08 09:47:07.985root 11241100x8000000000000000275744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f856208ab4cefd3c2023-02-08 09:47:07.985root 11241100x8000000000000000275743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6507d50a618f4452023-02-08 09:47:07.985root 11241100x8000000000000000275742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac440144c8318272023-02-08 09:47:07.985root 354300x8000000000000000275749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.182{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52196-false10.0.1.12-8000- 11241100x8000000000000000275754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b172a43926d27a0f2023-02-08 09:47:08.484root 11241100x8000000000000000275753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481efafabe89003e2023-02-08 09:47:08.484root 11241100x8000000000000000275752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4a04d40de1042b2023-02-08 09:47:08.484root 11241100x8000000000000000275751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02130293defbd3a2023-02-08 09:47:08.484root 11241100x8000000000000000275750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca138c6ac2457992023-02-08 09:47:08.484root 11241100x8000000000000000275763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f0fe936ee4d3642023-02-08 09:47:08.485root 11241100x8000000000000000275762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de46f75e0145d1f22023-02-08 09:47:08.485root 11241100x8000000000000000275761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de462f175eaad7f2023-02-08 09:47:08.485root 11241100x8000000000000000275760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35077baba7a802042023-02-08 09:47:08.485root 11241100x8000000000000000275759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c108e9176a6273f82023-02-08 09:47:08.485root 11241100x8000000000000000275758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fc1ec3297551832023-02-08 09:47:08.485root 11241100x8000000000000000275757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2340100c6411f3e2023-02-08 09:47:08.485root 11241100x8000000000000000275756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7d21ad2d997092023-02-08 09:47:08.485root 11241100x8000000000000000275755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09651305424bb4c62023-02-08 09:47:08.485root 11241100x8000000000000000275769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7aa57904bebbcc2023-02-08 09:47:08.985root 11241100x8000000000000000275768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9fd79035af37812023-02-08 09:47:08.985root 11241100x8000000000000000275767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7ccfa7f62301cd2023-02-08 09:47:08.985root 11241100x8000000000000000275766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db1bbca355036e2023-02-08 09:47:08.985root 11241100x8000000000000000275765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72c1278ea01052f2023-02-08 09:47:08.985root 11241100x8000000000000000275764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a32e364616f0b2023-02-08 09:47:08.985root 11241100x8000000000000000275777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeb280246794c782023-02-08 09:47:08.986root 11241100x8000000000000000275776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faf125494e0c8fb2023-02-08 09:47:08.986root 11241100x8000000000000000275775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65daa72680ee5d682023-02-08 09:47:08.986root 11241100x8000000000000000275774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a225f19413a3362023-02-08 09:47:08.986root 11241100x8000000000000000275773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604aef61f450ed952023-02-08 09:47:08.986root 11241100x8000000000000000275772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b9cf25e244a0b12023-02-08 09:47:08.986root 11241100x8000000000000000275771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fb6836f06a5c0c2023-02-08 09:47:08.986root 11241100x8000000000000000275770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b284a1135227842023-02-08 09:47:08.986root 23542300x8000000000000000275778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000275779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab278b3801cadfe2023-02-08 09:47:09.364root 11241100x8000000000000000275788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cc252e58f681a22023-02-08 09:47:09.365root 11241100x8000000000000000275787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5afc6e53fa35e12023-02-08 09:47:09.365root 11241100x8000000000000000275786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd5e25bb2be70e2023-02-08 09:47:09.365root 11241100x8000000000000000275785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4ab40eebb60bcf2023-02-08 09:47:09.365root 11241100x8000000000000000275784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2624086ec849462023-02-08 09:47:09.365root 11241100x8000000000000000275783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0331a839863a58922023-02-08 09:47:09.365root 11241100x8000000000000000275782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808c8a35625dde9d2023-02-08 09:47:09.365root 11241100x8000000000000000275781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95436bee31bad782023-02-08 09:47:09.365root 11241100x8000000000000000275780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d8ca4490c1524e2023-02-08 09:47:09.365root 11241100x8000000000000000275793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141c6385a19cda9c2023-02-08 09:47:09.366root 11241100x8000000000000000275792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69fbffab404922a2023-02-08 09:47:09.366root 11241100x8000000000000000275791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a350cfbde12e5732023-02-08 09:47:09.366root 11241100x8000000000000000275790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6d2b794c9f41bc2023-02-08 09:47:09.366root 11241100x8000000000000000275789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ffb1d079d5666052023-02-08 09:47:09.366root 11241100x8000000000000000275796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c174e6a5a125e2023-02-08 09:47:09.734root 11241100x8000000000000000275795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57aff63eb6da5062023-02-08 09:47:09.734root 11241100x8000000000000000275794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4096afcbc89929a82023-02-08 09:47:09.734root 11241100x8000000000000000275805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a0e3593d713a7a2023-02-08 09:47:09.735root 11241100x8000000000000000275804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f26bc0d29cde412023-02-08 09:47:09.735root 11241100x8000000000000000275803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fcdd569b3b943c2023-02-08 09:47:09.735root 11241100x8000000000000000275802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af754a10eb1ad6cf2023-02-08 09:47:09.735root 11241100x8000000000000000275801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41280f656a652bf72023-02-08 09:47:09.735root 11241100x8000000000000000275800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b52c816e4778dc2023-02-08 09:47:09.735root 11241100x8000000000000000275799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763c92f1d04735e92023-02-08 09:47:09.735root 11241100x8000000000000000275798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b525fda825122f2023-02-08 09:47:09.735root 11241100x8000000000000000275797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30090265c8db4652023-02-08 09:47:09.735root 11241100x8000000000000000275808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854ab91064b24f662023-02-08 09:47:09.736root 11241100x8000000000000000275807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7749d245e8eb862023-02-08 09:47:09.736root 11241100x8000000000000000275806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49421cff7fde0db2023-02-08 09:47:09.736root 11241100x8000000000000000275816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af897e5ff927b2312023-02-08 09:47:10.234root 11241100x8000000000000000275815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86cc30a66a305af2023-02-08 09:47:10.234root 11241100x8000000000000000275814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc5ed8f90ed225a2023-02-08 09:47:10.234root 11241100x8000000000000000275813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729973edc1ad88a92023-02-08 09:47:10.234root 11241100x8000000000000000275812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1aa684213ea9162023-02-08 09:47:10.234root 11241100x8000000000000000275811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a1085f900677f02023-02-08 09:47:10.234root 11241100x8000000000000000275810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e86ca280b3e2f32023-02-08 09:47:10.234root 11241100x8000000000000000275809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf29fda18a56b9a2023-02-08 09:47:10.234root 11241100x8000000000000000275823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3df4a2aa2e13dc32023-02-08 09:47:10.235root 11241100x8000000000000000275822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13ae221c9d2a0d2023-02-08 09:47:10.235root 11241100x8000000000000000275821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a275dddc043eaf2023-02-08 09:47:10.235root 11241100x8000000000000000275820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985efd61622a1a12023-02-08 09:47:10.235root 11241100x8000000000000000275819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d3aae391dc644d2023-02-08 09:47:10.235root 11241100x8000000000000000275818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb56e3fc13d4489c2023-02-08 09:47:10.235root 11241100x8000000000000000275817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254df1e6c27255562023-02-08 09:47:10.235root 534500x8000000000000000275824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.590{ec2a0601-6f97-63e3-0000-000000000000}5813-sshd 11241100x8000000000000000275825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc7c25ec9dd814d2023-02-08 09:47:10.591root 11241100x8000000000000000275836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504c265080011d002023-02-08 09:47:10.592root 11241100x8000000000000000275835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3b91c3c7b7ae7c2023-02-08 09:47:10.592root 11241100x8000000000000000275834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e0c9ef655ae4a72023-02-08 09:47:10.592root 11241100x8000000000000000275833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4601353e907664db2023-02-08 09:47:10.592root 11241100x8000000000000000275832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca79a2a3743471642023-02-08 09:47:10.592root 11241100x8000000000000000275831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd9d373ff67df8f2023-02-08 09:47:10.592root 11241100x8000000000000000275830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e1fee1986cbeb52023-02-08 09:47:10.592root 11241100x8000000000000000275829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83add4870f28d1522023-02-08 09:47:10.592root 11241100x8000000000000000275828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364598c0150a5b382023-02-08 09:47:10.592root 11241100x8000000000000000275827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0040e42a470231c62023-02-08 09:47:10.592root 11241100x8000000000000000275826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d8b1e8340b39e52023-02-08 09:47:10.592root 11241100x8000000000000000275841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.593{ec2a0601-5c30-63e3-5859-390764550000}1/lib/systemd/systemd/run/systemd/transient/session-5.scope2023-02-08 09:47:10.593root 11241100x8000000000000000275840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d60ce35f9998572023-02-08 09:47:10.593root 11241100x8000000000000000275839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ab256d97bbb8522023-02-08 09:47:10.593root 11241100x8000000000000000275838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf933684140bb8b52023-02-08 09:47:10.593root 11241100x8000000000000000275837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f3d2314d8c592a2023-02-08 09:47:10.593root 11241100x8000000000000000275846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.597{ec2a0601-5c3f-63e3-8033-106a5d550000}1038/lib/systemd/systemd-logind/run/systemd/users/.#10003IhU1K2023-02-08 09:47:10.597root 11241100x8000000000000000275845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.597{ec2a0601-5c3f-63e3-8033-106a5d550000}1038/lib/systemd/systemd-logind/run/systemd/sessions/.#5XC1QVG2023-02-08 09:47:10.597root 11241100x8000000000000000275844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.597{ec2a0601-5c3f-63e3-8033-106a5d550000}1038/lib/systemd/systemd-logind/run/systemd/sessions/.#5xdkOPC2023-02-08 09:47:10.597root 11241100x8000000000000000275843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.597{ec2a0601-5c3f-63e3-8033-106a5d550000}1038/lib/systemd/systemd-logind/run/systemd/users/.#1000zLzMJy2023-02-08 09:47:10.597root 11241100x8000000000000000275842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.597{ec2a0601-5c3f-63e3-8033-106a5d550000}1038/lib/systemd/systemd-logind/run/systemd/sessions/.#5fORNDu2023-02-08 09:47:10.597root 154100x8000000000000000275847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.598{ec2a0601-6f9e-63e3-6882-ebcbd6550000}5815/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f97-63e3-e0b7-389257550000}5812/usr/sbin/sshd/usr/sbin/sshdroot 154100x8000000000000000275850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.599{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-6882-ebcbd6550000}5815/bin/dashshroot 154100x8000000000000000275849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.599{ec2a0601-6f9e-63e3-785c-5c51b0550000}5816/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-6882-ebcbd6550000}5815/bin/dashshroot 11241100x8000000000000000275848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.599{ec2a0601-6f9e-63e3-6882-ebcbd6550000}5815/bin/dash/run/motd.dynamic.new2023-02-08 09:47:10.599root 154100x8000000000000000275852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.601{ec2a0601-6f9e-63e3-80ce-4f1298550000}5818/bin/uname-----uname -o/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-6892-f4004e560000}5817/bin/dash/bin/shroot 154100x8000000000000000275851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.601{ec2a0601-6f9e-63e3-6892-f4004e560000}5817/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000275854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.602{ec2a0601-6f9e-63e3-805e-8c67f0550000}5819/bin/uname-----uname -r/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-6892-f4004e560000}5817/bin/dash/bin/shroot 534500x8000000000000000275853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.602{ec2a0601-6f9e-63e3-80ce-4f1298550000}5818/bin/unameroot 534500x8000000000000000275857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.603{ec2a0601-6f9e-63e3-80ce-b44085550000}5820/bin/unameroot 154100x8000000000000000275856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.603{ec2a0601-6f9e-63e3-80ce-b44085550000}5820/bin/uname-----uname -m/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-6892-f4004e560000}5817/bin/dash/bin/shroot 534500x8000000000000000275855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.603{ec2a0601-6f9e-63e3-805e-8c67f0550000}5819/bin/unameroot 534500x8000000000000000275860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.604{ec2a0601-6f9e-63e3-6882-52aaea550000}5821/bin/dashroot 154100x8000000000000000275859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.604{ec2a0601-6f9e-63e3-6882-52aaea550000}5821/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000275858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.604{ec2a0601-6f9e-63e3-6892-f4004e560000}5817/bin/dashroot 154100x8000000000000000275862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.605{ec2a0601-6f9e-63e3-50ac-ebc33d560000}5823/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-68a2-ba4478550000}5822/bin/dash/bin/shroot 154100x8000000000000000275861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.605{ec2a0601-6f9e-63e3-68a2-ba4478550000}5822/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000275863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.606{ec2a0601-6f9e-63e3-50ac-ebc33d560000}5823/bin/greproot 154100x8000000000000000275865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.607{ec2a0601-6f9e-63e3-b800-2bb9c5550000}5827/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5825--- 154100x8000000000000000275864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.607{ec2a0601-6f9e-63e3-98df-f35623560000}5826/usr/bin/bc-----bc/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5824--- 534500x8000000000000000275867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.608{00000000-0000-0000-0000-000000000000}5825<unknown process>root 534500x8000000000000000275866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.608{ec2a0601-6f9e-63e3-b800-2bb9c5550000}5827/usr/bin/cutroot 154100x8000000000000000275870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.612{ec2a0601-6f9e-63e3-085f-b07e4b560000}5828/bin/date-----/bin/date/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-68a2-ba4478550000}5822/bin/dash/bin/shroot 534500x8000000000000000275869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.612{ec2a0601-6f97-63e3-0000-000000000000}5824-root 534500x8000000000000000275868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.612{ec2a0601-6f9e-63e3-98df-f35623560000}5826/usr/bin/bcroot 154100x8000000000000000275872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.613{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-68a2-ba4478550000}5822/bin/dash/bin/shroot 534500x8000000000000000275871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.613{ec2a0601-6f9e-63e3-085f-b07e4b560000}5828/bin/dateroot 154100x8000000000000000275874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.738{ec2a0601-6f9e-63e3-b811-ef66227f0000}5830/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000275873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.738{ec2a0601-6f9e-63e3-6872-c4cf08560000}5830/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000275875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.740{ec2a0601-6f9e-63e3-b811-ef66227f0000}5830/sbin/ldconfig.realroot 154100x8000000000000000275877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.778{ec2a0601-6f9e-63e3-b811-68a3007f0000}5831/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000275876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.778{ec2a0601-6f9e-63e3-68a2-a497ba550000}5831/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000275878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.779{ec2a0601-6f9e-63e3-b811-68a3007f0000}5831/sbin/ldconfig.realroot 11241100x8000000000000000275881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.890{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c3927375411882023-02-08 09:47:10.890root 11241100x8000000000000000275880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.890{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44023f4c9ebc41132023-02-08 09:47:10.890root 534500x8000000000000000275879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.890{00000000-0000-0000-0000-000000000000}5832<unknown process>root 11241100x8000000000000000275889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f888dfc9e95f3972023-02-08 09:47:10.891root 11241100x8000000000000000275888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aa82fbfeb24a732023-02-08 09:47:10.891root 11241100x8000000000000000275887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cd6044a8f4be812023-02-08 09:47:10.891root 11241100x8000000000000000275886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec65413e1d453412023-02-08 09:47:10.891root 11241100x8000000000000000275885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a056386c67bf2faf2023-02-08 09:47:10.891root 11241100x8000000000000000275884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9635d4f43da3f82023-02-08 09:47:10.891root 11241100x8000000000000000275883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98355a06d34498a2023-02-08 09:47:10.891root 11241100x8000000000000000275882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.891{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccddf8ad8cfc25422023-02-08 09:47:10.891root 11241100x8000000000000000275893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.892{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a01fdfbdb75f5d2023-02-08 09:47:10.892root 11241100x8000000000000000275892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.892{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453e36158e1d53e52023-02-08 09:47:10.892root 11241100x8000000000000000275891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.892{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ea13efb3d57162023-02-08 09:47:10.892root 11241100x8000000000000000275890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.892{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83428258cad7a9952023-02-08 09:47:10.892root 11241100x8000000000000000275899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7339364f5fa6bc5a2023-02-08 09:47:10.893root 11241100x8000000000000000275898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1463c863e70a562023-02-08 09:47:10.893root 11241100x8000000000000000275897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4af1eb471564a352023-02-08 09:47:10.893root 11241100x8000000000000000275896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7506d83de2d4ba682023-02-08 09:47:10.893root 11241100x8000000000000000275895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b9cbfc82b98a1d2023-02-08 09:47:10.893root 11241100x8000000000000000275894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.893{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3a1349c29d5c272023-02-08 09:47:10.893root 11241100x8000000000000000275901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.894{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c128d7b43757a1c32023-02-08 09:47:10.894root 11241100x8000000000000000275900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.894{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5dd77947ab28c52023-02-08 09:47:10.894root 11241100x8000000000000000275906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.896{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84431fa66b7f56262023-02-08 09:47:10.896root 11241100x8000000000000000275905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.896{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a82903e25b7f7d32023-02-08 09:47:10.896root 11241100x8000000000000000275904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.896{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d938153d820a1ab2023-02-08 09:47:10.896root 11241100x8000000000000000275903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.896{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c631e9d4e78ee50f2023-02-08 09:47:10.896root 11241100x8000000000000000275902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.896{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff44239cdfa58e12023-02-08 09:47:10.896root 11241100x8000000000000000275908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.897{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34ffbfce60116452023-02-08 09:47:10.897root 11241100x8000000000000000275907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.897{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e4c673d1cedfd2023-02-08 09:47:10.897root 11241100x8000000000000000275911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.898{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01862f2d51f67442023-02-08 09:47:10.898root 11241100x8000000000000000275910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.898{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8397f58c7a4431f2023-02-08 09:47:10.898root 11241100x8000000000000000275909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.898{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf775bc3327220d62023-02-08 09:47:10.898root 11241100x8000000000000000275915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.899{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e637a05936059142023-02-08 09:47:10.899root 11241100x8000000000000000275914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.899{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1523e826ac6e5d962023-02-08 09:47:10.899root 11241100x8000000000000000275913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.899{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9ace4645c661d12023-02-08 09:47:10.899root 11241100x8000000000000000275912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.899{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da359dbe77c097c2023-02-08 09:47:10.899root 11241100x8000000000000000275918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.900{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d5ce84226ef6082023-02-08 09:47:10.900root 11241100x8000000000000000275917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.900{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a62780a8cf5c82023-02-08 09:47:10.900root 11241100x8000000000000000275916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.900{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491e88888a9bbf5b2023-02-08 09:47:10.900root 11241100x8000000000000000275921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.901{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732714852bce1a5f2023-02-08 09:47:10.901root 11241100x8000000000000000275920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.901{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7e493fd5ac7b032023-02-08 09:47:10.901root 11241100x8000000000000000275919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.901{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbc4bf24f4a7ffd2023-02-08 09:47:10.901root 11241100x8000000000000000275925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.902{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1fb436177e79712023-02-08 09:47:10.902root 11241100x8000000000000000275924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.902{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7372dd6ad16b7d92023-02-08 09:47:10.902root 11241100x8000000000000000275923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.902{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18cb932f79d32fb2023-02-08 09:47:10.902root 11241100x8000000000000000275922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.902{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26909c55947556722023-02-08 09:47:10.902root 11241100x8000000000000000275927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.903{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de020bf1fd1bf5c42023-02-08 09:47:10.903root 11241100x8000000000000000275926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.903{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cdbb9822e825d22023-02-08 09:47:10.903root 11241100x8000000000000000275931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.904{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a9b9951ed6dfbe2023-02-08 09:47:10.904root 11241100x8000000000000000275930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.904{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d4256481b81702023-02-08 09:47:10.904root 11241100x8000000000000000275929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.904{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50102b166f590452023-02-08 09:47:10.904root 11241100x8000000000000000275928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.904{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f98a178ef878e42023-02-08 09:47:10.904root 11241100x8000000000000000275934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.905{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a52f7f7abea9a042023-02-08 09:47:10.905root 11241100x8000000000000000275933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.905{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c7ece728c11d562023-02-08 09:47:10.905root 11241100x8000000000000000275932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.905{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cbbcaf784a69322023-02-08 09:47:10.905root 11241100x8000000000000000275938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.906{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ae802d928121d2023-02-08 09:47:10.906root 11241100x8000000000000000275937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.906{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c1648fc7297f32023-02-08 09:47:10.906root 11241100x8000000000000000275936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.906{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e947436a60a8d2023-02-08 09:47:10.906root 11241100x8000000000000000275935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.906{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc586ffc4e0270c2023-02-08 09:47:10.906root 11241100x8000000000000000275941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.907{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4d5584c7cb9adf2023-02-08 09:47:10.907root 11241100x8000000000000000275940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.907{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ac2ab0a4daf2da2023-02-08 09:47:10.907root 11241100x8000000000000000275939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.907{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e082b9c51fc11ed2023-02-08 09:47:10.907root 11241100x8000000000000000275946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.908{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf388286dc7d57a52023-02-08 09:47:10.908root 11241100x8000000000000000275945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.908{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eeafb7259d0e8a2023-02-08 09:47:10.908root 11241100x8000000000000000275944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.908{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecf6b8923368bba2023-02-08 09:47:10.908root 11241100x8000000000000000275943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.908{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6585866a474f20fd2023-02-08 09:47:10.908root 11241100x8000000000000000275942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.908{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c18f9e7ad9efe62023-02-08 09:47:10.908root 11241100x8000000000000000275949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.909{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b638797ba283ee1a2023-02-08 09:47:10.909root 11241100x8000000000000000275948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.909{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca697628bef1c6932023-02-08 09:47:10.909root 11241100x8000000000000000275947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.909{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50414d6fd2f319cf2023-02-08 09:47:10.909root 11241100x8000000000000000275952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.910{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c91fe861c3c0cb92023-02-08 09:47:10.910root 11241100x8000000000000000275951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.910{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eab265c819872132023-02-08 09:47:10.910root 11241100x8000000000000000275950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.910{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32cad58ad45f15d2023-02-08 09:47:10.910root 11241100x8000000000000000275955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.911{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9302b56a7a11552023-02-08 09:47:10.911root 11241100x8000000000000000275954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.911{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02747d993ff09d522023-02-08 09:47:10.911root 11241100x8000000000000000275953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.911{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7ee6521fb1dbfa2023-02-08 09:47:10.911root 11241100x8000000000000000275959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.912{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372d04c1e0284afe2023-02-08 09:47:10.912root 11241100x8000000000000000275958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.912{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c088b00b10ff932023-02-08 09:47:10.912root 11241100x8000000000000000275957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.912{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e477a5967c3f362023-02-08 09:47:10.912root 11241100x8000000000000000275956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.912{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c664f2905c9e7642023-02-08 09:47:10.912root 11241100x8000000000000000275962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.913{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4dd84ebb032d42023-02-08 09:47:10.913root 11241100x8000000000000000275961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.913{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d142b4dc7e56c5e32023-02-08 09:47:10.913root 11241100x8000000000000000275960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.913{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b672cb1b238b8b2023-02-08 09:47:10.913root 11241100x8000000000000000275965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.914{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cec57af1a4e2c02023-02-08 09:47:10.914root 11241100x8000000000000000275964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.914{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f581c5fbb664eeb12023-02-08 09:47:10.914root 11241100x8000000000000000275963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.914{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643dba9e46a0af482023-02-08 09:47:10.914root 11241100x8000000000000000275969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.915{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9262ad082631462023-02-08 09:47:10.915root 11241100x8000000000000000275968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.915{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346edf3d620399aa2023-02-08 09:47:10.915root 11241100x8000000000000000275967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.915{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207f8445770575b2023-02-08 09:47:10.915root 11241100x8000000000000000275966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.915{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897067f3813bc6e2023-02-08 09:47:10.915root 11241100x8000000000000000275971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.916{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d789404750d3eb2023-02-08 09:47:10.916root 11241100x8000000000000000275970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.916{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ac009fc28a0be2023-02-08 09:47:10.916root 11241100x8000000000000000275974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.917{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db33048378cfc4152023-02-08 09:47:10.917root 11241100x8000000000000000275973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.917{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b01906b61f3ab52023-02-08 09:47:10.917root 11241100x8000000000000000275972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.917{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597c9a30be3aea12023-02-08 09:47:10.917root 11241100x8000000000000000275977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.918{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26ef55492ecf6002023-02-08 09:47:10.918root 11241100x8000000000000000275976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.918{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fb6882a9ab9fac2023-02-08 09:47:10.918root 11241100x8000000000000000275975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.918{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67db96851d7047d22023-02-08 09:47:10.918root 11241100x8000000000000000275980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.919{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77d3df29344ae712023-02-08 09:47:10.919root 11241100x8000000000000000275979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.919{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81957da6fda4abfd2023-02-08 09:47:10.919root 11241100x8000000000000000275978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.919{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c6a0b23b11db82023-02-08 09:47:10.919root 11241100x8000000000000000275982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.920{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fc55f97ca069c22023-02-08 09:47:10.920root 11241100x8000000000000000275981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.920{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87af743c36b312f2023-02-08 09:47:10.920root 11241100x8000000000000000275987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.921{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3030fc252114f9b32023-02-08 09:47:10.921root 11241100x8000000000000000275986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.921{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d455528afbf825e2023-02-08 09:47:10.921root 11241100x8000000000000000275985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.921{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b836399c082fc78f2023-02-08 09:47:10.921root 11241100x8000000000000000275984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.921{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89435f05fe0171ea2023-02-08 09:47:10.921root 11241100x8000000000000000275983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.921{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c76816152a4a8102023-02-08 09:47:10.921root 11241100x8000000000000000276002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac7add4489958b82023-02-08 09:47:10.922root 11241100x8000000000000000276001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841e61b487f84c982023-02-08 09:47:10.922root 11241100x8000000000000000276000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6942312b84f15dc2023-02-08 09:47:10.922root 11241100x8000000000000000275999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb004b97e7d965032023-02-08 09:47:10.922root 11241100x8000000000000000275998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e3776da9fce4242023-02-08 09:47:10.922root 11241100x8000000000000000275997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3fefe5caad8feb2023-02-08 09:47:10.922root 11241100x8000000000000000275996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ade662582007fa52023-02-08 09:47:10.922root 11241100x8000000000000000275995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d232b9981b6ee9d2023-02-08 09:47:10.922root 11241100x8000000000000000275994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43e45ac618abf1b2023-02-08 09:47:10.922root 11241100x8000000000000000275993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7082b8266e9046e72023-02-08 09:47:10.922root 11241100x8000000000000000275992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6d13e4b2eafc192023-02-08 09:47:10.922root 11241100x8000000000000000275991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ae164d05ad644c2023-02-08 09:47:10.922root 11241100x8000000000000000275990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb079eefbde14472023-02-08 09:47:10.922root 11241100x8000000000000000275989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51ae581540e287a2023-02-08 09:47:10.922root 11241100x8000000000000000275988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.922{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8906bd57e34db8d42023-02-08 09:47:10.922root 11241100x8000000000000000276017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e0d7c71125770e2023-02-08 09:47:10.923root 11241100x8000000000000000276016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edc4622f2782a152023-02-08 09:47:10.923root 11241100x8000000000000000276015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00c236e0022a892023-02-08 09:47:10.923root 11241100x8000000000000000276014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee11bfbb4f7c0392023-02-08 09:47:10.923root 11241100x8000000000000000276013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082aa93e1a2f72df2023-02-08 09:47:10.923root 11241100x8000000000000000276012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2432b8579286a32023-02-08 09:47:10.923root 11241100x8000000000000000276011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b787f9431ecd52c2023-02-08 09:47:10.923root 11241100x8000000000000000276010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29f70c41d77799f2023-02-08 09:47:10.923root 11241100x8000000000000000276009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc2bf362e1595892023-02-08 09:47:10.923root 11241100x8000000000000000276008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bfbd2a866242c82023-02-08 09:47:10.923root 11241100x8000000000000000276007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220f2106673473642023-02-08 09:47:10.923root 11241100x8000000000000000276006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8192a7a42a7bcdf42023-02-08 09:47:10.923root 11241100x8000000000000000276005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cfbf8d351b234d2023-02-08 09:47:10.923root 11241100x8000000000000000276004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b987914c910d3cb2023-02-08 09:47:10.923root 11241100x8000000000000000276003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.923{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fb9684743216662023-02-08 09:47:10.923root 11241100x8000000000000000276031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9685fdd4a6ecdf2023-02-08 09:47:10.924root 11241100x8000000000000000276030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf29d5ad83bee3f2023-02-08 09:47:10.924root 11241100x8000000000000000276029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37503a40a7e257c2023-02-08 09:47:10.924root 11241100x8000000000000000276028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a7779f2ffb1822023-02-08 09:47:10.924root 11241100x8000000000000000276027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fbf5232730211e2023-02-08 09:47:10.924root 11241100x8000000000000000276026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9884d20520898b02023-02-08 09:47:10.924root 11241100x8000000000000000276025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9fab23afc6bc1f2023-02-08 09:47:10.924root 11241100x8000000000000000276024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3b998a5b83b3e52023-02-08 09:47:10.924root 11241100x8000000000000000276023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee8b0f43e67abb2023-02-08 09:47:10.924root 11241100x8000000000000000276022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa81ff76417bd322023-02-08 09:47:10.924root 11241100x8000000000000000276021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb62fcbb8dfa2f22023-02-08 09:47:10.924root 11241100x8000000000000000276020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33d2ad48d2c36c2023-02-08 09:47:10.924root 11241100x8000000000000000276019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c54f480a3143f2023-02-08 09:47:10.924root 11241100x8000000000000000276018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.924{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114242d9948eecd42023-02-08 09:47:10.924root 11241100x8000000000000000276034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.932{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980bac5e0b0a164f2023-02-08 09:47:10.932root 11241100x8000000000000000276033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.932{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c213999fcf0092023-02-08 09:47:10.932root 11241100x8000000000000000276032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.932{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1cf24849e5ac322023-02-08 09:47:10.932root 11241100x8000000000000000276039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.933{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c1307a1918e9c22023-02-08 09:47:10.933root 11241100x8000000000000000276038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.933{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dcce889016d1162023-02-08 09:47:10.933root 11241100x8000000000000000276037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.933{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7669800dbf9ca2023-02-08 09:47:10.933root 11241100x8000000000000000276036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.933{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9415eb69e1fc519e2023-02-08 09:47:10.933root 11241100x8000000000000000276035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.933{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c53e8cfddd88dd2023-02-08 09:47:10.933root 11241100x8000000000000000276043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.934{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ca946a2655caae2023-02-08 09:47:10.934root 11241100x8000000000000000276042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.934{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d574fdbda717692023-02-08 09:47:10.934root 11241100x8000000000000000276041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.934{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6618e65f5780d72023-02-08 09:47:10.934root 11241100x8000000000000000276040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.934{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b24e70e73bed082023-02-08 09:47:10.934root 11241100x8000000000000000276047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.935{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68078eb57f996252023-02-08 09:47:10.935root 11241100x8000000000000000276046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.935{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431213467d19d53f2023-02-08 09:47:10.935root 11241100x8000000000000000276045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.935{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8e536a98df69822023-02-08 09:47:10.935root 11241100x8000000000000000276044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.935{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d89011a84b6dccb2023-02-08 09:47:10.935root 11241100x8000000000000000276051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.936{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b103886c32a24b2d2023-02-08 09:47:10.936root 11241100x8000000000000000276050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.936{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceded8905e5d70c2023-02-08 09:47:10.936root 11241100x8000000000000000276049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.936{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4707d7ef3ab41e262023-02-08 09:47:10.936root 11241100x8000000000000000276048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.936{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f474843262f0d5c82023-02-08 09:47:10.936root 11241100x8000000000000000276059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24edd06024816e72023-02-08 09:47:10.937root 11241100x8000000000000000276058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1380dc723686112023-02-08 09:47:10.937root 11241100x8000000000000000276057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee339d40430ae2d82023-02-08 09:47:10.937root 11241100x8000000000000000276056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae48094999a6a42023-02-08 09:47:10.937root 11241100x8000000000000000276055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e013343d05e46652023-02-08 09:47:10.937root 11241100x8000000000000000276054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec9d9baa84e2812023-02-08 09:47:10.937root 11241100x8000000000000000276053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641569616eb7d5f02023-02-08 09:47:10.937root 11241100x8000000000000000276052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.937{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1940f969c4debbc2023-02-08 09:47:10.937root 11241100x8000000000000000276070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c990b63497b1473a2023-02-08 09:47:10.938root 11241100x8000000000000000276069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ebd3d1fb1ba9b2023-02-08 09:47:10.938root 11241100x8000000000000000276068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e229f19cee56a1702023-02-08 09:47:10.938root 11241100x8000000000000000276067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44847b792f128d72023-02-08 09:47:10.938root 11241100x8000000000000000276066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35963b9fe3d5c4ed2023-02-08 09:47:10.938root 11241100x8000000000000000276065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68b2acf883969ed2023-02-08 09:47:10.938root 11241100x8000000000000000276064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cb369ff5c413902023-02-08 09:47:10.938root 11241100x8000000000000000276063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f081f30bf8fb81af2023-02-08 09:47:10.938root 11241100x8000000000000000276062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e87ae2debf1092023-02-08 09:47:10.938root 11241100x8000000000000000276061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42e4e380dce0ece2023-02-08 09:47:10.938root 11241100x8000000000000000276060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.938{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bac8dde815339432023-02-08 09:47:10.938root 11241100x8000000000000000276082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ad5f0ab9f62f582023-02-08 09:47:10.939root 11241100x8000000000000000276081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f264d528b86d8322023-02-08 09:47:10.939root 11241100x8000000000000000276080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6854a8ea206aec2023-02-08 09:47:10.939root 11241100x8000000000000000276079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eb19f02ad72cf62023-02-08 09:47:10.939root 11241100x8000000000000000276078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0a7780e94ad3262023-02-08 09:47:10.939root 11241100x8000000000000000276077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b5ad26fba6da222023-02-08 09:47:10.939root 11241100x8000000000000000276076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938abdf2997e16792023-02-08 09:47:10.939root 11241100x8000000000000000276075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3001d45c84cbe5332023-02-08 09:47:10.939root 11241100x8000000000000000276074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62369d1b6dbb4ab2023-02-08 09:47:10.939root 11241100x8000000000000000276073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b97ec691f1cc9a72023-02-08 09:47:10.939root 11241100x8000000000000000276072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a232cadfb065c2023-02-08 09:47:10.939root 11241100x8000000000000000276071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.939{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b0e118c51f3cb32023-02-08 09:47:10.939root 11241100x8000000000000000276095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1143cb5c7108965a2023-02-08 09:47:10.940root 11241100x8000000000000000276094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb81634e2d782e532023-02-08 09:47:10.940root 11241100x8000000000000000276093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fada64ad2e7c7fdb2023-02-08 09:47:10.940root 11241100x8000000000000000276092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af305755cb6ced2023-02-08 09:47:10.940root 11241100x8000000000000000276091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f66a54e226d1c92023-02-08 09:47:10.940root 11241100x8000000000000000276090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35db7d6c1ecb3e62023-02-08 09:47:10.940root 11241100x8000000000000000276089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ec337222e64a6d2023-02-08 09:47:10.940root 11241100x8000000000000000276088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd6de3c0e2a7072023-02-08 09:47:10.940root 11241100x8000000000000000276087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ab0eb8a9d2e842023-02-08 09:47:10.940root 11241100x8000000000000000276086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680a36a4c1d92992023-02-08 09:47:10.940root 11241100x8000000000000000276085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd352b644623aec2023-02-08 09:47:10.940root 11241100x8000000000000000276084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6227deaefd5f262023-02-08 09:47:10.940root 11241100x8000000000000000276083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.940{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238184cd33d419d32023-02-08 09:47:10.940root 11241100x8000000000000000276105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0c494339cdf7a52023-02-08 09:47:10.941root 11241100x8000000000000000276104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dd2cf230b7c4732023-02-08 09:47:10.941root 11241100x8000000000000000276103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac6a8a5224cdcb62023-02-08 09:47:10.941root 11241100x8000000000000000276102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865f04672fdf7dbc2023-02-08 09:47:10.941root 11241100x8000000000000000276101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cfec496c0f1e1d2023-02-08 09:47:10.941root 11241100x8000000000000000276100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a4dfc37e7ccca62023-02-08 09:47:10.941root 11241100x8000000000000000276099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4946e0346b37b02023-02-08 09:47:10.941root 11241100x8000000000000000276098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be871bc515edb622023-02-08 09:47:10.941root 11241100x8000000000000000276097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163aa93166b8a082023-02-08 09:47:10.941root 11241100x8000000000000000276096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.941{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369c8f8011c7ccff2023-02-08 09:47:10.941root 11241100x8000000000000000276116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b3f4ba538a6a6e2023-02-08 09:47:10.942root 11241100x8000000000000000276115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4236b3f75cf377882023-02-08 09:47:10.942root 11241100x8000000000000000276114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083f4c58318b77792023-02-08 09:47:10.942root 11241100x8000000000000000276113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411656652910bbd22023-02-08 09:47:10.942root 11241100x8000000000000000276112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8917e62ca101827a2023-02-08 09:47:10.942root 11241100x8000000000000000276111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c12948eee5a5772023-02-08 09:47:10.942root 11241100x8000000000000000276110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8d5c40434f8d52023-02-08 09:47:10.942root 11241100x8000000000000000276109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e820102fa4df50a92023-02-08 09:47:10.942root 11241100x8000000000000000276108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2140c8e0c93d822023-02-08 09:47:10.942root 11241100x8000000000000000276107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafa8c0d246b79332023-02-08 09:47:10.942root 11241100x8000000000000000276106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.942{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b43eb56ea909242023-02-08 09:47:10.942root 11241100x8000000000000000276126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3a1de121246b872023-02-08 09:47:10.943root 11241100x8000000000000000276125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f6a678a796f7482023-02-08 09:47:10.943root 11241100x8000000000000000276124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071f7a3dfb779a62023-02-08 09:47:10.943root 11241100x8000000000000000276123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13dcfb795834072023-02-08 09:47:10.943root 11241100x8000000000000000276122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f6432bebdf65f02023-02-08 09:47:10.943root 11241100x8000000000000000276121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84b8be1035dbab2023-02-08 09:47:10.943root 11241100x8000000000000000276120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0308340d36d36be2023-02-08 09:47:10.943root 11241100x8000000000000000276119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c127e649d2f58e2023-02-08 09:47:10.943root 11241100x8000000000000000276118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a0c11684c685192023-02-08 09:47:10.943root 11241100x8000000000000000276117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06af0df93c3167ae2023-02-08 09:47:10.943root 11241100x8000000000000000276136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64de9b6221fd28762023-02-08 09:47:10.944root 11241100x8000000000000000276135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8b5dbde3e1b682023-02-08 09:47:10.944root 11241100x8000000000000000276134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6046703d1ad1582023-02-08 09:47:10.944root 11241100x8000000000000000276133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102158033616302d2023-02-08 09:47:10.944root 11241100x8000000000000000276132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a65b98646caa1e2023-02-08 09:47:10.944root 11241100x8000000000000000276131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd150a979e17fc92023-02-08 09:47:10.944root 11241100x8000000000000000276130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e5a8fb02572d9d2023-02-08 09:47:10.944root 11241100x8000000000000000276129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a085d4f72494b82023-02-08 09:47:10.944root 11241100x8000000000000000276128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7bbce34f670e022023-02-08 09:47:10.944root 11241100x8000000000000000276127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee2fd1a094858192023-02-08 09:47:10.944root 11241100x8000000000000000276144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea9fb542ccec0f52023-02-08 09:47:10.945root 11241100x8000000000000000276143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b661498896334f342023-02-08 09:47:10.945root 11241100x8000000000000000276142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eda7d277c769c52023-02-08 09:47:10.945root 11241100x8000000000000000276141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd00e02284b81b942023-02-08 09:47:10.945root 11241100x8000000000000000276140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e06fb18b9ac77e2023-02-08 09:47:10.945root 11241100x8000000000000000276139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a24c2b01d5a5b62023-02-08 09:47:10.945root 11241100x8000000000000000276138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045f9e06b6c7ec5a2023-02-08 09:47:10.945root 11241100x8000000000000000276137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.945{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49928a1cc89529d52023-02-08 09:47:10.945root 11241100x8000000000000000276153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa6940c9f9aa6bd2023-02-08 09:47:10.946root 11241100x8000000000000000276152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b1425e0c8e4b3b2023-02-08 09:47:10.946root 11241100x8000000000000000276151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7eeff16d1087f2023-02-08 09:47:10.946root 11241100x8000000000000000276150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff467e3ba2f7bec42023-02-08 09:47:10.946root 11241100x8000000000000000276149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6b8573a1c4cb1b2023-02-08 09:47:10.946root 11241100x8000000000000000276148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32ebe25ecd910db2023-02-08 09:47:10.946root 11241100x8000000000000000276147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a73262c1e176522023-02-08 09:47:10.946root 11241100x8000000000000000276146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165a138519460bf2023-02-08 09:47:10.946root 11241100x8000000000000000276145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.946{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996b4c7f3464f7452023-02-08 09:47:10.946root 11241100x8000000000000000276159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1913de328da8af2023-02-08 09:47:10.947root 11241100x8000000000000000276158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf055bf1aa33f4382023-02-08 09:47:10.947root 11241100x8000000000000000276157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a195ca5bd3bc4472023-02-08 09:47:10.947root 11241100x8000000000000000276156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461edafd7fddf0f52023-02-08 09:47:10.947root 11241100x8000000000000000276155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c3de93a4c756b82023-02-08 09:47:10.947root 11241100x8000000000000000276154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.947{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b971d196d66fa1ad2023-02-08 09:47:10.947root 154100x8000000000000000276160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.949{ec2a0601-6f9e-63e3-f0c3-1c54d0550000}5833/usr/bin/who-----who -q/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000276161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:10.955{ec2a0601-6f9e-63e3-f0c3-1c54d0550000}5833/usr/bin/whoroot 154100x8000000000000000276164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.004{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.004{ec2a0601-6f9e-63e3-68a2-ba4478550000}5822/bin/dashroot 534500x8000000000000000276162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.004{ec2a0601-6f9e-63e3-2030-7b0000000000}5829/usr/bin/python3.6root 154100x8000000000000000276169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.005{ec2a0601-6f9f-63e3-b820-bb0593550000}5838/usr/bin/cut-----cut -c -80/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dash/bin/shroot 154100x8000000000000000276167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.005{ec2a0601-6f9f-63e3-e025-e7fdfc550000}5837/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dash/bin/shroot 154100x8000000000000000276166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.005{ec2a0601-6f9f-63e3-7822-a4126c550000}5836/usr/bin/head-----head -n 10/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dash/bin/shroot 154100x8000000000000000276165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.005{ec2a0601-6f9f-63e3-d0e9-bb3673550000}5835/bin/cat-----cat /var/cache/motd-news/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dash/bin/shroot 154100x8000000000000000276174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-68a2-300c11560000}5839/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-6822-708a79550000}5834/bin/dashroot 534500x8000000000000000276172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-e025-e7fdfc550000}5837/usr/bin/trroot 534500x8000000000000000276171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-b820-bb0593550000}5838/usr/bin/cutroot 534500x8000000000000000276170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-d0e9-bb3673550000}5835/bin/catroot 534500x8000000000000000276168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.006{ec2a0601-6f9f-63e3-7822-a4126c550000}5836/usr/bin/headroot 154100x8000000000000000276176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.008{ec2a0601-6f9f-63e3-68e2-37cf78550000}5840/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.008{ec2a0601-6f9f-63e3-68a2-300c11560000}5839/bin/dashroot 154100x8000000000000000276177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.009{ec2a0601-6f9f-63e3-d0d9-293a76550000}5841/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68e2-37cf78550000}5840/bin/dash/bin/shroot 154100x8000000000000000276180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.010{ec2a0601-6f9f-63e3-68d2-a35b5c550000}5842/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.010{ec2a0601-6f9f-63e3-68e2-37cf78550000}5840/bin/dashroot 534500x8000000000000000276178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.010{ec2a0601-6f9f-63e3-d0d9-293a76550000}5841/bin/catroot 154100x8000000000000000276188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.011{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000276182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.011{ec2a0601-6f9f-63e3-68a2-d2716f550000}5843/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.011{ec2a0601-6f9f-63e3-68d2-a35b5c550000}5842/bin/dashroot 154100x8000000000000000276184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.012{ec2a0601-6f9f-63e3-b840-d96a88550000}5846/usr/bin/cut-----cut -d -f4/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5844--- 154100x8000000000000000276183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.012{ec2a0601-6f9f-63e3-2030-7b0000000000}5845/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5844--- 534500x8000000000000000276187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.064{00000000-0000-0000-0000-000000000000}5844<unknown process>root 534500x8000000000000000276186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.064{ec2a0601-6f9f-63e3-b840-d96a88550000}5846/usr/bin/cutroot 534500x8000000000000000276185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.064{ec2a0601-6f9f-63e3-2030-7b0000000000}5845/usr/bin/python3.6root 154100x8000000000000000276189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.065{ec2a0601-6f9f-63e3-085f-ae8643560000}5847/bin/date-----date +%s/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dash/bin/shroot 154100x8000000000000000276191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.066{ec2a0601-6f9f-63e3-8864-0a8ea5550000}5848/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dash/bin/shroot 534500x8000000000000000276190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.066{ec2a0601-6f9f-63e3-085f-ae8643560000}5847/bin/dateroot 534500x8000000000000000276194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.067{ec2a0601-6f9f-63e3-98d5-06ecb9550000}5849/usr/bin/exprroot 154100x8000000000000000276193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.067{ec2a0601-6f9f-63e3-98d5-06ecb9550000}5849/usr/bin/expr-----expr 1675844674 + 86400/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dash/bin/shroot 534500x8000000000000000276192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.067{ec2a0601-6f9f-63e3-8864-0a8ea5550000}5848/usr/bin/statroot 154100x8000000000000000276199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.068{ec2a0601-6f9f-63e3-6802-907bdc550000}5851/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000276198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.068{ec2a0601-6f9f-63e3-68b2-ee825d550000}5851/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.068{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dashroot 534500x8000000000000000276196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.068{ec2a0601-6f9f-63e3-d049-d9079e550000}5850/bin/catroot 154100x8000000000000000276195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.068{ec2a0601-6f9f-63e3-d049-d9079e550000}5850/bin/cat-----cat /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68c2-205bce550000}5843/bin/dash/bin/shroot 154100x8000000000000000276202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.070{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000276201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.070{ec2a0601-6f9f-63e3-68c2-e0301d560000}5852/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.070{ec2a0601-6f9f-63e3-6802-907bdc550000}5851/bin/dashroot 154100x8000000000000000276203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.071{ec2a0601-6f9f-63e3-7344-d5f761550000}5853/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 154100x8000000000000000276204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.081{ec2a0601-6f9f-63e3-70b1-3ea354560000}5854/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-7344-d5f761550000}5853/usr/bin/apt-configapt-configroot 534500x8000000000000000276205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.083{ec2a0601-6f9f-63e3-70b1-3ea354560000}5854/usr/bin/dpkgroot 154100x8000000000000000276207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.084{ec2a0601-6f9f-63e3-73d4-048b00560000}5855/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 534500x8000000000000000276206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.084{ec2a0601-6f9f-63e3-7344-d5f761550000}5853/usr/bin/apt-configroot 154100x8000000000000000276208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.092{ec2a0601-6f9f-63e3-70b1-e2f6b1550000}5856/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-73d4-048b00560000}5855/usr/bin/apt-configapt-configroot 534500x8000000000000000276210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.094{ec2a0601-6f9f-63e3-73d4-048b00560000}5855/usr/bin/apt-configroot 534500x8000000000000000276209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.094{ec2a0601-6f9f-63e3-70b1-e2f6b1550000}5856/usr/bin/dpkgroot 154100x8000000000000000276211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.095{ec2a0601-6f9f-63e3-7304-d9e31d560000}5857/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 154100x8000000000000000276212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.100{ec2a0601-6f9f-63e3-70b1-a1f223560000}5858/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-7304-d9e31d560000}5857/usr/bin/apt-configapt-configroot 534500x8000000000000000276213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.102{ec2a0601-6f9f-63e3-70b1-a1f223560000}5858/usr/bin/dpkgroot 154100x8000000000000000276215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.104{ec2a0601-6f9f-63e3-7364-a7940d560000}5859/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 534500x8000000000000000276214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.104{ec2a0601-6f9f-63e3-7304-d9e31d560000}5857/usr/bin/apt-configroot 154100x8000000000000000276216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.109{ec2a0601-6f9f-63e3-70a1-277b9b550000}5860/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-7364-a7940d560000}5859/usr/bin/apt-configapt-configroot 534500x8000000000000000276217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.110{ec2a0601-6f9f-63e3-70a1-277b9b550000}5860/usr/bin/dpkgroot 154100x8000000000000000276219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.111{ec2a0601-6f9f-63e3-7324-bbd89f550000}5861/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 534500x8000000000000000276218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.111{ec2a0601-6f9f-63e3-7364-a7940d560000}5859/usr/bin/apt-configroot 154100x8000000000000000276220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.116{ec2a0601-6f9f-63e3-7091-308f5e550000}5862/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-7324-bbd89f550000}5861/usr/bin/apt-configapt-configroot 534500x8000000000000000276222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.119{ec2a0601-6f9f-63e3-7324-bbd89f550000}5861/usr/bin/apt-configroot 534500x8000000000000000276221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.119{ec2a0601-6f9f-63e3-7091-308f5e550000}5862/usr/bin/dpkgroot 154100x8000000000000000276223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.120{ec2a0601-6f9f-63e3-90e0-e332e1550000}5863/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 154100x8000000000000000276227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.121{ec2a0601-6f9f-63e3-a8c0-8648ab550000}5864/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 154100x8000000000000000276225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.121{ec2a0601-6f9f-63e3-e828-25be67550000}5865/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5864--- 534500x8000000000000000276224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.121{ec2a0601-6f9f-63e3-90e0-e332e1550000}5863/usr/bin/findroot 534500x8000000000000000276226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.122{ec2a0601-6f9f-63e3-e828-25be67550000}5865/usr/bin/dirnameroot 154100x8000000000000000276231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.123{ec2a0601-6f9f-63e3-2030-7b0000000000}5866/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/hwe-support-status/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 11241100x8000000000000000276230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.123{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/var/lib/update-notifier/tmp.osYnSBHxeq2023-02-08 09:47:11.123root 534500x8000000000000000276229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.123{ec2a0601-6f9f-63e3-a8c0-8648ab550000}5864/bin/mktemproot 11241100x8000000000000000276228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.123{ec2a0601-6f9f-63e3-a8c0-8648ab550000}5864/bin/mktemp/var/lib/update-notifier/tmp.osYnSBHxeq2023-02-08 09:47:11.123root 154100x8000000000000000276232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.216{ec2a0601-6f9f-63e3-2030-7b0000000000}5867/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -c -s/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-2030-7b0000000000}5866/usr/bin/python3.6/usr/bin/python3root 11241100x8000000000000000276233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.217{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6819610f34a2acc02023-02-08 09:47:11.217root 11241100x8000000000000000276242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865f8e23c412f5512023-02-08 09:47:11.218root 11241100x8000000000000000276241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225fb12ff054f67b2023-02-08 09:47:11.218root 11241100x8000000000000000276240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9795ac5fe21f72023-02-08 09:47:11.218root 11241100x8000000000000000276239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a76dbd598766492023-02-08 09:47:11.218root 11241100x8000000000000000276238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca38c73bc2261092023-02-08 09:47:11.218root 11241100x8000000000000000276237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d01b193c9a13d2023-02-08 09:47:11.218root 11241100x8000000000000000276236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71301b313aa456792023-02-08 09:47:11.218root 11241100x8000000000000000276235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2fcb6567423d9b2023-02-08 09:47:11.218root 11241100x8000000000000000276234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.218{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e88b569f5807582023-02-08 09:47:11.218root 11241100x8000000000000000276249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca85c8fc7e98a982023-02-08 09:47:11.219root 11241100x8000000000000000276248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cf3eb49bf7faf12023-02-08 09:47:11.219root 11241100x8000000000000000276247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76523211025bab12023-02-08 09:47:11.219root 11241100x8000000000000000276246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28c771a09b3d72b2023-02-08 09:47:11.219root 11241100x8000000000000000276245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58acfdf19836d752023-02-08 09:47:11.219root 11241100x8000000000000000276244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba986bf4d4e04ed62023-02-08 09:47:11.219root 11241100x8000000000000000276243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.219{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3636bf7f8925e472023-02-08 09:47:11.219root 11241100x8000000000000000276252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.220{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f82fc98be4ecd42023-02-08 09:47:11.220root 11241100x8000000000000000276251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.220{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05880cd91ddca9962023-02-08 09:47:11.220root 11241100x8000000000000000276250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.220{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593a2f4159271b8e2023-02-08 09:47:11.220root 11241100x8000000000000000276253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.221{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a64492e5ee4c2e2023-02-08 09:47:11.221root 11241100x8000000000000000276257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.222{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eabeae064ef05a12023-02-08 09:47:11.222root 11241100x8000000000000000276256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.222{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec29b9a045f1112023-02-08 09:47:11.222root 11241100x8000000000000000276255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.222{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbae42a71930bdb2023-02-08 09:47:11.222root 11241100x8000000000000000276254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.222{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c38b7b77b735ea72023-02-08 09:47:11.222root 11241100x8000000000000000276261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.223{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231c2289826850302023-02-08 09:47:11.223root 11241100x8000000000000000276260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.223{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8f65c4b0ddee052023-02-08 09:47:11.223root 11241100x8000000000000000276259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.223{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b263c9e3ecfff0232023-02-08 09:47:11.223root 11241100x8000000000000000276258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.223{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3027bddba63d9e2023-02-08 09:47:11.223root 11241100x8000000000000000276273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d88f95a3a1e8b8b2023-02-08 09:47:11.224root 11241100x8000000000000000276272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887585eba9328c582023-02-08 09:47:11.224root 11241100x8000000000000000276271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f13d25303bc6d72023-02-08 09:47:11.224root 11241100x8000000000000000276270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedc2df186049df92023-02-08 09:47:11.224root 11241100x8000000000000000276269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93adc830f375889a2023-02-08 09:47:11.224root 11241100x8000000000000000276268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc38e113afa4bda2023-02-08 09:47:11.224root 11241100x8000000000000000276267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fac724ce72ffdd72023-02-08 09:47:11.224root 11241100x8000000000000000276266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfd262e701c636b2023-02-08 09:47:11.224root 11241100x8000000000000000276265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d9113730c15112023-02-08 09:47:11.224root 11241100x8000000000000000276264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7ea15a35412f422023-02-08 09:47:11.224root 11241100x8000000000000000276263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe53e92de1a9792023-02-08 09:47:11.224root 11241100x8000000000000000276262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.224{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecadb45ff828ac332023-02-08 09:47:11.224root 11241100x8000000000000000276277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3508c0591ba6332023-02-08 09:47:11.225root 11241100x8000000000000000276276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657fcf9269d5a4e2023-02-08 09:47:11.225root 11241100x8000000000000000276275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3740bf9cceb2cd2023-02-08 09:47:11.225root 11241100x8000000000000000276274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.225{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466da79b00174f8d2023-02-08 09:47:11.225root 11241100x8000000000000000276287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd372a22be0fd5b2023-02-08 09:47:11.226root 11241100x8000000000000000276286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae31250b87ab62d2023-02-08 09:47:11.226root 11241100x8000000000000000276285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817e40222b660a3e2023-02-08 09:47:11.226root 11241100x8000000000000000276284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2071a71a2b6a202023-02-08 09:47:11.226root 11241100x8000000000000000276283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd22fc04d2a61172023-02-08 09:47:11.226root 11241100x8000000000000000276282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cbb489ac0a7b132023-02-08 09:47:11.226root 11241100x8000000000000000276281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acf85b8ede943062023-02-08 09:47:11.226root 11241100x8000000000000000276280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4215797ceadfea852023-02-08 09:47:11.226root 11241100x8000000000000000276279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60d67f3a0748c492023-02-08 09:47:11.226root 11241100x8000000000000000276278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.226{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6bbac77273b70f2023-02-08 09:47:11.226root 11241100x8000000000000000276292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.227{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5075158fb46a77a72023-02-08 09:47:11.227root 11241100x8000000000000000276291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.227{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb469b13532cd8712023-02-08 09:47:11.227root 11241100x8000000000000000276290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.227{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25768765928cbb2023-02-08 09:47:11.227root 11241100x8000000000000000276289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.227{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffcf20e43e8b5952023-02-08 09:47:11.227root 11241100x8000000000000000276288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.227{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e655c1e68b7838bc2023-02-08 09:47:11.227root 11241100x8000000000000000276305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c104fdb7affecf2023-02-08 09:47:11.228root 11241100x8000000000000000276304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c0a01048e9b03c2023-02-08 09:47:11.228root 11241100x8000000000000000276303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e2f2b524d0ff872023-02-08 09:47:11.228root 11241100x8000000000000000276302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc46ccbcd3bae722023-02-08 09:47:11.228root 11241100x8000000000000000276301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626b2ab178b7eb1e2023-02-08 09:47:11.228root 11241100x8000000000000000276300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b08349c9c416b2023-02-08 09:47:11.228root 11241100x8000000000000000276299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657a48a25b4967382023-02-08 09:47:11.228root 11241100x8000000000000000276298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f10ba194e6dda12023-02-08 09:47:11.228root 11241100x8000000000000000276297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a433f586f1cfba92023-02-08 09:47:11.228root 11241100x8000000000000000276296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe56e8ec2bc670e2023-02-08 09:47:11.228root 11241100x8000000000000000276295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aecaf9a747038d2023-02-08 09:47:11.228root 11241100x8000000000000000276294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95684f9fea1dff792023-02-08 09:47:11.228root 11241100x8000000000000000276293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.228{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c794a9081972572023-02-08 09:47:11.228root 11241100x8000000000000000276307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.229{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa4ad6bfa12af5f2023-02-08 09:47:11.229root 11241100x8000000000000000276306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.229{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049d52ddd5f036f2023-02-08 09:47:11.229root 11241100x8000000000000000276314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06f3867525a8a8a2023-02-08 09:47:11.230root 11241100x8000000000000000276313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422aaa16133ea81c2023-02-08 09:47:11.230root 11241100x8000000000000000276312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee4ac3311cbd0b2023-02-08 09:47:11.230root 11241100x8000000000000000276311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6126cfd81b2902023-02-08 09:47:11.230root 11241100x8000000000000000276310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8b8fc2a1d1fae32023-02-08 09:47:11.230root 11241100x8000000000000000276309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42a300ec8ce1aca2023-02-08 09:47:11.230root 11241100x8000000000000000276308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.230{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4b4c6015684a3f2023-02-08 09:47:11.230root 11241100x8000000000000000276324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542f588869b7696a2023-02-08 09:47:11.231root 11241100x8000000000000000276323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2982cf5e1f6cd732023-02-08 09:47:11.231root 11241100x8000000000000000276322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9813b9c78e1403712023-02-08 09:47:11.231root 11241100x8000000000000000276321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f516ccd3fc17d8102023-02-08 09:47:11.231root 11241100x8000000000000000276320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef889c37d5327012023-02-08 09:47:11.231root 11241100x8000000000000000276319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e0ccbc643f95b2023-02-08 09:47:11.231root 11241100x8000000000000000276318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959bf49934bdb84e2023-02-08 09:47:11.231root 11241100x8000000000000000276317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca91e09726d09052023-02-08 09:47:11.231root 11241100x8000000000000000276316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4594a06b6a7450a62023-02-08 09:47:11.231root 11241100x8000000000000000276315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.231{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba32696b1ac815e02023-02-08 09:47:11.231root 11241100x8000000000000000276333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99f7e42386e3d9d2023-02-08 09:47:11.232root 11241100x8000000000000000276332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed82c47317474d262023-02-08 09:47:11.232root 11241100x8000000000000000276331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7828fa3065d108bf2023-02-08 09:47:11.232root 11241100x8000000000000000276330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449aee08f2dbc20e2023-02-08 09:47:11.232root 11241100x8000000000000000276329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9430e04ba3dff942023-02-08 09:47:11.232root 11241100x8000000000000000276328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b01f2ee6c907062023-02-08 09:47:11.232root 11241100x8000000000000000276327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610222d8c03bd7e62023-02-08 09:47:11.232root 11241100x8000000000000000276326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb021c0bdcc610e2023-02-08 09:47:11.232root 11241100x8000000000000000276325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.232{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273ed60fd640d9d2023-02-08 09:47:11.232root 11241100x8000000000000000276343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d8552b0d70beb2023-02-08 09:47:11.233root 11241100x8000000000000000276342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81d87b7d7105b582023-02-08 09:47:11.233root 11241100x8000000000000000276341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117128e7e11c00d2023-02-08 09:47:11.233root 11241100x8000000000000000276340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e9c8a16d1fb6a42023-02-08 09:47:11.233root 11241100x8000000000000000276339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba15475c3c594a52023-02-08 09:47:11.233root 11241100x8000000000000000276338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4103591e31cb8a032023-02-08 09:47:11.233root 11241100x8000000000000000276337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2abe6be9f5f17cb2023-02-08 09:47:11.233root 11241100x8000000000000000276336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b1dbd372076402023-02-08 09:47:11.233root 11241100x8000000000000000276335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12358ea933d917542023-02-08 09:47:11.233root 11241100x8000000000000000276334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.233{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f84d4d330385b922023-02-08 09:47:11.233root 11241100x8000000000000000276350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5168e3285d4420e2023-02-08 09:47:11.234root 11241100x8000000000000000276349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6983741a869dc792023-02-08 09:47:11.234root 11241100x8000000000000000276348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13652f512263720d2023-02-08 09:47:11.234root 11241100x8000000000000000276347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9b4bd786bd9e002023-02-08 09:47:11.234root 11241100x8000000000000000276346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f0c5ca4d3f81e2023-02-08 09:47:11.234root 11241100x8000000000000000276345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c01a11610d9c1f2023-02-08 09:47:11.234root 11241100x8000000000000000276344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eedd0d32bd0cc82023-02-08 09:47:11.234root 11241100x8000000000000000276360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab7790dad4afd652023-02-08 09:47:11.235root 11241100x8000000000000000276359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e2ab7d336841572023-02-08 09:47:11.235root 11241100x8000000000000000276358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729423fa020f5c92023-02-08 09:47:11.235root 11241100x8000000000000000276357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c39755a32568052023-02-08 09:47:11.235root 11241100x8000000000000000276356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9718bf0fe92f8502023-02-08 09:47:11.235root 11241100x8000000000000000276355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac89e80e89d938e32023-02-08 09:47:11.235root 11241100x8000000000000000276354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80a488111f56d362023-02-08 09:47:11.235root 11241100x8000000000000000276353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147d7e444af8e5232023-02-08 09:47:11.235root 11241100x8000000000000000276352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ceb35d5f1e55e12023-02-08 09:47:11.235root 11241100x8000000000000000276351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f9073a134bf4512023-02-08 09:47:11.235root 11241100x8000000000000000276369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc7efad205050ef2023-02-08 09:47:11.236root 11241100x8000000000000000276368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be715e4d9bf64722023-02-08 09:47:11.236root 11241100x8000000000000000276367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2f2e0b3490a7a2023-02-08 09:47:11.236root 11241100x8000000000000000276366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9184fddfb19883522023-02-08 09:47:11.236root 11241100x8000000000000000276365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da44b323e646013e2023-02-08 09:47:11.236root 11241100x8000000000000000276364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e06216098bd872023-02-08 09:47:11.236root 11241100x8000000000000000276363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829dbda7eb70a8a12023-02-08 09:47:11.236root 11241100x8000000000000000276362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5945bb4959a0561e2023-02-08 09:47:11.236root 11241100x8000000000000000276361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2772877b82dcc62023-02-08 09:47:11.236root 11241100x8000000000000000276377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8056795383c61c2023-02-08 09:47:11.237root 11241100x8000000000000000276376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de37c1a570e69c142023-02-08 09:47:11.237root 11241100x8000000000000000276375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655ba76086b4a79b2023-02-08 09:47:11.237root 11241100x8000000000000000276374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd26bf40e16eef102023-02-08 09:47:11.237root 11241100x8000000000000000276373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a44849a1eed7e1e2023-02-08 09:47:11.237root 11241100x8000000000000000276372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c3b9fc87c527662023-02-08 09:47:11.237root 11241100x8000000000000000276371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2b171b14d70fb82023-02-08 09:47:11.237root 11241100x8000000000000000276370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fd43232d40e44e2023-02-08 09:47:11.237root 11241100x8000000000000000276389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafb1b19d98cbcfc2023-02-08 09:47:11.238root 11241100x8000000000000000276388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bb2f40257c67402023-02-08 09:47:11.238root 11241100x8000000000000000276387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5620b429286d8d2023-02-08 09:47:11.238root 11241100x8000000000000000276386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dc8115f70df2c52023-02-08 09:47:11.238root 11241100x8000000000000000276385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b9b5b24fd874012023-02-08 09:47:11.238root 11241100x8000000000000000276384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abaae1b983230172023-02-08 09:47:11.238root 11241100x8000000000000000276383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97450b0ffc4057672023-02-08 09:47:11.238root 11241100x8000000000000000276382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14d02adeaa762502023-02-08 09:47:11.238root 11241100x8000000000000000276381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ae9b82bd4cab3b2023-02-08 09:47:11.238root 11241100x8000000000000000276380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f52688ab1233d72023-02-08 09:47:11.238root 11241100x8000000000000000276379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f931ccba8271fc2023-02-08 09:47:11.238root 11241100x8000000000000000276378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dfdf0ec3705b5a2023-02-08 09:47:11.238root 11241100x8000000000000000276403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524f31ca833261e2023-02-08 09:47:11.239root 11241100x8000000000000000276402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c42f1a20ef51d7e2023-02-08 09:47:11.239root 11241100x8000000000000000276401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2beb8cf82a41b6e42023-02-08 09:47:11.239root 11241100x8000000000000000276400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8489f09d8f2c9362023-02-08 09:47:11.239root 11241100x8000000000000000276399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb47ed0a9c02653b2023-02-08 09:47:11.239root 11241100x8000000000000000276398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30761212ce660f2023-02-08 09:47:11.239root 11241100x8000000000000000276397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca149cb49dffaf42023-02-08 09:47:11.239root 11241100x8000000000000000276396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17014b5cb36f7382023-02-08 09:47:11.239root 11241100x8000000000000000276395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842c458a7b3ff5c72023-02-08 09:47:11.239root 11241100x8000000000000000276394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2698bb361faa6b2023-02-08 09:47:11.239root 11241100x8000000000000000276393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ad0dd2aa3468e82023-02-08 09:47:11.239root 11241100x8000000000000000276392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc55da1e233fcc752023-02-08 09:47:11.239root 11241100x8000000000000000276391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06ee0ab63ae04832023-02-08 09:47:11.239root 11241100x8000000000000000276390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef3b225adfa26572023-02-08 09:47:11.239root 11241100x8000000000000000276418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201a694c95e01712023-02-08 09:47:11.240root 11241100x8000000000000000276417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2145ecb4716053282023-02-08 09:47:11.240root 11241100x8000000000000000276416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6796a50a3a2f1c432023-02-08 09:47:11.240root 11241100x8000000000000000276415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec2f5241b6a7e902023-02-08 09:47:11.240root 11241100x8000000000000000276414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fb2cca55549d952023-02-08 09:47:11.240root 11241100x8000000000000000276413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d8d4732e3f67282023-02-08 09:47:11.240root 11241100x8000000000000000276412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad77328f2015e8492023-02-08 09:47:11.240root 11241100x8000000000000000276411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b194aa53feab72023-02-08 09:47:11.240root 11241100x8000000000000000276410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42be7607a944960a2023-02-08 09:47:11.240root 11241100x8000000000000000276409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86822faae59a29412023-02-08 09:47:11.240root 11241100x8000000000000000276408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6598edb6fbd453d12023-02-08 09:47:11.240root 11241100x8000000000000000276407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374e52ff3dd22bfb2023-02-08 09:47:11.240root 11241100x8000000000000000276406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c68d19ea8577e772023-02-08 09:47:11.240root 11241100x8000000000000000276405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b4bf1830e3ac72023-02-08 09:47:11.240root 11241100x8000000000000000276404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d80e1f6077e24fb2023-02-08 09:47:11.240root 11241100x8000000000000000276424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273f51d5be4516e2023-02-08 09:47:11.241root 11241100x8000000000000000276423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f578ea43cc17a2023-02-08 09:47:11.241root 11241100x8000000000000000276422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04449bb2c7e9b6672023-02-08 09:47:11.241root 11241100x8000000000000000276421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76333210737ec48e2023-02-08 09:47:11.241root 11241100x8000000000000000276420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9cd417f111eb512023-02-08 09:47:11.241root 11241100x8000000000000000276419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7838e7d0bb44d4632023-02-08 09:47:11.241root 11241100x8000000000000000276434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297c610780f866282023-02-08 09:47:11.243root 11241100x8000000000000000276433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b71967d44fe7a32023-02-08 09:47:11.243root 11241100x8000000000000000276432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f42f5fbdd92a612023-02-08 09:47:11.243root 11241100x8000000000000000276431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8a279cf3b7e582023-02-08 09:47:11.243root 11241100x8000000000000000276430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca310c260576f3b2023-02-08 09:47:11.243root 11241100x8000000000000000276429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d539fc1354e652023-02-08 09:47:11.243root 11241100x8000000000000000276428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aeaf7db7236be242023-02-08 09:47:11.243root 11241100x8000000000000000276427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b783794b5ba0e2f2023-02-08 09:47:11.243root 11241100x8000000000000000276426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091746c5cf8df12f2023-02-08 09:47:11.243root 11241100x8000000000000000276425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfae97c6eb2209102023-02-08 09:47:11.243root 11241100x8000000000000000276450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9658fcb41c890a7c2023-02-08 09:47:11.244root 11241100x8000000000000000276449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b8b677311927252023-02-08 09:47:11.244root 11241100x8000000000000000276448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0ed194b4ccf6462023-02-08 09:47:11.244root 11241100x8000000000000000276447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bd4361a5aebefc2023-02-08 09:47:11.244root 11241100x8000000000000000276446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8bd610c207a4592023-02-08 09:47:11.244root 11241100x8000000000000000276445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa27fdba07927bf2023-02-08 09:47:11.244root 11241100x8000000000000000276444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43d4a8fb56b60202023-02-08 09:47:11.244root 11241100x8000000000000000276443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2d3603f3494402023-02-08 09:47:11.244root 11241100x8000000000000000276442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61504b5528eaee52023-02-08 09:47:11.244root 11241100x8000000000000000276441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d92c1d839aa4652023-02-08 09:47:11.244root 11241100x8000000000000000276440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564e692dc8ad2fde2023-02-08 09:47:11.244root 11241100x8000000000000000276439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5487c02b1c866f72023-02-08 09:47:11.244root 11241100x8000000000000000276438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909dd629bad17d852023-02-08 09:47:11.244root 11241100x8000000000000000276437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e902836c2fd393712023-02-08 09:47:11.244root 11241100x8000000000000000276436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4f49c308a0302c2023-02-08 09:47:11.244root 11241100x8000000000000000276435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9c4fff1c641a102023-02-08 09:47:11.244root 11241100x8000000000000000276463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9716d4d46fec87122023-02-08 09:47:11.245root 11241100x8000000000000000276462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16475dc93cfc2a52023-02-08 09:47:11.245root 11241100x8000000000000000276461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946e4b0f558f77162023-02-08 09:47:11.245root 11241100x8000000000000000276460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ae5ac2653c31d12023-02-08 09:47:11.245root 11241100x8000000000000000276459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac984c0772b17d62023-02-08 09:47:11.245root 11241100x8000000000000000276458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025916be6c05bb5f2023-02-08 09:47:11.245root 11241100x8000000000000000276457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f0b4a13029380e2023-02-08 09:47:11.245root 11241100x8000000000000000276456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d992c87134b8dc92023-02-08 09:47:11.245root 11241100x8000000000000000276455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb491eb70499ac072023-02-08 09:47:11.245root 11241100x8000000000000000276454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62756093c0a4212a2023-02-08 09:47:11.245root 11241100x8000000000000000276453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14677311f6ef429b2023-02-08 09:47:11.245root 11241100x8000000000000000276452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29216a0f87ceb75f2023-02-08 09:47:11.245root 11241100x8000000000000000276451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcecc30bb5aff132023-02-08 09:47:11.245root 11241100x8000000000000000276465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c4c09c352314852023-02-08 09:47:11.246root 11241100x8000000000000000276464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b591844a6329062023-02-08 09:47:11.246root 11241100x8000000000000000276479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67135725fb3814822023-02-08 09:47:11.248root 11241100x8000000000000000276478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f9b50216e4eaee2023-02-08 09:47:11.248root 11241100x8000000000000000276477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.282b5cb1120293442023-02-08 09:47:11.248root 11241100x8000000000000000276476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2f1b74b0a14c262023-02-08 09:47:11.248root 11241100x8000000000000000276475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256732ad70c969eb2023-02-08 09:47:11.248root 11241100x8000000000000000276474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079ad6b650fe88a12023-02-08 09:47:11.248root 11241100x8000000000000000276473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd85b0cf868563b2023-02-08 09:47:11.248root 11241100x8000000000000000276472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e6e7bc16072b32023-02-08 09:47:11.248root 11241100x8000000000000000276471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557581b640c6092a2023-02-08 09:47:11.248root 11241100x8000000000000000276470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f1f29563d4d622023-02-08 09:47:11.248root 11241100x8000000000000000276469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef0ffc9d120af282023-02-08 09:47:11.248root 11241100x8000000000000000276468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e171a4cd7b3ac42023-02-08 09:47:11.248root 11241100x8000000000000000276467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c175dbf16363f4232023-02-08 09:47:11.248root 11241100x8000000000000000276466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e2b18d19de90f82023-02-08 09:47:11.248root 11241100x8000000000000000276492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15561fe6617d3402023-02-08 09:47:11.249root 11241100x8000000000000000276491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0285c0ce6d30832023-02-08 09:47:11.249root 11241100x8000000000000000276490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2038cc25c8356b182023-02-08 09:47:11.249root 11241100x8000000000000000276489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c903905805cf69a2023-02-08 09:47:11.249root 11241100x8000000000000000276488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81935621e36398452023-02-08 09:47:11.249root 11241100x8000000000000000276487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c75f7ddff579352023-02-08 09:47:11.249root 11241100x8000000000000000276486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32a2f4bf39460942023-02-08 09:47:11.249root 11241100x8000000000000000276485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb531fa5396ff53a2023-02-08 09:47:11.249root 11241100x8000000000000000276484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4900d6b244a3602023-02-08 09:47:11.249root 11241100x8000000000000000276483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a99702b5d1698c2023-02-08 09:47:11.249root 11241100x8000000000000000276482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629286b9695813e82023-02-08 09:47:11.249root 11241100x8000000000000000276481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3953ef9508f8f2012023-02-08 09:47:11.249root 11241100x8000000000000000276480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d0e38f15897962023-02-08 09:47:11.249root 11241100x8000000000000000276500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb3c482bce55c232023-02-08 09:47:11.250root 11241100x8000000000000000276499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db145abd858869d2023-02-08 09:47:11.250root 11241100x8000000000000000276498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf748040df4f1a32023-02-08 09:47:11.250root 11241100x8000000000000000276497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba504aebd5ec6fb32023-02-08 09:47:11.250root 11241100x8000000000000000276496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081f419b9762cfa72023-02-08 09:47:11.250root 11241100x8000000000000000276495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1d460206464dab2023-02-08 09:47:11.250root 11241100x8000000000000000276494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888622075aa250a62023-02-08 09:47:11.250root 11241100x8000000000000000276493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cccfdf897949ad52023-02-08 09:47:11.250root 11241100x8000000000000000276509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2df2a308f4cc6fd2023-02-08 09:47:11.251root 11241100x8000000000000000276508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5597d82c4b232f552023-02-08 09:47:11.251root 11241100x8000000000000000276507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5eca674dd956afe2023-02-08 09:47:11.251root 11241100x8000000000000000276506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b541acb953b501f82023-02-08 09:47:11.251root 11241100x8000000000000000276505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827cb2e7b56ab7d72023-02-08 09:47:11.251root 11241100x8000000000000000276504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a315c4a7fe1022872023-02-08 09:47:11.251root 11241100x8000000000000000276503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cbe0e970eecb802023-02-08 09:47:11.251root 11241100x8000000000000000276502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c37c403afd6652023-02-08 09:47:11.251root 11241100x8000000000000000276501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d6500f079b7742023-02-08 09:47:11.251root 11241100x8000000000000000276519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b4cd56c127fa8a2023-02-08 09:47:11.252root 11241100x8000000000000000276518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3790f4e67ab55c1c2023-02-08 09:47:11.252root 11241100x8000000000000000276517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e42d70bb646a81e2023-02-08 09:47:11.252root 11241100x8000000000000000276516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362c274a340629fa2023-02-08 09:47:11.252root 11241100x8000000000000000276515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7951031f6e35152023-02-08 09:47:11.252root 11241100x8000000000000000276514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8f65e4c0b3b4be2023-02-08 09:47:11.252root 11241100x8000000000000000276513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb084d53fd5d98062023-02-08 09:47:11.252root 11241100x8000000000000000276512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5456b00efe36772023-02-08 09:47:11.252root 11241100x8000000000000000276511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964089607f1fc7bc2023-02-08 09:47:11.252root 11241100x8000000000000000276510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.252{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482e905e839eb1362023-02-08 09:47:11.252root 11241100x8000000000000000276529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced8280a9c6c50982023-02-08 09:47:11.253root 11241100x8000000000000000276528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e313eba48027be2023-02-08 09:47:11.253root 11241100x8000000000000000276527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f209a8c36381b302023-02-08 09:47:11.253root 11241100x8000000000000000276526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c3b2e5e69912552023-02-08 09:47:11.253root 11241100x8000000000000000276525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c5e000733dc5c52023-02-08 09:47:11.253root 11241100x8000000000000000276524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6a59a6ef8e88502023-02-08 09:47:11.253root 11241100x8000000000000000276523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ebbdb2dc81df552023-02-08 09:47:11.253root 11241100x8000000000000000276522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701881ada3cb6ddb2023-02-08 09:47:11.253root 11241100x8000000000000000276521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3846f58c8c4f872023-02-08 09:47:11.253root 11241100x8000000000000000276520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9900c71f75f77482023-02-08 09:47:11.253root 11241100x8000000000000000276538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e828865284ab3a122023-02-08 09:47:11.254root 11241100x8000000000000000276537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02e90ba0f3b973f2023-02-08 09:47:11.254root 11241100x8000000000000000276536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d44adedae32edb2023-02-08 09:47:11.254root 11241100x8000000000000000276535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004834a295b6ab5e2023-02-08 09:47:11.254root 11241100x8000000000000000276534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2630c038b1ce4a62023-02-08 09:47:11.254root 11241100x8000000000000000276533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd55ba8aed1af4112023-02-08 09:47:11.254root 11241100x8000000000000000276532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7badd0eb9dea6b2023-02-08 09:47:11.254root 11241100x8000000000000000276531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762f507367be57872023-02-08 09:47:11.254root 11241100x8000000000000000276530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b15cf3324013f322023-02-08 09:47:11.254root 11241100x8000000000000000276548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6b75406e32c7fc2023-02-08 09:47:11.255root 11241100x8000000000000000276547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382601780f8c62992023-02-08 09:47:11.255root 11241100x8000000000000000276546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55db3d331235f67d2023-02-08 09:47:11.255root 11241100x8000000000000000276545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13281761b615ce412023-02-08 09:47:11.255root 11241100x8000000000000000276544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaab21b8f1ff08a2023-02-08 09:47:11.255root 11241100x8000000000000000276543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c7a5c7798c1472023-02-08 09:47:11.255root 11241100x8000000000000000276542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a81b4607629a9b2023-02-08 09:47:11.255root 11241100x8000000000000000276541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5907354143a7f8f82023-02-08 09:47:11.255root 11241100x8000000000000000276540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bb69089dc031a32023-02-08 09:47:11.255root 11241100x8000000000000000276539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c164474881fb52382023-02-08 09:47:11.255root 11241100x8000000000000000276558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85beecd9a8d776e2023-02-08 09:47:11.256root 11241100x8000000000000000276557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e70b8f46d3756422023-02-08 09:47:11.256root 11241100x8000000000000000276556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeb280cded9b0702023-02-08 09:47:11.256root 11241100x8000000000000000276555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0e5713971f00ba2023-02-08 09:47:11.256root 11241100x8000000000000000276554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ac406e63afa4f92023-02-08 09:47:11.256root 11241100x8000000000000000276553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7231a41a8939eb32023-02-08 09:47:11.256root 11241100x8000000000000000276552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e85e7cf721006f2023-02-08 09:47:11.256root 11241100x8000000000000000276551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08320a19b0a96a2023-02-08 09:47:11.256root 11241100x8000000000000000276550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1655e17f24da22023-02-08 09:47:11.256root 11241100x8000000000000000276549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790496bf204a947d2023-02-08 09:47:11.256root 11241100x8000000000000000276569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e895d11813d22f62023-02-08 09:47:11.257root 11241100x8000000000000000276568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6096da2c8dec879d2023-02-08 09:47:11.257root 11241100x8000000000000000276567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6277a28b6753c672023-02-08 09:47:11.257root 11241100x8000000000000000276566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc558fdee78cec52023-02-08 09:47:11.257root 11241100x8000000000000000276565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0535fed7a0b29fb2023-02-08 09:47:11.257root 11241100x8000000000000000276564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0db6a4f9ce3032023-02-08 09:47:11.257root 11241100x8000000000000000276563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b3424b350db5112023-02-08 09:47:11.257root 11241100x8000000000000000276562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e249df46c6e7c92023-02-08 09:47:11.257root 11241100x8000000000000000276561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08831f020c094d162023-02-08 09:47:11.257root 11241100x8000000000000000276560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e956babb69b9286b2023-02-08 09:47:11.257root 11241100x8000000000000000276559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a76dbbeede44892023-02-08 09:47:11.257root 11241100x8000000000000000276575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b05133944c53b5e2023-02-08 09:47:11.258root 11241100x8000000000000000276574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d2df49b95dba1c2023-02-08 09:47:11.258root 11241100x8000000000000000276573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9eff674cd456472023-02-08 09:47:11.258root 11241100x8000000000000000276572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06db1717e368b0832023-02-08 09:47:11.258root 11241100x8000000000000000276571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8628bbec25e228ac2023-02-08 09:47:11.258root 11241100x8000000000000000276570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63a129a07be8f52023-02-08 09:47:11.258root 534500x8000000000000000276576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.283{ec2a0601-6f9f-63e3-2030-7b0000000000}5867/usr/bin/python3.6root 154100x8000000000000000276577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.284{ec2a0601-6f9f-63e3-7081-45cbcd550000}5868/usr/bin/dpkg-----dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-2030-7b0000000000}5866/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000276578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.287{ec2a0601-6f9f-63e3-7081-45cbcd550000}5868/usr/bin/dpkgroot 154100x8000000000000000276580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.306{ec2a0601-6f9f-63e3-886b-debf54560000}5869/bin/mv-----mv /var/lib/update-notifier/tmp.osYnSBHxeq /var/lib/update-notifier/hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 534500x8000000000000000276579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.306{ec2a0601-6f9f-63e3-2030-7b0000000000}5866/usr/bin/python3.6root 534500x8000000000000000276581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.309{ec2a0601-6f9f-63e3-886b-debf54560000}5869/bin/mvroot 154100x8000000000000000276584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.310{ec2a0601-6f9f-63e3-7043-83f54e560000}5871/bin/rm-----rm -f /var/lib/update-notifier/tmp.osYnSBHxeq/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 534500x8000000000000000276583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.310{ec2a0601-6f9f-63e3-d0c9-78abce550000}5870/bin/catroot 154100x8000000000000000276582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.310{ec2a0601-6f9f-63e3-d0c9-78abce550000}5870/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dash/bin/shroot 154100x8000000000000000276587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.311{ec2a0601-6f9f-63e3-6822-a42a40560000}5872/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.311{ec2a0601-6f9f-63e3-68f2-e53f93550000}5852/bin/dashroot 534500x8000000000000000276585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.311{ec2a0601-6f9f-63e3-7043-83f54e560000}5871/bin/rmroot 154100x8000000000000000276590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.312{ec2a0601-6f9f-63e3-50fc-82a657550000}5874/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5873--- 154100x8000000000000000276589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.312{ec2a0601-6f9f-63e3-182a-89d89f550000}5875/usr/bin/sort-----sort -r/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5873--- 154100x8000000000000000276588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.312{ec2a0601-6f9f-63e3-6852-80057d550000}5874/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5873--- 154100x8000000000000000276596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000276595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{ec2a0601-6f9f-63e3-68c2-326446560000}5876/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{ec2a0601-6f9f-63e3-6822-a42a40560000}5872/bin/dashroot 534500x8000000000000000276593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{00000000-0000-0000-0000-000000000000}5873<unknown process>root 534500x8000000000000000276592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{ec2a0601-6f9f-63e3-182a-89d89f550000}5875/usr/bin/sortroot 534500x8000000000000000276591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.314{ec2a0601-6f9f-63e3-50fc-82a657550000}5874/bin/greproot 154100x8000000000000000276597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.315{ec2a0601-6f9f-63e3-88a4-1735a2550000}5877/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 534500x8000000000000000276598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.316{ec2a0601-6f9f-63e3-88a4-1735a2550000}5877/usr/bin/statroot 154100x8000000000000000276601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.317{ec2a0601-6f9f-63e3-08bf-e0b410560000}5878/bin/date-----date -d now - 4974.77 seconds +%s/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 154100x8000000000000000276599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.317{ec2a0601-6f9f-63e3-f02c-f243e6550000}5879/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5878--- 534500x8000000000000000276600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.318{ec2a0601-6f9f-63e3-f02c-f243e6550000}5879/usr/bin/gawkroot 154100x8000000000000000276603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.319{ec2a0601-6f9f-63e3-089f-2bae29560000}5880/bin/date-----date +%s/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 534500x8000000000000000276602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.319{ec2a0601-6f9f-63e3-08bf-e0b410560000}5878/bin/dateroot 154100x8000000000000000276606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.320{ec2a0601-6f9f-63e3-f07c-eeb5e4550000}5883/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5881--- 154100x8000000000000000276605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.320{ec2a0601-6f9f-63e3-a802-084695550000}5882/bin/mount-----mount/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5881--- 534500x8000000000000000276604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.320{ec2a0601-6f9f-63e3-089f-2bae29560000}5880/bin/dateroot 534500x8000000000000000276607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.322{ec2a0601-6f9f-63e3-a802-084695550000}5882/bin/mountroot 154100x8000000000000000276610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.323{ec2a0601-6f9f-63e3-680e-2bda6b550000}5884/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 534500x8000000000000000276609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.323{00000000-0000-0000-0000-000000000000}5881<unknown process>root 534500x8000000000000000276608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.323{ec2a0601-6f9f-63e3-f07c-eeb5e4550000}5883/usr/bin/gawkroot 924900x8000000000000000276611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.324{ec2a0601-6f9f-63e3-680e-2bda6b550000}5884/sbin/dumpe2fs/dev/nvme0n1p1root 534500x8000000000000000276612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.325{ec2a0601-6f9f-63e3-680e-2bda6b550000}5884/sbin/dumpe2fsroot 154100x8000000000000000276615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.326{ec2a0601-6f9f-63e3-b870-ae4340560000}5888/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5885--- 154100x8000000000000000276614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.326{ec2a0601-6f9f-63e3-50cc-f0478d550000}5887/bin/grep-----grep ^Mount count:/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5885--- 534500x8000000000000000276613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.326{ec2a0601-6f97-63e3-0000-000000000000}5886-root 154100x8000000000000000276621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{ec2a0601-6f9f-63e3-b8a0-48cf1a560000}5892/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5889--- 154100x8000000000000000276620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{ec2a0601-6f9f-63e3-50ec-bb4763550000}5891/bin/grep-----grep ^Maximum mount count:/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5889--- 534500x8000000000000000276619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{ec2a0601-6f9f-63e3-0000-000000000000}5890-root 534500x8000000000000000276618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{00000000-0000-0000-0000-000000000000}5885<unknown process>root 534500x8000000000000000276617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{ec2a0601-6f9f-63e3-b870-ae4340560000}5888/usr/bin/cutroot 534500x8000000000000000276616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.327{ec2a0601-6f9f-63e3-50cc-f0478d550000}5887/bin/greproot 534500x8000000000000000276624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.328{ec2a0601-6f9f-63e3-0000-000000000000}5889-root 534500x8000000000000000276623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.328{ec2a0601-6f9f-63e3-b8a0-48cf1a560000}5892/usr/bin/cutroot 534500x8000000000000000276622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.328{ec2a0601-6f9f-63e3-50ec-bb4763550000}5891/bin/greproot 154100x8000000000000000276628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.329{ec2a0601-6f9f-63e3-b880-23060e560000}5896/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5893--- 154100x8000000000000000276627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.329{ec2a0601-6f9f-63e3-b8a0-b23fc4550000}5897/usr/bin/cut-----cut -d( -f 1/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5893--- 154100x8000000000000000276626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.329{ec2a0601-6f9f-63e3-50bc-4d5546560000}5895/bin/grep-----grep ^Check interval:/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5893--- 534500x8000000000000000276625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.329{ec2a0601-6f9f-63e3-0000-000000000000}5894-root 534500x8000000000000000276632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.330{00000000-0000-0000-0000-000000000000}5893<unknown process>root 534500x8000000000000000276631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.330{ec2a0601-6f9f-63e3-b8a0-b23fc4550000}5897/usr/bin/cutroot 534500x8000000000000000276630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.330{ec2a0601-6f9f-63e3-b880-23060e560000}5896/usr/bin/cutroot 534500x8000000000000000276629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.330{ec2a0601-6f9f-63e3-50bc-4d5546560000}5895/bin/greproot 154100x8000000000000000276635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.331{ec2a0601-6f9f-63e3-b8e0-985736560000}5901/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5898--- 154100x8000000000000000276634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.331{ec2a0601-6f9f-63e3-501c-28e121560000}5900/bin/grep-----grep ^Next check after:/root{ec2a0601-0000-0000-0000-000000000000}05no level-{00000000-0000-0000-0000-000000000000}5898--- 534500x8000000000000000276633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.331{00000000-0000-0000-0000-000000000000}5899<unknown process>root 154100x8000000000000000276639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.332{ec2a0601-6f9f-63e3-082f-a30f46560000}5902/bin/date-----date -d +%s/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 534500x8000000000000000276638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.332{00000000-0000-0000-0000-000000000000}5898<unknown process>root 534500x8000000000000000276637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.332{ec2a0601-6f9f-63e3-b8e0-985736560000}5901/usr/bin/cutroot 534500x8000000000000000276636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.332{ec2a0601-6f9f-63e3-501c-28e121560000}5900/bin/greproot 154100x8000000000000000276641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.333{ec2a0601-6f9f-63e3-d0a9-76f894550000}5903/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dash/bin/shroot 534500x8000000000000000276640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.333{ec2a0601-6f9f-63e3-082f-a30f46560000}5902/bin/dateroot 154100x8000000000000000276645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.334{ec2a0601-6f9f-63e3-6812-2f53f3550000}5904/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 154100x8000000000000000276644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.334{ec2a0601-6f9f-63e3-68a2-cb0962550000}5904/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsrun-partsroot 534500x8000000000000000276643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.334{ec2a0601-6f9f-63e3-68a2-ae12c8550000}5876/bin/dashroot 534500x8000000000000000276642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.334{ec2a0601-6f9f-63e3-d0a9-76f894550000}5903/bin/catroot 534500x8000000000000000276648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.336{ec2a0601-6f9e-63e3-6882-ebcbd6550000}5815/bin/dashroot 534500x8000000000000000276647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.336{ec2a0601-6f9e-63e3-382a-3c15da550000}5816/bin/run-partsroot 534500x8000000000000000276646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.336{ec2a0601-6f9f-63e3-6812-2f53f3550000}5904/bin/dashroot 11241100x8000000000000000276654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6790608c3aa0ef4e2023-02-08 09:47:11.484root 11241100x8000000000000000276653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c25c55dbf515062023-02-08 09:47:11.484root 11241100x8000000000000000276652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aad5383e8345472023-02-08 09:47:11.484root 11241100x8000000000000000276651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde78ab3be676ed2023-02-08 09:47:11.484root 11241100x8000000000000000276650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107b0c3906ef5cd32023-02-08 09:47:11.484root 11241100x8000000000000000276649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4613b14e2ecee5092023-02-08 09:47:11.484root 11241100x8000000000000000276660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e1a8633905f4122023-02-08 09:47:11.485root 11241100x8000000000000000276659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84ca31e63d25aa02023-02-08 09:47:11.485root 11241100x8000000000000000276658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526e958bab7e03b42023-02-08 09:47:11.485root 11241100x8000000000000000276657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c059c31749adac62023-02-08 09:47:11.485root 11241100x8000000000000000276656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf3d137f7e4cf202023-02-08 09:47:11.485root 11241100x8000000000000000276655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c839cc70523157932023-02-08 09:47:11.485root 11241100x8000000000000000276666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e37328af14ae9232023-02-08 09:47:11.486root 11241100x8000000000000000276665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46850f4b07de0b0d2023-02-08 09:47:11.486root 11241100x8000000000000000276664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db336d9a798b93762023-02-08 09:47:11.486root 11241100x8000000000000000276663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efedfa065188c3c22023-02-08 09:47:11.486root 11241100x8000000000000000276662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e71782fe7967c662023-02-08 09:47:11.486root 11241100x8000000000000000276661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad68cabb338a83182023-02-08 09:47:11.486root 11241100x8000000000000000276673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5680a21327c844792023-02-08 09:47:11.487root 11241100x8000000000000000276672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd5b7ff76dfcb5b2023-02-08 09:47:11.487root 11241100x8000000000000000276671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bad6c70936c1132023-02-08 09:47:11.487root 11241100x8000000000000000276670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508f262a1aa6e30c2023-02-08 09:47:11.487root 11241100x8000000000000000276669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3eb6a5d58007e2023-02-08 09:47:11.487root 11241100x8000000000000000276668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d11d113ca08825f2023-02-08 09:47:11.487root 11241100x8000000000000000276667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311aa7b097974f9a2023-02-08 09:47:11.487root 11241100x8000000000000000276678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd81fb4333e59d72023-02-08 09:47:11.488root 11241100x8000000000000000276677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e705705c634e18a2023-02-08 09:47:11.488root 11241100x8000000000000000276676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c372a62ce8ef62a2023-02-08 09:47:11.488root 11241100x8000000000000000276675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0ef0b0e06f87492023-02-08 09:47:11.488root 11241100x8000000000000000276674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88fd76cd5e84b22023-02-08 09:47:11.488root 11241100x8000000000000000276683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be89aa01446646002023-02-08 09:47:11.489root 11241100x8000000000000000276682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf6b69ac8e8716b2023-02-08 09:47:11.489root 11241100x8000000000000000276681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f99d87acc24df2023-02-08 09:47:11.489root 11241100x8000000000000000276680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad5c2c3d6d8ceb32023-02-08 09:47:11.489root 11241100x8000000000000000276679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f97831aa612a3c32023-02-08 09:47:11.489root 11241100x8000000000000000276691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417d4542ab2333a42023-02-08 09:47:11.490root 11241100x8000000000000000276690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a115688ec533004f2023-02-08 09:47:11.490root 11241100x8000000000000000276689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56819440fc870d5e2023-02-08 09:47:11.490root 11241100x8000000000000000276688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ea9feb3bdd4f92023-02-08 09:47:11.490root 11241100x8000000000000000276687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24bcdf83e8cdb0b2023-02-08 09:47:11.490root 11241100x8000000000000000276686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3f982dddb337ca2023-02-08 09:47:11.490root 11241100x8000000000000000276685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021de8417fb7f6182023-02-08 09:47:11.490root 11241100x8000000000000000276684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39022c3f50e81202023-02-08 09:47:11.490root 11241100x8000000000000000276698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033c989df26a63672023-02-08 09:47:11.491root 11241100x8000000000000000276697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1651eb2aab04bc352023-02-08 09:47:11.491root 11241100x8000000000000000276696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eeca55a5b5a8772023-02-08 09:47:11.491root 11241100x8000000000000000276695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f11150ad04c4042023-02-08 09:47:11.491root 11241100x8000000000000000276694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f36c7ec4a9dbca2023-02-08 09:47:11.491root 11241100x8000000000000000276693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cc4f0773d0e00a2023-02-08 09:47:11.491root 11241100x8000000000000000276692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415e2cc6b0e07d232023-02-08 09:47:11.491root 11241100x8000000000000000276706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fbaa509107e7452023-02-08 09:47:11.492root 11241100x8000000000000000276705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db3ff09e1c3a54c2023-02-08 09:47:11.492root 11241100x8000000000000000276704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70447db60bcb45aa2023-02-08 09:47:11.492root 11241100x8000000000000000276703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c7018ddd12665e2023-02-08 09:47:11.492root 11241100x8000000000000000276702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa68cf53ccade12023-02-08 09:47:11.492root 11241100x8000000000000000276701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ac8b2af71c905e2023-02-08 09:47:11.492root 11241100x8000000000000000276700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b798cfc4cdab1782023-02-08 09:47:11.492root 11241100x8000000000000000276699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027bd32c1264cc6f2023-02-08 09:47:11.492root 11241100x8000000000000000276709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0162ab6be75253652023-02-08 09:47:11.493root 11241100x8000000000000000276708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157788c092ddefcd2023-02-08 09:47:11.493root 11241100x8000000000000000276707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede8071e93e7c1722023-02-08 09:47:11.493root 11241100x8000000000000000276712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7169780a530a3f2023-02-08 09:47:11.494root 11241100x8000000000000000276711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc847f8abc7480b2023-02-08 09:47:11.494root 11241100x8000000000000000276710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec3241054467ce2023-02-08 09:47:11.494root 11241100x8000000000000000276715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124103f2eebdc9682023-02-08 09:47:11.495root 11241100x8000000000000000276714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0f7cca91a9659a2023-02-08 09:47:11.495root 11241100x8000000000000000276713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc7e4764141d1b2023-02-08 09:47:11.495root 11241100x8000000000000000276716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fadc18cd3c2ff22023-02-08 09:47:11.496root 11241100x8000000000000000276717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27770fd2bfd153252023-02-08 09:47:11.497root 11241100x8000000000000000276725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b8c540ddf9fded2023-02-08 09:47:11.498root 11241100x8000000000000000276724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c75b17068b6d6e32023-02-08 09:47:11.498root 11241100x8000000000000000276723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b78b419de6968e2023-02-08 09:47:11.498root 11241100x8000000000000000276722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255df28e4acfc4422023-02-08 09:47:11.498root 11241100x8000000000000000276721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec0f61768b98f8b2023-02-08 09:47:11.498root 11241100x8000000000000000276720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c75ae93a6eacf32023-02-08 09:47:11.498root 11241100x8000000000000000276719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a5bc26ff5d0ebc2023-02-08 09:47:11.498root 11241100x8000000000000000276718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421ac05d3502dd4b2023-02-08 09:47:11.498root 11241100x8000000000000000276728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8552a4826e283a32023-02-08 09:47:11.499root 11241100x8000000000000000276727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64984818e80d8ecc2023-02-08 09:47:11.499root 11241100x8000000000000000276726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40485bd9ef0fcd082023-02-08 09:47:11.499root 11241100x8000000000000000276740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd83244811ac72e2023-02-08 09:47:11.500root 11241100x8000000000000000276739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784d0aa76cd0cf572023-02-08 09:47:11.500root 11241100x8000000000000000276738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d993116f4bdb672023-02-08 09:47:11.500root 11241100x8000000000000000276737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f54fa9c0f3e562023-02-08 09:47:11.500root 11241100x8000000000000000276736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338688c3349d70ef2023-02-08 09:47:11.500root 11241100x8000000000000000276735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a010611ffc5892023-02-08 09:47:11.500root 11241100x8000000000000000276734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0fa50a16f433502023-02-08 09:47:11.500root 11241100x8000000000000000276733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301ffc4c12039e022023-02-08 09:47:11.500root 11241100x8000000000000000276732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4297b7914856e432023-02-08 09:47:11.500root 11241100x8000000000000000276731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a185c789edd032023-02-08 09:47:11.500root 11241100x8000000000000000276730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69ad87707d3df02023-02-08 09:47:11.500root 11241100x8000000000000000276729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ed16435604142a2023-02-08 09:47:11.500root 11241100x8000000000000000276742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d837612d5fb7c922023-02-08 09:47:11.501root 11241100x8000000000000000276741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f4015fdb1076372023-02-08 09:47:11.501root 11241100x8000000000000000276751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800de7b81189c0fd2023-02-08 09:47:11.502root 11241100x8000000000000000276750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301d3ef218b0ac392023-02-08 09:47:11.502root 11241100x8000000000000000276749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfcbd82f8917dc02023-02-08 09:47:11.502root 11241100x8000000000000000276748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bad6bdb140574ea2023-02-08 09:47:11.502root 11241100x8000000000000000276747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a550977573a12792023-02-08 09:47:11.502root 11241100x8000000000000000276746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138f4f2cb48246652023-02-08 09:47:11.502root 11241100x8000000000000000276745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e4c0a3c6d0f3a2023-02-08 09:47:11.502root 11241100x8000000000000000276744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d05cf579851bf2023-02-08 09:47:11.502root 11241100x8000000000000000276743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea033c40cba59d872023-02-08 09:47:11.502root 11241100x8000000000000000276754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb01af7b2b56402023-02-08 09:47:11.503root 11241100x8000000000000000276753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb6f88a4c2bc2bb2023-02-08 09:47:11.503root 11241100x8000000000000000276752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea1f3798172e0f2023-02-08 09:47:11.503root 11241100x8000000000000000276760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c19b2807f79a582023-02-08 09:47:11.505root 11241100x8000000000000000276759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9825f1e5409920d22023-02-08 09:47:11.505root 11241100x8000000000000000276758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ecd5c29429f38d2023-02-08 09:47:11.505root 11241100x8000000000000000276757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd254f1b8fe2e642023-02-08 09:47:11.505root 11241100x8000000000000000276756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d350c22c046d17412023-02-08 09:47:11.505root 11241100x8000000000000000276755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63354f7f09d457142023-02-08 09:47:11.505root 11241100x8000000000000000276770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef7a7f30cd767b2023-02-08 09:47:11.506root 11241100x8000000000000000276769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c3412dd0da6ab02023-02-08 09:47:11.506root 11241100x8000000000000000276768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b78ecf597e7e5e2023-02-08 09:47:11.506root 11241100x8000000000000000276767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f1477fc3770b352023-02-08 09:47:11.506root 11241100x8000000000000000276766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4d735fee160eac2023-02-08 09:47:11.506root 11241100x8000000000000000276765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a465e96e8a07c49b2023-02-08 09:47:11.506root 11241100x8000000000000000276764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8462ccecd099ced12023-02-08 09:47:11.506root 11241100x8000000000000000276763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3ef615c073e3ff2023-02-08 09:47:11.506root 11241100x8000000000000000276762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48495aab4d35efbd2023-02-08 09:47:11.506root 11241100x8000000000000000276761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a964dad3012c7a2023-02-08 09:47:11.506root 11241100x8000000000000000276772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c802cd45b2e0f1c2023-02-08 09:47:11.507root 11241100x8000000000000000276771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0fccca880d6be92023-02-08 09:47:11.507root 11241100x8000000000000000276773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad51779e0a0d92e72023-02-08 09:47:11.508root 11241100x8000000000000000276781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5084d3999a57dc2023-02-08 09:47:11.509root 11241100x8000000000000000276780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09dc0d03602c8602023-02-08 09:47:11.509root 11241100x8000000000000000276779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c251e08b4f14a2ef2023-02-08 09:47:11.509root 11241100x8000000000000000276778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b418a55bc04ed382023-02-08 09:47:11.509root 11241100x8000000000000000276777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b667630bcd73dd2023-02-08 09:47:11.509root 11241100x8000000000000000276776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98d3cbcc5123972023-02-08 09:47:11.509root 11241100x8000000000000000276775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402b454f4895aa862023-02-08 09:47:11.509root 11241100x8000000000000000276774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de6785b29b0afba2023-02-08 09:47:11.509root 11241100x8000000000000000276782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec9b9de16f424102023-02-08 09:47:11.510root 11241100x8000000000000000276788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8b5296fecaf95b2023-02-08 09:47:11.511root 11241100x8000000000000000276787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d525ec9ab079ef0b2023-02-08 09:47:11.511root 11241100x8000000000000000276786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120dbeece4664dfc2023-02-08 09:47:11.511root 11241100x8000000000000000276785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4877ec99491c26592023-02-08 09:47:11.511root 11241100x8000000000000000276784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4769849e0c084d2023-02-08 09:47:11.511root 11241100x8000000000000000276783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4026c234890f2f2023-02-08 09:47:11.511root 11241100x8000000000000000276790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.512{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d4b4d3e77dc3ca2023-02-08 09:47:11.512root 11241100x8000000000000000276789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.512{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db1b41de393a13c2023-02-08 09:47:11.512root 11241100x8000000000000000276794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.513{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca73d8b990f81a42023-02-08 09:47:11.513root 11241100x8000000000000000276793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.513{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e711f9592b48863f2023-02-08 09:47:11.513root 11241100x8000000000000000276792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.513{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdda862051f4977d2023-02-08 09:47:11.513root 11241100x8000000000000000276791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.513{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cddedb091bc6022023-02-08 09:47:11.513root 11241100x8000000000000000276796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.514{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1974e2582f1e512023-02-08 09:47:11.514root 11241100x8000000000000000276795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.514{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36811ebb29db33392023-02-08 09:47:11.514root 11241100x8000000000000000276805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117524032ee567792023-02-08 09:47:11.515root 11241100x8000000000000000276804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049ea3f849fe93622023-02-08 09:47:11.515root 11241100x8000000000000000276803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e3ccd576bda1af2023-02-08 09:47:11.515root 11241100x8000000000000000276802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793fd1fe68536de2023-02-08 09:47:11.515root 11241100x8000000000000000276801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b962abe713494a2023-02-08 09:47:11.515root 11241100x8000000000000000276800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76558b794a21c6f12023-02-08 09:47:11.515root 11241100x8000000000000000276799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90a1f67fd481c0d2023-02-08 09:47:11.515root 11241100x8000000000000000276798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be9673323a635632023-02-08 09:47:11.515root 11241100x8000000000000000276797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.515{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f54616632af736b2023-02-08 09:47:11.515root 11241100x8000000000000000276807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.516{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934ce040e62daf962023-02-08 09:47:11.516root 11241100x8000000000000000276806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.516{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e187fe7507adfec2023-02-08 09:47:11.516root 11241100x8000000000000000276813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ac0f6d394a97a2023-02-08 09:47:11.517root 11241100x8000000000000000276812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0548e429834e2a2023-02-08 09:47:11.517root 11241100x8000000000000000276811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e56e43e9e246152023-02-08 09:47:11.517root 11241100x8000000000000000276810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ef90369e5171e42023-02-08 09:47:11.517root 11241100x8000000000000000276809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec3999364450b12023-02-08 09:47:11.517root 11241100x8000000000000000276808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.517{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f3499f6dc5fb6c2023-02-08 09:47:11.517root 11241100x8000000000000000276814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.518{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f836a378e670067b2023-02-08 09:47:11.518root 11241100x8000000000000000276816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.519{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcce65411e98c8b12023-02-08 09:47:11.519root 11241100x8000000000000000276815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.519{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe1de079acd19a2023-02-08 09:47:11.519root 11241100x8000000000000000276817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.520{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f5714fc629f28a2023-02-08 09:47:11.520root 11241100x8000000000000000276819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.521{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c788c606fb57bb32023-02-08 09:47:11.521root 11241100x8000000000000000276818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.521{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadcd492dfb5f3182023-02-08 09:47:11.521root 11241100x8000000000000000276826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6063d2d1a67dc1ad2023-02-08 09:47:11.522root 11241100x8000000000000000276825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05f845dd97ff5ef2023-02-08 09:47:11.522root 11241100x8000000000000000276824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfda53fecc96a6d62023-02-08 09:47:11.522root 11241100x8000000000000000276823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c1966851b508a2023-02-08 09:47:11.522root 11241100x8000000000000000276822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974e8b7e34e70b912023-02-08 09:47:11.522root 11241100x8000000000000000276821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb42360659777e9d2023-02-08 09:47:11.522root 11241100x8000000000000000276820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.522{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6829b0fc11c3f32023-02-08 09:47:11.522root 11241100x8000000000000000276836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05076b0e418f1fb82023-02-08 09:47:11.524root 11241100x8000000000000000276835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32faaef48a90109a2023-02-08 09:47:11.524root 11241100x8000000000000000276834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277edcf9b7359e2a2023-02-08 09:47:11.524root 11241100x8000000000000000276833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451e58d88bab22a2023-02-08 09:47:11.524root 11241100x8000000000000000276832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f16d20352c5a412023-02-08 09:47:11.524root 11241100x8000000000000000276831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcaa7fd9e7a9c552023-02-08 09:47:11.524root 11241100x8000000000000000276830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b7614ec49328d52023-02-08 09:47:11.524root 11241100x8000000000000000276829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303f78508a1dabf82023-02-08 09:47:11.524root 11241100x8000000000000000276828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa792a11b722a362023-02-08 09:47:11.524root 11241100x8000000000000000276827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.524{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf26328e5356852023-02-08 09:47:11.524root 11241100x8000000000000000276839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.525{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144c4ceb97d8e4c52023-02-08 09:47:11.525root 11241100x8000000000000000276838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.525{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05aca3af8064b432023-02-08 09:47:11.525root 11241100x8000000000000000276837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.525{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8103af9e0f9e470e2023-02-08 09:47:11.525root 11241100x8000000000000000276842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.527{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbbb1a82fd53b582023-02-08 09:47:11.527root 11241100x8000000000000000276841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.527{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9916f79397e8eb2023-02-08 09:47:11.527root 11241100x8000000000000000276840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.527{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8db5bb738997e2023-02-08 09:47:11.527root 11241100x8000000000000000276854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24db53794d01632023-02-08 09:47:11.528root 11241100x8000000000000000276853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ee38756c8ce1d22023-02-08 09:47:11.528root 11241100x8000000000000000276852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878457151abaa1ba2023-02-08 09:47:11.528root 11241100x8000000000000000276851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf869a7f9f1a51f2023-02-08 09:47:11.528root 11241100x8000000000000000276850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031ef04930b836cc2023-02-08 09:47:11.528root 11241100x8000000000000000276849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e663884103fb3d22023-02-08 09:47:11.528root 11241100x8000000000000000276848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b7d96943dcd3832023-02-08 09:47:11.528root 11241100x8000000000000000276847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504b377051e0c69e2023-02-08 09:47:11.528root 11241100x8000000000000000276846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c900f9973be4b8e2023-02-08 09:47:11.528root 11241100x8000000000000000276845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6cfa694cc6c042023-02-08 09:47:11.528root 11241100x8000000000000000276844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4957d685256af12023-02-08 09:47:11.528root 11241100x8000000000000000276843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.528{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf6df4510151fd42023-02-08 09:47:11.528root 11241100x8000000000000000276859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.529{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a373e3a2435b1c52023-02-08 09:47:11.529root 11241100x8000000000000000276858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.529{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0778a625c37ade992023-02-08 09:47:11.529root 11241100x8000000000000000276857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.529{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c7027b4254d4f62023-02-08 09:47:11.529root 11241100x8000000000000000276856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.529{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8acfa0ed77d2b32023-02-08 09:47:11.529root 11241100x8000000000000000276855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.529{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07350a6063ff68212023-02-08 09:47:11.529root 11241100x8000000000000000276867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a6f2b5d742aef52023-02-08 09:47:11.530root 11241100x8000000000000000276866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e196a1da1731da72023-02-08 09:47:11.530root 11241100x8000000000000000276865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced1d20784b8991b2023-02-08 09:47:11.530root 11241100x8000000000000000276864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b2e9b2ed15a7442023-02-08 09:47:11.530root 11241100x8000000000000000276863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb18bda4f26b9f392023-02-08 09:47:11.530root 11241100x8000000000000000276862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60779b7ac5c4604a2023-02-08 09:47:11.530root 11241100x8000000000000000276861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2b2615113ca21a2023-02-08 09:47:11.530root 11241100x8000000000000000276860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.530{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11aa9f8ba9338e52023-02-08 09:47:11.530root 11241100x8000000000000000276876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e3654ed1c4784d2023-02-08 09:47:11.531root 11241100x8000000000000000276875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7d22b1ebe431b82023-02-08 09:47:11.531root 11241100x8000000000000000276874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6051f6452c20a4652023-02-08 09:47:11.531root 11241100x8000000000000000276873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593921032b1ff8742023-02-08 09:47:11.531root 11241100x8000000000000000276872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5138e378d9483fd02023-02-08 09:47:11.531root 11241100x8000000000000000276871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11aecd6902d43412023-02-08 09:47:11.531root 11241100x8000000000000000276870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1729cbd9df4644542023-02-08 09:47:11.531root 11241100x8000000000000000276869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ad4075110bcd9b2023-02-08 09:47:11.531root 11241100x8000000000000000276868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.531{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e9003dca622372023-02-08 09:47:11.531root 11241100x8000000000000000276885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c161c6a20a923f2023-02-08 09:47:11.532root 11241100x8000000000000000276884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63765040171ec4662023-02-08 09:47:11.532root 11241100x8000000000000000276883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a643a5eeee43ae492023-02-08 09:47:11.532root 11241100x8000000000000000276882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e5676d0c399a812023-02-08 09:47:11.532root 11241100x8000000000000000276881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547f6190986a55672023-02-08 09:47:11.532root 11241100x8000000000000000276880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fa1ebe2ada8bd52023-02-08 09:47:11.532root 11241100x8000000000000000276879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005c790209fadc122023-02-08 09:47:11.532root 11241100x8000000000000000276878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9413ce4591ede2e42023-02-08 09:47:11.532root 11241100x8000000000000000276877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.532{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab306ee43c18e482023-02-08 09:47:11.532root 11241100x8000000000000000276897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e64933aa1b778562023-02-08 09:47:11.533root 11241100x8000000000000000276896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d04c15642c033c2023-02-08 09:47:11.533root 11241100x8000000000000000276895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23f9663732dc9fc2023-02-08 09:47:11.533root 11241100x8000000000000000276894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa04c40d54086922023-02-08 09:47:11.533root 11241100x8000000000000000276893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f133e65ac29172023-02-08 09:47:11.533root 11241100x8000000000000000276892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31516bd860cb50b12023-02-08 09:47:11.533root 11241100x8000000000000000276891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae707b8c4e70f962023-02-08 09:47:11.533root 11241100x8000000000000000276890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ccb13a2d8e9c8a2023-02-08 09:47:11.533root 11241100x8000000000000000276889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7664aabe1fc93e412023-02-08 09:47:11.533root 11241100x8000000000000000276888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e0820261302eb82023-02-08 09:47:11.533root 11241100x8000000000000000276887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90054c720f35abc2023-02-08 09:47:11.533root 11241100x8000000000000000276886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.533{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f43a47969f5c42023-02-08 09:47:11.533root 11241100x8000000000000000276905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b72a00d3e53a7962023-02-08 09:47:11.534root 11241100x8000000000000000276904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71935db8720915c62023-02-08 09:47:11.534root 11241100x8000000000000000276903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b229b351ee38752023-02-08 09:47:11.534root 11241100x8000000000000000276902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa01f638a11734b2023-02-08 09:47:11.534root 11241100x8000000000000000276901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472e5f4ad8f712922023-02-08 09:47:11.534root 11241100x8000000000000000276900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf1edd3cc1aca022023-02-08 09:47:11.534root 11241100x8000000000000000276899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b45eb4c4f56ad32023-02-08 09:47:11.534root 11241100x8000000000000000276898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.534{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be826a5aced55cc2023-02-08 09:47:11.534root 11241100x8000000000000000276916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2b955b2a87c5132023-02-08 09:47:11.535root 11241100x8000000000000000276915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cacbf2ba13ffcb2023-02-08 09:47:11.535root 11241100x8000000000000000276914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bcf25a69c1451b2023-02-08 09:47:11.535root 11241100x8000000000000000276913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6b47981a3ddd8b2023-02-08 09:47:11.535root 11241100x8000000000000000276912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8ae05beed470532023-02-08 09:47:11.535root 11241100x8000000000000000276911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8357f1600bb5eec72023-02-08 09:47:11.535root 11241100x8000000000000000276910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616c79c695302a22023-02-08 09:47:11.535root 11241100x8000000000000000276909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ecedff2c6f533c2023-02-08 09:47:11.535root 11241100x8000000000000000276908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cda9f2e7a01e1d2023-02-08 09:47:11.535root 11241100x8000000000000000276907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2880052bb1b1a992023-02-08 09:47:11.535root 11241100x8000000000000000276906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.535{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a66a532bf4c0a42023-02-08 09:47:11.535root 11241100x8000000000000000276918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.536{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9a942a1f8e49e22023-02-08 09:47:11.536root 11241100x8000000000000000276917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.536{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea426ff06d156bb42023-02-08 09:47:11.536root 11241100x8000000000000000276921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.537{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aad53f92971721f2023-02-08 09:47:11.537root 11241100x8000000000000000276920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.537{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568142061533fec02023-02-08 09:47:11.537root 11241100x8000000000000000276919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.537{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b832f6515989942023-02-08 09:47:11.537root 11241100x8000000000000000276923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.538{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a56a65ff1259df12023-02-08 09:47:11.538root 11241100x8000000000000000276922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.538{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7b4b98c8ffab812023-02-08 09:47:11.538root 11241100x8000000000000000276929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa8a873a3e1da552023-02-08 09:47:11.539root 11241100x8000000000000000276928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f06b7c3649551522023-02-08 09:47:11.539root 11241100x8000000000000000276927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89b52522b3c08ee2023-02-08 09:47:11.539root 11241100x8000000000000000276926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb57d6aebcb5aed2023-02-08 09:47:11.539root 11241100x8000000000000000276925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd479a9c6b8bff792023-02-08 09:47:11.539root 11241100x8000000000000000276924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.539{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd0330c54b2cf442023-02-08 09:47:11.539root 11241100x8000000000000000276934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.541{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80ed5bf477a41f12023-02-08 09:47:11.541root 11241100x8000000000000000276933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.541{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb4edf28e054be62023-02-08 09:47:11.541root 11241100x8000000000000000276932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.541{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e67884f5d9741b32023-02-08 09:47:11.541root 11241100x8000000000000000276931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.541{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f339a24bdcf00e742023-02-08 09:47:11.541root 11241100x8000000000000000276930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.541{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a35ae265a5a0f72023-02-08 09:47:11.541root 11241100x8000000000000000276937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.542{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f45272b529d5062023-02-08 09:47:11.542root 11241100x8000000000000000276936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.542{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd315035ae5d264e2023-02-08 09:47:11.542root 11241100x8000000000000000276935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.542{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f47e577ab37ff1d2023-02-08 09:47:11.542root 11241100x8000000000000000276944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768ba3fd984df0442023-02-08 09:47:11.544root 11241100x8000000000000000276943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1afb260147ed71872023-02-08 09:47:11.544root 11241100x8000000000000000276942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea683abc06bb54b72023-02-08 09:47:11.544root 11241100x8000000000000000276941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d96294ca09ac2382023-02-08 09:47:11.544root 11241100x8000000000000000276940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f0426deb621f522023-02-08 09:47:11.544root 11241100x8000000000000000276939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4504ec84a9cfcf2023-02-08 09:47:11.544root 11241100x8000000000000000276938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.544{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8223bc3cb442e582023-02-08 09:47:11.544root 11241100x8000000000000000276949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.546{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237dcc2daf2f1cc72023-02-08 09:47:11.546root 11241100x8000000000000000276948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.546{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac06551a4ecb77f72023-02-08 09:47:11.546root 11241100x8000000000000000276947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.546{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab467c0614f995032023-02-08 09:47:11.546root 11241100x8000000000000000276946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.546{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9609e6daaf95c72023-02-08 09:47:11.546root 11241100x8000000000000000276945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.546{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73bb943b110e5a02023-02-08 09:47:11.546root 11241100x8000000000000000276952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.547{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72196a5d132057c62023-02-08 09:47:11.547root 11241100x8000000000000000276951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.547{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab9075db342231b2023-02-08 09:47:11.547root 11241100x8000000000000000276950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.547{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748584d4ffc42dd42023-02-08 09:47:11.547root 11241100x8000000000000000276956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.549{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2889e3f32c9567e22023-02-08 09:47:11.549root 11241100x8000000000000000276955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.549{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91fb160a75b7fe2023-02-08 09:47:11.549root 11241100x8000000000000000276954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.549{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a820ac1cd763b2d2023-02-08 09:47:11.549root 11241100x8000000000000000276953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.549{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9d9263f837211e2023-02-08 09:47:11.549root 11241100x8000000000000000276957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.550{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a77d8580f92e62023-02-08 09:47:11.550root 11241100x8000000000000000276964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68e3e0ec21258322023-02-08 09:47:11.551root 11241100x8000000000000000276963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d072bdb93caa7262023-02-08 09:47:11.551root 11241100x8000000000000000276962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1342df2b87f2352023-02-08 09:47:11.551root 11241100x8000000000000000276961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4143c6594d64612023-02-08 09:47:11.551root 11241100x8000000000000000276960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0111c5fb6ab1c8d72023-02-08 09:47:11.551root 11241100x8000000000000000276959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6fa591763bb5e2023-02-08 09:47:11.551root 11241100x8000000000000000276958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.551{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71cc99f6c68ff1a2023-02-08 09:47:11.551root 11241100x8000000000000000276968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.552{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ae1114c2b776f2023-02-08 09:47:11.552root 11241100x8000000000000000276967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.552{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b700dad8978df2023-02-08 09:47:11.552root 11241100x8000000000000000276966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.552{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96adabd5c0178b122023-02-08 09:47:11.552root 11241100x8000000000000000276965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.552{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2387be3eb9ef23b02023-02-08 09:47:11.552root 11241100x8000000000000000276972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.553{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93de763ad8337b22023-02-08 09:47:11.553root 11241100x8000000000000000276971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.553{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5110c4de2a042e82023-02-08 09:47:11.553root 11241100x8000000000000000276970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.553{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f84a8cb672f45c2023-02-08 09:47:11.553root 11241100x8000000000000000276969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.553{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da20e1379cb02b482023-02-08 09:47:11.553root 11241100x8000000000000000276979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab08e850a9f8533d2023-02-08 09:47:11.554root 11241100x8000000000000000276978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207b82b44f13a37e2023-02-08 09:47:11.554root 11241100x8000000000000000276977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b896436f5ec844c2023-02-08 09:47:11.554root 11241100x8000000000000000276976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a391a8655fa5f6be2023-02-08 09:47:11.554root 11241100x8000000000000000276975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e2bfb0308d6b642023-02-08 09:47:11.554root 11241100x8000000000000000276974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba3072180a4fbab2023-02-08 09:47:11.554root 11241100x8000000000000000276973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.554{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d978d3ff259db422023-02-08 09:47:11.554root 11241100x8000000000000000276983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.555{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b2ef29c835aa392023-02-08 09:47:11.555root 11241100x8000000000000000276982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.555{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c4d3544b59f5452023-02-08 09:47:11.555root 11241100x8000000000000000276981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.555{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2365b2d11a5d1f2023-02-08 09:47:11.555root 11241100x8000000000000000276980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.555{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5fe2992610549b2023-02-08 09:47:11.555root 11241100x8000000000000000276989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73decaa549703712023-02-08 09:47:11.556root 11241100x8000000000000000276988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8a9fe52c5dd2142023-02-08 09:47:11.556root 11241100x8000000000000000276987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddc5feebd6dad8e2023-02-08 09:47:11.556root 11241100x8000000000000000276986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda84f7f59231d072023-02-08 09:47:11.556root 11241100x8000000000000000276985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87675ed0a1f67982023-02-08 09:47:11.556root 11241100x8000000000000000276984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.556{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd6d00dbb85cf22023-02-08 09:47:11.556root 11241100x8000000000000000276991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.557{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e0d22fb2ce3912023-02-08 09:47:11.557root 11241100x8000000000000000276990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.557{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1700e9320502892023-02-08 09:47:11.557root 11241100x8000000000000000277000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a9be3fc0bbb28c2023-02-08 09:47:11.558root 11241100x8000000000000000276999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557e5d585edc90b2023-02-08 09:47:11.558root 11241100x8000000000000000276998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db56b49deb7a04a62023-02-08 09:47:11.558root 11241100x8000000000000000276997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4da04edf2fd26c2023-02-08 09:47:11.558root 11241100x8000000000000000276996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cbdfdc402e09512023-02-08 09:47:11.558root 11241100x8000000000000000276995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb4951b8519dd32023-02-08 09:47:11.558root 11241100x8000000000000000276994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c6388fc8d758d2023-02-08 09:47:11.558root 11241100x8000000000000000276993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a128a640d043cc462023-02-08 09:47:11.558root 11241100x8000000000000000276992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.558{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3910e40ed14172012023-02-08 09:47:11.558root 11241100x8000000000000000277006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa61b2823b7e31232023-02-08 09:47:11.559root 11241100x8000000000000000277005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdae8134c917cc82023-02-08 09:47:11.559root 11241100x8000000000000000277004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b872b77e1c087d332023-02-08 09:47:11.559root 11241100x8000000000000000277003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4653c04d2a003c0a2023-02-08 09:47:11.559root 11241100x8000000000000000277002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3607ad6aabe89eb2023-02-08 09:47:11.559root 11241100x8000000000000000277001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.559{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d5529776390d042023-02-08 09:47:11.559root 11241100x8000000000000000277016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290fb4a2127438b92023-02-08 09:47:11.560root 11241100x8000000000000000277015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a8a11ef0365c4f2023-02-08 09:47:11.560root 11241100x8000000000000000277014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123dedef8ed72a9e2023-02-08 09:47:11.560root 11241100x8000000000000000277013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c22f866ceb5f12023-02-08 09:47:11.560root 11241100x8000000000000000277012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f568501c9334982c2023-02-08 09:47:11.560root 11241100x8000000000000000277011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed4dfe7b9fb487d2023-02-08 09:47:11.560root 11241100x8000000000000000277010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dd4426eaa643082023-02-08 09:47:11.560root 11241100x8000000000000000277009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23db04ef40be3d72023-02-08 09:47:11.560root 11241100x8000000000000000277008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b663bcb581863f702023-02-08 09:47:11.560root 11241100x8000000000000000277007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.560{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763665460ed37c0b2023-02-08 09:47:11.560root 11241100x8000000000000000277022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c89a8772ac81642023-02-08 09:47:11.563root 11241100x8000000000000000277021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fa72c32d640e912023-02-08 09:47:11.563root 11241100x8000000000000000277020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba52028ad7bbfc92023-02-08 09:47:11.563root 11241100x8000000000000000277019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c740d396c03939e22023-02-08 09:47:11.563root 11241100x8000000000000000277018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914f6da7e975058c2023-02-08 09:47:11.563root 11241100x8000000000000000277017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.563{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafc24740be7f9052023-02-08 09:47:11.563root 11241100x8000000000000000277026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.564{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5535d2e45635412023-02-08 09:47:11.564root 11241100x8000000000000000277025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.564{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c605a6e802ae8f2023-02-08 09:47:11.564root 11241100x8000000000000000277024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.564{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a8f2d37f4a3a02023-02-08 09:47:11.564root 11241100x8000000000000000277023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.564{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928fdf3f4089670c2023-02-08 09:47:11.564root 11241100x8000000000000000277034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1691a07095089f9b2023-02-08 09:47:11.565root 11241100x8000000000000000277033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f499d67e8b693a02023-02-08 09:47:11.565root 11241100x8000000000000000277032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e388ea77141007a2023-02-08 09:47:11.565root 11241100x8000000000000000277031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2abb9c2123907082023-02-08 09:47:11.565root 11241100x8000000000000000277030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e7d495d3a95a9f2023-02-08 09:47:11.565root 11241100x8000000000000000277029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a8a493a25117372023-02-08 09:47:11.565root 11241100x8000000000000000277028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135633831ce1f43c2023-02-08 09:47:11.565root 11241100x8000000000000000277027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.565{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424ab3d17a89daf22023-02-08 09:47:11.565root 11241100x8000000000000000277046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b70c49498340ad2023-02-08 09:47:11.566root 11241100x8000000000000000277045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d4f80b6ef516ae2023-02-08 09:47:11.566root 11241100x8000000000000000277044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19520d84c299cfcb2023-02-08 09:47:11.566root 11241100x8000000000000000277043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc4d9c10da0b7ae2023-02-08 09:47:11.566root 11241100x8000000000000000277042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcedd2336097cd5f2023-02-08 09:47:11.566root 11241100x8000000000000000277041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f20ddbd83e5a032023-02-08 09:47:11.566root 11241100x8000000000000000277040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1c853588dee25e2023-02-08 09:47:11.566root 11241100x8000000000000000277039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e52839760404bd2023-02-08 09:47:11.566root 11241100x8000000000000000277038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa15a28a6c986a612023-02-08 09:47:11.566root 11241100x8000000000000000277037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb5e8840ad1c1492023-02-08 09:47:11.566root 11241100x8000000000000000277036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e605c65400d5f702023-02-08 09:47:11.566root 11241100x8000000000000000277035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.566{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50901e5b066cc82023-02-08 09:47:11.566root 11241100x8000000000000000277048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.567{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afac1745a0f92302023-02-08 09:47:11.567root 11241100x8000000000000000277047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.567{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca8c86296f123a52023-02-08 09:47:11.567root 11241100x8000000000000000277059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05336ee2760ffe122023-02-08 09:47:11.568root 11241100x8000000000000000277058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b81fe85a8621872023-02-08 09:47:11.568root 11241100x8000000000000000277057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086d3a41e9a0783a2023-02-08 09:47:11.568root 11241100x8000000000000000277056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d919ec7bbe83482023-02-08 09:47:11.568root 11241100x8000000000000000277055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5352933aaa7e3bd52023-02-08 09:47:11.568root 11241100x8000000000000000277054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae4491295a4d642023-02-08 09:47:11.568root 11241100x8000000000000000277053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aefc0f0040f82152023-02-08 09:47:11.568root 11241100x8000000000000000277052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3186c07eeaab1f2023-02-08 09:47:11.568root 11241100x8000000000000000277051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cec2a12ea844fe2023-02-08 09:47:11.568root 11241100x8000000000000000277050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501eb8e6c3961d0d2023-02-08 09:47:11.568root 11241100x8000000000000000277049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.568{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fabfdec11589022023-02-08 09:47:11.568root 11241100x8000000000000000277062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.569{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7b8078da72f6c42023-02-08 09:47:11.569root 11241100x8000000000000000277061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.569{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f97422e8b58cb372023-02-08 09:47:11.569root 11241100x8000000000000000277060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.569{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad801f7625a4352023-02-08 09:47:11.569root 11241100x8000000000000000277076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfaa8f4f77927262023-02-08 09:47:11.570root 11241100x8000000000000000277075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c48c295a26f264c2023-02-08 09:47:11.570root 11241100x8000000000000000277074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a03475db6d006ca2023-02-08 09:47:11.570root 11241100x8000000000000000277073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a046cde5bb8b4a182023-02-08 09:47:11.570root 11241100x8000000000000000277072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5549886ecfc3cfcc2023-02-08 09:47:11.570root 11241100x8000000000000000277071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3d67109ffcd3f12023-02-08 09:47:11.570root 11241100x8000000000000000277070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f7d9a046a6ebb22023-02-08 09:47:11.570root 11241100x8000000000000000277069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e179da61071b1a42023-02-08 09:47:11.570root 11241100x8000000000000000277068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad02caa869809c42023-02-08 09:47:11.570root 11241100x8000000000000000277067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d997b5916141742023-02-08 09:47:11.570root 11241100x8000000000000000277066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643131f5a013dab22023-02-08 09:47:11.570root 11241100x8000000000000000277065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c04e53f7638cdb2023-02-08 09:47:11.570root 11241100x8000000000000000277064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152f89bc8cd5c74a2023-02-08 09:47:11.570root 11241100x8000000000000000277063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.570{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3249ef648d43102023-02-08 09:47:11.570root 11241100x8000000000000000277088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06a3a51ef600562023-02-08 09:47:11.571root 11241100x8000000000000000277087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0574d604047242023-02-08 09:47:11.571root 11241100x8000000000000000277086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165b7c11957fb2672023-02-08 09:47:11.571root 11241100x8000000000000000277085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45eac5e7423a979e2023-02-08 09:47:11.571root 11241100x8000000000000000277084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c8ac812b002a32023-02-08 09:47:11.571root 11241100x8000000000000000277083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028fa142c6f1fcfa2023-02-08 09:47:11.571root 11241100x8000000000000000277082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285f5c01f25b6f962023-02-08 09:47:11.571root 11241100x8000000000000000277081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be66d7e71f46d9d2023-02-08 09:47:11.571root 11241100x8000000000000000277080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402632026e07e0482023-02-08 09:47:11.571root 11241100x8000000000000000277079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77515d47b72bd2442023-02-08 09:47:11.571root 11241100x8000000000000000277078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9f3f9d25aab952023-02-08 09:47:11.571root 11241100x8000000000000000277077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.571{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682d57a56e08c5662023-02-08 09:47:11.571root 11241100x8000000000000000277091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.572{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d741e4d148a2c82023-02-08 09:47:11.572root 11241100x8000000000000000277090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.572{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9717bdd8c28be5662023-02-08 09:47:11.572root 11241100x8000000000000000277089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.572{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b120254078862bc2023-02-08 09:47:11.572root 11241100x8000000000000000277100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3bfc22b9021ed62023-02-08 09:47:11.574root 11241100x8000000000000000277099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7d31849d2646d92023-02-08 09:47:11.574root 11241100x8000000000000000277098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a86ba5314c8bce72023-02-08 09:47:11.574root 11241100x8000000000000000277097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711ec32a965592312023-02-08 09:47:11.574root 11241100x8000000000000000277096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61061a17d07cf3ac2023-02-08 09:47:11.574root 11241100x8000000000000000277095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03397ff00ca2a6422023-02-08 09:47:11.574root 11241100x8000000000000000277094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e555e762218f842023-02-08 09:47:11.574root 11241100x8000000000000000277093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d846dc422cb19ea2023-02-08 09:47:11.574root 11241100x8000000000000000277092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.574{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96dc368a9edb3452023-02-08 09:47:11.574root 11241100x8000000000000000277103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.575{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8313f6b7048702832023-02-08 09:47:11.575root 11241100x8000000000000000277102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.575{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be38892126307a792023-02-08 09:47:11.575root 11241100x8000000000000000277101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.575{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530a545030fcc9722023-02-08 09:47:11.575root 11241100x8000000000000000277113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efd18f0f5c57e92023-02-08 09:47:11.576root 11241100x8000000000000000277112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf25224ec35e6222023-02-08 09:47:11.576root 11241100x8000000000000000277111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772db0c4f931eb352023-02-08 09:47:11.576root 11241100x8000000000000000277110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74576b103e91f43c2023-02-08 09:47:11.576root 11241100x8000000000000000277109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9bf7f6a3be516e2023-02-08 09:47:11.576root 11241100x8000000000000000277108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a9845911bb910b2023-02-08 09:47:11.576root 11241100x8000000000000000277107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7ec3d7c84d31b2023-02-08 09:47:11.576root 11241100x8000000000000000277106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a491623a9d46622023-02-08 09:47:11.576root 11241100x8000000000000000277105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792bc9935fa20dd02023-02-08 09:47:11.576root 11241100x8000000000000000277104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.576{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23882854db10a3d2023-02-08 09:47:11.576root 11241100x8000000000000000277116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.577{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711fe3067b8cd5872023-02-08 09:47:11.577root 11241100x8000000000000000277115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.577{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd6132a97fdee372023-02-08 09:47:11.577root 11241100x8000000000000000277114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.577{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197e4ccd4af2e84f2023-02-08 09:47:11.577root 11241100x8000000000000000277123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2edc0e1e7a65bc12023-02-08 09:47:11.578root 11241100x8000000000000000277122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a16ff9148c46e12023-02-08 09:47:11.578root 11241100x8000000000000000277121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d5041e40ac7d1d2023-02-08 09:47:11.578root 11241100x8000000000000000277120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c9ab83ac84bcf2023-02-08 09:47:11.578root 11241100x8000000000000000277119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7516206875906f02023-02-08 09:47:11.578root 11241100x8000000000000000277118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3847118825334b2023-02-08 09:47:11.578root 11241100x8000000000000000277117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.578{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1203f7a825ab22ef2023-02-08 09:47:11.578root 11241100x8000000000000000277129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea839c37140c85f2023-02-08 09:47:11.579root 11241100x8000000000000000277128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0cb82edc0d8edf2023-02-08 09:47:11.579root 11241100x8000000000000000277127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea7655d498315c2023-02-08 09:47:11.579root 11241100x8000000000000000277126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fae082b93a37642023-02-08 09:47:11.579root 11241100x8000000000000000277125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b01510efaf0d602023-02-08 09:47:11.579root 11241100x8000000000000000277124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.579{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423c976bccf31d7a2023-02-08 09:47:11.579root 11241100x8000000000000000277137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa387f4dc0841dc2023-02-08 09:47:11.580root 11241100x8000000000000000277136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db3aa598e5429fe2023-02-08 09:47:11.580root 11241100x8000000000000000277135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b434659ca076019b2023-02-08 09:47:11.580root 11241100x8000000000000000277134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc96d5b403464902023-02-08 09:47:11.580root 11241100x8000000000000000277133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b2422d70bf33f22023-02-08 09:47:11.580root 11241100x8000000000000000277132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf86fa08e7ca653b2023-02-08 09:47:11.580root 11241100x8000000000000000277131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e7dc76c99adfdd2023-02-08 09:47:11.580root 11241100x8000000000000000277130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.580{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bb94c7829096022023-02-08 09:47:11.580root 11241100x8000000000000000277142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.581{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918855c086e7cd1f2023-02-08 09:47:11.581root 11241100x8000000000000000277141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.581{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ede163132b465582023-02-08 09:47:11.581root 11241100x8000000000000000277140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.581{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872428a4bea6c1942023-02-08 09:47:11.581root 11241100x8000000000000000277139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.581{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce79500251c922092023-02-08 09:47:11.581root 11241100x8000000000000000277138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.581{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ede4e8f8224f3852023-02-08 09:47:11.581root 11241100x8000000000000000277149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72a0be2e3031c0f2023-02-08 09:47:11.582root 11241100x8000000000000000277148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72678178e44237c32023-02-08 09:47:11.582root 11241100x8000000000000000277147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacf670e6ffeed172023-02-08 09:47:11.582root 11241100x8000000000000000277146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cd0d94ebae901d2023-02-08 09:47:11.582root 11241100x8000000000000000277145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b54ce49b96121e2023-02-08 09:47:11.582root 11241100x8000000000000000277144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2e4bcb22e2a5302023-02-08 09:47:11.582root 11241100x8000000000000000277143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.582{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8287491adae9ae42023-02-08 09:47:11.582root 11241100x8000000000000000277158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb80892878ef5ae2023-02-08 09:47:11.583root 11241100x8000000000000000277157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5419f7980bb9f25e2023-02-08 09:47:11.583root 11241100x8000000000000000277156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4583a56c6b2fc8052023-02-08 09:47:11.583root 11241100x8000000000000000277155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7e753c2dffbb922023-02-08 09:47:11.583root 11241100x8000000000000000277154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae727bb9af43d7f72023-02-08 09:47:11.583root 11241100x8000000000000000277153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766c0d042e7633f02023-02-08 09:47:11.583root 11241100x8000000000000000277152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40542be9bac2f022023-02-08 09:47:11.583root 11241100x8000000000000000277151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c326324eb58efc2023-02-08 09:47:11.583root 11241100x8000000000000000277150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.583{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265f03940cbaaaed2023-02-08 09:47:11.583root 11241100x8000000000000000277166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d594edb796b43a2023-02-08 09:47:11.584root 11241100x8000000000000000277165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518187b9292451c02023-02-08 09:47:11.584root 11241100x8000000000000000277164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c772a9572a5d45b62023-02-08 09:47:11.584root 11241100x8000000000000000277163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46d8dfd1a7599f2023-02-08 09:47:11.584root 11241100x8000000000000000277162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a7c6fd453820e72023-02-08 09:47:11.584root 11241100x8000000000000000277161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e25d9aaa0365e422023-02-08 09:47:11.584root 11241100x8000000000000000277160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab134b1c6b1b86a52023-02-08 09:47:11.584root 11241100x8000000000000000277159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.584{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84503ee33d6c5b892023-02-08 09:47:11.584root 11241100x8000000000000000277175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ac15be8970194f2023-02-08 09:47:11.585root 11241100x8000000000000000277174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a17c8a8b091c5de2023-02-08 09:47:11.585root 11241100x8000000000000000277173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e005ee92b2e6782023-02-08 09:47:11.585root 11241100x8000000000000000277172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841aa5b2f9941082023-02-08 09:47:11.585root 11241100x8000000000000000277171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63be8aa22066d4b2023-02-08 09:47:11.585root 11241100x8000000000000000277170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b1bb22c9027942023-02-08 09:47:11.585root 11241100x8000000000000000277169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41fed16cd6797912023-02-08 09:47:11.585root 11241100x8000000000000000277168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28034064298edc772023-02-08 09:47:11.585root 11241100x8000000000000000277167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.585{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c63cb7fdb356322023-02-08 09:47:11.585root 11241100x8000000000000000277184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4b5ef2fc076db52023-02-08 09:47:11.586root 11241100x8000000000000000277183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277daa672ff93512023-02-08 09:47:11.586root 11241100x8000000000000000277182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8a72b7294e0e12023-02-08 09:47:11.586root 11241100x8000000000000000277181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672df8fa4cc69e42023-02-08 09:47:11.586root 11241100x8000000000000000277180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae40ee1255a90f4c2023-02-08 09:47:11.586root 11241100x8000000000000000277179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3856aa3cea8481c82023-02-08 09:47:11.586root 11241100x8000000000000000277178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422b3e340caeea882023-02-08 09:47:11.586root 11241100x8000000000000000277177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0b29c0c3cc93842023-02-08 09:47:11.586root 11241100x8000000000000000277176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.586{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18490f8925fbca782023-02-08 09:47:11.586root 11241100x8000000000000000277193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e08ffeb62bd3b052023-02-08 09:47:11.587root 11241100x8000000000000000277192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d04752b390e8c2023-02-08 09:47:11.587root 11241100x8000000000000000277191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba94e27d8fee78cf2023-02-08 09:47:11.587root 11241100x8000000000000000277190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864493eed973bf472023-02-08 09:47:11.587root 11241100x8000000000000000277189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e04a89d70c4202023-02-08 09:47:11.587root 11241100x8000000000000000277188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bf5af293aa04b32023-02-08 09:47:11.587root 11241100x8000000000000000277187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b96fcd05cdc4aa2023-02-08 09:47:11.587root 11241100x8000000000000000277186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092b188e279e2acc2023-02-08 09:47:11.587root 11241100x8000000000000000277185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.587{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d8b64670e0eb32023-02-08 09:47:11.587root 11241100x8000000000000000277202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006e4e6c6e38c5b2023-02-08 09:47:11.588root 11241100x8000000000000000277201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdaffa60feb03222023-02-08 09:47:11.588root 11241100x8000000000000000277200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2efb326b41fd8b2023-02-08 09:47:11.588root 11241100x8000000000000000277199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492a44cffb1b152a2023-02-08 09:47:11.588root 11241100x8000000000000000277198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aa456393fcc1da2023-02-08 09:47:11.588root 11241100x8000000000000000277197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5793a21b77c6ae672023-02-08 09:47:11.588root 11241100x8000000000000000277196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ec0279287c36092023-02-08 09:47:11.588root 11241100x8000000000000000277195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b0066e33deda52023-02-08 09:47:11.588root 11241100x8000000000000000277194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.588{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff96c0a5a108422023-02-08 09:47:11.588root 11241100x8000000000000000277210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dd8e5912b790a72023-02-08 09:47:11.589root 11241100x8000000000000000277209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42ed85f6d24875a2023-02-08 09:47:11.589root 11241100x8000000000000000277208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fb0ed7d17bd7c42023-02-08 09:47:11.589root 11241100x8000000000000000277207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac33a8c49f00562023-02-08 09:47:11.589root 11241100x8000000000000000277206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80db719562c1dbf2023-02-08 09:47:11.589root 11241100x8000000000000000277205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68460bce7602a6202023-02-08 09:47:11.589root 11241100x8000000000000000277204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4693c63542423e2023-02-08 09:47:11.589root 11241100x8000000000000000277203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.589{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6868fe72361750fe2023-02-08 09:47:11.589root 11241100x8000000000000000277218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5e952ecfb05e5d2023-02-08 09:47:11.590root 11241100x8000000000000000277217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1428d334b3f212023-02-08 09:47:11.590root 11241100x8000000000000000277216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ad83af2ce79002023-02-08 09:47:11.590root 11241100x8000000000000000277215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c6cbc119b5bf52023-02-08 09:47:11.590root 11241100x8000000000000000277214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eea286b0bf82b292023-02-08 09:47:11.590root 11241100x8000000000000000277213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14ff55d3c1484af2023-02-08 09:47:11.590root 11241100x8000000000000000277212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a2da6d459ec2ee2023-02-08 09:47:11.590root 11241100x8000000000000000277211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.590{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53027b6c6fab75ea2023-02-08 09:47:11.590root 11241100x8000000000000000277227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca957f024b4abad2023-02-08 09:47:11.591root 11241100x8000000000000000277226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9585b39ffb42f1952023-02-08 09:47:11.591root 11241100x8000000000000000277225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f90f2652e299a42023-02-08 09:47:11.591root 11241100x8000000000000000277224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c98bf55537620602023-02-08 09:47:11.591root 11241100x8000000000000000277223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1f05813cab5b1c2023-02-08 09:47:11.591root 11241100x8000000000000000277222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7210691349c6249b2023-02-08 09:47:11.591root 11241100x8000000000000000277221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2183432b74dc8c2023-02-08 09:47:11.591root 11241100x8000000000000000277220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e80c3d1f87b0592023-02-08 09:47:11.591root 11241100x8000000000000000277219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.591{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c663bb1a3d0187972023-02-08 09:47:11.591root 11241100x8000000000000000277236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184f515acae085712023-02-08 09:47:11.592root 11241100x8000000000000000277235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5387c6bb251f772023-02-08 09:47:11.592root 11241100x8000000000000000277234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec929611b955b96b2023-02-08 09:47:11.592root 11241100x8000000000000000277233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f5fb7e984cc8d32023-02-08 09:47:11.592root 11241100x8000000000000000277232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e2de14cd2ac452023-02-08 09:47:11.592root 11241100x8000000000000000277231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4365cb39f3ace92023-02-08 09:47:11.592root 11241100x8000000000000000277230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9518d51e169c091a2023-02-08 09:47:11.592root 11241100x8000000000000000277229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1f1163609b8d142023-02-08 09:47:11.592root 11241100x8000000000000000277228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.592{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c3b2173833e8d82023-02-08 09:47:11.592root 11241100x8000000000000000277244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3420fd5fc15afa2023-02-08 09:47:11.593root 11241100x8000000000000000277243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d51c99795f7d52023-02-08 09:47:11.593root 11241100x8000000000000000277242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b0d4a40d73b31b2023-02-08 09:47:11.593root 11241100x8000000000000000277241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8506cb728a7bf2a42023-02-08 09:47:11.593root 11241100x8000000000000000277240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981cd87fa6da0e252023-02-08 09:47:11.593root 11241100x8000000000000000277239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b167c62b7d66a7752023-02-08 09:47:11.593root 11241100x8000000000000000277238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84763880de1891082023-02-08 09:47:11.593root 11241100x8000000000000000277237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.593{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2eb17f3b73b892023-02-08 09:47:11.593root 11241100x8000000000000000277254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5295e95f139f252023-02-08 09:47:11.594root 11241100x8000000000000000277253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0d37cd9c204eb2023-02-08 09:47:11.594root 11241100x8000000000000000277252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a202935b34a5712023-02-08 09:47:11.594root 11241100x8000000000000000277251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25ff6ffe5a00ade2023-02-08 09:47:11.594root 11241100x8000000000000000277250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8458b4b0035c3ca2023-02-08 09:47:11.594root 11241100x8000000000000000277249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4427a2a1da02e52023-02-08 09:47:11.594root 11241100x8000000000000000277248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f778891d04029572023-02-08 09:47:11.594root 11241100x8000000000000000277247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d28bb89f989ae32023-02-08 09:47:11.594root 11241100x8000000000000000277246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608352f9681760172023-02-08 09:47:11.594root 11241100x8000000000000000277245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.594{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743b4ef36faacdd42023-02-08 09:47:11.594root 11241100x8000000000000000277263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0002ffddaf2a732023-02-08 09:47:11.595root 11241100x8000000000000000277262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cf42fcf3d6fd332023-02-08 09:47:11.595root 11241100x8000000000000000277261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b902d6dcdacf2b5d2023-02-08 09:47:11.595root 11241100x8000000000000000277260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2dec5c09913e192023-02-08 09:47:11.595root 11241100x8000000000000000277259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f236822c941b532023-02-08 09:47:11.595root 11241100x8000000000000000277258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899be4357e23727b2023-02-08 09:47:11.595root 11241100x8000000000000000277257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3857d1e698c09532023-02-08 09:47:11.595root 11241100x8000000000000000277256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e98bd571662cc62023-02-08 09:47:11.595root 11241100x8000000000000000277255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.595{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9219f6fbd4c21032023-02-08 09:47:11.595root 11241100x8000000000000000277272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e69f62c68db7e82023-02-08 09:47:11.596root 11241100x8000000000000000277271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf277f4abb25754a2023-02-08 09:47:11.596root 11241100x8000000000000000277270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415ca16b82dfe94a2023-02-08 09:47:11.596root 11241100x8000000000000000277269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe0f52a7eefd982023-02-08 09:47:11.596root 11241100x8000000000000000277268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7e96560041e1a72023-02-08 09:47:11.596root 11241100x8000000000000000277267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73bc44522e7d622023-02-08 09:47:11.596root 11241100x8000000000000000277266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc3bbb9e703020a2023-02-08 09:47:11.596root 11241100x8000000000000000277265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec358b4fbad7e3a2023-02-08 09:47:11.596root 11241100x8000000000000000277264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.596{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548941b8788b93b72023-02-08 09:47:11.596root 11241100x8000000000000000277283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5203b8a96ff9ba52023-02-08 09:47:11.597root 11241100x8000000000000000277282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4119298ff063d7a2023-02-08 09:47:11.597root 11241100x8000000000000000277281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a24a34fa4c6e82023-02-08 09:47:11.597root 11241100x8000000000000000277280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f507c1be60bdd9332023-02-08 09:47:11.597root 11241100x8000000000000000277279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d5f716ffe34fb72023-02-08 09:47:11.597root 11241100x8000000000000000277278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc6a54c650026242023-02-08 09:47:11.597root 11241100x8000000000000000277277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4905fa2dae79ac2023-02-08 09:47:11.597root 11241100x8000000000000000277276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cd984c9c49117d2023-02-08 09:47:11.597root 11241100x8000000000000000277275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912b591647e818042023-02-08 09:47:11.597root 11241100x8000000000000000277274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff8f44c62a244822023-02-08 09:47:11.597root 11241100x8000000000000000277273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.597{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58425b27b89d8a6a2023-02-08 09:47:11.597root 11241100x8000000000000000277297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddd923b576d54022023-02-08 09:47:11.598root 11241100x8000000000000000277296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e53ce32e1203522023-02-08 09:47:11.598root 11241100x8000000000000000277295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdca465065b3d6582023-02-08 09:47:11.598root 11241100x8000000000000000277294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f59e4600b3025b2023-02-08 09:47:11.598root 11241100x8000000000000000277293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93039c837b444e2023-02-08 09:47:11.598root 11241100x8000000000000000277292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513b6a0213d7746d2023-02-08 09:47:11.598root 11241100x8000000000000000277291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbb77e6eeaa9532023-02-08 09:47:11.598root 11241100x8000000000000000277290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd860a1439291da2023-02-08 09:47:11.598root 11241100x8000000000000000277289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee443a59ad4f6f942023-02-08 09:47:11.598root 11241100x8000000000000000277288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8a0a2f4812ccd72023-02-08 09:47:11.598root 11241100x8000000000000000277287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268869b3c4c8b0162023-02-08 09:47:11.598root 11241100x8000000000000000277286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af056effba026e522023-02-08 09:47:11.598root 11241100x8000000000000000277285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078762d1343801652023-02-08 09:47:11.598root 11241100x8000000000000000277284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.598{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa53960aa32f70f22023-02-08 09:47:11.598root 11241100x8000000000000000277306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c1d0fd876e7ef22023-02-08 09:47:11.599root 11241100x8000000000000000277305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c6b3519133e9292023-02-08 09:47:11.599root 11241100x8000000000000000277304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686488ba330a7482023-02-08 09:47:11.599root 11241100x8000000000000000277303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134647afc361240b2023-02-08 09:47:11.599root 11241100x8000000000000000277302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f72b2674c4e62182023-02-08 09:47:11.599root 11241100x8000000000000000277301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab423606ce8b952e2023-02-08 09:47:11.599root 11241100x8000000000000000277300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8641b741aaa8d2023-02-08 09:47:11.599root 11241100x8000000000000000277299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba28909a2ac6bef22023-02-08 09:47:11.599root 11241100x8000000000000000277298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.599{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e690d8d0175ad9b22023-02-08 09:47:11.599root 11241100x8000000000000000277312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7dac4a202ca2702023-02-08 09:47:11.600root 11241100x8000000000000000277311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d480c6ffcb3cc12023-02-08 09:47:11.600root 11241100x8000000000000000277310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa61d73bd5611b1e2023-02-08 09:47:11.600root 11241100x8000000000000000277309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e322513057fd5c2023-02-08 09:47:11.600root 11241100x8000000000000000277308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a3abd37a54c2d42023-02-08 09:47:11.600root 11241100x8000000000000000277307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.600{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3760e9b5ab6a772023-02-08 09:47:11.600root 11241100x8000000000000000277321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22015538ee65890f2023-02-08 09:47:11.601root 11241100x8000000000000000277320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b991926befde8e492023-02-08 09:47:11.601root 11241100x8000000000000000277319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f744138a2dadd8d92023-02-08 09:47:11.601root 11241100x8000000000000000277318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b119a3817858bed2023-02-08 09:47:11.601root 11241100x8000000000000000277317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25423758561ffda2023-02-08 09:47:11.601root 11241100x8000000000000000277316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17964fff9f20f6872023-02-08 09:47:11.601root 11241100x8000000000000000277315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7403dbdb5d4f1122023-02-08 09:47:11.601root 11241100x8000000000000000277314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d37120f3986bd392023-02-08 09:47:11.601root 11241100x8000000000000000277313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.601{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeef5971dff0a6ce2023-02-08 09:47:11.601root 11241100x8000000000000000277329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f1c67a6fec4be82023-02-08 09:47:11.602root 11241100x8000000000000000277328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999c73e04b17f3d22023-02-08 09:47:11.602root 11241100x8000000000000000277327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36ed45080a67e92023-02-08 09:47:11.602root 11241100x8000000000000000277326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661f8fac7ec919a2023-02-08 09:47:11.602root 11241100x8000000000000000277325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5e48766a978ccd2023-02-08 09:47:11.602root 11241100x8000000000000000277324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d02d64545d27ac92023-02-08 09:47:11.602root 11241100x8000000000000000277323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd000a942a9a43842023-02-08 09:47:11.602root 11241100x8000000000000000277322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.602{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ffe3e0164f4eced2023-02-08 09:47:11.602root 11241100x8000000000000000277336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a30d930790b76d2023-02-08 09:47:11.603root 11241100x8000000000000000277335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c461e2149b4809ad2023-02-08 09:47:11.603root 11241100x8000000000000000277334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c76cb70240e8912023-02-08 09:47:11.603root 11241100x8000000000000000277333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe92ffd96d18d892023-02-08 09:47:11.603root 11241100x8000000000000000277332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581605d9aea68a6e2023-02-08 09:47:11.603root 11241100x8000000000000000277331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6734e336b0443e2023-02-08 09:47:11.603root 11241100x8000000000000000277330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.603{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88092e95308e092023-02-08 09:47:11.603root 11241100x8000000000000000277344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d40b784a12fbc62023-02-08 09:47:11.604root 11241100x8000000000000000277343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55865cdde10949262023-02-08 09:47:11.604root 11241100x8000000000000000277342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40537359ae5e5382023-02-08 09:47:11.604root 11241100x8000000000000000277341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b1048a3a5b7ff52023-02-08 09:47:11.604root 11241100x8000000000000000277340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07fc35502b2484e2023-02-08 09:47:11.604root 11241100x8000000000000000277339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5916de15005359e2023-02-08 09:47:11.604root 11241100x8000000000000000277338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9141f3db7f3c8c82023-02-08 09:47:11.604root 11241100x8000000000000000277337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.604{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0669d99f591a462023-02-08 09:47:11.604root 11241100x8000000000000000277353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94efef476ed388e72023-02-08 09:47:11.605root 11241100x8000000000000000277352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebfea3c338e43612023-02-08 09:47:11.605root 11241100x8000000000000000277351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818ebb628becc412023-02-08 09:47:11.605root 11241100x8000000000000000277350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e1c6f531a8f452023-02-08 09:47:11.605root 11241100x8000000000000000277349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90950211801b3252023-02-08 09:47:11.605root 11241100x8000000000000000277348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d49c1e50a956f6e2023-02-08 09:47:11.605root 11241100x8000000000000000277347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2264db0b32ec47f2023-02-08 09:47:11.605root 11241100x8000000000000000277346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f89579f9843d9bd2023-02-08 09:47:11.605root 11241100x8000000000000000277345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.605{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2cf5b0cf7ff7be2023-02-08 09:47:11.605root 11241100x8000000000000000277360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bc6a1780da35aa2023-02-08 09:47:11.606root 11241100x8000000000000000277359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f071879b57cd4c22023-02-08 09:47:11.606root 11241100x8000000000000000277358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bdf1b138f328642023-02-08 09:47:11.606root 11241100x8000000000000000277357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d357af8756fd9ff62023-02-08 09:47:11.606root 11241100x8000000000000000277356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c5bee7f1bd7b242023-02-08 09:47:11.606root 11241100x8000000000000000277355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5e9510e09d6432023-02-08 09:47:11.606root 11241100x8000000000000000277354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.606{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b555b884aabc5e02023-02-08 09:47:11.606root 11241100x8000000000000000277367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0789c52be53ba02023-02-08 09:47:11.607root 11241100x8000000000000000277366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7e72d8bad353b22023-02-08 09:47:11.607root 11241100x8000000000000000277365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067fa6080de855232023-02-08 09:47:11.607root 11241100x8000000000000000277364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642930e9e722ae562023-02-08 09:47:11.607root 11241100x8000000000000000277363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ee91038b93197b2023-02-08 09:47:11.607root 11241100x8000000000000000277362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb006516bddd9032023-02-08 09:47:11.607root 11241100x8000000000000000277361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.607{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2341246b039fde2023-02-08 09:47:11.607root 11241100x8000000000000000277375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac5ca68eb2cb4972023-02-08 09:47:11.608root 11241100x8000000000000000277374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f5586e658f79ef2023-02-08 09:47:11.608root 11241100x8000000000000000277373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d849f53423cd02c2023-02-08 09:47:11.608root 11241100x8000000000000000277372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98131f4fd2dfd6592023-02-08 09:47:11.608root 11241100x8000000000000000277371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb2c9c5fd36c2942023-02-08 09:47:11.608root 11241100x8000000000000000277370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394bfbafcc37eb5b2023-02-08 09:47:11.608root 11241100x8000000000000000277369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76315e0882030e92023-02-08 09:47:11.608root 11241100x8000000000000000277368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.608{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5262d8c82f2872c2023-02-08 09:47:11.608root 11241100x8000000000000000277383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc9856509c5deda2023-02-08 09:47:11.609root 11241100x8000000000000000277382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928c9f8cb121f9342023-02-08 09:47:11.609root 11241100x8000000000000000277381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878d73411b3a0d612023-02-08 09:47:11.609root 11241100x8000000000000000277380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edc6ad055f01c1d2023-02-08 09:47:11.609root 11241100x8000000000000000277379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8de6f60c00e4d82023-02-08 09:47:11.609root 11241100x8000000000000000277378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0186a0e7c8dc612023-02-08 09:47:11.609root 11241100x8000000000000000277377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9247e2aecb9fb3032023-02-08 09:47:11.609root 11241100x8000000000000000277376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.609{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124248845c5d419e2023-02-08 09:47:11.609root 11241100x8000000000000000277388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.610{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da005b1806662a742023-02-08 09:47:11.610root 11241100x8000000000000000277387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.610{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5e4ae35d993e282023-02-08 09:47:11.610root 11241100x8000000000000000277386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.610{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0c2b6200ff6f92023-02-08 09:47:11.610root 11241100x8000000000000000277385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.610{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a9e43ceef28922023-02-08 09:47:11.610root 11241100x8000000000000000277384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.610{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d54933e96c71842023-02-08 09:47:11.610root 11241100x8000000000000000277393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.611{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df46b4fa36b96232023-02-08 09:47:11.611root 11241100x8000000000000000277392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.611{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e59cf27debb4f2023-02-08 09:47:11.611root 11241100x8000000000000000277391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.611{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9ea596e5623f032023-02-08 09:47:11.611root 11241100x8000000000000000277390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.611{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4495708926a2a2a22023-02-08 09:47:11.611root 11241100x8000000000000000277389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.611{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b2d55595733682023-02-08 09:47:11.611root 11241100x8000000000000000277399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8efe6c0746ca30a2023-02-08 09:47:11.612root 11241100x8000000000000000277398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c96e4b766f3e6152023-02-08 09:47:11.612root 11241100x8000000000000000277397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363d14403d2b4462023-02-08 09:47:11.612root 11241100x8000000000000000277396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039cfb7830f1fee2023-02-08 09:47:11.612root 11241100x8000000000000000277395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6205e40975773bcd2023-02-08 09:47:11.612root 11241100x8000000000000000277394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.612{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4e3f14cee2d0f92023-02-08 09:47:11.612root 11241100x8000000000000000277407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e95d571342fbf042023-02-08 09:47:11.613root 11241100x8000000000000000277406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0d930a863368402023-02-08 09:47:11.613root 11241100x8000000000000000277405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e61578d2fb2b462023-02-08 09:47:11.613root 11241100x8000000000000000277404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b6f38d3809c6e02023-02-08 09:47:11.613root 11241100x8000000000000000277403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02253d4416dd63a92023-02-08 09:47:11.613root 11241100x8000000000000000277402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba27d53e717e40522023-02-08 09:47:11.613root 11241100x8000000000000000277401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aa21ec6585ed0b2023-02-08 09:47:11.613root 11241100x8000000000000000277400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.613{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a645ff2a277499cc2023-02-08 09:47:11.613root 11241100x8000000000000000277409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.614{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa3ca86333b698a2023-02-08 09:47:11.614root 11241100x8000000000000000277408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.614{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9048dc8536d66852023-02-08 09:47:11.614root 11241100x8000000000000000277410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.615{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d7feeeea52f3e2023-02-08 09:47:11.615root 11241100x8000000000000000277413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.616{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336ab0df9b6ae8672023-02-08 09:47:11.616root 11241100x8000000000000000277412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.616{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534a9a1ddb2a7172023-02-08 09:47:11.616root 11241100x8000000000000000277411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.616{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1f95fd5135bf62023-02-08 09:47:11.616root 11241100x8000000000000000277420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b0d77518f76172023-02-08 09:47:11.617root 11241100x8000000000000000277419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f348cf688aab3352023-02-08 09:47:11.617root 11241100x8000000000000000277418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e7900cfe7cfe852023-02-08 09:47:11.617root 11241100x8000000000000000277417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b7438cf39cf752023-02-08 09:47:11.617root 11241100x8000000000000000277416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbee0f935000db12023-02-08 09:47:11.617root 11241100x8000000000000000277415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73228f25f7a82472023-02-08 09:47:11.617root 11241100x8000000000000000277414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.617{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00455bd3f4bce1182023-02-08 09:47:11.617root 11241100x8000000000000000277431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5ac34685395472023-02-08 09:47:11.618root 11241100x8000000000000000277430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920c459c0dfe2e52023-02-08 09:47:11.618root 11241100x8000000000000000277429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8e318ac62b723f2023-02-08 09:47:11.618root 11241100x8000000000000000277428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555a5d38e2ad9df2023-02-08 09:47:11.618root 11241100x8000000000000000277427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8c393476481a0c2023-02-08 09:47:11.618root 11241100x8000000000000000277426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3067ea79bdb71072023-02-08 09:47:11.618root 11241100x8000000000000000277425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59693aeb8a218a32023-02-08 09:47:11.618root 11241100x8000000000000000277424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d05653388f5c6162023-02-08 09:47:11.618root 11241100x8000000000000000277423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bf2827dda4692b2023-02-08 09:47:11.618root 11241100x8000000000000000277422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ced4fa5a5639632023-02-08 09:47:11.618root 11241100x8000000000000000277421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.618{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316473d85cf7d1182023-02-08 09:47:11.618root 11241100x8000000000000000277438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4621a4a4b5d3ef642023-02-08 09:47:11.619root 11241100x8000000000000000277437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba19d39b9e0a922023-02-08 09:47:11.619root 11241100x8000000000000000277436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa3234e2e9f5f82023-02-08 09:47:11.619root 11241100x8000000000000000277435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687327b8bef97e52023-02-08 09:47:11.619root 11241100x8000000000000000277434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cde747f4ecf2632023-02-08 09:47:11.619root 11241100x8000000000000000277433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd1d679064662d92023-02-08 09:47:11.619root 11241100x8000000000000000277432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.619{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af1f9e5b83bb4822023-02-08 09:47:11.619root 11241100x8000000000000000277446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd370070c38911452023-02-08 09:47:11.620root 11241100x8000000000000000277445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c684431fb858572023-02-08 09:47:11.620root 11241100x8000000000000000277444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498f6c24438fd63d2023-02-08 09:47:11.620root 11241100x8000000000000000277443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5c23cbdc80373b2023-02-08 09:47:11.620root 11241100x8000000000000000277442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822c8c50418a61632023-02-08 09:47:11.620root 11241100x8000000000000000277441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7fc3d66cecaf522023-02-08 09:47:11.620root 11241100x8000000000000000277440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8aec036928553a2023-02-08 09:47:11.620root 11241100x8000000000000000277439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.620{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b8842456534eb2023-02-08 09:47:11.620root 11241100x8000000000000000277453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6073448f0a96e12023-02-08 09:47:11.621root 11241100x8000000000000000277452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0d5afc536a3aac2023-02-08 09:47:11.621root 11241100x8000000000000000277451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d259d78a747e1a2023-02-08 09:47:11.621root 11241100x8000000000000000277450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09b641c63a788192023-02-08 09:47:11.621root 11241100x8000000000000000277449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d09cc29c353b3e82023-02-08 09:47:11.621root 11241100x8000000000000000277448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6e6353c450accb2023-02-08 09:47:11.621root 11241100x8000000000000000277447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.621{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a6f8932b132002023-02-08 09:47:11.621root 11241100x8000000000000000277460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63bf3b5dd5476122023-02-08 09:47:11.622root 11241100x8000000000000000277459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bec5555357a15e62023-02-08 09:47:11.622root 11241100x8000000000000000277458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5452708a13726a1e2023-02-08 09:47:11.622root 11241100x8000000000000000277457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61c3b739de410c72023-02-08 09:47:11.622root 11241100x8000000000000000277456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3da988dc6346c2023-02-08 09:47:11.622root 11241100x8000000000000000277455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4891dc06476fd2023-02-08 09:47:11.622root 11241100x8000000000000000277454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.622{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf181ae279a5625d2023-02-08 09:47:11.622root 11241100x8000000000000000277469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d336e29e21fc4beb2023-02-08 09:47:11.623root 11241100x8000000000000000277468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd0aac73fa711bd2023-02-08 09:47:11.623root 11241100x8000000000000000277467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728175ac288d7fe82023-02-08 09:47:11.623root 11241100x8000000000000000277466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83cad6d37a0ff5b2023-02-08 09:47:11.623root 11241100x8000000000000000277465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8559573c4fc428f2023-02-08 09:47:11.623root 11241100x8000000000000000277464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65faa06a4157ffc2023-02-08 09:47:11.623root 11241100x8000000000000000277463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1330223aa587f75e2023-02-08 09:47:11.623root 11241100x8000000000000000277462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcb0fecd43b02ad2023-02-08 09:47:11.623root 11241100x8000000000000000277461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.623{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ace3c1c1ff4b1862023-02-08 09:47:11.623root 11241100x8000000000000000277477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618a67dcbf95ac132023-02-08 09:47:11.624root 11241100x8000000000000000277476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165516c78805f3ba2023-02-08 09:47:11.624root 11241100x8000000000000000277475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c21e2e87522b12023-02-08 09:47:11.624root 11241100x8000000000000000277474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8486426d99e1ba2b2023-02-08 09:47:11.624root 11241100x8000000000000000277473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5530cfcbc09310bb2023-02-08 09:47:11.624root 11241100x8000000000000000277472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb089d45af48f41f2023-02-08 09:47:11.624root 11241100x8000000000000000277471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bee215f09e82ca2023-02-08 09:47:11.624root 11241100x8000000000000000277470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.624{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7703707ee81a4cbe2023-02-08 09:47:11.624root 11241100x8000000000000000277480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.625{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d481e5899b0a8a2023-02-08 09:47:11.625root 11241100x8000000000000000277479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.625{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2ee4fcccb73dc12023-02-08 09:47:11.625root 11241100x8000000000000000277478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.625{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198211aad1c861a2023-02-08 09:47:11.625root 11241100x8000000000000000277490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d685e4ed685566bc2023-02-08 09:47:11.626root 11241100x8000000000000000277489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdaa56e244c040a2023-02-08 09:47:11.626root 11241100x8000000000000000277488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175854e1d6b0c0552023-02-08 09:47:11.626root 11241100x8000000000000000277487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a49dccb48938f22023-02-08 09:47:11.626root 11241100x8000000000000000277486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303cef38d6aa879f2023-02-08 09:47:11.626root 11241100x8000000000000000277485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85f47fbaf28f882023-02-08 09:47:11.626root 11241100x8000000000000000277484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a686ce85dbf0c2023-02-08 09:47:11.626root 11241100x8000000000000000277483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22659d49c493d4972023-02-08 09:47:11.626root 11241100x8000000000000000277482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f417780c87d02bc2023-02-08 09:47:11.626root 11241100x8000000000000000277481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.626{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818e9956e5cc9562023-02-08 09:47:11.626root 11241100x8000000000000000277500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822319e9e7890d082023-02-08 09:47:11.627root 11241100x8000000000000000277499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5287c5daefba69392023-02-08 09:47:11.627root 11241100x8000000000000000277498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f661e9ae128b5b22023-02-08 09:47:11.627root 11241100x8000000000000000277497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eb92fcc810c84a2023-02-08 09:47:11.627root 11241100x8000000000000000277496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b135879cbd107c992023-02-08 09:47:11.627root 11241100x8000000000000000277495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33443ca6db2b6eec2023-02-08 09:47:11.627root 11241100x8000000000000000277494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2586f5532ee4012023-02-08 09:47:11.627root 11241100x8000000000000000277493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df48702faf8712ab2023-02-08 09:47:11.627root 11241100x8000000000000000277492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaeab28fda333ee2023-02-08 09:47:11.627root 11241100x8000000000000000277491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.627{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e75401acac3f902023-02-08 09:47:11.627root 11241100x8000000000000000277509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8405ef63dcfe802023-02-08 09:47:11.628root 11241100x8000000000000000277508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab008297fd2c2cdb2023-02-08 09:47:11.628root 11241100x8000000000000000277507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96f1b51f94594302023-02-08 09:47:11.628root 11241100x8000000000000000277506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790e5aa8fea10f382023-02-08 09:47:11.628root 11241100x8000000000000000277505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb18fdfec8d48612023-02-08 09:47:11.628root 11241100x8000000000000000277504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ead83e18661f5c82023-02-08 09:47:11.628root 11241100x8000000000000000277503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054c61162b4974b02023-02-08 09:47:11.628root 11241100x8000000000000000277502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bc1b28cee8b10a2023-02-08 09:47:11.628root 11241100x8000000000000000277501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.628{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc098e7f22cd86a52023-02-08 09:47:11.628root 11241100x8000000000000000277519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93afb5ab40ee07c2023-02-08 09:47:11.629root 11241100x8000000000000000277518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdb88037f4a2d622023-02-08 09:47:11.629root 11241100x8000000000000000277517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6aa328b2b30b082023-02-08 09:47:11.629root 11241100x8000000000000000277516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cd933a4615b6c22023-02-08 09:47:11.629root 11241100x8000000000000000277515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc5f3c03824f5732023-02-08 09:47:11.629root 11241100x8000000000000000277514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91148468f93e8bc52023-02-08 09:47:11.629root 11241100x8000000000000000277513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27cbae5cfd8b30e2023-02-08 09:47:11.629root 11241100x8000000000000000277512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2a3b753009de572023-02-08 09:47:11.629root 11241100x8000000000000000277511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2239f6d06cd0722023-02-08 09:47:11.629root 11241100x8000000000000000277510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.629{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e82d5fc53087c562023-02-08 09:47:11.629root 11241100x8000000000000000277529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce7cea946f5777d2023-02-08 09:47:11.630root 11241100x8000000000000000277528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f953fd0c290c3962023-02-08 09:47:11.630root 11241100x8000000000000000277527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f3c2119e058f2e2023-02-08 09:47:11.630root 11241100x8000000000000000277526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd401f36df7540702023-02-08 09:47:11.630root 11241100x8000000000000000277525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0966bf102d56fbd82023-02-08 09:47:11.630root 11241100x8000000000000000277524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4545aaf5c691d6e72023-02-08 09:47:11.630root 11241100x8000000000000000277523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eab04a65b117b562023-02-08 09:47:11.630root 11241100x8000000000000000277522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb6a99b5e767a502023-02-08 09:47:11.630root 11241100x8000000000000000277521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4f136f0e0a9e9d2023-02-08 09:47:11.630root 11241100x8000000000000000277520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.630{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5097c4728a102dea2023-02-08 09:47:11.630root 11241100x8000000000000000277537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e14177170a32ea2023-02-08 09:47:11.631root 11241100x8000000000000000277536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d90ce57cf95f5b2023-02-08 09:47:11.631root 11241100x8000000000000000277535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b236541349056e7c2023-02-08 09:47:11.631root 11241100x8000000000000000277534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e8f6a4b5ec3e4f2023-02-08 09:47:11.631root 11241100x8000000000000000277533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea19a55b98d6234a2023-02-08 09:47:11.631root 11241100x8000000000000000277532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0625029c6a8cb32023-02-08 09:47:11.631root 11241100x8000000000000000277531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b59d397c79a7e62023-02-08 09:47:11.631root 11241100x8000000000000000277530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.631{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc19a5575a819cf2023-02-08 09:47:11.631root 11241100x8000000000000000277546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae512e9fa3b43a2023-02-08 09:47:11.632root 11241100x8000000000000000277545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2e9759dfff4ed02023-02-08 09:47:11.632root 11241100x8000000000000000277544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504aa102a3ddd482023-02-08 09:47:11.632root 11241100x8000000000000000277543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aebf3dacdbe8992023-02-08 09:47:11.632root 11241100x8000000000000000277542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60512212f302af382023-02-08 09:47:11.632root 11241100x8000000000000000277541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a1da48ae802ae2023-02-08 09:47:11.632root 11241100x8000000000000000277540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a778bd6608705ccc2023-02-08 09:47:11.632root 11241100x8000000000000000277539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6f97896d152c232023-02-08 09:47:11.632root 11241100x8000000000000000277538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.632{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f63657cf51a8fb62023-02-08 09:47:11.632root 11241100x8000000000000000277554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f57016c9bfae19d2023-02-08 09:47:11.633root 11241100x8000000000000000277553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382abb3191ec1222023-02-08 09:47:11.633root 11241100x8000000000000000277552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf5e561e10d59242023-02-08 09:47:11.633root 11241100x8000000000000000277551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3944a26fbf5bf402023-02-08 09:47:11.633root 11241100x8000000000000000277550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee357ed22bf743592023-02-08 09:47:11.633root 11241100x8000000000000000277549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715aa0e733ae8f512023-02-08 09:47:11.633root 11241100x8000000000000000277548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe6af314eae9a452023-02-08 09:47:11.633root 11241100x8000000000000000277547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.633{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402dee9253779e5a2023-02-08 09:47:11.633root 11241100x8000000000000000277563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d88628739062762023-02-08 09:47:11.634root 11241100x8000000000000000277562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da68d42b1d0dc282023-02-08 09:47:11.634root 11241100x8000000000000000277561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fba4cc216643682023-02-08 09:47:11.634root 11241100x8000000000000000277560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac38eba50c4d9e2023-02-08 09:47:11.634root 11241100x8000000000000000277559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e444f19309fc01372023-02-08 09:47:11.634root 11241100x8000000000000000277558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a76e3148d7d4002023-02-08 09:47:11.634root 11241100x8000000000000000277557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35248b311f864e572023-02-08 09:47:11.634root 11241100x8000000000000000277556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd3e0f74285d4aa2023-02-08 09:47:11.634root 11241100x8000000000000000277555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.634{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f436ceb63199ee12023-02-08 09:47:11.634root 11241100x8000000000000000277571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152e68c6052554902023-02-08 09:47:11.635root 11241100x8000000000000000277570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201758b3e830fea2023-02-08 09:47:11.635root 11241100x8000000000000000277569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9583156248b58ad72023-02-08 09:47:11.635root 11241100x8000000000000000277568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d550e4d014cfb2b12023-02-08 09:47:11.635root 11241100x8000000000000000277567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d1032ed98d90d42023-02-08 09:47:11.635root 11241100x8000000000000000277566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e1f7bc3260b28e2023-02-08 09:47:11.635root 11241100x8000000000000000277565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ccf938de8aafc22023-02-08 09:47:11.635root 11241100x8000000000000000277564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.635{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51afea5dc634f4de2023-02-08 09:47:11.635root 11241100x8000000000000000277573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.637{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa428a75aa2df1262023-02-08 09:47:11.637root 11241100x8000000000000000277572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.637{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001b537ef2ec159b2023-02-08 09:47:11.637root 11241100x8000000000000000277582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdc0c96bee124d12023-02-08 09:47:11.638root 11241100x8000000000000000277581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e37a3df5aa8fd922023-02-08 09:47:11.638root 11241100x8000000000000000277580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafbe1b50034ac592023-02-08 09:47:11.638root 11241100x8000000000000000277579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11668822018da4b92023-02-08 09:47:11.638root 11241100x8000000000000000277578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5adc2b098b5cceb2023-02-08 09:47:11.638root 11241100x8000000000000000277577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090b68c7122a9abd2023-02-08 09:47:11.638root 11241100x8000000000000000277576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccb51adeaa93e362023-02-08 09:47:11.638root 11241100x8000000000000000277575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57186c1718ace6a2023-02-08 09:47:11.638root 11241100x8000000000000000277574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.638{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408c64cd6a04ae5f2023-02-08 09:47:11.638root 11241100x8000000000000000277591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9c30ebde1da5922023-02-08 09:47:11.639root 11241100x8000000000000000277590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a5df098210d5b22023-02-08 09:47:11.639root 11241100x8000000000000000277589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2c12875efcf9202023-02-08 09:47:11.639root 11241100x8000000000000000277588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227d72599fa26e352023-02-08 09:47:11.639root 11241100x8000000000000000277587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7b9ad7d2ba8f752023-02-08 09:47:11.639root 11241100x8000000000000000277586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c3a63aec1ac0172023-02-08 09:47:11.639root 11241100x8000000000000000277585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe09b8132fd931b2023-02-08 09:47:11.639root 11241100x8000000000000000277584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63216b934307ed512023-02-08 09:47:11.639root 11241100x8000000000000000277583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.639{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e86f41c2fe14652023-02-08 09:47:11.639root 11241100x8000000000000000277600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f2e9b9fc8af3352023-02-08 09:47:11.640root 11241100x8000000000000000277599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30440295c71435322023-02-08 09:47:11.640root 11241100x8000000000000000277598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30ea60f1c9b8a882023-02-08 09:47:11.640root 11241100x8000000000000000277597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0af0a81b56514b2023-02-08 09:47:11.640root 11241100x8000000000000000277596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fadf59d8773da422023-02-08 09:47:11.640root 11241100x8000000000000000277595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb2ffd86539e0142023-02-08 09:47:11.640root 11241100x8000000000000000277594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977e73a6b227ff702023-02-08 09:47:11.640root 11241100x8000000000000000277593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6082fd4ec715f3872023-02-08 09:47:11.640root 11241100x8000000000000000277592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.640{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6505a10e06b4032023-02-08 09:47:11.640root 11241100x8000000000000000277609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f552b803c30ba002023-02-08 09:47:11.641root 11241100x8000000000000000277608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0041f64110a5362023-02-08 09:47:11.641root 11241100x8000000000000000277607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba2a7ac4f69b8402023-02-08 09:47:11.641root 11241100x8000000000000000277606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d38e6d9ee9a6ca2023-02-08 09:47:11.641root 11241100x8000000000000000277605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9378f10e5b3f70832023-02-08 09:47:11.641root 11241100x8000000000000000277604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3188e8c8234711062023-02-08 09:47:11.641root 11241100x8000000000000000277603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14606a95bf42e2552023-02-08 09:47:11.641root 11241100x8000000000000000277602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271132d7b8d1e31e2023-02-08 09:47:11.641root 11241100x8000000000000000277601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.641{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550adadbf1e24f4b2023-02-08 09:47:11.641root 11241100x8000000000000000277617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de89a3c12a4c91852023-02-08 09:47:11.642root 11241100x8000000000000000277616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe288c5aa47ae4e52023-02-08 09:47:11.642root 11241100x8000000000000000277615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46aa8acee362e99d2023-02-08 09:47:11.642root 11241100x8000000000000000277614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8562e6fcb229d02023-02-08 09:47:11.642root 11241100x8000000000000000277613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f025f11053ce9f32023-02-08 09:47:11.642root 11241100x8000000000000000277612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28843f720e3ce0a2023-02-08 09:47:11.642root 11241100x8000000000000000277611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56708d715caa012c2023-02-08 09:47:11.642root 11241100x8000000000000000277610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.642{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faedc225065e1ae02023-02-08 09:47:11.642root 11241100x8000000000000000277626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba00e7ff50fd837d2023-02-08 09:47:11.643root 11241100x8000000000000000277625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054b4ef555c89402023-02-08 09:47:11.643root 11241100x8000000000000000277624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524f6c9412d80a7b2023-02-08 09:47:11.643root 11241100x8000000000000000277623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751cd17b0e4a24842023-02-08 09:47:11.643root 11241100x8000000000000000277622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de77bd985809ca7e2023-02-08 09:47:11.643root 11241100x8000000000000000277621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8aedf1f273f872023-02-08 09:47:11.643root 11241100x8000000000000000277620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef4f3c5fbf05c1b2023-02-08 09:47:11.643root 11241100x8000000000000000277619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d6a947ffde2bd72023-02-08 09:47:11.643root 11241100x8000000000000000277618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.643{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe3a0790c463fd32023-02-08 09:47:11.643root 11241100x8000000000000000277634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5983ebac9a19532023-02-08 09:47:11.644root 11241100x8000000000000000277633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d2a687035aa9312023-02-08 09:47:11.644root 11241100x8000000000000000277632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3da45a51301df152023-02-08 09:47:11.644root 11241100x8000000000000000277631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19811f0b7b8baae2023-02-08 09:47:11.644root 11241100x8000000000000000277630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01113c7c33459a012023-02-08 09:47:11.644root 11241100x8000000000000000277629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ceb7ff67d3242d32023-02-08 09:47:11.644root 11241100x8000000000000000277628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90febfaacd6c0fb52023-02-08 09:47:11.644root 11241100x8000000000000000277627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.644{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fbf7ef7c3b083a2023-02-08 09:47:11.644root 11241100x8000000000000000277643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54312b5415bf05d72023-02-08 09:47:11.645root 11241100x8000000000000000277642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fad53100dfeba62023-02-08 09:47:11.645root 11241100x8000000000000000277641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89343cbec944758c2023-02-08 09:47:11.645root 11241100x8000000000000000277640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132abe03e31164582023-02-08 09:47:11.645root 11241100x8000000000000000277639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33948f97e1f34f62023-02-08 09:47:11.645root 11241100x8000000000000000277638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be843c936cea3992023-02-08 09:47:11.645root 11241100x8000000000000000277637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52191ae39597d46a2023-02-08 09:47:11.645root 11241100x8000000000000000277636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42384c60e0ebf7a2023-02-08 09:47:11.645root 11241100x8000000000000000277635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.645{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2230c73998fee8692023-02-08 09:47:11.645root 11241100x8000000000000000277650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb39a71ab5a1f6ca2023-02-08 09:47:11.646root 11241100x8000000000000000277649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17bfbb8873634e22023-02-08 09:47:11.646root 11241100x8000000000000000277648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cd62ccb778ea042023-02-08 09:47:11.646root 11241100x8000000000000000277647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f965bbe999e488322023-02-08 09:47:11.646root 11241100x8000000000000000277646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48234e0487abea662023-02-08 09:47:11.646root 11241100x8000000000000000277645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421e6db4710d62952023-02-08 09:47:11.646root 11241100x8000000000000000277644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.646{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8493ecba99ea8832023-02-08 09:47:11.646root 11241100x8000000000000000277652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.649{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b75d01b50343862023-02-08 09:47:11.649root 11241100x8000000000000000277651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.649{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f59169316b7182023-02-08 09:47:11.649root 11241100x8000000000000000277659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d244a5a914f32b542023-02-08 09:47:11.650root 11241100x8000000000000000277658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d89c6f15622864b2023-02-08 09:47:11.650root 11241100x8000000000000000277657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e7aecaa38457b62023-02-08 09:47:11.650root 11241100x8000000000000000277656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b727bce38222726b2023-02-08 09:47:11.650root 11241100x8000000000000000277655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b651be51170ca02023-02-08 09:47:11.650root 11241100x8000000000000000277654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce933d035c7aa9842023-02-08 09:47:11.650root 11241100x8000000000000000277653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.650{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b364fafa489af22023-02-08 09:47:11.650root 11241100x8000000000000000277668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2316c0c85a955272023-02-08 09:47:11.651root 11241100x8000000000000000277667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f2fb601cb04512023-02-08 09:47:11.651root 11241100x8000000000000000277666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3d1a78dc286d882023-02-08 09:47:11.651root 11241100x8000000000000000277665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7874aec3205f24562023-02-08 09:47:11.651root 11241100x8000000000000000277664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f38dc19591358492023-02-08 09:47:11.651root 11241100x8000000000000000277663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9669b53f82373e792023-02-08 09:47:11.651root 11241100x8000000000000000277662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee530a2cb538ee522023-02-08 09:47:11.651root 11241100x8000000000000000277661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de5f08a0e8269f12023-02-08 09:47:11.651root 11241100x8000000000000000277660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.651{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a59154fa6c13dba2023-02-08 09:47:11.651root 11241100x8000000000000000277677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959d5826da8e6d032023-02-08 09:47:11.652root 11241100x8000000000000000277676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8973bdfeca2a912023-02-08 09:47:11.652root 11241100x8000000000000000277675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb16a1bd04dd0232023-02-08 09:47:11.652root 11241100x8000000000000000277674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff1c6b413a3bdc42023-02-08 09:47:11.652root 11241100x8000000000000000277673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef66e451c8d7942023-02-08 09:47:11.652root 11241100x8000000000000000277672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f27292bf202d2d2023-02-08 09:47:11.652root 11241100x8000000000000000277671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a4b811cf36cf12023-02-08 09:47:11.652root 11241100x8000000000000000277670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622196a46f23dee2023-02-08 09:47:11.652root 11241100x8000000000000000277669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.652{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ebaf2532ab7d512023-02-08 09:47:11.652root 11241100x8000000000000000277685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ca2deb10e92d602023-02-08 09:47:11.653root 11241100x8000000000000000277684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c2a664754569f02023-02-08 09:47:11.653root 11241100x8000000000000000277683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fcfacb5f1cbba22023-02-08 09:47:11.653root 11241100x8000000000000000277682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450302ff8948d3662023-02-08 09:47:11.653root 11241100x8000000000000000277681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd80df5816d4c872023-02-08 09:47:11.653root 11241100x8000000000000000277680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573c11e54ff9cd2e2023-02-08 09:47:11.653root 11241100x8000000000000000277679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a9b073c727e7ab2023-02-08 09:47:11.653root 11241100x8000000000000000277678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.653{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67154db7277cb172023-02-08 09:47:11.653root 11241100x8000000000000000277693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70638239a2bdecb72023-02-08 09:47:11.654root 11241100x8000000000000000277692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83197c8f524294a32023-02-08 09:47:11.654root 11241100x8000000000000000277691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036c582174f8ef722023-02-08 09:47:11.654root 11241100x8000000000000000277690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cd99f7a57b22d12023-02-08 09:47:11.654root 11241100x8000000000000000277689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbf916441d42c552023-02-08 09:47:11.654root 11241100x8000000000000000277688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f469add9ce81aa2023-02-08 09:47:11.654root 11241100x8000000000000000277687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7235ceb62ebef2832023-02-08 09:47:11.654root 11241100x8000000000000000277686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.654{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0093c4368d6d69a32023-02-08 09:47:11.654root 11241100x8000000000000000277702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5274338894dcdf172023-02-08 09:47:11.655root 11241100x8000000000000000277701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8dcfff858111ca2023-02-08 09:47:11.655root 11241100x8000000000000000277700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3752cad0c4e0ad832023-02-08 09:47:11.655root 11241100x8000000000000000277699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10843b5a951fc24f2023-02-08 09:47:11.655root 11241100x8000000000000000277698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13c4d74eb46e482023-02-08 09:47:11.655root 11241100x8000000000000000277697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff78e1cafbb405e2023-02-08 09:47:11.655root 11241100x8000000000000000277696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4106826feb6998a12023-02-08 09:47:11.655root 11241100x8000000000000000277695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d948c5ea3ee6702023-02-08 09:47:11.655root 11241100x8000000000000000277694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.655{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8632ed7235a6f422023-02-08 09:47:11.655root 11241100x8000000000000000277711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2217422c57a084e72023-02-08 09:47:11.656root 11241100x8000000000000000277710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff4717dafcf78f62023-02-08 09:47:11.656root 11241100x8000000000000000277709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c325aeedf12b5e42023-02-08 09:47:11.656root 11241100x8000000000000000277708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eabfa7cfb553d662023-02-08 09:47:11.656root 11241100x8000000000000000277707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a085e6e9770f352023-02-08 09:47:11.656root 11241100x8000000000000000277706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefebcf3a739a7982023-02-08 09:47:11.656root 11241100x8000000000000000277705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ecf953b3d71dff2023-02-08 09:47:11.656root 11241100x8000000000000000277704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2233ff129f9c5bb92023-02-08 09:47:11.656root 11241100x8000000000000000277703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.656{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c4b6b13d22894f2023-02-08 09:47:11.656root 11241100x8000000000000000277717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d9081dd356715d2023-02-08 09:47:11.657root 11241100x8000000000000000277716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79813c09e7a7ec892023-02-08 09:47:11.657root 11241100x8000000000000000277715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c4b3a5a3b355fa2023-02-08 09:47:11.657root 11241100x8000000000000000277714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a10746eaea5bace2023-02-08 09:47:11.657root 11241100x8000000000000000277713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518bdc72b6e1ef302023-02-08 09:47:11.657root 11241100x8000000000000000277712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.657{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a87124feb7b6f662023-02-08 09:47:11.657root 11241100x8000000000000000277725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6974103c5064ae02023-02-08 09:47:11.658root 11241100x8000000000000000277724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f93f54ba71563832023-02-08 09:47:11.658root 11241100x8000000000000000277723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f593a976dfd9c0e82023-02-08 09:47:11.658root 11241100x8000000000000000277722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cdb2379ea159782023-02-08 09:47:11.658root 11241100x8000000000000000277721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d09f7de998bc50b2023-02-08 09:47:11.658root 11241100x8000000000000000277720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94eb0ee4f86e9d52023-02-08 09:47:11.658root 11241100x8000000000000000277719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c076ae0f49a1ba72023-02-08 09:47:11.658root 11241100x8000000000000000277718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.658{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3c553ba85216612023-02-08 09:47:11.658root 11241100x8000000000000000277731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44eac945f0e84f2e2023-02-08 09:47:11.659root 11241100x8000000000000000277730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b58357b409cfc302023-02-08 09:47:11.659root 11241100x8000000000000000277729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bd58c89b8cc82b2023-02-08 09:47:11.659root 11241100x8000000000000000277728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c74937664dc6532023-02-08 09:47:11.659root 11241100x8000000000000000277727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18976f3fa2a1c59d2023-02-08 09:47:11.659root 11241100x8000000000000000277726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.659{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeca4d4d6f98ece52023-02-08 09:47:11.659root 11241100x8000000000000000277740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9017ddb300165182023-02-08 09:47:11.660root 11241100x8000000000000000277739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1c50e9c880a2c22023-02-08 09:47:11.660root 11241100x8000000000000000277738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145e362c84bfc0f92023-02-08 09:47:11.660root 11241100x8000000000000000277737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b470ff7439e795802023-02-08 09:47:11.660root 11241100x8000000000000000277736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5205189cbe25e32023-02-08 09:47:11.660root 11241100x8000000000000000277735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcfa6bcdb92d7602023-02-08 09:47:11.660root 11241100x8000000000000000277734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7976f07b0ae0d0042023-02-08 09:47:11.660root 11241100x8000000000000000277733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066a5143d239a96f2023-02-08 09:47:11.660root 11241100x8000000000000000277732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.660{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70de81c78a4f40542023-02-08 09:47:11.660root 11241100x8000000000000000277748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5770cb101f61b92023-02-08 09:47:11.661root 11241100x8000000000000000277747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca853d86bb0d2ba2023-02-08 09:47:11.661root 11241100x8000000000000000277746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af88d5914fe5d412023-02-08 09:47:11.661root 11241100x8000000000000000277745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67175371dc71bf762023-02-08 09:47:11.661root 11241100x8000000000000000277744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fdc7603446c8322023-02-08 09:47:11.661root 11241100x8000000000000000277743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cec0a9181175ab42023-02-08 09:47:11.661root 11241100x8000000000000000277742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2951c285b5ac6edb2023-02-08 09:47:11.661root 11241100x8000000000000000277741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.661{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6f23397971a0bb2023-02-08 09:47:11.661root 11241100x8000000000000000277756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712150df86b8ccb2023-02-08 09:47:11.662root 11241100x8000000000000000277755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f960ffbfcad912db2023-02-08 09:47:11.662root 11241100x8000000000000000277754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9cf1b928ce4292023-02-08 09:47:11.662root 11241100x8000000000000000277753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0d78853053611c2023-02-08 09:47:11.662root 11241100x8000000000000000277752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab9e9a1109500f2023-02-08 09:47:11.662root 11241100x8000000000000000277751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ebf28250228b262023-02-08 09:47:11.662root 11241100x8000000000000000277750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214215a5f01d92b22023-02-08 09:47:11.662root 11241100x8000000000000000277749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.662{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eabbfc1fb65dda2023-02-08 09:47:11.662root 11241100x8000000000000000277765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f16b4d5b12497f92023-02-08 09:47:11.663root 11241100x8000000000000000277764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9624e99c4b9569c2023-02-08 09:47:11.663root 11241100x8000000000000000277763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f579accf53947a2023-02-08 09:47:11.663root 11241100x8000000000000000277762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa9539970a7d0102023-02-08 09:47:11.663root 11241100x8000000000000000277761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8dc46e94515ae52023-02-08 09:47:11.663root 11241100x8000000000000000277760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec158b62a824a8b2023-02-08 09:47:11.663root 11241100x8000000000000000277759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6704fe96514e621b2023-02-08 09:47:11.663root 11241100x8000000000000000277758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951a1bd0140031252023-02-08 09:47:11.663root 11241100x8000000000000000277757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.663{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c450f67848de28492023-02-08 09:47:11.663root 11241100x8000000000000000277772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e787d1074ea584b12023-02-08 09:47:11.664root 11241100x8000000000000000277771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56729c83fc0c942b2023-02-08 09:47:11.664root 11241100x8000000000000000277770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83746ddfbd3d04252023-02-08 09:47:11.664root 11241100x8000000000000000277769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c4dc661f9113612023-02-08 09:47:11.664root 11241100x8000000000000000277768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cccc662cead89f82023-02-08 09:47:11.664root 11241100x8000000000000000277767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6bb738351df9432023-02-08 09:47:11.664root 11241100x8000000000000000277766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.664{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b2e2aedd252afd2023-02-08 09:47:11.664root 11241100x8000000000000000277780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b888b46b3e32966d2023-02-08 09:47:11.665root 11241100x8000000000000000277779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a11f350376638f2023-02-08 09:47:11.665root 11241100x8000000000000000277778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc311bf5303d9c362023-02-08 09:47:11.665root 11241100x8000000000000000277777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f37aff84e7c78d82023-02-08 09:47:11.665root 11241100x8000000000000000277776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a76c33048fe1302023-02-08 09:47:11.665root 11241100x8000000000000000277775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76216fda8fa91d462023-02-08 09:47:11.665root 11241100x8000000000000000277774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90983bfd41accb7e2023-02-08 09:47:11.665root 11241100x8000000000000000277773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.665{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f2664feb5714ab2023-02-08 09:47:11.665root 11241100x8000000000000000277785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.666{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea131729ca8f34cb2023-02-08 09:47:11.666root 11241100x8000000000000000277784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.666{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e655467d383d702023-02-08 09:47:11.666root 11241100x8000000000000000277783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.666{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a483d693181973b2023-02-08 09:47:11.666root 11241100x8000000000000000277782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.666{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27efd1cd7fcead42023-02-08 09:47:11.666root 11241100x8000000000000000277781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.666{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56d6654381da6e32023-02-08 09:47:11.666root 11241100x8000000000000000277789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.667{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221892d153712e422023-02-08 09:47:11.667root 11241100x8000000000000000277788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.667{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687556102e6b266a2023-02-08 09:47:11.667root 11241100x8000000000000000277787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.667{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7576ab269ef6bb932023-02-08 09:47:11.667root 11241100x8000000000000000277786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.667{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a619d149489a06a2023-02-08 09:47:11.667root 11241100x8000000000000000277803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a198dd84861358612023-02-08 09:47:11.668root 11241100x8000000000000000277802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7984f57a1888362023-02-08 09:47:11.668root 11241100x8000000000000000277801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf7a11bb8600f492023-02-08 09:47:11.668root 11241100x8000000000000000277800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe4cabfe50313e72023-02-08 09:47:11.668root 11241100x8000000000000000277799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd70f4270b9653562023-02-08 09:47:11.668root 11241100x8000000000000000277798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1438a888374f1ec32023-02-08 09:47:11.668root 11241100x8000000000000000277797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e13b2e53b6cb912023-02-08 09:47:11.668root 11241100x8000000000000000277796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e659d253f8cb972023-02-08 09:47:11.668root 11241100x8000000000000000277795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c466cff3168d122023-02-08 09:47:11.668root 11241100x8000000000000000277794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad11284c853a0e22023-02-08 09:47:11.668root 11241100x8000000000000000277793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79838d32c30703c2023-02-08 09:47:11.668root 11241100x8000000000000000277792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791a8ad74dcc63de2023-02-08 09:47:11.668root 11241100x8000000000000000277791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4cfedf310327442023-02-08 09:47:11.668root 11241100x8000000000000000277790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.668{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e25c796a657b62023-02-08 09:47:11.668root 11241100x8000000000000000277814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba26fdfc384959602023-02-08 09:47:11.669root 11241100x8000000000000000277813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095b91cf026f9aed2023-02-08 09:47:11.669root 11241100x8000000000000000277812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dc462d9f6d71ff2023-02-08 09:47:11.669root 11241100x8000000000000000277811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3435ff2e32fd722023-02-08 09:47:11.669root 11241100x8000000000000000277810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d976ff6085c44cf72023-02-08 09:47:11.669root 11241100x8000000000000000277809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25957c9f36516272023-02-08 09:47:11.669root 11241100x8000000000000000277808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19384924197dbcc2023-02-08 09:47:11.669root 11241100x8000000000000000277807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f053776a53693fb72023-02-08 09:47:11.669root 11241100x8000000000000000277806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6823bc530fc73de92023-02-08 09:47:11.669root 11241100x8000000000000000277805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8976556d03be38882023-02-08 09:47:11.669root 11241100x8000000000000000277804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.669{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd3638399cace6d2023-02-08 09:47:11.669root 11241100x8000000000000000277818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.670{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaa9e363f428d042023-02-08 09:47:11.670root 11241100x8000000000000000277817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.670{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7d484837c52b962023-02-08 09:47:11.670root 11241100x8000000000000000277816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.670{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0dfedbd54c6ebc2023-02-08 09:47:11.670root 11241100x8000000000000000277815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.670{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7898a3607e7948bf2023-02-08 09:47:11.670root 11241100x8000000000000000277827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34bb2dfd40d43b62023-02-08 09:47:11.671root 11241100x8000000000000000277826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccf0a428a2aeca52023-02-08 09:47:11.671root 11241100x8000000000000000277825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1571f2e7bf8d0352023-02-08 09:47:11.671root 11241100x8000000000000000277824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86011308bdd4f8482023-02-08 09:47:11.671root 11241100x8000000000000000277823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170f5312d2df4092023-02-08 09:47:11.671root 11241100x8000000000000000277822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a109c23a1e5d11c2023-02-08 09:47:11.671root 11241100x8000000000000000277821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c613527f2488d782023-02-08 09:47:11.671root 11241100x8000000000000000277820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a332fe7472fb386d2023-02-08 09:47:11.671root 11241100x8000000000000000277819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.671{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690f9b905d57e7062023-02-08 09:47:11.671root 11241100x8000000000000000277832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.678{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5920880ad52aad2023-02-08 09:47:11.678root 11241100x8000000000000000277831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.678{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9baa052bd3cbcf22023-02-08 09:47:11.678root 11241100x8000000000000000277830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.678{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d40933bf5f87522023-02-08 09:47:11.678root 11241100x8000000000000000277829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.678{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ddf50ba8133202023-02-08 09:47:11.678root 11241100x8000000000000000277828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.678{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a88e869e46067c2023-02-08 09:47:11.678root 11241100x8000000000000000277840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a55e33b296006532023-02-08 09:47:11.681root 11241100x8000000000000000277839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e7f75b7f0995ee2023-02-08 09:47:11.681root 11241100x8000000000000000277838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400ce582adf0a4b22023-02-08 09:47:11.681root 11241100x8000000000000000277837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885b68375c5ffdd2023-02-08 09:47:11.681root 11241100x8000000000000000277836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9f49e1e7d9ce7a2023-02-08 09:47:11.681root 11241100x8000000000000000277835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dc47ddcf2e96412023-02-08 09:47:11.681root 11241100x8000000000000000277834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecade59058c72912023-02-08 09:47:11.681root 11241100x8000000000000000277833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.681{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a382fd9ec2b755fe2023-02-08 09:47:11.681root 11241100x8000000000000000277847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f399e43565665fc82023-02-08 09:47:11.682root 11241100x8000000000000000277846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ae918d6400008a2023-02-08 09:47:11.682root 11241100x8000000000000000277845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239b56686f6649e72023-02-08 09:47:11.682root 11241100x8000000000000000277844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3450d210e5a871312023-02-08 09:47:11.682root 11241100x8000000000000000277843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d76454135a64f5c2023-02-08 09:47:11.682root 11241100x8000000000000000277842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c31100195be97d2023-02-08 09:47:11.682root 11241100x8000000000000000277841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.682{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9bb66e08d518262023-02-08 09:47:11.682root 11241100x8000000000000000277857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836fb044c20721992023-02-08 09:47:11.683root 11241100x8000000000000000277856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0a5910c7abc8d02023-02-08 09:47:11.683root 11241100x8000000000000000277855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61284093f38605b2023-02-08 09:47:11.683root 11241100x8000000000000000277854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5dc875f47ee682023-02-08 09:47:11.683root 11241100x8000000000000000277853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f800f35958dc2b72023-02-08 09:47:11.683root 11241100x8000000000000000277852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7540f8e3c4505d2023-02-08 09:47:11.683root 11241100x8000000000000000277851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6841c9c0537752fe2023-02-08 09:47:11.683root 11241100x8000000000000000277850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740f59a624eb90de2023-02-08 09:47:11.683root 11241100x8000000000000000277849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f797f4c640d9b792023-02-08 09:47:11.683root 11241100x8000000000000000277848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.683{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523e1011ad75f1c32023-02-08 09:47:11.683root 11241100x8000000000000000277863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c9cd206ff6cfe32023-02-08 09:47:11.684root 11241100x8000000000000000277862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cecd5077200ef22023-02-08 09:47:11.684root 11241100x8000000000000000277861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27906e9b66d0e7a52023-02-08 09:47:11.684root 11241100x8000000000000000277860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bb155eea67b1e92023-02-08 09:47:11.684root 11241100x8000000000000000277859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1050a53792c51d462023-02-08 09:47:11.684root 11241100x8000000000000000277858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.684{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efabb827107e3a032023-02-08 09:47:11.684root 11241100x8000000000000000277870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081ebb67529a1a82023-02-08 09:47:11.685root 11241100x8000000000000000277869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec5d66ef8ec0cf2023-02-08 09:47:11.685root 11241100x8000000000000000277868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf02d8c2521aa042023-02-08 09:47:11.685root 11241100x8000000000000000277867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669cb509adc3520e2023-02-08 09:47:11.685root 11241100x8000000000000000277866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf156b6f5e0a1832023-02-08 09:47:11.685root 11241100x8000000000000000277865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78c9dbe15f83f1f2023-02-08 09:47:11.685root 11241100x8000000000000000277864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.685{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55914c25ed308582023-02-08 09:47:11.685root 11241100x8000000000000000277876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452cf795424c83d72023-02-08 09:47:11.686root 11241100x8000000000000000277875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa770427fa33be332023-02-08 09:47:11.686root 11241100x8000000000000000277874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c32e6554fbc72722023-02-08 09:47:11.686root 11241100x8000000000000000277873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302b8593329073c42023-02-08 09:47:11.686root 11241100x8000000000000000277872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb2511e1bbe7ee12023-02-08 09:47:11.686root 11241100x8000000000000000277871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.686{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df04ff858e22ca262023-02-08 09:47:11.686root 11241100x8000000000000000277885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8151d5b2e74a02f2023-02-08 09:47:11.687root 11241100x8000000000000000277884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb771a287c7fad2023-02-08 09:47:11.687root 11241100x8000000000000000277883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09a690eee97065c2023-02-08 09:47:11.687root 11241100x8000000000000000277882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d3d27e06ad18f72023-02-08 09:47:11.687root 11241100x8000000000000000277881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fba4d5bea69bec2023-02-08 09:47:11.687root 11241100x8000000000000000277880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4dfb0d04a1b86812023-02-08 09:47:11.687root 11241100x8000000000000000277879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae36a19864ded49e2023-02-08 09:47:11.687root 11241100x8000000000000000277878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83622a9563eccd8b2023-02-08 09:47:11.687root 154100x8000000000000000277877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.687{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash------bash/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5905--- 11241100x8000000000000000277890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.688{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f42618f3750b9572023-02-08 09:47:11.688root 11241100x8000000000000000277889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.688{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea70d30838a6e462023-02-08 09:47:11.688root 11241100x8000000000000000277888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.688{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4792e6626c2202b32023-02-08 09:47:11.688root 11241100x8000000000000000277887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.688{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a16021b3abd6a02023-02-08 09:47:11.688root 11241100x8000000000000000277886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.688{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e021aa67bbd3ddd12023-02-08 09:47:11.688root 11241100x8000000000000000277900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284f728d6814abdb2023-02-08 09:47:11.689root 11241100x8000000000000000277899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9ac034f444951c2023-02-08 09:47:11.689root 11241100x8000000000000000277898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243007adeb0a91f82023-02-08 09:47:11.689root 11241100x8000000000000000277897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf3d97b4f480be22023-02-08 09:47:11.689root 11241100x8000000000000000277896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a889b1b10bdaa12a2023-02-08 09:47:11.689root 11241100x8000000000000000277895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0eab6fb321d5912023-02-08 09:47:11.689root 11241100x8000000000000000277894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b6212604202e2a2023-02-08 09:47:11.689root 11241100x8000000000000000277893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b4b120e33a4e22023-02-08 09:47:11.689root 11241100x8000000000000000277892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d58394476cb92a42023-02-08 09:47:11.689root 11241100x8000000000000000277891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.689{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf945c2dcd1ed6112023-02-08 09:47:11.689root 11241100x8000000000000000277911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f26747acd746772023-02-08 09:47:11.690root 11241100x8000000000000000277910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5e85f58b513a822023-02-08 09:47:11.690root 11241100x8000000000000000277909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d69ff2dbe7d582023-02-08 09:47:11.690root 11241100x8000000000000000277908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521c77b8826c760a2023-02-08 09:47:11.690root 11241100x8000000000000000277907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717102604debdfe22023-02-08 09:47:11.690root 11241100x8000000000000000277906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaab7b292ef5a1862023-02-08 09:47:11.690root 11241100x8000000000000000277905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639d6046589cbde72023-02-08 09:47:11.690root 11241100x8000000000000000277904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df031441fafe83b2023-02-08 09:47:11.690root 11241100x8000000000000000277903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54bb66aaa5358082023-02-08 09:47:11.690root 11241100x8000000000000000277902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62958549eaa118c2023-02-08 09:47:11.690root 11241100x8000000000000000277901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.690{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705a68b6a23f0e892023-02-08 09:47:11.690root 11241100x8000000000000000277916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.692{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970fb96655fe94b02023-02-08 09:47:11.692root 11241100x8000000000000000277915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.692{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f0c5abb7077142023-02-08 09:47:11.692root 11241100x8000000000000000277914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.692{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e882c7a693d3022023-02-08 09:47:11.692root 11241100x8000000000000000277913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.692{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e87d1574bacf412023-02-08 09:47:11.692root 11241100x8000000000000000277912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.692{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2783543a35b41df22023-02-08 09:47:11.692root 11241100x8000000000000000277927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879da30bf34c19a52023-02-08 09:47:11.693root 11241100x8000000000000000277926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb9819d842252f72023-02-08 09:47:11.693root 11241100x8000000000000000277925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85a23b160ac498e2023-02-08 09:47:11.693root 11241100x8000000000000000277924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c0a0cdc786b2902023-02-08 09:47:11.693root 11241100x8000000000000000277923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcbb995f19a50182023-02-08 09:47:11.693root 11241100x8000000000000000277922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b24ab3eeb2bd6b2023-02-08 09:47:11.693root 11241100x8000000000000000277921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfaba402f44b2b82023-02-08 09:47:11.693root 11241100x8000000000000000277920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce361c8a5c3e5dd2023-02-08 09:47:11.693root 11241100x8000000000000000277919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7012b39f07c65f82023-02-08 09:47:11.693root 11241100x8000000000000000277918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01c6e86620935ef2023-02-08 09:47:11.693root 11241100x8000000000000000277917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.693{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb458c6bb49234f2023-02-08 09:47:11.693root 154100x8000000000000000277929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.694{ec2a0601-6f9f-63e3-88de-b7646f550000}5908/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5907--- 11241100x8000000000000000277928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.694{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064decc138a2c07a2023-02-08 09:47:11.694root 534500x8000000000000000277930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.696{ec2a0601-6f9f-63e3-88de-b7646f550000}5908/usr/bin/locale-checkubuntu 11241100x8000000000000000277938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2195e6cc4978ab52023-02-08 09:47:11.697root 11241100x8000000000000000277937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa3e35ef7f2ec922023-02-08 09:47:11.697root 11241100x8000000000000000277936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8664a7ce7bbd02023-02-08 09:47:11.697root 11241100x8000000000000000277935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aff2de29efd8bd42023-02-08 09:47:11.697root 11241100x8000000000000000277934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df39d2ed7ec4fc672023-02-08 09:47:11.697root 11241100x8000000000000000277933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08c961386f1dc822023-02-08 09:47:11.697root 11241100x8000000000000000277932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c8308da3d746b62023-02-08 09:47:11.697root 534500x8000000000000000277931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.697{00000000-0000-0000-0000-000000000000}5907<unknown process>ubuntu 11241100x8000000000000000277946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2134b072b86e199a2023-02-08 09:47:11.698root 11241100x8000000000000000277945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa688f4be29ca1ce2023-02-08 09:47:11.698root 11241100x8000000000000000277944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd14108534a64602023-02-08 09:47:11.698root 11241100x8000000000000000277943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f3ac5e97fa6ab22023-02-08 09:47:11.698root 11241100x8000000000000000277942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961fd311ee4013f2023-02-08 09:47:11.698root 11241100x8000000000000000277941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b8c4d995fe4fc22023-02-08 09:47:11.698root 11241100x8000000000000000277940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e3f51d428232b02023-02-08 09:47:11.698root 11241100x8000000000000000277939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.698{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4895fd6cbefbcf892023-02-08 09:47:11.698root 11241100x8000000000000000277952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8465a2c12900ddd2023-02-08 09:47:11.699root 11241100x8000000000000000277951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05c1eb0501d15e02023-02-08 09:47:11.699root 11241100x8000000000000000277950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deacd9cb662fb2402023-02-08 09:47:11.699root 11241100x8000000000000000277949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d596bbb16a6cf42023-02-08 09:47:11.699root 11241100x8000000000000000277948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417dc37b5bc7c6292023-02-08 09:47:11.699root 11241100x8000000000000000277947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.699{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab57cc90173d93de2023-02-08 09:47:11.699root 11241100x8000000000000000277955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.700{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d612a495a02f842023-02-08 09:47:11.700root 11241100x8000000000000000277954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.700{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7371ec829b0e5f2023-02-08 09:47:11.700root 11241100x8000000000000000277953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.700{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b832f2fd042c787a2023-02-08 09:47:11.700root 154100x8000000000000000277964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-6f9f-63e3-30b0-13de0d560000}5909/usr/bin/locale-----locale/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash-bashubuntu 11241100x8000000000000000277961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7baee4c845b0dd2023-02-08 09:47:11.701root 11241100x8000000000000000277960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ef3bb5d3bed702023-02-08 09:47:11.701root 11241100x8000000000000000277959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d0c9a3afb6cb4b2023-02-08 09:47:11.701root 11241100x8000000000000000277958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563866a708a3ef2c2023-02-08 09:47:11.701root 11241100x8000000000000000277957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d146434e6f04df982023-02-08 09:47:11.701root 11241100x8000000000000000277956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.701{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01281da89bea9cb2023-02-08 09:47:11.701root 11241100x8000000000000000277967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.702{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c66c0d704d70c02023-02-08 09:47:11.702root 11241100x8000000000000000277966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.702{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9939441de0752d312023-02-08 09:47:11.702root 11241100x8000000000000000277965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.702{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765b83eab0a13f4a2023-02-08 09:47:11.702root 11241100x8000000000000000277963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.702{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb3ddfaec25e39a2023-02-08 09:47:11.702root 11241100x8000000000000000277962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.702{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abff63498e5e7e72023-02-08 09:47:11.702root 11241100x8000000000000000277972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.703{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f83a0191fe9c222023-02-08 09:47:11.703root 11241100x8000000000000000277971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.703{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8175b1f4706b98e2023-02-08 09:47:11.703root 11241100x8000000000000000277970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.703{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840f7d48e98ef6072023-02-08 09:47:11.703root 534500x8000000000000000277969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.703{ec2a0601-6f9f-63e3-30b0-13de0d560000}5909/usr/bin/localeubuntu 11241100x8000000000000000277968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.703{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b87bea7ec5338dc2023-02-08 09:47:11.703root 11241100x8000000000000000277978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08d207c7d090aab2023-02-08 09:47:11.704root 534500x8000000000000000277977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-6f9f-63e3-0000-000000000000}5910-ubuntu 11241100x8000000000000000277976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc131bef3bec29f2023-02-08 09:47:11.704root 11241100x8000000000000000277975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16c8f91917fe2ac2023-02-08 09:47:11.704root 11241100x8000000000000000277974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608905cf702e10da2023-02-08 09:47:11.704root 11241100x8000000000000000277973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.704{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7452f44b51e886902023-02-08 09:47:11.704root 11241100x8000000000000000277985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc01c13eff38d92023-02-08 09:47:11.705root 11241100x8000000000000000277984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62b48ca5a1c38d12023-02-08 09:47:11.705root 11241100x8000000000000000277983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d4e35432832e92023-02-08 09:47:11.705root 11241100x8000000000000000277982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0081639906c041472023-02-08 09:47:11.705root 11241100x8000000000000000277981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d665f73b315132023-02-08 09:47:11.705root 11241100x8000000000000000277980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec20eeb3b04f32f72023-02-08 09:47:11.705root 11241100x8000000000000000277979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.705{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d76ccbbf970a0012023-02-08 09:47:11.705root 11241100x8000000000000000277992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6f2af36a9d63bd2023-02-08 09:47:11.706root 11241100x8000000000000000277991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b336c1f1a3e6a7952023-02-08 09:47:11.706root 11241100x8000000000000000277990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1495c00187faaa2023-02-08 09:47:11.706root 11241100x8000000000000000277989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83ddb37376afbe72023-02-08 09:47:11.706root 11241100x8000000000000000277988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e57f0b3c60e3e532023-02-08 09:47:11.706root 11241100x8000000000000000277987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc529c72f2ab13d72023-02-08 09:47:11.706root 11241100x8000000000000000277986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.706{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6927b9f04bc5a32023-02-08 09:47:11.706root 11241100x8000000000000000277998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27a23110b861a6d2023-02-08 09:47:11.707root 11241100x8000000000000000277997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a67865c489b7a982023-02-08 09:47:11.707root 11241100x8000000000000000277996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a4908c57048032023-02-08 09:47:11.707root 11241100x8000000000000000277995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2263350aa80de952023-02-08 09:47:11.707root 11241100x8000000000000000277994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860f0b409c424be02023-02-08 09:47:11.707root 11241100x8000000000000000277993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.707{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a423bc6d1e5af172023-02-08 09:47:11.707root 11241100x8000000000000000278006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1dac46b18cf0162023-02-08 09:47:11.708root 11241100x8000000000000000278005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8418cd8d6800b782023-02-08 09:47:11.708root 11241100x8000000000000000278004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b16f50b92c6a0fa2023-02-08 09:47:11.708root 11241100x8000000000000000278003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f793b9e9654502023-02-08 09:47:11.708root 11241100x8000000000000000278002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b558ceab83ff789d2023-02-08 09:47:11.708root 11241100x8000000000000000278001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c4d450ac93bfa2023-02-08 09:47:11.708root 11241100x8000000000000000278000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec681e295b29f9102023-02-08 09:47:11.708root 11241100x8000000000000000277999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.708{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99beb8c4959765e2023-02-08 09:47:11.708root 11241100x8000000000000000278014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856f6b800a0a7f242023-02-08 09:47:11.709root 11241100x8000000000000000278013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f349636ff3d07c52023-02-08 09:47:11.709root 11241100x8000000000000000278012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79c85b7e89ae6342023-02-08 09:47:11.709root 11241100x8000000000000000278011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b6f4eedaa4b6732023-02-08 09:47:11.709root 11241100x8000000000000000278010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d58ef6d96a0a702023-02-08 09:47:11.709root 11241100x8000000000000000278009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dd8bdaa7ce5b6d2023-02-08 09:47:11.709root 11241100x8000000000000000278008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8033a8f088b8a32023-02-08 09:47:11.709root 11241100x8000000000000000278007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.709{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff2574af2568132023-02-08 09:47:11.709root 11241100x8000000000000000278019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a69df2c091c96052023-02-08 09:47:11.710root 11241100x8000000000000000278018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ad74fa2e5cc4b82023-02-08 09:47:11.710root 11241100x8000000000000000278017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7aab347bd68d56d2023-02-08 09:47:11.710root 11241100x8000000000000000278016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674eb7489b1fd18f2023-02-08 09:47:11.710root 11241100x8000000000000000278015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.710{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9928e277ee7de32023-02-08 09:47:11.710root 11241100x8000000000000000278025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ea59a4c3bb2612023-02-08 09:47:11.711root 11241100x8000000000000000278024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7416a2944430252023-02-08 09:47:11.711root 11241100x8000000000000000278023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42063ceb189e950b2023-02-08 09:47:11.711root 11241100x8000000000000000278022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e76ddb6f78776912023-02-08 09:47:11.711root 11241100x8000000000000000278021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cc1fb6827187872023-02-08 09:47:11.711root 11241100x8000000000000000278020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.711{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9708b2d51313a42023-02-08 09:47:11.711root 11241100x8000000000000000278032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b9491f68dfb1b32023-02-08 09:47:11.712root 11241100x8000000000000000278031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9cb4298675753d2023-02-08 09:47:11.712root 11241100x8000000000000000278030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85c30c48de2f1b72023-02-08 09:47:11.712root 11241100x8000000000000000278029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5edd75571f0a9242023-02-08 09:47:11.712root 11241100x8000000000000000278028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfdad670da0bb0b2023-02-08 09:47:11.712root 11241100x8000000000000000278027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b8d60a71a85a9d2023-02-08 09:47:11.712root 11241100x8000000000000000278026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.712{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63166a604d4ef0282023-02-08 09:47:11.712root 11241100x8000000000000000278040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f709ff5a3fd2bc2023-02-08 09:47:11.713root 11241100x8000000000000000278039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab54928c05979c12023-02-08 09:47:11.713root 11241100x8000000000000000278038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8817b6f4a4bdfffd2023-02-08 09:47:11.713root 11241100x8000000000000000278037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4809f7d00cba8e2023-02-08 09:47:11.713root 11241100x8000000000000000278036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5362bd0c44320a2023-02-08 09:47:11.713root 11241100x8000000000000000278035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba4296fa819a2592023-02-08 09:47:11.713root 11241100x8000000000000000278034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d56c249fe3da532023-02-08 09:47:11.713root 11241100x8000000000000000278033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.713{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb03ff177316f52023-02-08 09:47:11.713root 11241100x8000000000000000278045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d65639faff0f922023-02-08 09:47:11.714root 11241100x8000000000000000278044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39792093f5d8bcd2023-02-08 09:47:11.714root 11241100x8000000000000000278043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5480e32ba6d866802023-02-08 09:47:11.714root 11241100x8000000000000000278042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306d53c13d036d472023-02-08 09:47:11.714root 11241100x8000000000000000278041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.714{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfb669260157d132023-02-08 09:47:11.714root 11241100x8000000000000000278050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.715{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3084a9411fb0ac2023-02-08 09:47:11.715root 11241100x8000000000000000278049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.715{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ae850d2e48fce22023-02-08 09:47:11.715root 11241100x8000000000000000278048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.715{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895fec730e33586d2023-02-08 09:47:11.715root 11241100x8000000000000000278047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.715{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c27d3bc5a0e56c2023-02-08 09:47:11.715root 11241100x8000000000000000278046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.715{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020471cb0a12fe752023-02-08 09:47:11.715root 11241100x8000000000000000278055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.716{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f59ce35cfc8696b2023-02-08 09:47:11.716root 11241100x8000000000000000278054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.716{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344587b978a193f72023-02-08 09:47:11.716root 11241100x8000000000000000278053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.716{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f0541ff5a9cb22023-02-08 09:47:11.716root 11241100x8000000000000000278052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.716{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a71f2176462c8702023-02-08 09:47:11.716root 11241100x8000000000000000278051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.716{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99031162f6cffa2f2023-02-08 09:47:11.716root 11241100x8000000000000000278060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.717{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18505cea9b276d2023-02-08 09:47:11.717root 11241100x8000000000000000278059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.717{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92e4da5831038ea2023-02-08 09:47:11.717root 11241100x8000000000000000278058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.717{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a7d114b742d0382023-02-08 09:47:11.717root 11241100x8000000000000000278057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.717{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd0edf8c20d9e9b2023-02-08 09:47:11.717root 11241100x8000000000000000278056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.717{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb401fd847d0f1542023-02-08 09:47:11.717root 11241100x8000000000000000278064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a3bee0aad6e0f2023-02-08 09:47:11.718root 11241100x8000000000000000278063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cf5823202953732023-02-08 09:47:11.718root 11241100x8000000000000000278062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a97d2e5a6488192023-02-08 09:47:11.718root 11241100x8000000000000000278061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.718{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60d0995f83a5f952023-02-08 09:47:11.718root 11241100x8000000000000000278067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa92e89eda9ca8d2023-02-08 09:47:11.719root 11241100x8000000000000000278066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fd14eb88b3d9622023-02-08 09:47:11.719root 11241100x8000000000000000278065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.719{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caf1fa700effde62023-02-08 09:47:11.719root 11241100x8000000000000000278073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140bcdd6d9e9bb562023-02-08 09:47:11.720root 11241100x8000000000000000278072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bc45f70449bc572023-02-08 09:47:11.720root 11241100x8000000000000000278071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c85aff97a9a78b32023-02-08 09:47:11.720root 11241100x8000000000000000278070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4072a5863234f7632023-02-08 09:47:11.720root 11241100x8000000000000000278069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf6ccabef6cb5d2023-02-08 09:47:11.720root 11241100x8000000000000000278068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.720{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c341ad08aa5abb932023-02-08 09:47:11.720root 11241100x8000000000000000278077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc2c952989e58292023-02-08 09:47:11.721root 11241100x8000000000000000278076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b38677beed37c12023-02-08 09:47:11.721root 11241100x8000000000000000278075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5801e2c73e6d452c2023-02-08 09:47:11.721root 11241100x8000000000000000278074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.721{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c52b3a5a2221f572023-02-08 09:47:11.721root 11241100x8000000000000000278082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd62fb6a0b5d7a2023-02-08 09:47:11.722root 11241100x8000000000000000278081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4ab622a37016e32023-02-08 09:47:11.722root 11241100x8000000000000000278080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c47062605e454a2023-02-08 09:47:11.722root 11241100x8000000000000000278079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3ea8a2bd983bd72023-02-08 09:47:11.722root 11241100x8000000000000000278078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.722{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a4bef659d3e5ac2023-02-08 09:47:11.722root 11241100x8000000000000000278088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a0f750434941b72023-02-08 09:47:11.723root 11241100x8000000000000000278087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e358a8757871172023-02-08 09:47:11.723root 11241100x8000000000000000278086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bb7d1e38cac4322023-02-08 09:47:11.723root 11241100x8000000000000000278085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1f0710853246782023-02-08 09:47:11.723root 11241100x8000000000000000278084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4d71d6ebeba6cb2023-02-08 09:47:11.723root 11241100x8000000000000000278083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.723{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dc142895a1f98c2023-02-08 09:47:11.723root 11241100x8000000000000000278094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df85fc613f1eb0fc2023-02-08 09:47:11.724root 11241100x8000000000000000278093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bbde429d9060822023-02-08 09:47:11.724root 11241100x8000000000000000278092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49e31ba07a3fb42023-02-08 09:47:11.724root 11241100x8000000000000000278091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d92d451b7ef78b22023-02-08 09:47:11.724root 11241100x8000000000000000278090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013abbba3fe6173e2023-02-08 09:47:11.724root 11241100x8000000000000000278089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.724{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914dc6b7da9fe8d2023-02-08 09:47:11.724root 11241100x8000000000000000278102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfcf0d74b73c2ab2023-02-08 09:47:11.725root 11241100x8000000000000000278101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d918a3cb93f0775f2023-02-08 09:47:11.725root 11241100x8000000000000000278100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efba18dd78ffcd082023-02-08 09:47:11.725root 11241100x8000000000000000278099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01c5411b7cbe642023-02-08 09:47:11.725root 11241100x8000000000000000278098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d96d3161d22902023-02-08 09:47:11.725root 11241100x8000000000000000278097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6095bc54c7c3f62023-02-08 09:47:11.725root 11241100x8000000000000000278096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86231bdf47364a32023-02-08 09:47:11.725root 11241100x8000000000000000278095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.725{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fedddba63403c1f2023-02-08 09:47:11.725root 11241100x8000000000000000278109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b228f607a4524c12023-02-08 09:47:11.726root 11241100x8000000000000000278108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f333f88002258192023-02-08 09:47:11.726root 11241100x8000000000000000278107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2e2ca14cec669f2023-02-08 09:47:11.726root 11241100x8000000000000000278106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4adc9a15353dd272023-02-08 09:47:11.726root 11241100x8000000000000000278105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7cb74c69e666212023-02-08 09:47:11.726root 11241100x8000000000000000278104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b208492f40dc562023-02-08 09:47:11.726root 11241100x8000000000000000278103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.726{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536286d895e19faa2023-02-08 09:47:11.726root 11241100x8000000000000000278113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17362720058bcefe2023-02-08 09:47:11.727root 11241100x8000000000000000278112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc24844682920072023-02-08 09:47:11.727root 11241100x8000000000000000278111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930ae2e4462121bc2023-02-08 09:47:11.727root 11241100x8000000000000000278110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.727{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e5536e21b5b4f22023-02-08 09:47:11.727root 11241100x8000000000000000278120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29980232a54f73832023-02-08 09:47:11.728root 11241100x8000000000000000278119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2adef9e08e09302023-02-08 09:47:11.728root 11241100x8000000000000000278118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3402a4c639bf104b2023-02-08 09:47:11.728root 11241100x8000000000000000278117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2947cf07a7a6d2a82023-02-08 09:47:11.728root 11241100x8000000000000000278116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e017187a5c1738572023-02-08 09:47:11.728root 11241100x8000000000000000278115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39066a1aa850b332023-02-08 09:47:11.728root 11241100x8000000000000000278114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.728{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92593135df9c067a2023-02-08 09:47:11.728root 11241100x8000000000000000278127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89a6740807fc0192023-02-08 09:47:11.729root 11241100x8000000000000000278126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5b72dd0f29ef782023-02-08 09:47:11.729root 11241100x8000000000000000278125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea969cca14e93aa2023-02-08 09:47:11.729root 11241100x8000000000000000278124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06708388d9a0bec2023-02-08 09:47:11.729root 11241100x8000000000000000278123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486e0dbb832402042023-02-08 09:47:11.729root 11241100x8000000000000000278122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3115953c2f0c1d2023-02-08 09:47:11.729root 11241100x8000000000000000278121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.729{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb479d02efc421ea2023-02-08 09:47:11.729root 11241100x8000000000000000278136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edb899d33603e162023-02-08 09:47:11.730root 11241100x8000000000000000278135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cabd511e32997102023-02-08 09:47:11.730root 11241100x8000000000000000278134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0d266492976a8e2023-02-08 09:47:11.730root 11241100x8000000000000000278133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b4e870853b78092023-02-08 09:47:11.730root 11241100x8000000000000000278132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1709b770393783ba2023-02-08 09:47:11.730root 11241100x8000000000000000278131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ecb646aed2bb902023-02-08 09:47:11.730root 11241100x8000000000000000278130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9418328371620fa2023-02-08 09:47:11.730root 11241100x8000000000000000278129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430f1b24ed317ba42023-02-08 09:47:11.730root 11241100x8000000000000000278128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.730{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ea7f2aa6c02ec32023-02-08 09:47:11.730root 11241100x8000000000000000278143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d973900b6db6902023-02-08 09:47:11.731root 11241100x8000000000000000278142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4cf57c1db5bea72023-02-08 09:47:11.731root 11241100x8000000000000000278141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97f48215ffa29a72023-02-08 09:47:11.731root 11241100x8000000000000000278140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b820930670f277fe2023-02-08 09:47:11.731root 11241100x8000000000000000278139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad815a86cea4dec2023-02-08 09:47:11.731root 11241100x8000000000000000278138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a8a2cf0d45672e2023-02-08 09:47:11.731root 11241100x8000000000000000278137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.731{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a7ae650b36818b2023-02-08 09:47:11.731root 11241100x8000000000000000278150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae13b3036720e192023-02-08 09:47:11.732root 11241100x8000000000000000278149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8801d758fd34712023-02-08 09:47:11.732root 11241100x8000000000000000278148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dd0a517ee0e5ec2023-02-08 09:47:11.732root 11241100x8000000000000000278147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395a8cf6ffd618812023-02-08 09:47:11.732root 11241100x8000000000000000278146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d949ff0d8a072f2023-02-08 09:47:11.732root 11241100x8000000000000000278145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73b31caad636a7f2023-02-08 09:47:11.732root 11241100x8000000000000000278144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.732{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e2a4150ef961f82023-02-08 09:47:11.732root 11241100x8000000000000000278157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5840951bf8e38d362023-02-08 09:47:11.733root 11241100x8000000000000000278156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9432b0191caf78e2023-02-08 09:47:11.733root 11241100x8000000000000000278155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882c81cbab087d032023-02-08 09:47:11.733root 11241100x8000000000000000278154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f529f95c196d0602023-02-08 09:47:11.733root 11241100x8000000000000000278153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39db3377e52b9bdf2023-02-08 09:47:11.733root 11241100x8000000000000000278152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7bba3d550134e32023-02-08 09:47:11.733root 11241100x8000000000000000278151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.733{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675e310a803e26812023-02-08 09:47:11.733root 11241100x8000000000000000278158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c3f071638a6c182023-02-08 09:47:11.734root 11241100x8000000000000000278163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca3c5816145c6d72023-02-08 09:47:11.735root 11241100x8000000000000000278162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff86cf00e1090b82023-02-08 09:47:11.735root 11241100x8000000000000000278161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70460965e81e0b0b2023-02-08 09:47:11.735root 11241100x8000000000000000278160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cf5c84190119bf2023-02-08 09:47:11.735root 11241100x8000000000000000278159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256a7ec0c2b5ca7a2023-02-08 09:47:11.735root 11241100x8000000000000000278167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd65c1dac191d3c2023-02-08 09:47:11.736root 11241100x8000000000000000278166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2129112363a400dc2023-02-08 09:47:11.736root 11241100x8000000000000000278165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6113a17bd1624cd52023-02-08 09:47:11.736root 11241100x8000000000000000278164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037aca01fbad83e22023-02-08 09:47:11.736root 11241100x8000000000000000278169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510c3ebe6a149412023-02-08 09:47:11.737root 11241100x8000000000000000278168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5448bab341a1562023-02-08 09:47:11.737root 11241100x8000000000000000278170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91476be5683220d2023-02-08 09:47:11.738root 11241100x8000000000000000278172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df9071f14f3fde2023-02-08 09:47:11.739root 11241100x8000000000000000278171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13826130f2a12d42023-02-08 09:47:11.739root 11241100x8000000000000000278177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac71f10f425556442023-02-08 09:47:11.740root 11241100x8000000000000000278176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73d355913f58c02023-02-08 09:47:11.740root 11241100x8000000000000000278175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad5621a03002c5e2023-02-08 09:47:11.740root 11241100x8000000000000000278174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0313fd712d61662023-02-08 09:47:11.740root 11241100x8000000000000000278173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c1a3edab5b62e52023-02-08 09:47:11.740root 11241100x8000000000000000278182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f062d96eba21e82023-02-08 09:47:11.741root 11241100x8000000000000000278181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb71dbcc7f04aca2023-02-08 09:47:11.741root 11241100x8000000000000000278180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efa308a603e77312023-02-08 09:47:11.741root 11241100x8000000000000000278179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53306252737db0932023-02-08 09:47:11.741root 11241100x8000000000000000278178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b7e0cf232284fe2023-02-08 09:47:11.741root 11241100x8000000000000000278187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842188cb6b9abe6c2023-02-08 09:47:11.742root 11241100x8000000000000000278186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34a7fcab16a1fc52023-02-08 09:47:11.742root 11241100x8000000000000000278185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204bbd7ec91ba1c62023-02-08 09:47:11.742root 11241100x8000000000000000278184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb177c1bcdd11c82023-02-08 09:47:11.742root 11241100x8000000000000000278183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec4bc1225c184272023-02-08 09:47:11.742root 11241100x8000000000000000278199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15719a27b894cb52023-02-08 09:47:11.743root 11241100x8000000000000000278198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31962fe72c3b1cc22023-02-08 09:47:11.743root 11241100x8000000000000000278197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd6b6c5b6d9caa2023-02-08 09:47:11.743root 11241100x8000000000000000278196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8fd64b1cc0befb2023-02-08 09:47:11.743root 11241100x8000000000000000278195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e58df6bc6836da2023-02-08 09:47:11.743root 11241100x8000000000000000278194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5383e6699ae5632023-02-08 09:47:11.743root 11241100x8000000000000000278193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418f6dbc5cd665e92023-02-08 09:47:11.743root 11241100x8000000000000000278192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff5a137c61b5352023-02-08 09:47:11.743root 11241100x8000000000000000278191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668c8525fa453792023-02-08 09:47:11.743root 11241100x8000000000000000278190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0391c2d52f6974372023-02-08 09:47:11.743root 11241100x8000000000000000278189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f245f6d417b1f9462023-02-08 09:47:11.743root 11241100x8000000000000000278188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853baca5b5d3c7352023-02-08 09:47:11.743root 11241100x8000000000000000278211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853fa72720ad4c22023-02-08 09:47:11.744root 11241100x8000000000000000278210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea621ddf7e36f5f2023-02-08 09:47:11.744root 11241100x8000000000000000278209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a82a283309c052023-02-08 09:47:11.744root 11241100x8000000000000000278208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9b3d7f3af3e2d2023-02-08 09:47:11.744root 11241100x8000000000000000278207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c85929550c269d12023-02-08 09:47:11.744root 11241100x8000000000000000278206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c07f21361bc15f2023-02-08 09:47:11.744root 11241100x8000000000000000278205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757816e3d9441b062023-02-08 09:47:11.744root 11241100x8000000000000000278204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a50862718bbc902023-02-08 09:47:11.744root 11241100x8000000000000000278203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e224198c4941c2023-02-08 09:47:11.744root 11241100x8000000000000000278202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3680da3237226f2023-02-08 09:47:11.744root 11241100x8000000000000000278201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b650167a7630a2023-02-08 09:47:11.744root 11241100x8000000000000000278200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134ab95817d8f96c2023-02-08 09:47:11.744root 11241100x8000000000000000278219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84b89a8647a2d412023-02-08 09:47:11.745root 11241100x8000000000000000278218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514b6c64a26a0ca32023-02-08 09:47:11.745root 11241100x8000000000000000278217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1f9fb1b6210b442023-02-08 09:47:11.745root 11241100x8000000000000000278216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b6ff2d60acfe92023-02-08 09:47:11.745root 11241100x8000000000000000278215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697e715ede2b1c8b2023-02-08 09:47:11.745root 11241100x8000000000000000278214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc69f579bfe88c62023-02-08 09:47:11.745root 11241100x8000000000000000278213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad9049eb340753a2023-02-08 09:47:11.745root 11241100x8000000000000000278212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1dd2cf5187dabc2023-02-08 09:47:11.745root 11241100x8000000000000000278227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a3d0f0f1b48a92023-02-08 09:47:11.746root 11241100x8000000000000000278226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c17475bffe28e62023-02-08 09:47:11.746root 11241100x8000000000000000278225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde89208fffcb1622023-02-08 09:47:11.746root 11241100x8000000000000000278224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33318b6d59dea3c2023-02-08 09:47:11.746root 11241100x8000000000000000278223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f509f12312a006152023-02-08 09:47:11.746root 11241100x8000000000000000278222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5406ee53716ad12023-02-08 09:47:11.746root 11241100x8000000000000000278221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e528abb20bd65b2e2023-02-08 09:47:11.746root 11241100x8000000000000000278220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1d23791cc862c72023-02-08 09:47:11.746root 11241100x8000000000000000278236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f044744f00cd9ca2023-02-08 09:47:11.747root 11241100x8000000000000000278235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208d8e57db81ccb92023-02-08 09:47:11.747root 11241100x8000000000000000278234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9bc96ad00e116f2023-02-08 09:47:11.747root 11241100x8000000000000000278233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9eacb435932b3f2023-02-08 09:47:11.747root 11241100x8000000000000000278232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1443ffef656302023-02-08 09:47:11.747root 11241100x8000000000000000278231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2907fdc8a91194c92023-02-08 09:47:11.747root 11241100x8000000000000000278230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feff6d6dd19034472023-02-08 09:47:11.747root 11241100x8000000000000000278229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccfb84b393e5a3f2023-02-08 09:47:11.747root 11241100x8000000000000000278228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004735fde8dc289b2023-02-08 09:47:11.747root 11241100x8000000000000000278243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a0bb91b15d8222023-02-08 09:47:11.748root 11241100x8000000000000000278242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7f1b8a4ccb47362023-02-08 09:47:11.748root 11241100x8000000000000000278241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e476fd22abed52023-02-08 09:47:11.748root 11241100x8000000000000000278240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f4c2a2c4edda772023-02-08 09:47:11.748root 11241100x8000000000000000278239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8b8ee7b5184a8a2023-02-08 09:47:11.748root 11241100x8000000000000000278238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8662a101dabe9c2023-02-08 09:47:11.748root 11241100x8000000000000000278237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad494bc9a244d77a2023-02-08 09:47:11.748root 11241100x8000000000000000278250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e10bcee747d4dab2023-02-08 09:47:11.749root 11241100x8000000000000000278249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d47a71cbff575482023-02-08 09:47:11.749root 11241100x8000000000000000278248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67752e081209bf2023-02-08 09:47:11.749root 11241100x8000000000000000278247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95f1f3c5b082b2e2023-02-08 09:47:11.749root 11241100x8000000000000000278246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68528bb1833a6e02023-02-08 09:47:11.749root 11241100x8000000000000000278245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b36964d83e911c2023-02-08 09:47:11.749root 11241100x8000000000000000278244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdea956457a02472023-02-08 09:47:11.749root 11241100x8000000000000000278255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af34872e610b28e2023-02-08 09:47:11.750root 11241100x8000000000000000278254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6312029f5eeb04f12023-02-08 09:47:11.750root 11241100x8000000000000000278253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de4fee1622cba102023-02-08 09:47:11.750root 11241100x8000000000000000278252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2761a5dad72598e32023-02-08 09:47:11.750root 11241100x8000000000000000278251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285800af83616b592023-02-08 09:47:11.750root 11241100x8000000000000000278260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.751{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b940762e34e5dd2023-02-08 09:47:11.751root 11241100x8000000000000000278259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.751{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4904bdaaca666602023-02-08 09:47:11.751root 11241100x8000000000000000278258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.751{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaf9483cd8695bd2023-02-08 09:47:11.751root 11241100x8000000000000000278257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.751{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0437ccefdc0708342023-02-08 09:47:11.751root 11241100x8000000000000000278256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.751{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099aee16fc4926102023-02-08 09:47:11.751root 154100x8000000000000000278277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-6f9f-63e3-6802-ec9e6c550000}5912/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5911--- 11241100x8000000000000000278266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890f72934d2eafaa2023-02-08 09:47:11.752root 11241100x8000000000000000278265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6144d447dfa19a212023-02-08 09:47:11.752root 11241100x8000000000000000278264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b580ccd0559e4e082023-02-08 09:47:11.752root 11241100x8000000000000000278263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72670bb33ed4b19b2023-02-08 09:47:11.752root 11241100x8000000000000000278262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785d1e93e2b6be132023-02-08 09:47:11.752root 11241100x8000000000000000278261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.752{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2000fab7bdfa6962023-02-08 09:47:11.752root 11241100x8000000000000000278271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.753{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376e70afce433f2c2023-02-08 09:47:11.753root 11241100x8000000000000000278270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.753{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d940374e49119b2023-02-08 09:47:11.753root 11241100x8000000000000000278269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.753{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b640711a119efffc2023-02-08 09:47:11.753root 11241100x8000000000000000278268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.753{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e621de91fba92f42023-02-08 09:47:11.753root 11241100x8000000000000000278267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.753{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519cbf2cd03eb6ac2023-02-08 09:47:11.753root 11241100x8000000000000000278278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432d9feb63f68972023-02-08 09:47:11.754root 11241100x8000000000000000278276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66b9ff602d313162023-02-08 09:47:11.754root 11241100x8000000000000000278275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a637f4e62302c02023-02-08 09:47:11.754root 11241100x8000000000000000278274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b238fc75a2822c0c2023-02-08 09:47:11.754root 11241100x8000000000000000278273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054894a21a60fff2023-02-08 09:47:11.754root 11241100x8000000000000000278272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.754{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9517426de9562e512023-02-08 09:47:11.754root 154100x8000000000000000278288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-6f9f-63e3-e84b-781072550000}5913/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-6802-ec9e6c550000}5912/bin/dash/bin/shubuntu 11241100x8000000000000000278284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c3db5680566ea12023-02-08 09:47:11.755root 11241100x8000000000000000278283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb073796b02ea32023-02-08 09:47:11.755root 11241100x8000000000000000278282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa1e671bd9ed49f2023-02-08 09:47:11.755root 11241100x8000000000000000278281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f631294a93fa842023-02-08 09:47:11.755root 11241100x8000000000000000278280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1318434389f4f52023-02-08 09:47:11.755root 11241100x8000000000000000278279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.755{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f19931dbd3baacf2023-02-08 09:47:11.755root 11241100x8000000000000000278291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334a45097e6e13e22023-02-08 09:47:11.756root 11241100x8000000000000000278290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e53d6c1da5f2fdd2023-02-08 09:47:11.756root 11241100x8000000000000000278289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22171f70932953fa2023-02-08 09:47:11.756root 11241100x8000000000000000278287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fcfce4ce78567f2023-02-08 09:47:11.756root 11241100x8000000000000000278286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82c28aa7674d3752023-02-08 09:47:11.756root 11241100x8000000000000000278285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.756{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb89fa5f156dcd7c2023-02-08 09:47:11.756root 11241100x8000000000000000278297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a656707df647249d2023-02-08 09:47:11.757root 11241100x8000000000000000278296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e619d6b08ab41b882023-02-08 09:47:11.757root 11241100x8000000000000000278295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb9a11ee89c09682023-02-08 09:47:11.757root 534500x8000000000000000278294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-6f9f-63e3-e84b-781072550000}5913/usr/bin/basenameubuntu 11241100x8000000000000000278293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80aa092cd1bc51a2023-02-08 09:47:11.757root 11241100x8000000000000000278292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.757{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934bad64670a83a92023-02-08 09:47:11.757root 154100x8000000000000000278307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-6f9f-63e3-e818-ccd47e550000}5915/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5914--- 11241100x8000000000000000278304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a19e04361cf9b82023-02-08 09:47:11.758root 11241100x8000000000000000278303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8d4c1866b18d932023-02-08 09:47:11.758root 11241100x8000000000000000278302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a42f66d76040fb2023-02-08 09:47:11.758root 11241100x8000000000000000278301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d331fe19dd43c32023-02-08 09:47:11.758root 11241100x8000000000000000278300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e94e69307e949492023-02-08 09:47:11.758root 11241100x8000000000000000278299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e168b3e435b463d2023-02-08 09:47:11.758root 11241100x8000000000000000278298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.758{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e913a031b07afd42023-02-08 09:47:11.758root 11241100x8000000000000000278311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f266da779d3b55e2023-02-08 09:47:11.759root 11241100x8000000000000000278310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceec594678ff4942023-02-08 09:47:11.759root 11241100x8000000000000000278309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf33935fd761d602023-02-08 09:47:11.759root 11241100x8000000000000000278308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f5b140362d65432023-02-08 09:47:11.759root 11241100x8000000000000000278306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0e64dcd3b6fbfb2023-02-08 09:47:11.759root 11241100x8000000000000000278305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.759{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449aeb56138ac1e92023-02-08 09:47:11.759root 11241100x8000000000000000278315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.760{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f25888cde3a36602023-02-08 09:47:11.760root 11241100x8000000000000000278314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.760{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e5b96a2ecad7592023-02-08 09:47:11.760root 11241100x8000000000000000278313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.760{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc10832c9ba90fd2023-02-08 09:47:11.760root 11241100x8000000000000000278312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.760{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e199aaf05c6c5f222023-02-08 09:47:11.760root 11241100x8000000000000000278320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.761{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dd072e5a4201422023-02-08 09:47:11.761root 11241100x8000000000000000278319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.761{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aebf54cb4b19e62023-02-08 09:47:11.761root 11241100x8000000000000000278318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.761{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b4263a4477ac532023-02-08 09:47:11.761root 11241100x8000000000000000278317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.761{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45239390384e8f22023-02-08 09:47:11.761root 11241100x8000000000000000278316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.761{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72737254a1ec9882023-02-08 09:47:11.761root 11241100x8000000000000000278328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77f859d7d5684362023-02-08 09:47:11.762root 534500x8000000000000000278327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-6f9f-63e3-0000-000000000000}5911-ubuntu 11241100x8000000000000000278326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bd5088ecb65e772023-02-08 09:47:11.762root 11241100x8000000000000000278325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe33f52000cbf1132023-02-08 09:47:11.762root 11241100x8000000000000000278324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8af36a07746a0d2023-02-08 09:47:11.762root 534500x8000000000000000278323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-6f9f-63e3-6802-ec9e6c550000}5912/bin/dashubuntu 534500x8000000000000000278322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-6f9f-63e3-0000-000000000000}5914-ubuntu 534500x8000000000000000278321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.762{ec2a0601-6f9f-63e3-e818-ccd47e550000}5915/usr/bin/dirnameubuntu 11241100x8000000000000000278335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd875dd84938f4b2023-02-08 09:47:11.763root 11241100x8000000000000000278334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809cb286fe9d250b2023-02-08 09:47:11.763root 11241100x8000000000000000278333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f5e64a7d07a1722023-02-08 09:47:11.763root 11241100x8000000000000000278332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f3a4edca8fc1602023-02-08 09:47:11.763root 11241100x8000000000000000278331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034eaff2cf03dae92023-02-08 09:47:11.763root 11241100x8000000000000000278330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb9af8ec5928ae52023-02-08 09:47:11.763root 11241100x8000000000000000278329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.763{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb87581cb07c9a572023-02-08 09:47:11.763root 11241100x8000000000000000278341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f504dae4a2b48542023-02-08 09:47:11.764root 11241100x8000000000000000278340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4977e24c6fccedb42023-02-08 09:47:11.764root 11241100x8000000000000000278339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6acbd1891627562023-02-08 09:47:11.764root 11241100x8000000000000000278338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a759e4f93d04dc2023-02-08 09:47:11.764root 11241100x8000000000000000278337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c723ae3308b8ac2023-02-08 09:47:11.764root 11241100x8000000000000000278336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.764{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dfbd57870b43ea2023-02-08 09:47:11.764root 154100x8000000000000000278355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-6f9f-63e3-4849-b51106560000}5917/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5916--- 11241100x8000000000000000278347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1484614f48e56892023-02-08 09:47:11.765root 11241100x8000000000000000278346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b893eaad660c182023-02-08 09:47:11.765root 11241100x8000000000000000278345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbef3b67ca3a43d2023-02-08 09:47:11.765root 11241100x8000000000000000278344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae48580931c48662023-02-08 09:47:11.765root 11241100x8000000000000000278343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58149ca019677ffd2023-02-08 09:47:11.765root 11241100x8000000000000000278342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.765{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a528d1965cc315142023-02-08 09:47:11.765root 11241100x8000000000000000278353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacfa6b05399aab92023-02-08 09:47:11.766root 11241100x8000000000000000278352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97857a5f2c3f54fb2023-02-08 09:47:11.766root 11241100x8000000000000000278351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15671bc4430731b52023-02-08 09:47:11.766root 11241100x8000000000000000278350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5c2763798e48142023-02-08 09:47:11.766root 11241100x8000000000000000278349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f9f133ef3bb18c2023-02-08 09:47:11.766root 11241100x8000000000000000278348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.766{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e67e1830182ac72023-02-08 09:47:11.766root 11241100x8000000000000000278354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.767{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb64d23402d79e82023-02-08 09:47:11.767root 11241100x8000000000000000278359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8c0b386b0f5c772023-02-08 09:47:11.770root 11241100x8000000000000000278358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c35f0cf3fae0182023-02-08 09:47:11.770root 11241100x8000000000000000278357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac215170440e1222023-02-08 09:47:11.770root 11241100x8000000000000000278356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c32250638d957da2023-02-08 09:47:11.770root 11241100x8000000000000000278361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242364df63fc0c212023-02-08 09:47:11.771root 11241100x8000000000000000278360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8edc6e468ff5092023-02-08 09:47:11.771root 534500x8000000000000000278363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.772{ec2a0601-6f9f-63e3-0000-000000000000}5916-ubuntu 534500x8000000000000000278362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.772{ec2a0601-6f9f-63e3-4849-b51106560000}5917/usr/bin/dircolorsubuntu 11241100x8000000000000000278364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37195455f5b98c0f2023-02-08 09:47:11.773root 11241100x8000000000000000278373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4db0c237be27af2023-02-08 09:47:11.774root 11241100x8000000000000000278372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6671920fcd7099fc2023-02-08 09:47:11.774root 11241100x8000000000000000278371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126c258ef52efed2023-02-08 09:47:11.774root 11241100x8000000000000000278370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd1dad5e13930222023-02-08 09:47:11.774root 11241100x8000000000000000278369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332366d4085c7dfc2023-02-08 09:47:11.774root 11241100x8000000000000000278368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1664d40355b5eafe2023-02-08 09:47:11.774root 11241100x8000000000000000278367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3260402ff9c1ba02023-02-08 09:47:11.774root 11241100x8000000000000000278366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8ae33f2977dee62023-02-08 09:47:11.774root 11241100x8000000000000000278365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d043315bd0cbbaf2023-02-08 09:47:11.774root 11241100x8000000000000000278379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198d976917625872023-02-08 09:47:11.775root 11241100x8000000000000000278378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a01562a8bfd04bb2023-02-08 09:47:11.775root 11241100x8000000000000000278377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfce9128f93403652023-02-08 09:47:11.775root 11241100x8000000000000000278376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb8b7bce30ba0562023-02-08 09:47:11.775root 11241100x8000000000000000278375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2627cce98cd53ab2023-02-08 09:47:11.775root 11241100x8000000000000000278374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.775{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e7c3808459c1f12023-02-08 09:47:11.775root 11241100x8000000000000000278387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd45a492ba7d9092023-02-08 09:47:11.776root 11241100x8000000000000000278386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c268ac64d0889f1d2023-02-08 09:47:11.776root 11241100x8000000000000000278385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b5619a9f306182023-02-08 09:47:11.776root 11241100x8000000000000000278384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6e25a4d29b10462023-02-08 09:47:11.776root 11241100x8000000000000000278383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b557da4df84529c2023-02-08 09:47:11.776root 11241100x8000000000000000278382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005bc1bea2a3f3592023-02-08 09:47:11.776root 11241100x8000000000000000278381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971ecdac5bdd9cde2023-02-08 09:47:11.776root 11241100x8000000000000000278380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.776{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d2e5954221a342023-02-08 09:47:11.776root 11241100x8000000000000000278395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf395db0586b9e652023-02-08 09:47:11.777root 11241100x8000000000000000278394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd98e77a2cd9d522023-02-08 09:47:11.777root 11241100x8000000000000000278393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20984876d2444f0b2023-02-08 09:47:11.777root 11241100x8000000000000000278392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d0d580bbe5b3682023-02-08 09:47:11.777root 11241100x8000000000000000278391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca56f4ea17c03f22023-02-08 09:47:11.777root 11241100x8000000000000000278390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefa374bd141a27f2023-02-08 09:47:11.777root 11241100x8000000000000000278389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2235f0d0c93e93b2023-02-08 09:47:11.777root 11241100x8000000000000000278388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.777{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232f0c94ddde53ad2023-02-08 09:47:11.777root 11241100x8000000000000000278397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.778{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52e51e038ad595c2023-02-08 09:47:11.778root 11241100x8000000000000000278396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.778{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8664763471b2f5c2023-02-08 09:47:11.778root 11241100x8000000000000000278402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.779{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abb834ea817fd5c2023-02-08 09:47:11.779root 11241100x8000000000000000278401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.779{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81096cf3b9100b002023-02-08 09:47:11.779root 11241100x8000000000000000278400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.779{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f874dfeb3b4480582023-02-08 09:47:11.779root 11241100x8000000000000000278399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.779{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd35daa6d5192f02023-02-08 09:47:11.779root 11241100x8000000000000000278398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.779{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab0151bcf7763e2023-02-08 09:47:11.779root 11241100x8000000000000000278416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72af68e5f319d3fd2023-02-08 09:47:11.780root 11241100x8000000000000000278415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01962bfaca2744562023-02-08 09:47:11.780root 11241100x8000000000000000278414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6f22e01b090a462023-02-08 09:47:11.780root 11241100x8000000000000000278413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e304ce83713c442023-02-08 09:47:11.780root 11241100x8000000000000000278412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946a27d85cb0b4e2023-02-08 09:47:11.780root 11241100x8000000000000000278411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4f66f3de99fcb22023-02-08 09:47:11.780root 11241100x8000000000000000278410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95666f41839da3532023-02-08 09:47:11.780root 11241100x8000000000000000278409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136deb04494590ab2023-02-08 09:47:11.780root 11241100x8000000000000000278408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff0ec768cddc5f2023-02-08 09:47:11.780root 11241100x8000000000000000278407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022368b0c5ea1a32023-02-08 09:47:11.780root 11241100x8000000000000000278406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45788147b1f016622023-02-08 09:47:11.780root 11241100x8000000000000000278405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae448db59f4b69d62023-02-08 09:47:11.780root 11241100x8000000000000000278404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1d89b8f57cfd1b2023-02-08 09:47:11.780root 11241100x8000000000000000278403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.780{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b41a600602b30db2023-02-08 09:47:11.780root 11241100x8000000000000000278429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ca69a9e8e8af242023-02-08 09:47:11.781root 11241100x8000000000000000278428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f5395e3c9a23b2023-02-08 09:47:11.781root 11241100x8000000000000000278427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19dad528c8368682023-02-08 09:47:11.781root 11241100x8000000000000000278426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ade5cb26d24ec2023-02-08 09:47:11.781root 11241100x8000000000000000278425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8913d5582e715e2023-02-08 09:47:11.781root 11241100x8000000000000000278424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be8f9362d970f622023-02-08 09:47:11.781root 11241100x8000000000000000278423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4514a62efcf625a22023-02-08 09:47:11.781root 11241100x8000000000000000278422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56137c56ccdff41a2023-02-08 09:47:11.781root 11241100x8000000000000000278421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd427552017d02b32023-02-08 09:47:11.781root 11241100x8000000000000000278420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e894b6f3ea788a2023-02-08 09:47:11.781root 11241100x8000000000000000278419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffc25fca3040ce02023-02-08 09:47:11.781root 11241100x8000000000000000278418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0794226a3c7e93b2023-02-08 09:47:11.781root 11241100x8000000000000000278417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.781{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b908d578764362023-02-08 09:47:11.781root 11241100x8000000000000000278443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3ca0af4cc833132023-02-08 09:47:11.782root 11241100x8000000000000000278442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c69241ca4f9a3722023-02-08 09:47:11.782root 11241100x8000000000000000278441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d065f44401db90282023-02-08 09:47:11.782root 11241100x8000000000000000278440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f50f1c0efed1b4d2023-02-08 09:47:11.782root 11241100x8000000000000000278439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35de6641dd4cc162023-02-08 09:47:11.782root 11241100x8000000000000000278438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68b26339d2a48902023-02-08 09:47:11.782root 11241100x8000000000000000278437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b099731c88a2202023-02-08 09:47:11.782root 11241100x8000000000000000278436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162dba3ebc9c3ed92023-02-08 09:47:11.782root 11241100x8000000000000000278435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9629c442816b9d262023-02-08 09:47:11.782root 11241100x8000000000000000278434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887a82d199fa2a7d2023-02-08 09:47:11.782root 11241100x8000000000000000278433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3526dc97d7c063742023-02-08 09:47:11.782root 11241100x8000000000000000278432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6371511a8bd0fad2023-02-08 09:47:11.782root 11241100x8000000000000000278431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1090e49e2abed3cd2023-02-08 09:47:11.782root 11241100x8000000000000000278430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.782{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1570398ea019b42023-02-08 09:47:11.782root 11241100x8000000000000000278456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea34f32c653def2023-02-08 09:47:11.783root 11241100x8000000000000000278455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd197e89ccd43f3d2023-02-08 09:47:11.783root 11241100x8000000000000000278454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9143e49affcc82c2023-02-08 09:47:11.783root 11241100x8000000000000000278453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca534bc7a2cf6542023-02-08 09:47:11.783root 11241100x8000000000000000278452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db70f01b25c07ce82023-02-08 09:47:11.783root 11241100x8000000000000000278451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f3089048829722023-02-08 09:47:11.783root 11241100x8000000000000000278450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1f0e55929fa5a2023-02-08 09:47:11.783root 11241100x8000000000000000278449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff956acac96d5e42023-02-08 09:47:11.783root 11241100x8000000000000000278448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9e2a8621b0f2a2023-02-08 09:47:11.783root 11241100x8000000000000000278447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b220c835966fe1bb2023-02-08 09:47:11.783root 11241100x8000000000000000278446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec11a97a6b1007262023-02-08 09:47:11.783root 11241100x8000000000000000278445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16210e5ff6b7e6d2023-02-08 09:47:11.783root 11241100x8000000000000000278444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.783{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a2a7d52fa8e7b2023-02-08 09:47:11.783root 11241100x8000000000000000278466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe8a6e1237418e02023-02-08 09:47:11.784root 11241100x8000000000000000278465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465fe782a27908062023-02-08 09:47:11.784root 11241100x8000000000000000278464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115d38c8f7bbba682023-02-08 09:47:11.784root 11241100x8000000000000000278463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defb838b3ac969bf2023-02-08 09:47:11.784root 11241100x8000000000000000278462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf362e0bcbd11e892023-02-08 09:47:11.784root 11241100x8000000000000000278461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5def9b84240049882023-02-08 09:47:11.784root 11241100x8000000000000000278460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766cfc116eaacaf72023-02-08 09:47:11.784root 11241100x8000000000000000278459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8382fff14ff0f92023-02-08 09:47:11.784root 11241100x8000000000000000278458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693d4caa4b2dc7882023-02-08 09:47:11.784root 11241100x8000000000000000278457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.784{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99575f763e5f311c2023-02-08 09:47:11.784root 11241100x8000000000000000278478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5246f0333e4e83c72023-02-08 09:47:11.785root 11241100x8000000000000000278477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbdae1d18be0b202023-02-08 09:47:11.785root 11241100x8000000000000000278476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133fa59dd499eaaa2023-02-08 09:47:11.785root 11241100x8000000000000000278475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e711816036f5f7a2023-02-08 09:47:11.785root 11241100x8000000000000000278474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ad2446972645f42023-02-08 09:47:11.785root 11241100x8000000000000000278473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c5852f706872d62023-02-08 09:47:11.785root 11241100x8000000000000000278472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36f406bb0e73fd42023-02-08 09:47:11.785root 11241100x8000000000000000278471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ab8683902834b2023-02-08 09:47:11.785root 11241100x8000000000000000278470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b51167b6da7b6eb2023-02-08 09:47:11.785root 11241100x8000000000000000278469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f60901ac57a2dc2023-02-08 09:47:11.785root 11241100x8000000000000000278468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1976ff33545ec6452023-02-08 09:47:11.785root 11241100x8000000000000000278467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.785{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3193a84208874e2023-02-08 09:47:11.785root 11241100x8000000000000000278488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3066832fa8fb312023-02-08 09:47:11.786root 11241100x8000000000000000278487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b04164ed1a5b0b2023-02-08 09:47:11.786root 11241100x8000000000000000278486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a0d5f99b715982023-02-08 09:47:11.786root 11241100x8000000000000000278485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ef1018b6be5b272023-02-08 09:47:11.786root 11241100x8000000000000000278484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fc6915c068c0102023-02-08 09:47:11.786root 11241100x8000000000000000278483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91e3c518914ba652023-02-08 09:47:11.786root 11241100x8000000000000000278482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d8e977e3147f032023-02-08 09:47:11.786root 11241100x8000000000000000278481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034130b397f630072023-02-08 09:47:11.786root 11241100x8000000000000000278480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35f3df868f88df22023-02-08 09:47:11.786root 11241100x8000000000000000278479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.786{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43249c7869dbed82023-02-08 09:47:11.786root 11241100x8000000000000000278496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f168a84bf3a76f282023-02-08 09:47:11.787root 11241100x8000000000000000278495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c63d1cd066600422023-02-08 09:47:11.787root 11241100x8000000000000000278494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a44883fd4980792023-02-08 09:47:11.787root 11241100x8000000000000000278493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c215db13ddbac82023-02-08 09:47:11.787root 11241100x8000000000000000278492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f78b857d56b7e72023-02-08 09:47:11.787root 11241100x8000000000000000278491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38961f9b1b2d5fe2023-02-08 09:47:11.787root 11241100x8000000000000000278490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd757fec6537b7ce2023-02-08 09:47:11.787root 11241100x8000000000000000278489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.787{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce96b7c9bbda185f2023-02-08 09:47:11.787root 11241100x8000000000000000278503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b8563e32f7c9932023-02-08 09:47:11.788root 11241100x8000000000000000278502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0c3bf6c7c9c24e2023-02-08 09:47:11.788root 11241100x8000000000000000278501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cae7f6f24b0be922023-02-08 09:47:11.788root 11241100x8000000000000000278500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d83ca1eb2c6b9ad2023-02-08 09:47:11.788root 11241100x8000000000000000278499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6f56cab1c2be082023-02-08 09:47:11.788root 11241100x8000000000000000278498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d3c17f5e5a39382023-02-08 09:47:11.788root 11241100x8000000000000000278497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.788{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1792dd14478a3a2023-02-08 09:47:11.788root 11241100x8000000000000000278509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5c74dcca651582023-02-08 09:47:11.789root 11241100x8000000000000000278508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cfda63e4850262023-02-08 09:47:11.789root 11241100x8000000000000000278507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cef575cf5119c1f2023-02-08 09:47:11.789root 11241100x8000000000000000278506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b4d525eb88967c2023-02-08 09:47:11.789root 11241100x8000000000000000278505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3873acafbef6bb42023-02-08 09:47:11.789root 11241100x8000000000000000278504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.789{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe97f6c17a59e072023-02-08 09:47:11.789root 11241100x8000000000000000278519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb57440ffad1dcd52023-02-08 09:47:11.790root 11241100x8000000000000000278518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bbf5a2658306e02023-02-08 09:47:11.790root 11241100x8000000000000000278517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39996a106bab7d622023-02-08 09:47:11.790root 11241100x8000000000000000278516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b563db7c8c8d2882023-02-08 09:47:11.790root 11241100x8000000000000000278515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12870b3c6a71582b2023-02-08 09:47:11.790root 11241100x8000000000000000278514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3aa1f767325802023-02-08 09:47:11.790root 11241100x8000000000000000278513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083921e92480d7032023-02-08 09:47:11.790root 11241100x8000000000000000278512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f213e5cf7776f4532023-02-08 09:47:11.790root 11241100x8000000000000000278511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abf26ef0d9e8aa52023-02-08 09:47:11.790root 11241100x8000000000000000278510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.790{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0409b16540c67572023-02-08 09:47:11.790root 11241100x8000000000000000278526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea9cd109f7f9ea2023-02-08 09:47:11.791root 11241100x8000000000000000278525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c37f350beaf2692023-02-08 09:47:11.791root 11241100x8000000000000000278524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de600f8f8eebd2e42023-02-08 09:47:11.791root 11241100x8000000000000000278523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c31c2acc0955ac22023-02-08 09:47:11.791root 11241100x8000000000000000278522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceecf615dc2559d2023-02-08 09:47:11.791root 11241100x8000000000000000278521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3afad5736ce75b2023-02-08 09:47:11.791root 11241100x8000000000000000278520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.791{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e8a7c5ff3597702023-02-08 09:47:11.791root 11241100x8000000000000000278532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee3f3927b4c08f2023-02-08 09:47:11.792root 11241100x8000000000000000278531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb245bc282583832023-02-08 09:47:11.792root 11241100x8000000000000000278530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7583efa1f7eb5bea2023-02-08 09:47:11.792root 11241100x8000000000000000278529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b644404b736d3532023-02-08 09:47:11.792root 11241100x8000000000000000278528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63173cbb6cf6e00a2023-02-08 09:47:11.792root 11241100x8000000000000000278527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.792{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bb51d77950a84c2023-02-08 09:47:11.792root 11241100x8000000000000000278538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4646cf406dedd0a72023-02-08 09:47:11.793root 11241100x8000000000000000278537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9fcfa4fb0f24e782023-02-08 09:47:11.793root 11241100x8000000000000000278536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb28dc1a7fa4a45e2023-02-08 09:47:11.793root 11241100x8000000000000000278535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f98baed2d597ac2023-02-08 09:47:11.793root 11241100x8000000000000000278534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f62e55cc9bc2d52023-02-08 09:47:11.793root 11241100x8000000000000000278533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.793{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a0c99889e3a3ba2023-02-08 09:47:11.793root 11241100x8000000000000000278544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39651697e95c3692023-02-08 09:47:11.794root 11241100x8000000000000000278543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c46ccc79e630c0e2023-02-08 09:47:11.794root 11241100x8000000000000000278542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cb8a1db6ed61d72023-02-08 09:47:11.794root 11241100x8000000000000000278541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bae7d2f6b6eba22023-02-08 09:47:11.794root 11241100x8000000000000000278540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367b4244d9d2e2082023-02-08 09:47:11.794root 11241100x8000000000000000278539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.794{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba67cd05d57bc052023-02-08 09:47:11.794root 11241100x8000000000000000278549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.795{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3d3587844e79c2023-02-08 09:47:11.795root 11241100x8000000000000000278548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.795{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846438e7827b91572023-02-08 09:47:11.795root 11241100x8000000000000000278547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.795{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4290af35f4a41c2023-02-08 09:47:11.795root 11241100x8000000000000000278546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.795{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cd6120cb48b9d22023-02-08 09:47:11.795root 11241100x8000000000000000278545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.795{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f542767292be892023-02-08 09:47:11.795root 11241100x8000000000000000278554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.796{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291f0eaced653f482023-02-08 09:47:11.796root 11241100x8000000000000000278553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.796{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68584792a8e03c7a2023-02-08 09:47:11.796root 11241100x8000000000000000278552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.796{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508cb4c22af7ef7c2023-02-08 09:47:11.796root 11241100x8000000000000000278551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.796{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3955336927ad39722023-02-08 09:47:11.796root 11241100x8000000000000000278550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.796{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130193a8d43983682023-02-08 09:47:11.796root 11241100x8000000000000000278559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.797{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ca5d969d0401f72023-02-08 09:47:11.797root 11241100x8000000000000000278558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.797{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5256c83edf5bd1f72023-02-08 09:47:11.797root 11241100x8000000000000000278557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.797{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac5a017f35df8922023-02-08 09:47:11.797root 11241100x8000000000000000278556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.797{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a64b69dac057d052023-02-08 09:47:11.797root 11241100x8000000000000000278555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.797{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077f55c85940e4092023-02-08 09:47:11.797root 11241100x8000000000000000278564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.798{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb3a8baa5da715b2023-02-08 09:47:11.798root 11241100x8000000000000000278563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.798{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14b27933a6289ec2023-02-08 09:47:11.798root 11241100x8000000000000000278562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.798{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f811d275a4a858802023-02-08 09:47:11.798root 11241100x8000000000000000278561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.798{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbed29b0cca32612023-02-08 09:47:11.798root 11241100x8000000000000000278560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.798{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd92fcdd322177bf2023-02-08 09:47:11.798root 11241100x8000000000000000278571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85822688ab47cadc2023-02-08 09:47:11.799root 11241100x8000000000000000278570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d510f536c30bdfa52023-02-08 09:47:11.799root 11241100x8000000000000000278569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00b8f68581291472023-02-08 09:47:11.799root 11241100x8000000000000000278568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c631b10444661d2023-02-08 09:47:11.799root 11241100x8000000000000000278567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57c32c2284490732023-02-08 09:47:11.799root 11241100x8000000000000000278566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e126800754f101802023-02-08 09:47:11.799root 11241100x8000000000000000278565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.799{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37216c897a04ab0f2023-02-08 09:47:11.799root 11241100x8000000000000000278573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.800{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffde62c29cb00e92023-02-08 09:47:11.800root 11241100x8000000000000000278572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.800{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088001e9448abcd02023-02-08 09:47:11.800root 11241100x8000000000000000278576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f577149e4c7a6f02023-02-08 09:47:11.801root 11241100x8000000000000000278575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f28cb8aed6416c2023-02-08 09:47:11.801root 11241100x8000000000000000278574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.801{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0b8b289262fa802023-02-08 09:47:11.801root 11241100x8000000000000000278582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcbcccf33f330742023-02-08 09:47:11.802root 11241100x8000000000000000278581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2595512f676c4b0c2023-02-08 09:47:11.802root 11241100x8000000000000000278580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b225442e14375822023-02-08 09:47:11.802root 11241100x8000000000000000278579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ea35f03f9eb372023-02-08 09:47:11.802root 11241100x8000000000000000278578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c786806392c6972023-02-08 09:47:11.802root 11241100x8000000000000000278577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.802{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1612b4e17d6b72023-02-08 09:47:11.802root 11241100x8000000000000000278587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.803{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ea8e14895a2d32023-02-08 09:47:11.803root 11241100x8000000000000000278586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.803{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2f37710774e2092023-02-08 09:47:11.803root 11241100x8000000000000000278585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.803{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb52f7d7a68dc12023-02-08 09:47:11.803root 11241100x8000000000000000278584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.803{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74245815cb0912b82023-02-08 09:47:11.803root 11241100x8000000000000000278583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.803{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e0ac7eae1cada2023-02-08 09:47:11.803root 11241100x8000000000000000278590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.804{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e586af1d88a49ce52023-02-08 09:47:11.804root 11241100x8000000000000000278589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.804{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc5f5c47261fd2c2023-02-08 09:47:11.804root 11241100x8000000000000000278588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.804{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef9213daefe6d422023-02-08 09:47:11.804root 11241100x8000000000000000278595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.805{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3aea27c7f4cf062023-02-08 09:47:11.805root 11241100x8000000000000000278594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.805{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624f6e50d6a00d952023-02-08 09:47:11.805root 11241100x8000000000000000278593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.805{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d55f5863b1fa32023-02-08 09:47:11.805root 11241100x8000000000000000278592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.805{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d00f871077a2112023-02-08 09:47:11.805root 11241100x8000000000000000278591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.805{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0e1a8403827c4b2023-02-08 09:47:11.805root 11241100x8000000000000000278601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8cbb0f9db734672023-02-08 09:47:11.806root 11241100x8000000000000000278600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17190cefc06c1cef2023-02-08 09:47:11.806root 11241100x8000000000000000278599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79276fbb8fa8c8e52023-02-08 09:47:11.806root 11241100x8000000000000000278598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b73903ad4250ac42023-02-08 09:47:11.806root 11241100x8000000000000000278597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525a33de6e73ae592023-02-08 09:47:11.806root 11241100x8000000000000000278596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.806{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c99fe686932a8c92023-02-08 09:47:11.806root 11241100x8000000000000000278608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae48ac6db23ee7cc2023-02-08 09:47:11.807root 11241100x8000000000000000278607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d2f3f9aaca01dc2023-02-08 09:47:11.807root 11241100x8000000000000000278606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3d298955671c5a2023-02-08 09:47:11.807root 11241100x8000000000000000278605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759c6fcf05a110fa2023-02-08 09:47:11.807root 11241100x8000000000000000278604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a7620f2615cdff2023-02-08 09:47:11.807root 11241100x8000000000000000278603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec0b5c7d666a1512023-02-08 09:47:11.807root 11241100x8000000000000000278602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.807{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070547bebed953272023-02-08 09:47:11.807root 11241100x8000000000000000278614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d645575a171c794f2023-02-08 09:47:11.808root 11241100x8000000000000000278613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1903d7c2b2f4058d2023-02-08 09:47:11.808root 11241100x8000000000000000278612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc70d137e8a24312023-02-08 09:47:11.808root 11241100x8000000000000000278611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37539e63c9e25482023-02-08 09:47:11.808root 11241100x8000000000000000278610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff33648819cf39a72023-02-08 09:47:11.808root 11241100x8000000000000000278609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.808{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b925dfdfba83be482023-02-08 09:47:11.808root 11241100x8000000000000000278618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.809{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04a6ae168cf8f8f2023-02-08 09:47:11.809root 11241100x8000000000000000278617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.809{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a709468eff4ce2023-02-08 09:47:11.809root 11241100x8000000000000000278616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.809{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645f28038366365e2023-02-08 09:47:11.809root 11241100x8000000000000000278615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.809{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552b28907a1d24e2023-02-08 09:47:11.809root 11241100x8000000000000000278627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066870e092465c2e2023-02-08 09:47:11.810root 11241100x8000000000000000278626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98cebbad1376e632023-02-08 09:47:11.810root 11241100x8000000000000000278625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e5d7fd75522acd2023-02-08 09:47:11.810root 11241100x8000000000000000278624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f8974bf9759b472023-02-08 09:47:11.810root 11241100x8000000000000000278623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90de2782a24d5e682023-02-08 09:47:11.810root 11241100x8000000000000000278622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d650f81d9236ad12023-02-08 09:47:11.810root 11241100x8000000000000000278621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4a1861894350b12023-02-08 09:47:11.810root 11241100x8000000000000000278620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bee66f7df65c56a2023-02-08 09:47:11.810root 11241100x8000000000000000278619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.810{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcb6268b16827152023-02-08 09:47:11.810root 11241100x8000000000000000278634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f00db976e809af32023-02-08 09:47:11.811root 11241100x8000000000000000278633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6c88408cdb8cc52023-02-08 09:47:11.811root 11241100x8000000000000000278632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e665400039b2832023-02-08 09:47:11.811root 11241100x8000000000000000278631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74961fe5fbe3be52023-02-08 09:47:11.811root 11241100x8000000000000000278630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d7d24cc8a10ef2023-02-08 09:47:11.811root 11241100x8000000000000000278629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc393e05a9342172023-02-08 09:47:11.811root 11241100x8000000000000000278628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.811{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e2869d566905a02023-02-08 09:47:11.811root 11241100x8000000000000000278643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a7bc5a18749632023-02-08 09:47:11.812root 11241100x8000000000000000278642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02892e5242132672023-02-08 09:47:11.812root 11241100x8000000000000000278641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e665992fafaea92023-02-08 09:47:11.812root 11241100x8000000000000000278640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9089211619e3732023-02-08 09:47:11.812root 11241100x8000000000000000278639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e524bd5f1592d22023-02-08 09:47:11.812root 11241100x8000000000000000278638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68c63a37cbd64662023-02-08 09:47:11.812root 11241100x8000000000000000278637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3056a25b374c6e2023-02-08 09:47:11.812root 11241100x8000000000000000278636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f74f11cc083f502023-02-08 09:47:11.812root 11241100x8000000000000000278635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.812{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a8fc6b86d3ac532023-02-08 09:47:11.812root 11241100x8000000000000000278651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a16493454767032023-02-08 09:47:11.813root 11241100x8000000000000000278650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7fa3d2a5fb227d2023-02-08 09:47:11.813root 11241100x8000000000000000278649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7892792aac15a612023-02-08 09:47:11.813root 11241100x8000000000000000278648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6588df2fb46fc99b2023-02-08 09:47:11.813root 11241100x8000000000000000278647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d59ff68276cdba2023-02-08 09:47:11.813root 11241100x8000000000000000278646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cd556555f1c90c2023-02-08 09:47:11.813root 11241100x8000000000000000278645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ac648ad45004522023-02-08 09:47:11.813root 11241100x8000000000000000278644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.813{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b6749eaeffce1a2023-02-08 09:47:11.813root 11241100x8000000000000000278660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d89a36dff00c412023-02-08 09:47:11.814root 11241100x8000000000000000278659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85edce2a521d3422023-02-08 09:47:11.814root 11241100x8000000000000000278658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c370dde827e4e7b2023-02-08 09:47:11.814root 11241100x8000000000000000278657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f4d40a0778b2fa2023-02-08 09:47:11.814root 11241100x8000000000000000278656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6277fb221a8f9292023-02-08 09:47:11.814root 11241100x8000000000000000278655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c9647b6a758faa2023-02-08 09:47:11.814root 11241100x8000000000000000278654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a84ee2d7b8178bf2023-02-08 09:47:11.814root 11241100x8000000000000000278653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdb43ce44bb0f462023-02-08 09:47:11.814root 11241100x8000000000000000278652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.814{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621308a5d78d9c102023-02-08 09:47:11.814root 11241100x8000000000000000278664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.815{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2a5204e9a7b612023-02-08 09:47:11.815root 11241100x8000000000000000278663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.815{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc0cbfebf249242023-02-08 09:47:11.815root 11241100x8000000000000000278662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.815{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c208499a8730d5942023-02-08 09:47:11.815root 11241100x8000000000000000278661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.815{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da2e0b23081b74b2023-02-08 09:47:11.815root 11241100x8000000000000000278672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1a00eeaafc70292023-02-08 09:47:11.816root 11241100x8000000000000000278671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d918e3f5078c0a282023-02-08 09:47:11.816root 11241100x8000000000000000278670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecb58f3a95223c62023-02-08 09:47:11.816root 11241100x8000000000000000278669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2b5324d1a995962023-02-08 09:47:11.816root 11241100x8000000000000000278668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0429cf35f804dafa2023-02-08 09:47:11.816root 11241100x8000000000000000278667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d44c046888e2b92023-02-08 09:47:11.816root 11241100x8000000000000000278666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435bb600d11385862023-02-08 09:47:11.816root 11241100x8000000000000000278665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.816{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40af0a3988c1d1c2023-02-08 09:47:11.816root 11241100x8000000000000000278677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.817{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038f24cd93e8cdec2023-02-08 09:47:11.817root 11241100x8000000000000000278676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.817{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a94a7a7e1f471e2023-02-08 09:47:11.817root 11241100x8000000000000000278675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.817{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00f6f62b37713c52023-02-08 09:47:11.817root 11241100x8000000000000000278674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.817{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d53b40371129ae2023-02-08 09:47:11.817root 11241100x8000000000000000278673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.817{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f50797ddbf35a092023-02-08 09:47:11.817root 11241100x8000000000000000278681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.818{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf5d283838990bb2023-02-08 09:47:11.818root 11241100x8000000000000000278680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.818{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae0ab66c1e4fdfc2023-02-08 09:47:11.818root 11241100x8000000000000000278679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.818{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f4097ddc5355532023-02-08 09:47:11.818root 11241100x8000000000000000278678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.818{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a044c6f1cde76cd2023-02-08 09:47:11.818root 11241100x8000000000000000278689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a3e5e6f539c0f2023-02-08 09:47:11.819root 11241100x8000000000000000278688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1029e7177cc992142023-02-08 09:47:11.819root 11241100x8000000000000000278687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f134e44ffc4440312023-02-08 09:47:11.819root 11241100x8000000000000000278686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49e2b4807edccd22023-02-08 09:47:11.819root 11241100x8000000000000000278685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70279e52f7e5520d2023-02-08 09:47:11.819root 11241100x8000000000000000278684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466a988194356932023-02-08 09:47:11.819root 11241100x8000000000000000278683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb864dad730fd92023-02-08 09:47:11.819root 11241100x8000000000000000278682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.819{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e85220e28f006e2023-02-08 09:47:11.819root 11241100x8000000000000000278699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76d30c7449fab272023-02-08 09:47:11.820root 11241100x8000000000000000278698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e7203fc527c9cc2023-02-08 09:47:11.820root 11241100x8000000000000000278697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e232f12ea7a97f82023-02-08 09:47:11.820root 11241100x8000000000000000278696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1477dc565f4e3c2a2023-02-08 09:47:11.820root 11241100x8000000000000000278695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19204c72bbd74fbd2023-02-08 09:47:11.820root 11241100x8000000000000000278694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd967efad73ec382023-02-08 09:47:11.820root 11241100x8000000000000000278693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb41f9d36a4d8682023-02-08 09:47:11.820root 11241100x8000000000000000278692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8815967a38d58de2023-02-08 09:47:11.820root 11241100x8000000000000000278691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fa632a98e1a2db2023-02-08 09:47:11.820root 11241100x8000000000000000278690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.820{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8051a900c480d732023-02-08 09:47:11.820root 11241100x8000000000000000278712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a9f5a07d7f7e02023-02-08 09:47:11.821root 11241100x8000000000000000278711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f0cfc6e7879d412023-02-08 09:47:11.821root 11241100x8000000000000000278710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92f8412a95758d2023-02-08 09:47:11.821root 11241100x8000000000000000278709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e8f051665816f92023-02-08 09:47:11.821root 11241100x8000000000000000278708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b7e1468122c9732023-02-08 09:47:11.821root 11241100x8000000000000000278707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0833170cb15ae3202023-02-08 09:47:11.821root 11241100x8000000000000000278706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee72b5b323b0c4c2023-02-08 09:47:11.821root 11241100x8000000000000000278705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03d8fb522bdc0aa2023-02-08 09:47:11.821root 11241100x8000000000000000278704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e1aa3d2a946c2b2023-02-08 09:47:11.821root 11241100x8000000000000000278703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f5ce95a934fb052023-02-08 09:47:11.821root 11241100x8000000000000000278702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed146cd7dc6a7ed2023-02-08 09:47:11.821root 11241100x8000000000000000278701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666fb39dced9ebb52023-02-08 09:47:11.821root 11241100x8000000000000000278700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.821{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056d920d6b9dc7e82023-02-08 09:47:11.821root 11241100x8000000000000000278721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c72f95eaf621b72023-02-08 09:47:11.822root 11241100x8000000000000000278720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0afb181f90796222023-02-08 09:47:11.822root 11241100x8000000000000000278719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b00a638e14a5dd2023-02-08 09:47:11.822root 11241100x8000000000000000278718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c014185b1440feb2023-02-08 09:47:11.822root 11241100x8000000000000000278717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d1b71c33e6af842023-02-08 09:47:11.822root 11241100x8000000000000000278716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8950c5c1889d05a32023-02-08 09:47:11.822root 11241100x8000000000000000278715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6ab2500fe9d2ee2023-02-08 09:47:11.822root 11241100x8000000000000000278714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a37af86ebb80c2023-02-08 09:47:11.822root 11241100x8000000000000000278713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.822{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af28351def1c297a2023-02-08 09:47:11.822root 11241100x8000000000000000278729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff8350585059f4b2023-02-08 09:47:11.823root 11241100x8000000000000000278728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc158cba6d4ec82023-02-08 09:47:11.823root 11241100x8000000000000000278727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2a3e636d6855d82023-02-08 09:47:11.823root 11241100x8000000000000000278726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97cad31d968e4c2023-02-08 09:47:11.823root 11241100x8000000000000000278725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d4663c7304e9932023-02-08 09:47:11.823root 11241100x8000000000000000278724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d115d4500e8a8c12023-02-08 09:47:11.823root 11241100x8000000000000000278723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd17277e688cb7f2023-02-08 09:47:11.823root 11241100x8000000000000000278722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.823{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fc2bbc46eaa0502023-02-08 09:47:11.823root 11241100x8000000000000000278737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e00f10c3188ca22023-02-08 09:47:11.824root 11241100x8000000000000000278736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb4cbd3139e30092023-02-08 09:47:11.824root 11241100x8000000000000000278735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f35f822001140b2023-02-08 09:47:11.824root 11241100x8000000000000000278734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f919e20ccfc6012023-02-08 09:47:11.824root 11241100x8000000000000000278733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e43d7a48f06ded52023-02-08 09:47:11.824root 11241100x8000000000000000278732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c139bba2b85a792023-02-08 09:47:11.824root 11241100x8000000000000000278731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e769f9b1fec8b02023-02-08 09:47:11.824root 11241100x8000000000000000278730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.824{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec701145e63d83d52023-02-08 09:47:11.824root 11241100x8000000000000000278741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.825{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4fbb308b3c1962023-02-08 09:47:11.825root 11241100x8000000000000000278740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.825{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04debaa2e1746cf72023-02-08 09:47:11.825root 11241100x8000000000000000278739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.825{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32d0f86b066063a2023-02-08 09:47:11.825root 11241100x8000000000000000278738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.825{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a751f237bab7bc2023-02-08 09:47:11.825root 11241100x8000000000000000278749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da324060f88013c2023-02-08 09:47:11.826root 11241100x8000000000000000278748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a4100ae50d8ca62023-02-08 09:47:11.826root 11241100x8000000000000000278747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75afa7b1313a70cb2023-02-08 09:47:11.826root 11241100x8000000000000000278746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e453e1f98b0c22023-02-08 09:47:11.826root 11241100x8000000000000000278745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233962a10f46e03d2023-02-08 09:47:11.826root 11241100x8000000000000000278744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ced8dc9620d930d2023-02-08 09:47:11.826root 11241100x8000000000000000278743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a9030b84b33652023-02-08 09:47:11.826root 11241100x8000000000000000278742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.826{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36abb6a7bbe849d2023-02-08 09:47:11.826root 11241100x8000000000000000278760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa67c90b951e0efa2023-02-08 09:47:11.827root 11241100x8000000000000000278759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f64b6e0ce20ed12023-02-08 09:47:11.827root 11241100x8000000000000000278758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c7d0b1bb8a03492023-02-08 09:47:11.827root 11241100x8000000000000000278757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d892356a2458ca7f2023-02-08 09:47:11.827root 11241100x8000000000000000278756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc8cce3f26e28042023-02-08 09:47:11.827root 11241100x8000000000000000278755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42bf8464cf5139c2023-02-08 09:47:11.827root 11241100x8000000000000000278754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757fe1a7b1f531002023-02-08 09:47:11.827root 11241100x8000000000000000278753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86861f09c4ac7cea2023-02-08 09:47:11.827root 11241100x8000000000000000278752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9cd327046d7a032023-02-08 09:47:11.827root 11241100x8000000000000000278751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d37acf1e08c9eb72023-02-08 09:47:11.827root 11241100x8000000000000000278750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.827{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ff5e719adae37e2023-02-08 09:47:11.827root 11241100x8000000000000000278769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cda638a9780f0472023-02-08 09:47:11.828root 11241100x8000000000000000278768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d035d34f316783792023-02-08 09:47:11.828root 11241100x8000000000000000278767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bed81b69fcc4baf2023-02-08 09:47:11.828root 11241100x8000000000000000278766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2bd485783b01a2023-02-08 09:47:11.828root 11241100x8000000000000000278765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff94925a6c28d7bd2023-02-08 09:47:11.828root 11241100x8000000000000000278764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c3a7c7fcd61e462023-02-08 09:47:11.828root 11241100x8000000000000000278763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f07110f716abfd42023-02-08 09:47:11.828root 11241100x8000000000000000278762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef1b3348c19b4db2023-02-08 09:47:11.828root 11241100x8000000000000000278761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.828{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ad3e368432787f2023-02-08 09:47:11.828root 11241100x8000000000000000278778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfee9614c0b7b1902023-02-08 09:47:11.829root 11241100x8000000000000000278777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f4ceb0e7d699842023-02-08 09:47:11.829root 11241100x8000000000000000278776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce57871eabb760062023-02-08 09:47:11.829root 11241100x8000000000000000278775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcde5321c0535502023-02-08 09:47:11.829root 11241100x8000000000000000278774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9d669be9365abb2023-02-08 09:47:11.829root 11241100x8000000000000000278773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28716b3ba26c053f2023-02-08 09:47:11.829root 11241100x8000000000000000278772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e598b6606f732f2023-02-08 09:47:11.829root 11241100x8000000000000000278771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fff5081da0d382b2023-02-08 09:47:11.829root 11241100x8000000000000000278770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:11.829{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba2e15f14be543a2023-02-08 09:47:11.829root 354300x8000000000000000279011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:41.173{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37194-false10.0.1.12-8000- 11241100x8000000000000000279012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543485933f4b6ae12023-02-08 09:47:41.484root 11241100x8000000000000000279013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b67fa8ae32ff8222023-02-08 09:47:41.984root 11241100x8000000000000000279014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da79a014d3ecb6e22023-02-08 09:47:42.484root 11241100x8000000000000000279015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df333cc2233a20f2023-02-08 09:47:42.984root 11241100x8000000000000000279016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f78a32f266577d32023-02-08 09:47:43.484root 11241100x8000000000000000279017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8b57f4adb3cdd52023-02-08 09:47:43.984root 11241100x8000000000000000279018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37efb471d7d2ebcf2023-02-08 09:47:44.484root 11241100x8000000000000000279019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885c19f6606f8302023-02-08 09:47:44.984root 11241100x8000000000000000279020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b97abea65efb8e2023-02-08 09:47:45.484root 11241100x8000000000000000279021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b88968b150cf432023-02-08 09:47:45.984root 354300x8000000000000000279022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:46.182{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37202-false10.0.1.12-8000- 11241100x8000000000000000279024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7b3a550338dccc2023-02-08 09:47:46.484root 11241100x8000000000000000279023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d072de87138e4dc42023-02-08 09:47:46.484root 11241100x8000000000000000279026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67f8d6c230842722023-02-08 09:47:46.984root 11241100x8000000000000000279025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ec4a8cc83c6742023-02-08 09:47:46.984root 11241100x8000000000000000279028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d677df5ca6f372023-02-08 09:47:47.484root 11241100x8000000000000000279027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5719bbf7ee1d85c52023-02-08 09:47:47.484root 11241100x8000000000000000279030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c27e2449edb0662023-02-08 09:47:47.984root 11241100x8000000000000000279029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d959663fcf02a5202023-02-08 09:47:47.984root 11241100x8000000000000000279032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a25697e8ee25b852023-02-08 09:47:48.484root 11241100x8000000000000000279031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4a352c79eed652023-02-08 09:47:48.484root 11241100x8000000000000000279034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c9626227fc08322023-02-08 09:47:48.984root 11241100x8000000000000000279033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6e828a5ba599a82023-02-08 09:47:48.984root 11241100x8000000000000000279036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5f06fa985141d12023-02-08 09:47:49.484root 11241100x8000000000000000279035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63670103ee107622023-02-08 09:47:49.484root 11241100x8000000000000000279038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b3d060585e82ae2023-02-08 09:47:49.984root 11241100x8000000000000000279037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58596bdf1a47ced2023-02-08 09:47:49.984root 11241100x8000000000000000279040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817b9eaa5c038c072023-02-08 09:47:50.484root 11241100x8000000000000000279039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5c862f45f579f2023-02-08 09:47:50.484root 11241100x8000000000000000279042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80e544082ff77d2023-02-08 09:47:50.984root 11241100x8000000000000000279041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb9179fb4008bea2023-02-08 09:47:50.984root 354300x8000000000000000279043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.205{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44290-false10.0.1.12-8000- 11241100x8000000000000000279046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45993425f4f8c61e2023-02-08 09:47:51.484root 11241100x8000000000000000279045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e3192ed0ba926a2023-02-08 09:47:51.484root 11241100x8000000000000000279044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21465b95d05a5fa52023-02-08 09:47:51.484root 11241100x8000000000000000279049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef49b23112b63322023-02-08 09:47:51.984root 11241100x8000000000000000279048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31627e46e200b36b2023-02-08 09:47:51.984root 11241100x8000000000000000279047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa01953a2c695042023-02-08 09:47:51.984root 11241100x8000000000000000279052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c489d7fc0d4f12023-02-08 09:47:52.484root 11241100x8000000000000000279051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5973f335dd3e02023-02-08 09:47:52.484root 11241100x8000000000000000279050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618d9a01b9207b922023-02-08 09:47:52.484root 11241100x8000000000000000279055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c466cc3861d6c322023-02-08 09:47:52.984root 11241100x8000000000000000279054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06bd536b1f78f372023-02-08 09:47:52.984root 11241100x8000000000000000279053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2909acc05d915ddc2023-02-08 09:47:52.984root 11241100x8000000000000000279058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba885e33d98902c22023-02-08 09:47:53.484root 11241100x8000000000000000279057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7ffea2f3b26a9c2023-02-08 09:47:53.484root 11241100x8000000000000000279056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3850c4a53785f222023-02-08 09:47:53.484root 11241100x8000000000000000279061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e2ad10b66d937f2023-02-08 09:47:53.984root 11241100x8000000000000000279060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2755f7cede97c5802023-02-08 09:47:53.984root 11241100x8000000000000000279059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7aff2276a591902023-02-08 09:47:53.984root 11241100x8000000000000000279064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2c580924a3b9a52023-02-08 09:47:54.484root 11241100x8000000000000000279063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322953ce66e9d1962023-02-08 09:47:54.484root 11241100x8000000000000000279062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5d43b70fac4a572023-02-08 09:47:54.484root 11241100x8000000000000000279067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38ccb630b3d6a0c2023-02-08 09:47:54.984root 11241100x8000000000000000279066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6af2074fe7d0982023-02-08 09:47:54.984root 11241100x8000000000000000279065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8969583a473c78762023-02-08 09:47:54.984root 11241100x8000000000000000279070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09288bdef5ddf84c2023-02-08 09:47:55.484root 11241100x8000000000000000279069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9c82f98671e122023-02-08 09:47:55.484root 11241100x8000000000000000279068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7618745974372612023-02-08 09:47:55.484root 11241100x8000000000000000279073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60902df992de87a02023-02-08 09:47:55.984root 11241100x8000000000000000279072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d59a10222de1ad2023-02-08 09:47:55.984root 11241100x8000000000000000279071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61997dff20ca4812023-02-08 09:47:55.984root 11241100x8000000000000000279076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7faf11105702f5c2023-02-08 09:47:56.484root 11241100x8000000000000000279075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafd429cd066227f2023-02-08 09:47:56.484root 11241100x8000000000000000279074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c248ef31f99442023-02-08 09:47:56.484root 11241100x8000000000000000279079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405c9cc6fd592ea2023-02-08 09:47:56.984root 11241100x8000000000000000279078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8134a3b61bf20592023-02-08 09:47:56.984root 11241100x8000000000000000279077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9048bd8e341d8df2023-02-08 09:47:56.984root 354300x8000000000000000279080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.191{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-44302-false10.0.1.12-8000- 11241100x8000000000000000279084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374d8877f58ec4c62023-02-08 09:47:57.484root 11241100x8000000000000000279083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af379e471c2319b62023-02-08 09:47:57.484root 11241100x8000000000000000279082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6053a76eb9f4652023-02-08 09:47:57.484root 11241100x8000000000000000279081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f394cdf9a2d58072023-02-08 09:47:57.484root 11241100x8000000000000000279086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9133ab162e2d35bf2023-02-08 09:47:57.984root 11241100x8000000000000000279085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdee392b73eac3012023-02-08 09:47:57.984root 11241100x8000000000000000279088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f9c2321ed50b292023-02-08 09:47:57.985root 11241100x8000000000000000279087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13328fff646fec2023-02-08 09:47:57.985root 11241100x8000000000000000279092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f3752cee33ab502023-02-08 09:47:58.484root 11241100x8000000000000000279091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dc816ab97b071c2023-02-08 09:47:58.484root 11241100x8000000000000000279090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8990f576b97bbf2023-02-08 09:47:58.484root 11241100x8000000000000000279089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6610e2e5be6b702023-02-08 09:47:58.484root 11241100x8000000000000000279096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edafca5b1e630fa2023-02-08 09:47:58.984root 11241100x8000000000000000279095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78b27fc16ab9ad12023-02-08 09:47:58.984root 11241100x8000000000000000279094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f4f863ba262c52023-02-08 09:47:58.984root 11241100x8000000000000000279093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6228fcca523e12023-02-08 09:47:58.984root 11241100x8000000000000000279100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1558ed05e4c381b52023-02-08 09:47:59.484root 11241100x8000000000000000279099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7671ae0b99037cb2023-02-08 09:47:59.484root 11241100x8000000000000000279098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9f0886ec8db38d2023-02-08 09:47:59.484root 11241100x8000000000000000279097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d957113e1f18facd2023-02-08 09:47:59.484root 11241100x8000000000000000279104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55724edbf0afd3c82023-02-08 09:47:59.984root 11241100x8000000000000000279103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75553807ec0ae27d2023-02-08 09:47:59.984root 11241100x8000000000000000279102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521edb97007173f92023-02-08 09:47:59.984root 11241100x8000000000000000279101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:47:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5d3446aec4f9602023-02-08 09:47:59.984root 11241100x8000000000000000279108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb58bf23644ae5932023-02-08 09:48:00.484root 11241100x8000000000000000279107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8425c07cac60cb2023-02-08 09:48:00.484root 11241100x8000000000000000279106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7209a91c38b75a912023-02-08 09:48:00.484root 11241100x8000000000000000279105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7cef0852a02b9e2023-02-08 09:48:00.484root 11241100x8000000000000000279112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfcc403f39dd9dc2023-02-08 09:48:00.984root 11241100x8000000000000000279111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9309491691a069f2023-02-08 09:48:00.984root 11241100x8000000000000000279110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d4ff552565cc9c2023-02-08 09:48:00.984root 11241100x8000000000000000279109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1f83740d8e042a2023-02-08 09:48:00.984root 11241100x8000000000000000279116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d079f3990a310da2023-02-08 09:48:01.484root 11241100x8000000000000000279115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f8643420d389a12023-02-08 09:48:01.484root 11241100x8000000000000000279114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e5fea2f416a052023-02-08 09:48:01.484root 11241100x8000000000000000279113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f05161376c6114d2023-02-08 09:48:01.484root 11241100x8000000000000000279120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9576f5be62810eb62023-02-08 09:48:01.984root 11241100x8000000000000000279119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b2db8cbf499f2e2023-02-08 09:48:01.984root 11241100x8000000000000000279118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9256b690f6a812023-02-08 09:48:01.984root 11241100x8000000000000000279117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef9dd2e5c6b6ae02023-02-08 09:48:01.984root 11241100x8000000000000000279124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e930a6a301d54b2023-02-08 09:48:02.484root 11241100x8000000000000000279123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8b65dcf6bd45ce2023-02-08 09:48:02.484root 11241100x8000000000000000279122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d473c6f5dc0cbeb2023-02-08 09:48:02.484root 11241100x8000000000000000279121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90473e3023fe36742023-02-08 09:48:02.484root 11241100x8000000000000000279128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f097aabf5e5984242023-02-08 09:48:02.984root 11241100x8000000000000000279127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1e002dfffc6b582023-02-08 09:48:02.984root 11241100x8000000000000000279126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c754b3be03bcde52023-02-08 09:48:02.984root 11241100x8000000000000000279125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be620b9edf33b6482023-02-08 09:48:02.984root 354300x8000000000000000279129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.168{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41112-false10.0.1.12-8000- 11241100x8000000000000000279134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33362f933a64fdaf2023-02-08 09:48:03.484root 11241100x8000000000000000279133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e479908b79106d262023-02-08 09:48:03.484root 11241100x8000000000000000279132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce98e7e53f337812023-02-08 09:48:03.484root 11241100x8000000000000000279131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe9b760db9a55102023-02-08 09:48:03.484root 11241100x8000000000000000279130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7303b16560fb68e02023-02-08 09:48:03.484root 11241100x8000000000000000279139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5155218e196f06d52023-02-08 09:48:03.984root 11241100x8000000000000000279138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762828753ad023592023-02-08 09:48:03.984root 11241100x8000000000000000279137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73152ad046c577342023-02-08 09:48:03.984root 11241100x8000000000000000279136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbda639ea01d63b2023-02-08 09:48:03.984root 11241100x8000000000000000279135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb64211fa84403a2023-02-08 09:48:03.984root 11241100x8000000000000000279144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c00e6b54e0538bd2023-02-08 09:48:04.484root 11241100x8000000000000000279143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dde37070d5560302023-02-08 09:48:04.484root 11241100x8000000000000000279142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8d7a8c056c72ba2023-02-08 09:48:04.484root 11241100x8000000000000000279141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa67dcc31ddf48d2023-02-08 09:48:04.484root 11241100x8000000000000000279140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0763c4903ab910a2023-02-08 09:48:04.484root 11241100x8000000000000000279149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706f89405620da9d2023-02-08 09:48:04.984root 11241100x8000000000000000279148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d98db610c1f27b82023-02-08 09:48:04.984root 11241100x8000000000000000279147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adf296ce41103b12023-02-08 09:48:04.984root 11241100x8000000000000000279146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74bbc9bc2f5fa622023-02-08 09:48:04.984root 11241100x8000000000000000279145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8561eacf08ed5ef12023-02-08 09:48:04.984root 11241100x8000000000000000279154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb09b67f13e212712023-02-08 09:48:05.484root 11241100x8000000000000000279153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b983eb7191c8b3742023-02-08 09:48:05.484root 11241100x8000000000000000279152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d10c48c50696202023-02-08 09:48:05.484root 11241100x8000000000000000279151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223094194de029e2023-02-08 09:48:05.484root 11241100x8000000000000000279150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2835b5dd6829bd2023-02-08 09:48:05.484root 11241100x8000000000000000279159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aa92687184f0f82023-02-08 09:48:05.984root 11241100x8000000000000000279158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b5ca782b950f2d2023-02-08 09:48:05.984root 11241100x8000000000000000279157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96798dc32e940a12023-02-08 09:48:05.984root 11241100x8000000000000000279156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f633b670a5b2e0932023-02-08 09:48:05.984root 11241100x8000000000000000279155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3184e444948e4db32023-02-08 09:48:05.984root 154100x8000000000000000279160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.068{ec2a0601-6fd6-63e3-68b4-622127560000}5921/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 534500x8000000000000000279161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.080{ec2a0601-6fd6-63e3-68b4-622127560000}5921/bin/psroot 11241100x8000000000000000279162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:48:06.362root 11241100x8000000000000000279170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2661c211d91cda22023-02-08 09:48:06.363root 11241100x8000000000000000279169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af5d0453b4928502023-02-08 09:48:06.363root 11241100x8000000000000000279168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a77d13cf7e596a32023-02-08 09:48:06.363root 11241100x8000000000000000279167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6fc66ee504cbde2023-02-08 09:48:06.363root 11241100x8000000000000000279166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7824fd21c110954c2023-02-08 09:48:06.363root 11241100x8000000000000000279165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dc5162e2ffdecd2023-02-08 09:48:06.363root 11241100x8000000000000000279164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3612c88ebaf34a9d2023-02-08 09:48:06.363root 11241100x8000000000000000279163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628261c33b4f2f822023-02-08 09:48:06.363root 354300x8000000000000000279171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.733{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-36490-false10.0.1.12-8089- 11241100x8000000000000000279175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5693851e76ddc1f92023-02-08 09:48:06.734root 11241100x8000000000000000279174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d2e9006a93d1542023-02-08 09:48:06.734root 11241100x8000000000000000279173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb65c815f396af2023-02-08 09:48:06.734root 11241100x8000000000000000279172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6c9950c98a25932023-02-08 09:48:06.734root 11241100x8000000000000000279179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f297b3b9703e355a2023-02-08 09:48:06.735root 11241100x8000000000000000279178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5eab98686c1f3b2023-02-08 09:48:06.735root 11241100x8000000000000000279177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8b9788a76edc062023-02-08 09:48:06.735root 11241100x8000000000000000279176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7fc14a924fe2f72023-02-08 09:48:06.735root 11241100x8000000000000000279185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f229ca1e5585f722023-02-08 09:48:07.234root 11241100x8000000000000000279184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed87bdcdc4094edb2023-02-08 09:48:07.234root 11241100x8000000000000000279183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac84131409895da02023-02-08 09:48:07.234root 11241100x8000000000000000279182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab71939f25e0a71e2023-02-08 09:48:07.234root 11241100x8000000000000000279181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0213796068944f6e2023-02-08 09:48:07.234root 11241100x8000000000000000279180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3f84c2a4e4a8a62023-02-08 09:48:07.234root 11241100x8000000000000000279188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b6a87b8848604f2023-02-08 09:48:07.235root 11241100x8000000000000000279187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a20bae04d929fe2023-02-08 09:48:07.235root 11241100x8000000000000000279186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3a33b9cbaae57b2023-02-08 09:48:07.235root 11241100x8000000000000000279192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60606e219c8cb4422023-02-08 09:48:07.734root 11241100x8000000000000000279191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe4c4ee8400b3da2023-02-08 09:48:07.734root 11241100x8000000000000000279190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2883343dc2fa21a2023-02-08 09:48:07.734root 11241100x8000000000000000279189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25aa5879d07a4032023-02-08 09:48:07.734root 11241100x8000000000000000279197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df689cf82f4be4c2023-02-08 09:48:07.735root 11241100x8000000000000000279196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485553dbca1e68422023-02-08 09:48:07.735root 11241100x8000000000000000279195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b49c117c8ca4092023-02-08 09:48:07.735root 11241100x8000000000000000279194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630529640d9581542023-02-08 09:48:07.735root 11241100x8000000000000000279193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8527eb47bc54103f2023-02-08 09:48:07.735root 11241100x8000000000000000279202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b90a5103382e1b2023-02-08 09:48:08.234root 11241100x8000000000000000279201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d341b2794e7a00322023-02-08 09:48:08.234root 11241100x8000000000000000279200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e6e3122c1fb71c2023-02-08 09:48:08.234root 11241100x8000000000000000279199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc468f025f27eb2023-02-08 09:48:08.234root 11241100x8000000000000000279198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f49a961c2157a72023-02-08 09:48:08.234root 11241100x8000000000000000279206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82542010089d3e42023-02-08 09:48:08.235root 11241100x8000000000000000279205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5d274885b7441a2023-02-08 09:48:08.235root 11241100x8000000000000000279204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9b918f7be9ee432023-02-08 09:48:08.235root 11241100x8000000000000000279203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c167747dea3052023-02-08 09:48:08.235root 11241100x8000000000000000279209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c81af826db94d82023-02-08 09:48:08.734root 11241100x8000000000000000279208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efa71212a06ebe42023-02-08 09:48:08.734root 11241100x8000000000000000279207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d0f0c706ddd16b2023-02-08 09:48:08.734root 11241100x8000000000000000279212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c17a69131e340b2023-02-08 09:48:08.735root 11241100x8000000000000000279211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354487bbe849f7292023-02-08 09:48:08.735root 11241100x8000000000000000279210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb7acad37419322023-02-08 09:48:08.735root 11241100x8000000000000000279215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e73200ba9330f092023-02-08 09:48:08.736root 11241100x8000000000000000279214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe51c1b6b3ca67f02023-02-08 09:48:08.736root 11241100x8000000000000000279213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ad340dc949bf182023-02-08 09:48:08.736root 354300x8000000000000000279216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.164{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41514-false10.0.1.12-8000- 11241100x8000000000000000279217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1577d4a138bced12023-02-08 09:48:09.165root 11241100x8000000000000000279225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729c491817a024fa2023-02-08 09:48:09.166root 11241100x8000000000000000279224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032c49e52bcbc8ed2023-02-08 09:48:09.166root 11241100x8000000000000000279223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f587f239859da082023-02-08 09:48:09.166root 11241100x8000000000000000279222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18a5aeac1e0a11f2023-02-08 09:48:09.166root 11241100x8000000000000000279221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16fcd93bb48d24e2023-02-08 09:48:09.166root 11241100x8000000000000000279220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e65e0a9a9f73ed62023-02-08 09:48:09.166root 11241100x8000000000000000279219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13379dc98e4057052023-02-08 09:48:09.166root 11241100x8000000000000000279218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.166{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54506f870d9569b12023-02-08 09:48:09.166root 11241100x8000000000000000279226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.167{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2103b46013bab79d2023-02-08 09:48:09.167root 23542300x8000000000000000279227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000279229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e78a5978c5e75f2023-02-08 09:48:09.484root 11241100x8000000000000000279228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e1dfb712b34e112023-02-08 09:48:09.484root 11241100x8000000000000000279234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3de3cc260aec482023-02-08 09:48:09.485root 11241100x8000000000000000279233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd7d1529bd628f32023-02-08 09:48:09.485root 11241100x8000000000000000279232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644aec8939d32a8f2023-02-08 09:48:09.485root 11241100x8000000000000000279231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e2b468540ce1f2023-02-08 09:48:09.485root 11241100x8000000000000000279230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e5fd6a261e79822023-02-08 09:48:09.485root 11241100x8000000000000000279238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24fd59f487d7d552023-02-08 09:48:09.486root 11241100x8000000000000000279237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955dac672b6239582023-02-08 09:48:09.486root 11241100x8000000000000000279236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6be2d376dc6f4fe2023-02-08 09:48:09.486root 11241100x8000000000000000279235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7e7700b41979a62023-02-08 09:48:09.486root 11241100x8000000000000000279245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd507d98dc665ef2023-02-08 09:48:09.984root 11241100x8000000000000000279244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258d0e19c730ad542023-02-08 09:48:09.984root 11241100x8000000000000000279243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a812f9917258422f2023-02-08 09:48:09.984root 11241100x8000000000000000279242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4180d65f1b8dfe92023-02-08 09:48:09.984root 11241100x8000000000000000279241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab35090f633908c2023-02-08 09:48:09.984root 11241100x8000000000000000279240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c1f44e1e086cb2023-02-08 09:48:09.984root 11241100x8000000000000000279239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83a6788a3a86d322023-02-08 09:48:09.984root 11241100x8000000000000000279249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c48cb27432ce222023-02-08 09:48:09.985root 11241100x8000000000000000279248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5358de74e89edf82023-02-08 09:48:09.985root 11241100x8000000000000000279247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932ffb76a66ecca92023-02-08 09:48:09.985root 11241100x8000000000000000279246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d274a2e3719e16b2023-02-08 09:48:09.985root 11241100x8000000000000000279257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f04802b6a35ee782023-02-08 09:48:10.484root 11241100x8000000000000000279256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d6443912836e712023-02-08 09:48:10.484root 11241100x8000000000000000279255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61e0bfccf220fc2023-02-08 09:48:10.484root 11241100x8000000000000000279254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9168bc5fb718c6cd2023-02-08 09:48:10.484root 11241100x8000000000000000279253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb5c7c8c20159e92023-02-08 09:48:10.484root 11241100x8000000000000000279252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321a2b8e50abc8e2023-02-08 09:48:10.484root 11241100x8000000000000000279251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471454966f73a722023-02-08 09:48:10.484root 11241100x8000000000000000279250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed8344f03d6d1742023-02-08 09:48:10.484root 11241100x8000000000000000279260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0a3939dcc22bfa2023-02-08 09:48:10.485root 11241100x8000000000000000279259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091208f324747b762023-02-08 09:48:10.485root 11241100x8000000000000000279258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db35154d28456d592023-02-08 09:48:10.485root 11241100x8000000000000000279269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580815d9881dd59e2023-02-08 09:48:10.984root 11241100x8000000000000000279268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9825dbe80c31da2023-02-08 09:48:10.984root 11241100x8000000000000000279267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f0b3f5b4b2aeaf2023-02-08 09:48:10.984root 11241100x8000000000000000279266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bb5df5058e8b772023-02-08 09:48:10.984root 11241100x8000000000000000279265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aff95c7d66f32052023-02-08 09:48:10.984root 11241100x8000000000000000279264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e89e6937dcdb4d2023-02-08 09:48:10.984root 11241100x8000000000000000279263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44716364245324f92023-02-08 09:48:10.984root 11241100x8000000000000000279262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8181a875329a062023-02-08 09:48:10.984root 11241100x8000000000000000279261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255d3b88202865632023-02-08 09:48:10.984root 11241100x8000000000000000279271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4767c6a33a5e162023-02-08 09:48:10.985root 11241100x8000000000000000279270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3418edf19b6fc5c72023-02-08 09:48:10.985root 11241100x8000000000000000279278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caf11e3ea7010942023-02-08 09:48:11.484root 11241100x8000000000000000279277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ad0f801afa55f82023-02-08 09:48:11.484root 11241100x8000000000000000279276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650103f1ab7a5bc2023-02-08 09:48:11.484root 11241100x8000000000000000279275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95590ce290d46e002023-02-08 09:48:11.484root 11241100x8000000000000000279274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ea99d6bea52a012023-02-08 09:48:11.484root 11241100x8000000000000000279273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7d55d537dbc3c12023-02-08 09:48:11.484root 11241100x8000000000000000279272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a3080f013ba1cf2023-02-08 09:48:11.484root 11241100x8000000000000000279282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd06f765ec052682023-02-08 09:48:11.485root 11241100x8000000000000000279281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525dd6a8f22d795f2023-02-08 09:48:11.485root 11241100x8000000000000000279280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc248cc567ec7ca32023-02-08 09:48:11.485root 11241100x8000000000000000279279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f181885dba0623cb2023-02-08 09:48:11.485root 11241100x8000000000000000279288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648e0fa6ea75e30c2023-02-08 09:48:11.984root 11241100x8000000000000000279287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cacd7ba434e3372023-02-08 09:48:11.984root 11241100x8000000000000000279286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1a69552e8095362023-02-08 09:48:11.984root 11241100x8000000000000000279285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff5ae7e41c4be6d2023-02-08 09:48:11.984root 11241100x8000000000000000279284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0196ea7c4c55e62023-02-08 09:48:11.984root 11241100x8000000000000000279283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d40ddf578c27122023-02-08 09:48:11.984root 11241100x8000000000000000279293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f2251df816d2f2023-02-08 09:48:11.985root 11241100x8000000000000000279292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faa32d73bf6799f2023-02-08 09:48:11.985root 11241100x8000000000000000279291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8009a939974cf62023-02-08 09:48:11.985root 11241100x8000000000000000279290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffcd80591ea0d992023-02-08 09:48:11.985root 11241100x8000000000000000279289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecde5c65a6b46962023-02-08 09:48:11.985root 11241100x8000000000000000279298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6502a5f9fb10d602023-02-08 09:48:12.484root 11241100x8000000000000000279297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2827dfca0b7edc782023-02-08 09:48:12.484root 11241100x8000000000000000279296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0a9276510d6662023-02-08 09:48:12.484root 11241100x8000000000000000279295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbb738406acec542023-02-08 09:48:12.484root 11241100x8000000000000000279294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b412de2539f46c2023-02-08 09:48:12.484root 11241100x8000000000000000279304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac349a3b12eb2e2023-02-08 09:48:12.485root 11241100x8000000000000000279303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd880edcc0047cf62023-02-08 09:48:12.485root 11241100x8000000000000000279302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3340d022710c7a2023-02-08 09:48:12.485root 11241100x8000000000000000279301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a80c493b714eae02023-02-08 09:48:12.485root 11241100x8000000000000000279300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce809deb5e2f61372023-02-08 09:48:12.485root 11241100x8000000000000000279299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eed9cb60ebcc522023-02-08 09:48:12.485root 11241100x8000000000000000279312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da634ab3fa4880442023-02-08 09:48:12.984root 11241100x8000000000000000279311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add966f2de4c15372023-02-08 09:48:12.984root 11241100x8000000000000000279310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3987cc215888d82023-02-08 09:48:12.984root 11241100x8000000000000000279309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71d938f123e4272023-02-08 09:48:12.984root 11241100x8000000000000000279308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9be2719e94ee3e2023-02-08 09:48:12.984root 11241100x8000000000000000279307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84861c5b9feebdb2023-02-08 09:48:12.984root 11241100x8000000000000000279306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2de38750d54f1e2023-02-08 09:48:12.984root 11241100x8000000000000000279305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241657f0841968412023-02-08 09:48:12.984root 11241100x8000000000000000279315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebdf2c6e91751112023-02-08 09:48:12.985root 11241100x8000000000000000279314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa86a24b206be4032023-02-08 09:48:12.985root 11241100x8000000000000000279313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4490af6177ae8c42023-02-08 09:48:12.985root 11241100x8000000000000000279320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c5f4243e711eb62023-02-08 09:48:13.484root 11241100x8000000000000000279319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbd2af24e39edcb2023-02-08 09:48:13.484root 11241100x8000000000000000279318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefbf60b317a88a22023-02-08 09:48:13.484root 11241100x8000000000000000279317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02ddb6f9947a35c2023-02-08 09:48:13.484root 11241100x8000000000000000279316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd553d92ec74b7d2023-02-08 09:48:13.484root 11241100x8000000000000000279326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388128f61d2901022023-02-08 09:48:13.485root 11241100x8000000000000000279325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1637acd3248c8c4e2023-02-08 09:48:13.485root 11241100x8000000000000000279324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57fa1cc112261a2023-02-08 09:48:13.485root 11241100x8000000000000000279323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558f78896b50c6132023-02-08 09:48:13.485root 11241100x8000000000000000279322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c427f0c63907362023-02-08 09:48:13.485root 11241100x8000000000000000279321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfad9da71bbc3722023-02-08 09:48:13.485root 11241100x8000000000000000279331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15c77ea2a517a582023-02-08 09:48:13.984root 11241100x8000000000000000279330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c40ca66cda592e32023-02-08 09:48:13.984root 11241100x8000000000000000279329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e219b77485ff28c22023-02-08 09:48:13.984root 11241100x8000000000000000279328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9d17c4bbe278212023-02-08 09:48:13.984root 11241100x8000000000000000279327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9cf247d97cf0a02023-02-08 09:48:13.984root 11241100x8000000000000000279337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2834056e22152f2023-02-08 09:48:13.985root 11241100x8000000000000000279336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe55f9b4b6e03fd02023-02-08 09:48:13.985root 11241100x8000000000000000279335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d394cc34ec495302023-02-08 09:48:13.985root 11241100x8000000000000000279334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa20f25a7b7338ed2023-02-08 09:48:13.985root 11241100x8000000000000000279333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5d1b6b6140d2f2023-02-08 09:48:13.985root 11241100x8000000000000000279332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ce059019aadef32023-02-08 09:48:13.985root 11241100x8000000000000000279341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d12e461b2782e22023-02-08 09:48:14.484root 11241100x8000000000000000279340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c479ad1dc34942023-02-08 09:48:14.484root 11241100x8000000000000000279339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac17613983c4472a2023-02-08 09:48:14.484root 11241100x8000000000000000279338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9bf2336f3843f2023-02-08 09:48:14.484root 11241100x8000000000000000279348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56435b8291da2c032023-02-08 09:48:14.485root 11241100x8000000000000000279347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3ba69f6647bd3c2023-02-08 09:48:14.485root 11241100x8000000000000000279346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad82abda1ab5fb1d2023-02-08 09:48:14.485root 11241100x8000000000000000279345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6c69d3b539d5632023-02-08 09:48:14.485root 11241100x8000000000000000279344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ee6918956ac2052023-02-08 09:48:14.485root 11241100x8000000000000000279343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5c7cd3e74ecdf02023-02-08 09:48:14.485root 11241100x8000000000000000279342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0f0cc77fcb0a9e2023-02-08 09:48:14.485root 11241100x8000000000000000279358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac1eb8b0c06c84c2023-02-08 09:48:14.984root 11241100x8000000000000000279357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e802087f6705832023-02-08 09:48:14.984root 11241100x8000000000000000279356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a7b46ea9c2c1ae2023-02-08 09:48:14.984root 11241100x8000000000000000279355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7e55230e94b5282023-02-08 09:48:14.984root 11241100x8000000000000000279354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9935bfa840d4860f2023-02-08 09:48:14.984root 11241100x8000000000000000279353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb4ef0ce75ee7d72023-02-08 09:48:14.984root 11241100x8000000000000000279352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2317a56d6dc1ae9b2023-02-08 09:48:14.984root 11241100x8000000000000000279351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330348482bc1106c2023-02-08 09:48:14.984root 11241100x8000000000000000279350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf246caafbe6b72023-02-08 09:48:14.984root 11241100x8000000000000000279349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0285c4ea25f7d792023-02-08 09:48:14.984root 11241100x8000000000000000279359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186efa53406feff22023-02-08 09:48:14.985root 354300x8000000000000000279360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.153{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41518-false10.0.1.12-8000- 11241100x8000000000000000279364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6a7c1b5af22be32023-02-08 09:48:15.484root 11241100x8000000000000000279363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ebca344d0e7bcd2023-02-08 09:48:15.484root 11241100x8000000000000000279362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a2154ca135c80e2023-02-08 09:48:15.484root 11241100x8000000000000000279361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4064411acbc5f62023-02-08 09:48:15.484root 11241100x8000000000000000279369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3f280ce6c6a7122023-02-08 09:48:15.485root 11241100x8000000000000000279368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d84529b7926c0e22023-02-08 09:48:15.485root 11241100x8000000000000000279367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6974f7642a1ffe12023-02-08 09:48:15.485root 11241100x8000000000000000279366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5066ea50557d27002023-02-08 09:48:15.485root 11241100x8000000000000000279365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e56cb02beb7e5f2023-02-08 09:48:15.485root 11241100x8000000000000000279372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63babbf689c7362b2023-02-08 09:48:15.486root 11241100x8000000000000000279371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d08ff3b365679cd2023-02-08 09:48:15.486root 11241100x8000000000000000279370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3efc9ffede9fbb72023-02-08 09:48:15.486root 11241100x8000000000000000279377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1241973553672a22023-02-08 09:48:15.984root 11241100x8000000000000000279376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58715a7636e73e6b2023-02-08 09:48:15.984root 11241100x8000000000000000279375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b434691e88a51362023-02-08 09:48:15.984root 11241100x8000000000000000279374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c65bb9d502bbbe2023-02-08 09:48:15.984root 11241100x8000000000000000279373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2d883f3c77aa482023-02-08 09:48:15.984root 11241100x8000000000000000279384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d6b1ad5936ee082023-02-08 09:48:15.985root 11241100x8000000000000000279383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a0197e2b04fc32023-02-08 09:48:15.985root 11241100x8000000000000000279382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7ec46c5eef6d62023-02-08 09:48:15.985root 11241100x8000000000000000279381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb148f4992c64af2023-02-08 09:48:15.985root 11241100x8000000000000000279380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046a77299951521e2023-02-08 09:48:15.985root 11241100x8000000000000000279379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07cf758072596412023-02-08 09:48:15.985root 11241100x8000000000000000279378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd6e5ac06bb21ea2023-02-08 09:48:15.985root 11241100x8000000000000000279389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944f8434dba56e4c2023-02-08 09:48:16.484root 11241100x8000000000000000279388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70eb5a6dfe98a282023-02-08 09:48:16.484root 11241100x8000000000000000279387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e29c8fe005fced2023-02-08 09:48:16.484root 11241100x8000000000000000279386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f77c8cf93ce3c2023-02-08 09:48:16.484root 11241100x8000000000000000279385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3553338b76cdfe2023-02-08 09:48:16.484root 11241100x8000000000000000279396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffef07cc5bc94962023-02-08 09:48:16.485root 11241100x8000000000000000279395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c772e566dcf6e662023-02-08 09:48:16.485root 11241100x8000000000000000279394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f67025c27109f2023-02-08 09:48:16.485root 11241100x8000000000000000279393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61e44f6fa084902023-02-08 09:48:16.485root 11241100x8000000000000000279392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8294bed4ee513af02023-02-08 09:48:16.485root 11241100x8000000000000000279391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe7c1546b3e3b882023-02-08 09:48:16.485root 11241100x8000000000000000279390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baed8880f05ff312023-02-08 09:48:16.485root 11241100x8000000000000000279398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813ccef6b9054f9e2023-02-08 09:48:16.984root 11241100x8000000000000000279397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b7f19563ddc1ec2023-02-08 09:48:16.984root 11241100x8000000000000000279402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1383b18f36fd89fc2023-02-08 09:48:16.985root 11241100x8000000000000000279401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69fbee4d604e8522023-02-08 09:48:16.985root 11241100x8000000000000000279400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e203481a0b0c34b2023-02-08 09:48:16.985root 11241100x8000000000000000279399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7460f0726118c3c52023-02-08 09:48:16.985root 11241100x8000000000000000279407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca18d5c0251506e2023-02-08 09:48:16.986root 11241100x8000000000000000279406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c749e6f137eba62023-02-08 09:48:16.986root 11241100x8000000000000000279405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d20bc04a0d564c2023-02-08 09:48:16.986root 11241100x8000000000000000279404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08f1aa762f1c7f72023-02-08 09:48:16.986root 11241100x8000000000000000279403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c053af49931577542023-02-08 09:48:16.986root 11241100x8000000000000000279408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb311c2088d6c4fe2023-02-08 09:48:16.987root 11241100x8000000000000000279410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3018975f1b87f2542023-02-08 09:48:17.484root 11241100x8000000000000000279409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831be775dd58a5eb2023-02-08 09:48:17.484root 11241100x8000000000000000279415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c66711fc5ec9b882023-02-08 09:48:17.485root 11241100x8000000000000000279414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd4b9e1104cf9852023-02-08 09:48:17.485root 11241100x8000000000000000279413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1b0bbb00dc901a2023-02-08 09:48:17.485root 11241100x8000000000000000279412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621188449adde7662023-02-08 09:48:17.485root 11241100x8000000000000000279411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab62043aa72629a62023-02-08 09:48:17.485root 11241100x8000000000000000279420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a69442c1a669a02023-02-08 09:48:17.486root 11241100x8000000000000000279419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc65539b2275d742023-02-08 09:48:17.486root 11241100x8000000000000000279418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0844f6f567b56ffb2023-02-08 09:48:17.486root 11241100x8000000000000000279417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0273931a1bcddc602023-02-08 09:48:17.486root 11241100x8000000000000000279416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a946755d534dc7c2023-02-08 09:48:17.486root 11241100x8000000000000000279423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b4e891e3b13a52023-02-08 09:48:17.984root 11241100x8000000000000000279422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31420b28b997e75d2023-02-08 09:48:17.984root 11241100x8000000000000000279421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d624d279731f82023-02-08 09:48:17.984root 11241100x8000000000000000279432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7755940eb549ed82023-02-08 09:48:17.985root 11241100x8000000000000000279431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a93913eebaac772023-02-08 09:48:17.985root 11241100x8000000000000000279430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad653f0219ee4242023-02-08 09:48:17.985root 11241100x8000000000000000279429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a53b94c399abef2023-02-08 09:48:17.985root 11241100x8000000000000000279428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e5b6e96345285e2023-02-08 09:48:17.985root 11241100x8000000000000000279427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e6a05cf24cd9802023-02-08 09:48:17.985root 11241100x8000000000000000279426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cedad06d621ace22023-02-08 09:48:17.985root 11241100x8000000000000000279425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2a380d184a36062023-02-08 09:48:17.985root 11241100x8000000000000000279424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62edb8036125de982023-02-08 09:48:17.985root 11241100x8000000000000000279436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311415f5b6433942023-02-08 09:48:18.485root 11241100x8000000000000000279435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f59a28e201cac02023-02-08 09:48:18.485root 11241100x8000000000000000279434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8431d18bcb844e12023-02-08 09:48:18.485root 11241100x8000000000000000279433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0571a2c09031b72023-02-08 09:48:18.485root 11241100x8000000000000000279443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121f379c64b80a282023-02-08 09:48:18.486root 11241100x8000000000000000279442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed6db3f399a8b312023-02-08 09:48:18.486root 11241100x8000000000000000279441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e98c8d37fc319fc2023-02-08 09:48:18.486root 11241100x8000000000000000279440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc52a3ec2738ef72023-02-08 09:48:18.486root 11241100x8000000000000000279439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9291b55ee92e6ee62023-02-08 09:48:18.486root 11241100x8000000000000000279438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6323119344fd142023-02-08 09:48:18.486root 11241100x8000000000000000279437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b85fa62f596c2a02023-02-08 09:48:18.486root 11241100x8000000000000000279444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663ae16b0a5b0b9e2023-02-08 09:48:18.487root 11241100x8000000000000000279452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f59bad66bd5ed22023-02-08 09:48:18.984root 11241100x8000000000000000279451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc548a67bd71bc8c2023-02-08 09:48:18.984root 11241100x8000000000000000279450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9353de97a3d9882023-02-08 09:48:18.984root 11241100x8000000000000000279449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24bd2db941f12d2023-02-08 09:48:18.984root 11241100x8000000000000000279448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43be864bbb59783f2023-02-08 09:48:18.984root 11241100x8000000000000000279447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74068e6854c56e4b2023-02-08 09:48:18.984root 11241100x8000000000000000279446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3897fd56a98faf12023-02-08 09:48:18.984root 11241100x8000000000000000279445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887900579acd9ff22023-02-08 09:48:18.984root 11241100x8000000000000000279456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaeae93cc3315462023-02-08 09:48:18.985root 11241100x8000000000000000279455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8946cce6bd3cb02023-02-08 09:48:18.985root 11241100x8000000000000000279454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730aa0d1ec3ff0002023-02-08 09:48:18.985root 11241100x8000000000000000279453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f886f485a2a4232023-02-08 09:48:18.985root 11241100x8000000000000000279461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34ec363c8d110c2023-02-08 09:48:19.484root 11241100x8000000000000000279460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d7d1dde719e7262023-02-08 09:48:19.484root 11241100x8000000000000000279459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2165516f35780752023-02-08 09:48:19.484root 11241100x8000000000000000279458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74860e431e0119272023-02-08 09:48:19.484root 11241100x8000000000000000279457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856b48ae22842de12023-02-08 09:48:19.484root 11241100x8000000000000000279468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64239f0aa408c3b2023-02-08 09:48:19.485root 11241100x8000000000000000279467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358985483d5ca1d52023-02-08 09:48:19.485root 11241100x8000000000000000279466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26ed53f8456302e2023-02-08 09:48:19.485root 11241100x8000000000000000279465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d6b243803feabb2023-02-08 09:48:19.485root 11241100x8000000000000000279464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b72e063f8309ce2023-02-08 09:48:19.485root 11241100x8000000000000000279463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b69cdfe58768b062023-02-08 09:48:19.485root 11241100x8000000000000000279462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a3275b457c5ba82023-02-08 09:48:19.485root 11241100x8000000000000000279473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae1f8371662faf2023-02-08 09:48:19.984root 11241100x8000000000000000279472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163d684ef7083dce2023-02-08 09:48:19.984root 11241100x8000000000000000279471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6342e3f63316c2023-02-08 09:48:19.984root 11241100x8000000000000000279470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224f568296f2ab442023-02-08 09:48:19.984root 11241100x8000000000000000279469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0399474218f024fb2023-02-08 09:48:19.984root 11241100x8000000000000000279478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d08f4403d28e8a2023-02-08 09:48:19.985root 11241100x8000000000000000279477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58a4e7039caea712023-02-08 09:48:19.985root 11241100x8000000000000000279476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647c5bb09ee7f2ce2023-02-08 09:48:19.985root 11241100x8000000000000000279475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4939c4034ccb70892023-02-08 09:48:19.985root 11241100x8000000000000000279474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955cf4a594cb4fd12023-02-08 09:48:19.985root 11241100x8000000000000000279480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02edd57207858a242023-02-08 09:48:19.986root 11241100x8000000000000000279479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f3b878921aebfe2023-02-08 09:48:19.986root 354300x8000000000000000279481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.162{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37716-false10.0.1.12-8000- 11241100x8000000000000000279485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c13760a31ce3b2023-02-08 09:48:20.484root 11241100x8000000000000000279484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d4d3df6f1d57c02023-02-08 09:48:20.484root 11241100x8000000000000000279483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f45b229f39e78c2023-02-08 09:48:20.484root 11241100x8000000000000000279482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1997960c7e85d2023-02-08 09:48:20.484root 11241100x8000000000000000279492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68937e63cf347e352023-02-08 09:48:20.485root 11241100x8000000000000000279491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ee2d160b190ee2023-02-08 09:48:20.485root 11241100x8000000000000000279490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6cd70a375bb95e2023-02-08 09:48:20.485root 11241100x8000000000000000279489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6a4fdfd3e08ced2023-02-08 09:48:20.485root 11241100x8000000000000000279488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee89622e570aa2fd2023-02-08 09:48:20.485root 11241100x8000000000000000279487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dbd166c03321722023-02-08 09:48:20.485root 11241100x8000000000000000279486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d94bbd368d56b22023-02-08 09:48:20.485root 11241100x8000000000000000279494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6799111858bd9ca62023-02-08 09:48:20.486root 11241100x8000000000000000279493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cf5a66ed7a56162023-02-08 09:48:20.486root 11241100x8000000000000000279497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6103cea0659acd72023-02-08 09:48:20.984root 11241100x8000000000000000279496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59758c6f30e41ff22023-02-08 09:48:20.984root 11241100x8000000000000000279495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9614d825b4402862023-02-08 09:48:20.984root 11241100x8000000000000000279506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6d6371939dc852023-02-08 09:48:20.985root 11241100x8000000000000000279505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d405b684a5fc2f32023-02-08 09:48:20.985root 11241100x8000000000000000279504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7910f6b628967bf32023-02-08 09:48:20.985root 11241100x8000000000000000279503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe960da515a75c52023-02-08 09:48:20.985root 11241100x8000000000000000279502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97857ab86b85543f2023-02-08 09:48:20.985root 11241100x8000000000000000279501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a78d6999f4400c2023-02-08 09:48:20.985root 11241100x8000000000000000279500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6f3415184e79092023-02-08 09:48:20.985root 11241100x8000000000000000279499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8874928175451bb52023-02-08 09:48:20.985root 11241100x8000000000000000279498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d73d19dcf029cb2023-02-08 09:48:20.985root 11241100x8000000000000000279507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c501f4ba04edb8cc2023-02-08 09:48:20.986root 11241100x8000000000000000279510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc84422dfb9c3042023-02-08 09:48:21.484root 11241100x8000000000000000279509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00afbbb4161cde9a2023-02-08 09:48:21.484root 11241100x8000000000000000279508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3c35b71fca957f2023-02-08 09:48:21.484root 11241100x8000000000000000279516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e6e2e8226db86a2023-02-08 09:48:21.485root 11241100x8000000000000000279515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6fb0d5de0b27812023-02-08 09:48:21.485root 11241100x8000000000000000279514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f226c529bdf921f32023-02-08 09:48:21.485root 11241100x8000000000000000279513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87314e451666cedd2023-02-08 09:48:21.485root 11241100x8000000000000000279512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87de0a34c24424652023-02-08 09:48:21.485root 11241100x8000000000000000279511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b563844facd85222023-02-08 09:48:21.485root 11241100x8000000000000000279520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc016c4c980d85e32023-02-08 09:48:21.486root 11241100x8000000000000000279519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a489741ea15c372023-02-08 09:48:21.486root 11241100x8000000000000000279518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04404b54169d04792023-02-08 09:48:21.486root 11241100x8000000000000000279517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7355f377d6d512612023-02-08 09:48:21.486root 11241100x8000000000000000279522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526a5d88da90fc7b2023-02-08 09:48:21.984root 11241100x8000000000000000279521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb9fdea4c39dc7f2023-02-08 09:48:21.984root 11241100x8000000000000000279527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047f847dee0680b92023-02-08 09:48:21.985root 11241100x8000000000000000279526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db5f0bcb702e7fe2023-02-08 09:48:21.985root 11241100x8000000000000000279525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea6abe45e16973f2023-02-08 09:48:21.985root 11241100x8000000000000000279524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9c037683c3121e2023-02-08 09:48:21.985root 11241100x8000000000000000279523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a17cc11fca30ac2023-02-08 09:48:21.985root 11241100x8000000000000000279532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfbcc2cbcc9c8142023-02-08 09:48:21.986root 11241100x8000000000000000279531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4853c6cb10f18d882023-02-08 09:48:21.986root 11241100x8000000000000000279530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b878cc99a2a8fc2023-02-08 09:48:21.986root 11241100x8000000000000000279529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5aabdfe9a210e82023-02-08 09:48:21.986root 11241100x8000000000000000279528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d68d06fb2143c452023-02-08 09:48:21.986root 11241100x8000000000000000279533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd456bc6c2a86e12023-02-08 09:48:21.987root 11241100x8000000000000000279537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603d77fb72f067b2023-02-08 09:48:22.484root 11241100x8000000000000000279536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4606dd688dc79e932023-02-08 09:48:22.484root 11241100x8000000000000000279535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9f2c91db7586a22023-02-08 09:48:22.484root 11241100x8000000000000000279534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaf81f0e1e645602023-02-08 09:48:22.484root 11241100x8000000000000000279545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722ee9d013209dbe2023-02-08 09:48:22.485root 11241100x8000000000000000279544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa20aa343976103e2023-02-08 09:48:22.485root 11241100x8000000000000000279543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4239126beaab05a02023-02-08 09:48:22.485root 11241100x8000000000000000279542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743ed79ba1bc406a2023-02-08 09:48:22.485root 11241100x8000000000000000279541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bbab56ea7aed822023-02-08 09:48:22.485root 11241100x8000000000000000279540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1bb0a3a3cf3abf2023-02-08 09:48:22.485root 11241100x8000000000000000279539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d92c2fd81f4ff4c2023-02-08 09:48:22.485root 11241100x8000000000000000279538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d89616196dae9c2023-02-08 09:48:22.485root 11241100x8000000000000000279546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f505caa6d1ea6c2023-02-08 09:48:22.486root 11241100x8000000000000000279548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2099d8aa19abf26c2023-02-08 09:48:22.984root 11241100x8000000000000000279547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d647231808ca2ebe2023-02-08 09:48:22.984root 11241100x8000000000000000279555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924286f6fc01f6652023-02-08 09:48:22.985root 11241100x8000000000000000279554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ea6045d7b543782023-02-08 09:48:22.985root 11241100x8000000000000000279553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca2712c733b94392023-02-08 09:48:22.985root 11241100x8000000000000000279552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc977b1d9362dc862023-02-08 09:48:22.985root 11241100x8000000000000000279551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a8b898b642185c2023-02-08 09:48:22.985root 11241100x8000000000000000279550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6a70dfbc8f259c2023-02-08 09:48:22.985root 11241100x8000000000000000279549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1929e6a5e9db2f082023-02-08 09:48:22.985root 11241100x8000000000000000279559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd7458587e7c6c2023-02-08 09:48:22.986root 11241100x8000000000000000279558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa4649d6b058cb32023-02-08 09:48:22.986root 11241100x8000000000000000279557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7dcd65b0380eb82023-02-08 09:48:22.986root 11241100x8000000000000000279556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76a122b9451ad742023-02-08 09:48:22.986root 11241100x8000000000000000279560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3690db4c8d7bc92023-02-08 09:48:23.485root 11241100x8000000000000000279572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5ec444497758242023-02-08 09:48:23.486root 11241100x8000000000000000279571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a18ba7b86f7db32023-02-08 09:48:23.486root 11241100x8000000000000000279570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec23f6b61240bf52023-02-08 09:48:23.486root 11241100x8000000000000000279569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d7cbbfd520e7382023-02-08 09:48:23.486root 11241100x8000000000000000279568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf550323b9f7734c2023-02-08 09:48:23.486root 11241100x8000000000000000279567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509096e7e466125b2023-02-08 09:48:23.486root 11241100x8000000000000000279566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafd30363bc0e5b52023-02-08 09:48:23.486root 11241100x8000000000000000279565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efb19a2f3494dd62023-02-08 09:48:23.486root 11241100x8000000000000000279564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c521cf3af450f2272023-02-08 09:48:23.486root 11241100x8000000000000000279563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a647cabd5be02fe2023-02-08 09:48:23.486root 11241100x8000000000000000279562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63c48264d6f426a2023-02-08 09:48:23.486root 11241100x8000000000000000279561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de50f7cb5d49f8a2023-02-08 09:48:23.486root 11241100x8000000000000000279580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acedc6c39af841572023-02-08 09:48:23.984root 11241100x8000000000000000279579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a7da9c58a9a872023-02-08 09:48:23.984root 11241100x8000000000000000279578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3688dd21af4b3b9e2023-02-08 09:48:23.984root 11241100x8000000000000000279577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0784475d834613272023-02-08 09:48:23.984root 11241100x8000000000000000279576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1c7e315e57f4f2023-02-08 09:48:23.984root 11241100x8000000000000000279575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be5fe7408b1c042023-02-08 09:48:23.984root 11241100x8000000000000000279574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de009dbf771456092023-02-08 09:48:23.984root 11241100x8000000000000000279573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64538e15fd8dc5552023-02-08 09:48:23.984root 11241100x8000000000000000279585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360549d86e43732a2023-02-08 09:48:23.985root 11241100x8000000000000000279584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651ba49ef486991e2023-02-08 09:48:23.985root 11241100x8000000000000000279583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b18368ce29656742023-02-08 09:48:23.985root 11241100x8000000000000000279582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdfa76c8cc751a22023-02-08 09:48:23.985root 11241100x8000000000000000279581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1d6a7fd7698a5b2023-02-08 09:48:23.985root 11241100x8000000000000000279591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a1a5aa7b4951b22023-02-08 09:48:24.484root 11241100x8000000000000000279590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731a3a6b4667dcd22023-02-08 09:48:24.484root 11241100x8000000000000000279589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e37443caf2503512023-02-08 09:48:24.484root 11241100x8000000000000000279588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa418b790d7c9e4b2023-02-08 09:48:24.484root 11241100x8000000000000000279587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc2b64995a32d4f2023-02-08 09:48:24.484root 11241100x8000000000000000279586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca9af420438df022023-02-08 09:48:24.484root 11241100x8000000000000000279598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a7f275a603ae9a2023-02-08 09:48:24.485root 11241100x8000000000000000279597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcdad0138daf3232023-02-08 09:48:24.485root 11241100x8000000000000000279596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c378577f7aad86c12023-02-08 09:48:24.485root 11241100x8000000000000000279595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd9c8a8e7e850822023-02-08 09:48:24.485root 11241100x8000000000000000279594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6068915071582042023-02-08 09:48:24.485root 11241100x8000000000000000279593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff8a221fb22effa2023-02-08 09:48:24.485root 11241100x8000000000000000279592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9f03eee6cd0482023-02-08 09:48:24.485root 11241100x8000000000000000279603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c4fe6a59289c9a2023-02-08 09:48:24.984root 11241100x8000000000000000279602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ef720ebfc2919b2023-02-08 09:48:24.984root 11241100x8000000000000000279601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9817909c3c3c2d722023-02-08 09:48:24.984root 11241100x8000000000000000279600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d528794be8b1342023-02-08 09:48:24.984root 11241100x8000000000000000279599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe600ee31d2eca2023-02-08 09:48:24.984root 11241100x8000000000000000279611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fee64f9edbbdb842023-02-08 09:48:24.985root 11241100x8000000000000000279610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cbafbca4b81d932023-02-08 09:48:24.985root 11241100x8000000000000000279609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e22737664ada7b02023-02-08 09:48:24.985root 11241100x8000000000000000279608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f128a09dc6fde02023-02-08 09:48:24.985root 11241100x8000000000000000279607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3207d189d5671e0a2023-02-08 09:48:24.985root 11241100x8000000000000000279606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fd0da06c49bb232023-02-08 09:48:24.985root 11241100x8000000000000000279605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a51ecd75d3256c62023-02-08 09:48:24.985root 11241100x8000000000000000279604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a93a0757bbaa7f2023-02-08 09:48:24.985root 11241100x8000000000000000279616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292184fd6ea6373a2023-02-08 09:48:25.484root 11241100x8000000000000000279615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121443290bc34282023-02-08 09:48:25.484root 11241100x8000000000000000279614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c6e1bdd0b3b782023-02-08 09:48:25.484root 11241100x8000000000000000279613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8abba32ab52626f2023-02-08 09:48:25.484root 11241100x8000000000000000279612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761aac96d56a483e2023-02-08 09:48:25.484root 11241100x8000000000000000279624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e54ece8887f99c32023-02-08 09:48:25.485root 11241100x8000000000000000279623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65eb4dc01a3fb682023-02-08 09:48:25.485root 11241100x8000000000000000279622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae907752dcd6131a2023-02-08 09:48:25.485root 11241100x8000000000000000279621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcad4f22ace44f32023-02-08 09:48:25.485root 11241100x8000000000000000279620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bc6c45a31ec8822023-02-08 09:48:25.485root 11241100x8000000000000000279619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67182015b0d2bd8f2023-02-08 09:48:25.485root 11241100x8000000000000000279618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898abfee78de21942023-02-08 09:48:25.485root 11241100x8000000000000000279617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0808caa729bdfa3b2023-02-08 09:48:25.485root 11241100x8000000000000000279629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60764c88d4be468f2023-02-08 09:48:25.984root 11241100x8000000000000000279628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5de4fce7efc8d362023-02-08 09:48:25.984root 11241100x8000000000000000279627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12491da51814b0232023-02-08 09:48:25.984root 11241100x8000000000000000279626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5922a0a7698523f92023-02-08 09:48:25.984root 11241100x8000000000000000279625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2e277dd45b4b42023-02-08 09:48:25.984root 11241100x8000000000000000279637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c617bbda919b9822023-02-08 09:48:25.985root 11241100x8000000000000000279636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcae1ed6bf104c72023-02-08 09:48:25.985root 11241100x8000000000000000279635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b9eff46a1d2c282023-02-08 09:48:25.985root 11241100x8000000000000000279634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65aa4c9423431cda2023-02-08 09:48:25.985root 11241100x8000000000000000279633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e89a5b7b538dfc12023-02-08 09:48:25.985root 11241100x8000000000000000279632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ee03fdc3376dc92023-02-08 09:48:25.985root 11241100x8000000000000000279631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f45738ab9659b2023-02-08 09:48:25.985root 11241100x8000000000000000279630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16c765794ec25042023-02-08 09:48:25.985root 354300x8000000000000000279638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.149{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-37722-false10.0.1.12-8000- 11241100x8000000000000000279641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b91d00bf0af0db2023-02-08 09:48:26.484root 11241100x8000000000000000279640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b778fb36e145b3202023-02-08 09:48:26.484root 11241100x8000000000000000279639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11601b92473fe1d2023-02-08 09:48:26.484root 11241100x8000000000000000279652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4c1929c14720a72023-02-08 09:48:26.485root 11241100x8000000000000000279651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d4cfb24e668a112023-02-08 09:48:26.485root 11241100x8000000000000000279650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a518ac65cbcd9b2023-02-08 09:48:26.485root 11241100x8000000000000000279649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810049aaa8681172023-02-08 09:48:26.485root 11241100x8000000000000000279648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a420c5c862ca7d9d2023-02-08 09:48:26.485root 11241100x8000000000000000279647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3fb23c644b1c7e2023-02-08 09:48:26.485root 11241100x8000000000000000279646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06798ed6c01849872023-02-08 09:48:26.485root 11241100x8000000000000000279645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e861b09b6368c2e2023-02-08 09:48:26.485root 11241100x8000000000000000279644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb975035398df32023-02-08 09:48:26.485root 11241100x8000000000000000279643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c916c53d849c0a32023-02-08 09:48:26.485root 11241100x8000000000000000279642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e591767bcbd76a2023-02-08 09:48:26.485root 11241100x8000000000000000279656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58bb24ee68513552023-02-08 09:48:26.984root 11241100x8000000000000000279655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780ad4db99ef2e152023-02-08 09:48:26.984root 11241100x8000000000000000279654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ed089fda273f3a2023-02-08 09:48:26.984root 11241100x8000000000000000279653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f48ba6073e1d52023-02-08 09:48:26.984root 11241100x8000000000000000279666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8962f3365fca572023-02-08 09:48:26.985root 11241100x8000000000000000279665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b38ea0eac36912023-02-08 09:48:26.985root 11241100x8000000000000000279664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8a3b6c64250e232023-02-08 09:48:26.985root 11241100x8000000000000000279663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b2d9995d0ec532023-02-08 09:48:26.985root 11241100x8000000000000000279662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f6d15a4dc2c0152023-02-08 09:48:26.985root 11241100x8000000000000000279661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130755bc600a47e92023-02-08 09:48:26.985root 11241100x8000000000000000279660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dd9883e974375f2023-02-08 09:48:26.985root 11241100x8000000000000000279659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86508a3bbc563da32023-02-08 09:48:26.985root 11241100x8000000000000000279658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd711c4470d4dfe2023-02-08 09:48:26.985root 11241100x8000000000000000279657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1158ed41ec3056002023-02-08 09:48:26.985root 11241100x8000000000000000279670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68882954ade384962023-02-08 09:48:27.484root 11241100x8000000000000000279669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5f9f1f4f0de4102023-02-08 09:48:27.484root 11241100x8000000000000000279668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5634f69270aa3df42023-02-08 09:48:27.484root 11241100x8000000000000000279667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af891c4f1e86bb52023-02-08 09:48:27.484root 11241100x8000000000000000279679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b377861b6b9f76bc2023-02-08 09:48:27.485root 11241100x8000000000000000279678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ba0c2203afbb6c2023-02-08 09:48:27.485root 11241100x8000000000000000279677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb977321c2e7c682023-02-08 09:48:27.485root 11241100x8000000000000000279676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70c4acb9ca363b32023-02-08 09:48:27.485root 11241100x8000000000000000279675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3363e0461d53f9492023-02-08 09:48:27.485root 11241100x8000000000000000279674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654caaba6ed9de922023-02-08 09:48:27.485root 11241100x8000000000000000279673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81579046a8450aec2023-02-08 09:48:27.485root 11241100x8000000000000000279672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd469e30957f548c2023-02-08 09:48:27.485root 11241100x8000000000000000279671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a8da191968d3792023-02-08 09:48:27.485root 11241100x8000000000000000279680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c1de6f6de414302023-02-08 09:48:27.486root 11241100x8000000000000000279687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c1a1c5772109b42023-02-08 09:48:27.985root 11241100x8000000000000000279686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354d3d61fac33412023-02-08 09:48:27.985root 11241100x8000000000000000279685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e126e1d523cffc2023-02-08 09:48:27.985root 11241100x8000000000000000279684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9bcfa16507e3072023-02-08 09:48:27.985root 11241100x8000000000000000279683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a5f8ad5a4a6a882023-02-08 09:48:27.985root 11241100x8000000000000000279682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561350ac1c839d872023-02-08 09:48:27.985root 11241100x8000000000000000279681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624d5af46222dc352023-02-08 09:48:27.985root 11241100x8000000000000000279694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bdc70235c35ec72023-02-08 09:48:27.986root 11241100x8000000000000000279693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa0d244e6c7ba4b2023-02-08 09:48:27.986root 11241100x8000000000000000279692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993a03821c288ca2023-02-08 09:48:27.986root 11241100x8000000000000000279691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95204dae47701b392023-02-08 09:48:27.986root 11241100x8000000000000000279690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122a5d847986782b2023-02-08 09:48:27.986root 11241100x8000000000000000279689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7753e92f1eba81d12023-02-08 09:48:27.986root 11241100x8000000000000000279688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee64bb049da7d692023-02-08 09:48:27.986root 11241100x8000000000000000279697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b67742140d8d972023-02-08 09:48:28.484root 11241100x8000000000000000279696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ecb109a42055f32023-02-08 09:48:28.484root 11241100x8000000000000000279695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d4053efa465a442023-02-08 09:48:28.484root 11241100x8000000000000000279702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2f941cfbc383972023-02-08 09:48:28.485root 11241100x8000000000000000279701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a92c635fdf95a3b2023-02-08 09:48:28.485root 11241100x8000000000000000279700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5282049e3350662023-02-08 09:48:28.485root 11241100x8000000000000000279699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b260a759b5fe872023-02-08 09:48:28.485root 11241100x8000000000000000279698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3e7ce05649dbe42023-02-08 09:48:28.485root 11241100x8000000000000000279708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d7af4087c55592023-02-08 09:48:28.486root 11241100x8000000000000000279707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08cc06efcc750c42023-02-08 09:48:28.486root 11241100x8000000000000000279706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3d0f390976d0b2023-02-08 09:48:28.486root 11241100x8000000000000000279705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fed7276a27d2482023-02-08 09:48:28.486root 11241100x8000000000000000279704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa3bc4976ace3aa2023-02-08 09:48:28.486root 11241100x8000000000000000279703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16782b64926e20ad2023-02-08 09:48:28.486root 11241100x8000000000000000279709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1618b2531861ba9b2023-02-08 09:48:28.984root 11241100x8000000000000000279716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581b5253348913782023-02-08 09:48:28.985root 11241100x8000000000000000279715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d9bf870580462a2023-02-08 09:48:28.985root 11241100x8000000000000000279714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c6c4e5bf3c2ee42023-02-08 09:48:28.985root 11241100x8000000000000000279713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029c7607428442ef2023-02-08 09:48:28.985root 11241100x8000000000000000279712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dd08f0d7a8ace52023-02-08 09:48:28.985root 11241100x8000000000000000279711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae75499063148572023-02-08 09:48:28.985root 11241100x8000000000000000279710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08bb95bf2c11172023-02-08 09:48:28.985root 11241100x8000000000000000279722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e1451f54f565b82023-02-08 09:48:28.986root 11241100x8000000000000000279721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e3e26dadb834b72023-02-08 09:48:28.986root 11241100x8000000000000000279720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337eb3ab612af6e32023-02-08 09:48:28.986root 11241100x8000000000000000279719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a7b97232bd35562023-02-08 09:48:28.986root 11241100x8000000000000000279718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756b270c44b701242023-02-08 09:48:28.986root 11241100x8000000000000000279717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd05b981c30bf672023-02-08 09:48:28.986root 11241100x8000000000000000279726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897469513cfecd942023-02-08 09:48:29.484root 11241100x8000000000000000279725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52088ddec03dc0452023-02-08 09:48:29.484root 11241100x8000000000000000279724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307f212acd9792462023-02-08 09:48:29.484root 11241100x8000000000000000279723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00215ae8957bb9b22023-02-08 09:48:29.484root 11241100x8000000000000000279736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e579431a00330c2023-02-08 09:48:29.485root 11241100x8000000000000000279735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b8b2284b53ac4b2023-02-08 09:48:29.485root 11241100x8000000000000000279734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a69b23bf95eac5a2023-02-08 09:48:29.485root 11241100x8000000000000000279733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da705da03ee72732023-02-08 09:48:29.485root 11241100x8000000000000000279732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78ebd4a9186d2592023-02-08 09:48:29.485root 11241100x8000000000000000279731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d288bd63aa75542f2023-02-08 09:48:29.485root 11241100x8000000000000000279730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d6fc6252137d92023-02-08 09:48:29.485root 11241100x8000000000000000279729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e104b01451e08982023-02-08 09:48:29.485root 11241100x8000000000000000279728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501f84568eb73d282023-02-08 09:48:29.485root 11241100x8000000000000000279727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8f3b24c7ad46c92023-02-08 09:48:29.485root 11241100x8000000000000000279740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ac912ebec30ea62023-02-08 09:48:29.984root 11241100x8000000000000000279739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0580ffc274e5a0b92023-02-08 09:48:29.984root 11241100x8000000000000000279738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4196fcc43188acf22023-02-08 09:48:29.984root 11241100x8000000000000000279737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac111ace36e37c92023-02-08 09:48:29.984root 11241100x8000000000000000279750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6965149cbf6715bd2023-02-08 09:48:29.985root 11241100x8000000000000000279749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f88c2f4bd329b02023-02-08 09:48:29.985root 11241100x8000000000000000279748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf4e6c0b31addd92023-02-08 09:48:29.985root 11241100x8000000000000000279747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac41be379fc6a8d2023-02-08 09:48:29.985root 11241100x8000000000000000279746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0309e2c1406e39a32023-02-08 09:48:29.985root 11241100x8000000000000000279745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6fd25c125a485d2023-02-08 09:48:29.985root 11241100x8000000000000000279744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b8b42db1789af72023-02-08 09:48:29.985root 11241100x8000000000000000279743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f0bf621060ec3d2023-02-08 09:48:29.985root 11241100x8000000000000000279742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29589218c38b85922023-02-08 09:48:29.985root 11241100x8000000000000000279741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28a558142f74a462023-02-08 09:48:29.985root 11241100x8000000000000000279753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f09edf5d6ded95c2023-02-08 09:48:30.484root 11241100x8000000000000000279752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c93b7fb8a6b5caa2023-02-08 09:48:30.484root 11241100x8000000000000000279751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834462df1cde193d2023-02-08 09:48:30.484root 11241100x8000000000000000279764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3e525a62bf032a2023-02-08 09:48:30.485root 11241100x8000000000000000279763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cd461598bf126b2023-02-08 09:48:30.485root 11241100x8000000000000000279762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a6a6a9947b0df2023-02-08 09:48:30.485root 11241100x8000000000000000279761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b652d1c497fcc2023-02-08 09:48:30.485root 11241100x8000000000000000279760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8933702be1c084d2023-02-08 09:48:30.485root 11241100x8000000000000000279759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc643badba114fb2023-02-08 09:48:30.485root 11241100x8000000000000000279758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c5f781f680beca2023-02-08 09:48:30.485root 11241100x8000000000000000279757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481028ce91bd96592023-02-08 09:48:30.485root 11241100x8000000000000000279756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef79f7d11d8048212023-02-08 09:48:30.485root 11241100x8000000000000000279755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af87012382d4b0a2023-02-08 09:48:30.485root 11241100x8000000000000000279754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933ad2e09dfa27b32023-02-08 09:48:30.485root 11241100x8000000000000000279767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8508da722627082023-02-08 09:48:30.984root 11241100x8000000000000000279766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920bb389ec26264b2023-02-08 09:48:30.984root 11241100x8000000000000000279765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bffb7b97fa59e9a2023-02-08 09:48:30.984root 11241100x8000000000000000279778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c08cedb39b99c02023-02-08 09:48:30.985root 11241100x8000000000000000279777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7927877b8fbeb952023-02-08 09:48:30.985root 11241100x8000000000000000279776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d4d301c30d63442023-02-08 09:48:30.985root 11241100x8000000000000000279775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6108cad9d6a0ffc2023-02-08 09:48:30.985root 11241100x8000000000000000279774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011f35b4a97a1f582023-02-08 09:48:30.985root 11241100x8000000000000000279773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b5e55593c9b11b2023-02-08 09:48:30.985root 11241100x8000000000000000279772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ffecd35a969d152023-02-08 09:48:30.985root 11241100x8000000000000000279771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a83d26b41e122b2023-02-08 09:48:30.985root 11241100x8000000000000000279770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a7d1599b5578c2023-02-08 09:48:30.985root 11241100x8000000000000000279769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87ef2d1999820222023-02-08 09:48:30.985root 11241100x8000000000000000279768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb4c312299e74d82023-02-08 09:48:30.985root 11241100x8000000000000000279782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65194d77d3f255d2023-02-08 09:48:31.484root 11241100x8000000000000000279781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f0833df7df7baa2023-02-08 09:48:31.484root 11241100x8000000000000000279780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718d65931bf3d9eb2023-02-08 09:48:31.484root 11241100x8000000000000000279779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661a7363027820aa2023-02-08 09:48:31.484root 11241100x8000000000000000279792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85194f63f3575db32023-02-08 09:48:31.485root 11241100x8000000000000000279791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfe78550e5c5082023-02-08 09:48:31.485root 11241100x8000000000000000279790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435ffc8372b2fc392023-02-08 09:48:31.485root 11241100x8000000000000000279789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bd0daa607684872023-02-08 09:48:31.485root 11241100x8000000000000000279788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e63c0a6f1c95fcd2023-02-08 09:48:31.485root 11241100x8000000000000000279787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f4991fb71ef9602023-02-08 09:48:31.485root 11241100x8000000000000000279786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5279abd20dcc6492023-02-08 09:48:31.485root 11241100x8000000000000000279785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211873b3a81ee0ba2023-02-08 09:48:31.485root 11241100x8000000000000000279784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ecf99774f060f72023-02-08 09:48:31.485root 11241100x8000000000000000279783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841761207d3f20962023-02-08 09:48:31.485root 11241100x8000000000000000279795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecea2f51c4f70252023-02-08 09:48:31.984root 11241100x8000000000000000279794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1942a30f77c23f302023-02-08 09:48:31.984root 11241100x8000000000000000279793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702ed0c81005daf62023-02-08 09:48:31.984root 11241100x8000000000000000279802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08450180b90076c92023-02-08 09:48:31.985root 11241100x8000000000000000279801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41d0847636e5932023-02-08 09:48:31.985root 11241100x8000000000000000279800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62854c21788a41812023-02-08 09:48:31.985root 11241100x8000000000000000279799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc89db0ac782a4a2023-02-08 09:48:31.985root 11241100x8000000000000000279798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afb3ad41ec5468b2023-02-08 09:48:31.985root 11241100x8000000000000000279797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c05d6b67891e202023-02-08 09:48:31.985root 11241100x8000000000000000279796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213bd948d59493c12023-02-08 09:48:31.985root 11241100x8000000000000000279803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b38d9dab3bfdff2023-02-08 09:48:31.987root 11241100x8000000000000000279806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb02605b6ee92c2023-02-08 09:48:31.988root 11241100x8000000000000000279805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcddcb3a72c200d2023-02-08 09:48:31.988root 11241100x8000000000000000279804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4910e45479e0232023-02-08 09:48:31.988root 354300x8000000000000000279807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.132{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42444-false10.0.1.12-8000- 11241100x8000000000000000279812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6a6c367d6020a12023-02-08 09:48:32.484root 11241100x8000000000000000279811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5917d6e9d5bbf102023-02-08 09:48:32.484root 11241100x8000000000000000279810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322eaad86796da272023-02-08 09:48:32.484root 11241100x8000000000000000279809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff410fd2f0fa51a82023-02-08 09:48:32.484root 11241100x8000000000000000279808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449c939e698be0102023-02-08 09:48:32.484root 11241100x8000000000000000279820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e630a00d15da18b62023-02-08 09:48:32.485root 11241100x8000000000000000279819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25afb07ab5f41a0a2023-02-08 09:48:32.485root 11241100x8000000000000000279818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca72141862e5b72023-02-08 09:48:32.485root 11241100x8000000000000000279817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320b82e10f678bbe2023-02-08 09:48:32.485root 11241100x8000000000000000279816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba12ba865646bfbd2023-02-08 09:48:32.485root 11241100x8000000000000000279815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afff26ff50504b02023-02-08 09:48:32.485root 11241100x8000000000000000279814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcbfd2f1f9de28d2023-02-08 09:48:32.485root 11241100x8000000000000000279813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30c5bc6ff3df13d2023-02-08 09:48:32.485root 11241100x8000000000000000279827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78cb91d877545f02023-02-08 09:48:32.486root 11241100x8000000000000000279826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b92ea1463aa59b2023-02-08 09:48:32.486root 11241100x8000000000000000279825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d048b56b1267502023-02-08 09:48:32.486root 11241100x8000000000000000279824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c05fc7ce944beab2023-02-08 09:48:32.486root 11241100x8000000000000000279823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abf39cd8e2397112023-02-08 09:48:32.486root 11241100x8000000000000000279822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44069c4627599ce2023-02-08 09:48:32.486root 11241100x8000000000000000279821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810de5db2361c9732023-02-08 09:48:32.486root 11241100x8000000000000000279831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8e8b6c64f62dd22023-02-08 09:48:32.984root 11241100x8000000000000000279830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f3b42be4ce4242023-02-08 09:48:32.984root 11241100x8000000000000000279829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3778338ac2c1732023-02-08 09:48:32.984root 11241100x8000000000000000279828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c15b24d446ea7b2023-02-08 09:48:32.984root 11241100x8000000000000000279842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00c1cecb1299acb2023-02-08 09:48:32.985root 11241100x8000000000000000279841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15794fd5a025a3362023-02-08 09:48:32.985root 11241100x8000000000000000279840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c753c54c262e5402023-02-08 09:48:32.985root 11241100x8000000000000000279839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0374586bc1b899c52023-02-08 09:48:32.985root 11241100x8000000000000000279838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da4a958a85192aa2023-02-08 09:48:32.985root 11241100x8000000000000000279837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98981e7ce0dfbd12023-02-08 09:48:32.985root 11241100x8000000000000000279836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce4735effa938b12023-02-08 09:48:32.985root 11241100x8000000000000000279835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc9683f7baba6e52023-02-08 09:48:32.985root 11241100x8000000000000000279834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b34c76895c442412023-02-08 09:48:32.985root 11241100x8000000000000000279833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd23cfdb38fa5d02023-02-08 09:48:32.985root 11241100x8000000000000000279832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6a374664dd51342023-02-08 09:48:32.985root 11241100x8000000000000000279844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780d073777a6a8a22023-02-08 09:48:33.484root 11241100x8000000000000000279843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fdad511324390d2023-02-08 09:48:33.484root 11241100x8000000000000000279857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962f175f7cdef6372023-02-08 09:48:33.485root 11241100x8000000000000000279856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d9b7f22e42f0e2023-02-08 09:48:33.485root 11241100x8000000000000000279855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee2c8ff98d8b3742023-02-08 09:48:33.485root 11241100x8000000000000000279854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8804b278648e62023-02-08 09:48:33.485root 11241100x8000000000000000279853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a106dce89abeeab2023-02-08 09:48:33.485root 11241100x8000000000000000279852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdec4b361da0ee5d2023-02-08 09:48:33.485root 11241100x8000000000000000279851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d5b26487f146e52023-02-08 09:48:33.485root 11241100x8000000000000000279850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03f099b48ec39b52023-02-08 09:48:33.485root 11241100x8000000000000000279849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10504fce2c9a81522023-02-08 09:48:33.485root 11241100x8000000000000000279848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c7f33b3953dd42023-02-08 09:48:33.485root 11241100x8000000000000000279847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd4a83e1fa865762023-02-08 09:48:33.485root 11241100x8000000000000000279846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9fef5245d65ed52023-02-08 09:48:33.485root 11241100x8000000000000000279845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a2b1a448cd3ecd2023-02-08 09:48:33.485root 11241100x8000000000000000279862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f7da9beecfadb2023-02-08 09:48:33.984root 11241100x8000000000000000279861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a682e86dabe92b3f2023-02-08 09:48:33.984root 11241100x8000000000000000279860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31c6ffb72e71d802023-02-08 09:48:33.984root 11241100x8000000000000000279859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65909a0af4b64e92023-02-08 09:48:33.984root 11241100x8000000000000000279858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e34343f977adcce2023-02-08 09:48:33.984root 11241100x8000000000000000279872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405c6e29649feff52023-02-08 09:48:33.985root 11241100x8000000000000000279871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb401963f19eb0f32023-02-08 09:48:33.985root 11241100x8000000000000000279870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989b63a1d297e2b82023-02-08 09:48:33.985root 11241100x8000000000000000279869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a03aee6812fbc2023-02-08 09:48:33.985root 11241100x8000000000000000279868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757856e99c0384e52023-02-08 09:48:33.985root 11241100x8000000000000000279867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27874807533520452023-02-08 09:48:33.985root 11241100x8000000000000000279866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6584f234e3a6de2023-02-08 09:48:33.985root 11241100x8000000000000000279865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb314c8689678a442023-02-08 09:48:33.985root 11241100x8000000000000000279864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36cd8c19b5a4baa2023-02-08 09:48:33.985root 11241100x8000000000000000279863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23aad525257c1722023-02-08 09:48:33.985root 11241100x8000000000000000279876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0476046c984aa2032023-02-08 09:48:34.484root 11241100x8000000000000000279875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ed298aba9fdc222023-02-08 09:48:34.484root 11241100x8000000000000000279874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e3fe38bf1447292023-02-08 09:48:34.484root 11241100x8000000000000000279873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2458dce506efe52023-02-08 09:48:34.484root 11241100x8000000000000000279887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb509b7a19230642023-02-08 09:48:34.485root 11241100x8000000000000000279886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02474109c0f437f2023-02-08 09:48:34.485root 11241100x8000000000000000279885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3954b968517aa2732023-02-08 09:48:34.485root 11241100x8000000000000000279884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3608727e639d9a12023-02-08 09:48:34.485root 11241100x8000000000000000279883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfc0eb4f1f4f6992023-02-08 09:48:34.485root 11241100x8000000000000000279882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d7c0cd1ea7814b2023-02-08 09:48:34.485root 11241100x8000000000000000279881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e8c595ca0d1f6c2023-02-08 09:48:34.485root 11241100x8000000000000000279880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d215c808279c72122023-02-08 09:48:34.485root 11241100x8000000000000000279879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a4fcdb12b6c83c2023-02-08 09:48:34.485root 11241100x8000000000000000279878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538c8e520ece6ece2023-02-08 09:48:34.485root 11241100x8000000000000000279877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddff73079c6b2972023-02-08 09:48:34.485root 11241100x8000000000000000279888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2cce5cbe39553c2023-02-08 09:48:34.984root 11241100x8000000000000000279896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f62458a396fd82023-02-08 09:48:34.985root 11241100x8000000000000000279895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d445c042142242023-02-08 09:48:34.985root 11241100x8000000000000000279894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd056dfd408f81e2023-02-08 09:48:34.985root 11241100x8000000000000000279893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058487eae4493762023-02-08 09:48:34.985root 11241100x8000000000000000279892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c8048881575cca2023-02-08 09:48:34.985root 11241100x8000000000000000279891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b8321c5ef5c6032023-02-08 09:48:34.985root 11241100x8000000000000000279890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d4ed52fbf665572023-02-08 09:48:34.985root 11241100x8000000000000000279889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e591c217a1a86c2023-02-08 09:48:34.985root 11241100x8000000000000000279902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dfef51d73bc56c2023-02-08 09:48:34.986root 11241100x8000000000000000279901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b08c8f35abc9d9a2023-02-08 09:48:34.986root 11241100x8000000000000000279900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85258206b4185ae32023-02-08 09:48:34.986root 11241100x8000000000000000279899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deb3b8d82e1c0842023-02-08 09:48:34.986root 11241100x8000000000000000279898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28670acf99f270362023-02-08 09:48:34.986root 11241100x8000000000000000279897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb8935370003d62023-02-08 09:48:34.986root 11241100x8000000000000000279906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918cfc56ad9d6f702023-02-08 09:48:35.484root 11241100x8000000000000000279905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1960d54ff95df34f2023-02-08 09:48:35.484root 11241100x8000000000000000279904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724733a6f5d40ad62023-02-08 09:48:35.484root 11241100x8000000000000000279903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6005dc58cd5309a2023-02-08 09:48:35.484root 11241100x8000000000000000279917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc457b089628632023-02-08 09:48:35.485root 11241100x8000000000000000279916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243122750256f4882023-02-08 09:48:35.485root 11241100x8000000000000000279915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ab496adf3be6002023-02-08 09:48:35.485root 11241100x8000000000000000279914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c965478bacbcce2023-02-08 09:48:35.485root 11241100x8000000000000000279913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a71d0f7ed795e472023-02-08 09:48:35.485root 11241100x8000000000000000279912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8278bdcec7783f4f2023-02-08 09:48:35.485root 11241100x8000000000000000279911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7f9b1e6544c1e32023-02-08 09:48:35.485root 11241100x8000000000000000279910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f2ef88a227a2812023-02-08 09:48:35.485root 11241100x8000000000000000279909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b72baed54132672023-02-08 09:48:35.485root 11241100x8000000000000000279908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51171ad127d307262023-02-08 09:48:35.485root 11241100x8000000000000000279907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cac5cfb59b5a4982023-02-08 09:48:35.485root 11241100x8000000000000000279921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02141f5ea6a3486e2023-02-08 09:48:35.984root 11241100x8000000000000000279920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9697f0f708f57f9b2023-02-08 09:48:35.984root 11241100x8000000000000000279919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2602c5bfe466352b2023-02-08 09:48:35.984root 11241100x8000000000000000279918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7096a595d0d6e72023-02-08 09:48:35.984root 11241100x8000000000000000279932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63686c6038ad86012023-02-08 09:48:35.985root 11241100x8000000000000000279931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a25ac650d5d3f752023-02-08 09:48:35.985root 11241100x8000000000000000279930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e1920e09474c6e2023-02-08 09:48:35.985root 11241100x8000000000000000279929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3556b71221efac4e2023-02-08 09:48:35.985root 11241100x8000000000000000279928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60be0768ac5b20e2023-02-08 09:48:35.985root 11241100x8000000000000000279927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2af3a38f3d66962023-02-08 09:48:35.985root 11241100x8000000000000000279926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20c93405cf68602023-02-08 09:48:35.985root 11241100x8000000000000000279925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80db9f0adc1064d62023-02-08 09:48:35.985root 11241100x8000000000000000279924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0feb27025d49a2023-02-08 09:48:35.985root 11241100x8000000000000000279923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3227735e70bdc62023-02-08 09:48:35.985root 11241100x8000000000000000279922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a734392d54c1265a2023-02-08 09:48:35.985root 11241100x8000000000000000279933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:48:36.362root 11241100x8000000000000000279937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5e4d01e37f6942023-02-08 09:48:36.363root 11241100x8000000000000000279936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df09125d09f8fed12023-02-08 09:48:36.363root 11241100x8000000000000000279935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b2c358f22e17002023-02-08 09:48:36.363root 11241100x8000000000000000279934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438e8c3a198ec0c2023-02-08 09:48:36.363root 11241100x8000000000000000279949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb6b165841551b2023-02-08 09:48:36.364root 11241100x8000000000000000279948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257c0662711a29552023-02-08 09:48:36.364root 11241100x8000000000000000279947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f574325867df0902023-02-08 09:48:36.364root 11241100x8000000000000000279946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ed8d9326da77b42023-02-08 09:48:36.364root 11241100x8000000000000000279945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8d9f1b4c9ade3c2023-02-08 09:48:36.364root 11241100x8000000000000000279944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf314778f44574962023-02-08 09:48:36.364root 11241100x8000000000000000279943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b40a0223f74c902023-02-08 09:48:36.364root 11241100x8000000000000000279942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b059010c7fde8272023-02-08 09:48:36.364root 11241100x8000000000000000279941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df176f76457cfd982023-02-08 09:48:36.364root 11241100x8000000000000000279940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400d281e658016b32023-02-08 09:48:36.364root 11241100x8000000000000000279939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc222f9708dc88f2023-02-08 09:48:36.364root 11241100x8000000000000000279938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2498e125008f24212023-02-08 09:48:36.364root 11241100x8000000000000000279957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6256e0fb2fd32ef2023-02-08 09:48:36.734root 11241100x8000000000000000279956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba33576494ce5e7a2023-02-08 09:48:36.734root 11241100x8000000000000000279955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104a7af531977bff2023-02-08 09:48:36.734root 11241100x8000000000000000279954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f0e4e54b346a032023-02-08 09:48:36.734root 11241100x8000000000000000279953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3ecd9c654b0ec62023-02-08 09:48:36.734root 11241100x8000000000000000279952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e0c9d0ae6befe2023-02-08 09:48:36.734root 11241100x8000000000000000279951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a804e761e1730e32023-02-08 09:48:36.734root 11241100x8000000000000000279950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0587d708eb24cb012023-02-08 09:48:36.734root 11241100x8000000000000000279965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7313a291fa01602023-02-08 09:48:36.735root 11241100x8000000000000000279964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6873c1c53ee3632023-02-08 09:48:36.735root 11241100x8000000000000000279963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f432311fbd038272023-02-08 09:48:36.735root 11241100x8000000000000000279962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57885eb93acec5ba2023-02-08 09:48:36.735root 11241100x8000000000000000279961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58816bbce62108d2023-02-08 09:48:36.735root 11241100x8000000000000000279960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d01fadb436996c62023-02-08 09:48:36.735root 11241100x8000000000000000279959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ad3e00a487730a2023-02-08 09:48:36.735root 11241100x8000000000000000279958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb920d0455e7f5a22023-02-08 09:48:36.735root 354300x8000000000000000279966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.187{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42456-false10.0.1.12-8000- 11241100x8000000000000000279978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6764e03f7681813b2023-02-08 09:48:37.188root 11241100x8000000000000000279977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e281061018e2222023-02-08 09:48:37.188root 11241100x8000000000000000279976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da48eb6d7e9d686d2023-02-08 09:48:37.188root 11241100x8000000000000000279975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0915a8732fe252fa2023-02-08 09:48:37.188root 11241100x8000000000000000279974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af29dbe4f33a14412023-02-08 09:48:37.188root 11241100x8000000000000000279973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e013ea1b824a56582023-02-08 09:48:37.188root 11241100x8000000000000000279972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589bae4e3088f8e72023-02-08 09:48:37.188root 11241100x8000000000000000279971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780b4041d50aa1f22023-02-08 09:48:37.188root 11241100x8000000000000000279970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d768086f4c556da2023-02-08 09:48:37.188root 11241100x8000000000000000279969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4631aa81ddb1cc52023-02-08 09:48:37.188root 11241100x8000000000000000279968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949df225acee2eb92023-02-08 09:48:37.188root 11241100x8000000000000000279967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.188{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b1d64653d1b6a2023-02-08 09:48:37.188root 11241100x8000000000000000279984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff857b69eeea85512023-02-08 09:48:37.189root 11241100x8000000000000000279983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55abb21ebdb9c53b2023-02-08 09:48:37.189root 11241100x8000000000000000279982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbc3c7b7c67d7382023-02-08 09:48:37.189root 11241100x8000000000000000279981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888df8a1e7af003a2023-02-08 09:48:37.189root 11241100x8000000000000000279980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ad8e097f4ccd792023-02-08 09:48:37.189root 11241100x8000000000000000279979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1acf9ac23ffeaf42023-02-08 09:48:37.189root 11241100x8000000000000000279987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67c77d54a8243a12023-02-08 09:48:37.484root 11241100x8000000000000000279986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7952741895766952023-02-08 09:48:37.484root 11241100x8000000000000000279985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c76490d81038d92023-02-08 09:48:37.484root 11241100x8000000000000000280000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6983ac38af9c2012023-02-08 09:48:37.485root 11241100x8000000000000000279999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6d2aa911da789b2023-02-08 09:48:37.485root 11241100x8000000000000000279998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437d98202e00f1212023-02-08 09:48:37.485root 11241100x8000000000000000279997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4373347d544193e42023-02-08 09:48:37.485root 11241100x8000000000000000279996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a509a6902d6753922023-02-08 09:48:37.485root 11241100x8000000000000000279995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f53c731cee6c4c2023-02-08 09:48:37.485root 11241100x8000000000000000279994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ae5221d6f8dc162023-02-08 09:48:37.485root 11241100x8000000000000000279993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4494a7bcc807a28e2023-02-08 09:48:37.485root 11241100x8000000000000000279992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41045b80ff944242023-02-08 09:48:37.485root 11241100x8000000000000000279991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd9c53f5dde0f52023-02-08 09:48:37.485root 11241100x8000000000000000279990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3acf6370b1cd902023-02-08 09:48:37.485root 11241100x8000000000000000279989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606969d107d936b22023-02-08 09:48:37.485root 11241100x8000000000000000279988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d71634f9cc4e32023-02-08 09:48:37.485root 11241100x8000000000000000280001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e4beada750df9a2023-02-08 09:48:37.486root 11241100x8000000000000000280003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b8ae2388bede22023-02-08 09:48:37.984root 11241100x8000000000000000280002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79209a9076280612023-02-08 09:48:37.984root 11241100x8000000000000000280008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757f295f26777c52023-02-08 09:48:37.985root 11241100x8000000000000000280007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b31d220c8e17b2023-02-08 09:48:37.985root 11241100x8000000000000000280006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd84c08e1bcc7f62023-02-08 09:48:37.985root 11241100x8000000000000000280005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ce2f80caf73df92023-02-08 09:48:37.985root 11241100x8000000000000000280004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce47ba2c03532f9c2023-02-08 09:48:37.985root 11241100x8000000000000000280018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051da3b050535a482023-02-08 09:48:37.986root 11241100x8000000000000000280017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e586fd34a3feac62023-02-08 09:48:37.986root 11241100x8000000000000000280016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c1abe60884f4542023-02-08 09:48:37.986root 11241100x8000000000000000280015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b8099cb7780e622023-02-08 09:48:37.986root 11241100x8000000000000000280014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b2647d3a11ff362023-02-08 09:48:37.986root 11241100x8000000000000000280013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8b47379aaf85a92023-02-08 09:48:37.986root 11241100x8000000000000000280012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e3662f2a5238e22023-02-08 09:48:37.986root 11241100x8000000000000000280011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e34e5429524cb2023-02-08 09:48:37.986root 11241100x8000000000000000280010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae167426c2bf8932023-02-08 09:48:37.986root 11241100x8000000000000000280009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc931928dfcef092023-02-08 09:48:37.986root 11241100x8000000000000000280020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b18e712c5adfc42023-02-08 09:48:38.484root 11241100x8000000000000000280019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdb3b00b4ca20fd2023-02-08 09:48:38.484root 11241100x8000000000000000280026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d990e633f245feba2023-02-08 09:48:38.485root 11241100x8000000000000000280025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd4b779fde607332023-02-08 09:48:38.485root 11241100x8000000000000000280024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc460e8d0bb8ca22023-02-08 09:48:38.485root 11241100x8000000000000000280023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1b9813be7094ca2023-02-08 09:48:38.485root 11241100x8000000000000000280022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f8e889cf584a0b2023-02-08 09:48:38.485root 11241100x8000000000000000280021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfeb3d05f89720f2023-02-08 09:48:38.485root 11241100x8000000000000000280032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df40cc445d0a33932023-02-08 09:48:38.486root 11241100x8000000000000000280031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48f66fa14edaee72023-02-08 09:48:38.486root 11241100x8000000000000000280030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4d8cac592bf94f2023-02-08 09:48:38.486root 11241100x8000000000000000280029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eff5e649cc18772023-02-08 09:48:38.486root 11241100x8000000000000000280028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e452e99eb3d1712023-02-08 09:48:38.486root 11241100x8000000000000000280027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0954c6ea6ecfdc9d2023-02-08 09:48:38.486root 11241100x8000000000000000280035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cf6277a55732102023-02-08 09:48:38.487root 11241100x8000000000000000280034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e57f03683c24b6b2023-02-08 09:48:38.487root 11241100x8000000000000000280033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b49ec1ba7dfa42023-02-08 09:48:38.487root 11241100x8000000000000000280042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae144fd6db2e2e102023-02-08 09:48:38.984root 11241100x8000000000000000280041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f0206df816dac12023-02-08 09:48:38.984root 11241100x8000000000000000280040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dff685defbe7eaa2023-02-08 09:48:38.984root 11241100x8000000000000000280039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adefeb2fa961f1e62023-02-08 09:48:38.984root 11241100x8000000000000000280038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad088d8a6ab94b32023-02-08 09:48:38.984root 11241100x8000000000000000280037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6c6fa79d75e8c12023-02-08 09:48:38.984root 11241100x8000000000000000280036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388fd3521ac58b1f2023-02-08 09:48:38.984root 11241100x8000000000000000280051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765c69396758e572023-02-08 09:48:38.985root 11241100x8000000000000000280050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3b2e44fca5bdaf2023-02-08 09:48:38.985root 11241100x8000000000000000280049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edee82ba33772cf2023-02-08 09:48:38.985root 11241100x8000000000000000280048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc124e3181e083192023-02-08 09:48:38.985root 11241100x8000000000000000280047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270836c2a95337472023-02-08 09:48:38.985root 11241100x8000000000000000280046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b3aade44a0be532023-02-08 09:48:38.985root 11241100x8000000000000000280045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33df38edd85e94992023-02-08 09:48:38.985root 11241100x8000000000000000280044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451476adfd66df62023-02-08 09:48:38.985root 11241100x8000000000000000280043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211c799f1610caf2023-02-08 09:48:38.985root 11241100x8000000000000000280054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3ed526a27924b2023-02-08 09:48:38.986root 11241100x8000000000000000280053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac65e3de7161e0242023-02-08 09:48:38.986root 11241100x8000000000000000280052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb8f159243959a02023-02-08 09:48:38.986root 23542300x8000000000000000280055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.196{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000280059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf8afefc0feff552023-02-08 09:48:39.484root 11241100x8000000000000000280058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db095929cfa1212023-02-08 09:48:39.484root 11241100x8000000000000000280057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10ab47982ca5302023-02-08 09:48:39.484root 11241100x8000000000000000280056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a22d09698096e212023-02-08 09:48:39.484root 11241100x8000000000000000280073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05410c47359af3702023-02-08 09:48:39.485root 11241100x8000000000000000280072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cfc875b2a897b2023-02-08 09:48:39.485root 11241100x8000000000000000280071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85dab30b98e971c2023-02-08 09:48:39.485root 11241100x8000000000000000280070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80da4a0041160f32023-02-08 09:48:39.485root 11241100x8000000000000000280069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e99e636a6526b2023-02-08 09:48:39.485root 11241100x8000000000000000280068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca071b9e31d01cb2023-02-08 09:48:39.485root 11241100x8000000000000000280067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c26873b2c37bff2023-02-08 09:48:39.485root 11241100x8000000000000000280066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347b583878c9d03f2023-02-08 09:48:39.485root 11241100x8000000000000000280065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a3c0ef6ae6ab832023-02-08 09:48:39.485root 11241100x8000000000000000280064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b97b2227b9239c2023-02-08 09:48:39.485root 11241100x8000000000000000280063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40957a6145ae67652023-02-08 09:48:39.485root 11241100x8000000000000000280062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001cac2adbd14cb42023-02-08 09:48:39.485root 11241100x8000000000000000280061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0fe53f7b7796e182023-02-08 09:48:39.485root 11241100x8000000000000000280060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ff487c1ced2462023-02-08 09:48:39.485root 11241100x8000000000000000280079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132e0cfb2b5c3df12023-02-08 09:48:39.984root 11241100x8000000000000000280078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bac67de474452e92023-02-08 09:48:39.984root 11241100x8000000000000000280077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae32d9eea08b2e2023-02-08 09:48:39.984root 11241100x8000000000000000280076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d8f8e629bf9792023-02-08 09:48:39.984root 11241100x8000000000000000280075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032349064bcbfed2023-02-08 09:48:39.984root 11241100x8000000000000000280074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8141d2546ece4a42023-02-08 09:48:39.984root 11241100x8000000000000000280087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9340cd6dd1c714f2023-02-08 09:48:39.985root 11241100x8000000000000000280086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec36ae0b5e502972023-02-08 09:48:39.985root 11241100x8000000000000000280085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1016ec7e7435e62023-02-08 09:48:39.985root 11241100x8000000000000000280084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bb2a5eef4766882023-02-08 09:48:39.985root 11241100x8000000000000000280083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2598543d48357d902023-02-08 09:48:39.985root 11241100x8000000000000000280082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfca7cd81c5c16c2023-02-08 09:48:39.985root 11241100x8000000000000000280081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83318ef58dc92422023-02-08 09:48:39.985root 11241100x8000000000000000280080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f8a97db93d62622023-02-08 09:48:39.985root 11241100x8000000000000000280092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e4676ad0f7cb852023-02-08 09:48:39.986root 11241100x8000000000000000280091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b366921098fdf792023-02-08 09:48:39.986root 11241100x8000000000000000280090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2701ccf2737c50fe2023-02-08 09:48:39.986root 11241100x8000000000000000280089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bb790402ea40da2023-02-08 09:48:39.986root 11241100x8000000000000000280088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:39.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9147165157f8f5c2023-02-08 09:48:39.986root 11241100x8000000000000000280096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35495d3a01dbaff32023-02-08 09:48:40.484root 11241100x8000000000000000280095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8f8570a1dde92e2023-02-08 09:48:40.484root 11241100x8000000000000000280094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3695624df6481ef62023-02-08 09:48:40.484root 11241100x8000000000000000280093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bbacef0542dab22023-02-08 09:48:40.484root 11241100x8000000000000000280104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8617d6c1405b3f652023-02-08 09:48:40.485root 11241100x8000000000000000280103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a78ebd9065f4a2023-02-08 09:48:40.485root 11241100x8000000000000000280102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4297f29d71417dc52023-02-08 09:48:40.485root 11241100x8000000000000000280101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9068a41809d2ab632023-02-08 09:48:40.485root 11241100x8000000000000000280100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e951ff4f2a38a8b92023-02-08 09:48:40.485root 11241100x8000000000000000280099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042aea1f804bb78b2023-02-08 09:48:40.485root 11241100x8000000000000000280098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e9a340a16eeb582023-02-08 09:48:40.485root 11241100x8000000000000000280097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275a061d837294db2023-02-08 09:48:40.485root 11241100x8000000000000000280110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fa2728738f1ff72023-02-08 09:48:40.486root 11241100x8000000000000000280109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b27441308990cf2023-02-08 09:48:40.486root 11241100x8000000000000000280108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb08fb0d0739998c2023-02-08 09:48:40.486root 11241100x8000000000000000280107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dec9c01321cc1c2023-02-08 09:48:40.486root 11241100x8000000000000000280106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f224779c5c2bcf2023-02-08 09:48:40.486root 11241100x8000000000000000280105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ecef893606c4f2023-02-08 09:48:40.486root 11241100x8000000000000000280113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2813ae610e2c50fb2023-02-08 09:48:40.984root 11241100x8000000000000000280112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196c5515b09d1dd42023-02-08 09:48:40.984root 11241100x8000000000000000280111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9678bdf6ce90f62023-02-08 09:48:40.984root 11241100x8000000000000000280123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679f3ec3e47e87182023-02-08 09:48:40.985root 11241100x8000000000000000280122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34174478cb7d67232023-02-08 09:48:40.985root 11241100x8000000000000000280121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50107ea39e33f352023-02-08 09:48:40.985root 11241100x8000000000000000280120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d00d63c7baa87fa2023-02-08 09:48:40.985root 11241100x8000000000000000280119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfb569a4bb6de7b2023-02-08 09:48:40.985root 11241100x8000000000000000280118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c914709a29f102023-02-08 09:48:40.985root 11241100x8000000000000000280117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2334c53a358decb42023-02-08 09:48:40.985root 11241100x8000000000000000280116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e49a6565e41f0802023-02-08 09:48:40.985root 11241100x8000000000000000280115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb33d7cdc2bc86f2023-02-08 09:48:40.985root 11241100x8000000000000000280114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911dedffab6daff02023-02-08 09:48:40.985root 11241100x8000000000000000280128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe012d8bcce57c92023-02-08 09:48:40.986root 11241100x8000000000000000280127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a0a291823904182023-02-08 09:48:40.986root 11241100x8000000000000000280126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1289dd5bf96c7532023-02-08 09:48:40.986root 11241100x8000000000000000280125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d254a9a07445352023-02-08 09:48:40.986root 11241100x8000000000000000280124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:40.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7071a043d9c1c2e62023-02-08 09:48:40.986root 11241100x8000000000000000280135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45fa357b9cb0992023-02-08 09:48:41.484root 11241100x8000000000000000280134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f516a25b61dbcc4c2023-02-08 09:48:41.484root 11241100x8000000000000000280133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a629da55d838b742023-02-08 09:48:41.484root 11241100x8000000000000000280132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ddbad564775fe2023-02-08 09:48:41.484root 11241100x8000000000000000280131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeb04d4896054dd2023-02-08 09:48:41.484root 11241100x8000000000000000280130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1408f753e5a8fc552023-02-08 09:48:41.484root 11241100x8000000000000000280129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b9835fe77d3ce72023-02-08 09:48:41.484root 11241100x8000000000000000280146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d9d021e1e3e6842023-02-08 09:48:41.485root 11241100x8000000000000000280145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a75ce5f744ee33f2023-02-08 09:48:41.485root 11241100x8000000000000000280144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50b0ce9ffe065832023-02-08 09:48:41.485root 11241100x8000000000000000280143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447f6a421409e5e52023-02-08 09:48:41.485root 11241100x8000000000000000280142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc10ccfece2a6052023-02-08 09:48:41.485root 11241100x8000000000000000280141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b704590fc3b0cee2023-02-08 09:48:41.485root 11241100x8000000000000000280140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddc794a72e719c72023-02-08 09:48:41.485root 11241100x8000000000000000280139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d5d518f0d7a0b42023-02-08 09:48:41.485root 11241100x8000000000000000280138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e255d5ee74ef07292023-02-08 09:48:41.485root 11241100x8000000000000000280137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a824a9382a8a2ed82023-02-08 09:48:41.485root 11241100x8000000000000000280136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa46d93d331e09b2023-02-08 09:48:41.485root 11241100x8000000000000000280157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e2e1cf9bb68082023-02-08 09:48:41.984root 11241100x8000000000000000280156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5fe8f79b49fc192023-02-08 09:48:41.984root 11241100x8000000000000000280155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70699cf486989bc52023-02-08 09:48:41.984root 11241100x8000000000000000280154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0e546be610e3232023-02-08 09:48:41.984root 11241100x8000000000000000280153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dac9a5805f75642023-02-08 09:48:41.984root 11241100x8000000000000000280152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3664a0e9c2305b292023-02-08 09:48:41.984root 11241100x8000000000000000280151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b574553db0547e22023-02-08 09:48:41.984root 11241100x8000000000000000280150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9908b4046d051412023-02-08 09:48:41.984root 11241100x8000000000000000280149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e25baf17743bd42023-02-08 09:48:41.984root 11241100x8000000000000000280148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406163f315584d332023-02-08 09:48:41.984root 11241100x8000000000000000280147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764bbf27892bdd672023-02-08 09:48:41.984root 11241100x8000000000000000280165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6953e65d19b166672023-02-08 09:48:41.985root 11241100x8000000000000000280164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0fc3e0334d14882023-02-08 09:48:41.985root 11241100x8000000000000000280163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ea60165cd8ba432023-02-08 09:48:41.985root 11241100x8000000000000000280162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6253586309a8eea52023-02-08 09:48:41.985root 11241100x8000000000000000280161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1356507fda5a64652023-02-08 09:48:41.985root 11241100x8000000000000000280160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799ec4436da53842023-02-08 09:48:41.985root 11241100x8000000000000000280159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c365b8a96587743d2023-02-08 09:48:41.985root 11241100x8000000000000000280158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:41.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bcd80ef73d8e282023-02-08 09:48:41.985root 11241100x8000000000000000280175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f07739dc214c5f72023-02-08 09:48:42.484root 11241100x8000000000000000280174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f87b7841368a472023-02-08 09:48:42.484root 11241100x8000000000000000280173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb9a5e5659fdfbc2023-02-08 09:48:42.484root 11241100x8000000000000000280172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470e242b433089ac2023-02-08 09:48:42.484root 11241100x8000000000000000280171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20482b31a32936ad2023-02-08 09:48:42.484root 11241100x8000000000000000280170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300cb13e5671b3032023-02-08 09:48:42.484root 11241100x8000000000000000280169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026878f2d2ff321d2023-02-08 09:48:42.484root 11241100x8000000000000000280168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcb86ece44799ff2023-02-08 09:48:42.484root 11241100x8000000000000000280167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4505f3a2fa2b9b412023-02-08 09:48:42.484root 11241100x8000000000000000280166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d529952cdb8337232023-02-08 09:48:42.484root 11241100x8000000000000000280186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae7a155dfa799ae2023-02-08 09:48:42.485root 11241100x8000000000000000280185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfb5e80f1a9c4db2023-02-08 09:48:42.485root 11241100x8000000000000000280184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c290cc310d8c5e5d2023-02-08 09:48:42.485root 11241100x8000000000000000280183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6063fe20984a202023-02-08 09:48:42.485root 11241100x8000000000000000280182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ded32fec1b5c9272023-02-08 09:48:42.485root 11241100x8000000000000000280181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd069296dd4e322023-02-08 09:48:42.485root 11241100x8000000000000000280180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43653cc233df69a42023-02-08 09:48:42.485root 11241100x8000000000000000280179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6209c038b824473b2023-02-08 09:48:42.485root 11241100x8000000000000000280178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687f9b08ae0b95b42023-02-08 09:48:42.485root 11241100x8000000000000000280177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4649615b0263c52023-02-08 09:48:42.485root 11241100x8000000000000000280176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24689252d37a4af22023-02-08 09:48:42.485root 11241100x8000000000000000280192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1b0fd3a65e637f2023-02-08 09:48:42.486root 11241100x8000000000000000280191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f61d28ab649325b2023-02-08 09:48:42.486root 11241100x8000000000000000280190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa22c3a80ab5a62023-02-08 09:48:42.486root 11241100x8000000000000000280189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ab193fe3903e8a2023-02-08 09:48:42.486root 11241100x8000000000000000280188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1239894280167a2023-02-08 09:48:42.486root 11241100x8000000000000000280187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dd1fa77c695a582023-02-08 09:48:42.486root 11241100x8000000000000000280202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80abea2e1476ec592023-02-08 09:48:42.487root 11241100x8000000000000000280201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526037ede697132d2023-02-08 09:48:42.487root 11241100x8000000000000000280200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae5df24831cf4632023-02-08 09:48:42.487root 11241100x8000000000000000280199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b0b377d5d61532023-02-08 09:48:42.487root 11241100x8000000000000000280198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e157018313d707332023-02-08 09:48:42.487root 11241100x8000000000000000280197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c12e7fde3c9e312023-02-08 09:48:42.487root 11241100x8000000000000000280196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d427b20df9ad4f12023-02-08 09:48:42.487root 11241100x8000000000000000280195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28831d95164e771c2023-02-08 09:48:42.487root 11241100x8000000000000000280194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66adbd0e17914142023-02-08 09:48:42.487root 11241100x8000000000000000280193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4f8d3dfcdadeb92023-02-08 09:48:42.487root 11241100x8000000000000000280207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3bf8f8b0cfcf602023-02-08 09:48:42.488root 11241100x8000000000000000280206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b68bcb62c042602023-02-08 09:48:42.488root 11241100x8000000000000000280205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42907fc4b3bda05b2023-02-08 09:48:42.488root 11241100x8000000000000000280204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcc0cd408cbc98d2023-02-08 09:48:42.488root 11241100x8000000000000000280203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25536ea5525fc5c2023-02-08 09:48:42.488root 11241100x8000000000000000280208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687d71b7b98d95e52023-02-08 09:48:42.985root 11241100x8000000000000000280218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4680e23c1f3f34f32023-02-08 09:48:42.986root 11241100x8000000000000000280217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26e13dfc9f1ee332023-02-08 09:48:42.986root 11241100x8000000000000000280216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334ab0cb96d2aff72023-02-08 09:48:42.986root 11241100x8000000000000000280215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b85607113674f22023-02-08 09:48:42.986root 11241100x8000000000000000280214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbef50760dc50f62023-02-08 09:48:42.986root 11241100x8000000000000000280213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b592dd1e4c0d7d2023-02-08 09:48:42.986root 11241100x8000000000000000280212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8df442e659b50872023-02-08 09:48:42.986root 11241100x8000000000000000280211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6c38fce865890e2023-02-08 09:48:42.986root 11241100x8000000000000000280210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770634d936ec2c572023-02-08 09:48:42.986root 11241100x8000000000000000280209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7b582f4cd068d2023-02-08 09:48:42.986root 11241100x8000000000000000280225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9de5e99cc45b832023-02-08 09:48:42.987root 11241100x8000000000000000280224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b54223cb9e92672023-02-08 09:48:42.987root 11241100x8000000000000000280223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd3f9c187e89dc82023-02-08 09:48:42.987root 11241100x8000000000000000280222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d8910955a0d812023-02-08 09:48:42.987root 11241100x8000000000000000280221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53bd10d825d15782023-02-08 09:48:42.987root 11241100x8000000000000000280220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad7d3143adf17322023-02-08 09:48:42.987root 11241100x8000000000000000280219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:42.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db303ab0e7929f32023-02-08 09:48:42.987root 354300x8000000000000000280226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.179{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52796-false10.0.1.12-8000- 11241100x8000000000000000280228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806baa764ea01eb42023-02-08 09:48:43.484root 11241100x8000000000000000280227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5de0c74c6d295a2023-02-08 09:48:43.484root 11241100x8000000000000000280241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed3b0616046a5822023-02-08 09:48:43.485root 11241100x8000000000000000280240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51603e2f4a8642a62023-02-08 09:48:43.485root 11241100x8000000000000000280239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a44d4f4a0b21362023-02-08 09:48:43.485root 11241100x8000000000000000280238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a522a8eb7240092023-02-08 09:48:43.485root 11241100x8000000000000000280237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98bdf20c2f24682023-02-08 09:48:43.485root 11241100x8000000000000000280236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3fd86d305a8f962023-02-08 09:48:43.485root 11241100x8000000000000000280235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd86d109cc7c73d2023-02-08 09:48:43.485root 11241100x8000000000000000280234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76213cfcd68613582023-02-08 09:48:43.485root 11241100x8000000000000000280233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b013f941f86d74aa2023-02-08 09:48:43.485root 11241100x8000000000000000280232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991d7a2ed7a6c9fe2023-02-08 09:48:43.485root 11241100x8000000000000000280231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024ac422ee281de2023-02-08 09:48:43.485root 11241100x8000000000000000280230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840207eb6fa18e472023-02-08 09:48:43.485root 11241100x8000000000000000280229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21908a5845689262023-02-08 09:48:43.485root 11241100x8000000000000000280245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6e0e5de2fef382023-02-08 09:48:43.486root 11241100x8000000000000000280244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991b779264c130152023-02-08 09:48:43.486root 11241100x8000000000000000280243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43757e996170dd82023-02-08 09:48:43.486root 11241100x8000000000000000280242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e74ef858e04a322023-02-08 09:48:43.486root 11241100x8000000000000000280257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bd9c4027e8970a2023-02-08 09:48:43.984root 11241100x8000000000000000280256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326da12373b114b42023-02-08 09:48:43.984root 11241100x8000000000000000280255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6d015f8301bd6a2023-02-08 09:48:43.984root 11241100x8000000000000000280254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692b507295990d022023-02-08 09:48:43.984root 11241100x8000000000000000280253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ffc7db74f15ebb2023-02-08 09:48:43.984root 11241100x8000000000000000280252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370666fa5da2785e2023-02-08 09:48:43.984root 11241100x8000000000000000280251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3a5d4a8b69335b2023-02-08 09:48:43.984root 11241100x8000000000000000280250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f16a8cb7c763a152023-02-08 09:48:43.984root 11241100x8000000000000000280249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499e469418119842023-02-08 09:48:43.984root 11241100x8000000000000000280248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed67d10178b460402023-02-08 09:48:43.984root 11241100x8000000000000000280247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce95038ca7addba42023-02-08 09:48:43.984root 11241100x8000000000000000280246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f0d0a78d83ad692023-02-08 09:48:43.984root 11241100x8000000000000000280266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adda30048c04a56a2023-02-08 09:48:43.985root 11241100x8000000000000000280265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d66fa944f550602023-02-08 09:48:43.985root 11241100x8000000000000000280264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c52fd18f8cb712023-02-08 09:48:43.985root 11241100x8000000000000000280263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f3387d98a2259b2023-02-08 09:48:43.985root 11241100x8000000000000000280262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81295bcc2116dc6b2023-02-08 09:48:43.985root 11241100x8000000000000000280261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c1c6517db5aaab2023-02-08 09:48:43.985root 11241100x8000000000000000280260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f5175f74e867d02023-02-08 09:48:43.985root 11241100x8000000000000000280259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea936b9a4cfec12023-02-08 09:48:43.985root 11241100x8000000000000000280258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4088ac5b563cffea2023-02-08 09:48:43.985root 11241100x8000000000000000280268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215640af66054a6f2023-02-08 09:48:44.484root 11241100x8000000000000000280267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc075823e9b0f112023-02-08 09:48:44.484root 11241100x8000000000000000280282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e918d3e17dc20fb2023-02-08 09:48:44.485root 11241100x8000000000000000280281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9995c549cc31b5852023-02-08 09:48:44.485root 11241100x8000000000000000280280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2228c54d342c78912023-02-08 09:48:44.485root 11241100x8000000000000000280279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262098083cc078072023-02-08 09:48:44.485root 11241100x8000000000000000280278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46553e2e4162be5c2023-02-08 09:48:44.485root 11241100x8000000000000000280277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4e0b13c4e16b532023-02-08 09:48:44.485root 11241100x8000000000000000280276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021c0df2b61587032023-02-08 09:48:44.485root 11241100x8000000000000000280275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518575646277642d2023-02-08 09:48:44.485root 11241100x8000000000000000280274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e36919c221eecf02023-02-08 09:48:44.485root 11241100x8000000000000000280273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6d05b9f60c2a062023-02-08 09:48:44.485root 11241100x8000000000000000280272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263156d3dcb946de2023-02-08 09:48:44.485root 11241100x8000000000000000280271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f750d4921c1eb82023-02-08 09:48:44.485root 11241100x8000000000000000280270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1eb3a1182178bba2023-02-08 09:48:44.485root 11241100x8000000000000000280269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ab31cc987ea4872023-02-08 09:48:44.485root 11241100x8000000000000000280285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fe42d8e4e2280d2023-02-08 09:48:44.486root 11241100x8000000000000000280284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e802448bf5de6e2023-02-08 09:48:44.486root 11241100x8000000000000000280283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c16aac50672f32023-02-08 09:48:44.486root 11241100x8000000000000000280294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5268b0c70f092bc2023-02-08 09:48:44.984root 11241100x8000000000000000280293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0987d712b1fa1a2023-02-08 09:48:44.984root 11241100x8000000000000000280292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effdb67a2738fbcd2023-02-08 09:48:44.984root 11241100x8000000000000000280291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a67cf123453261e2023-02-08 09:48:44.984root 11241100x8000000000000000280290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b628b66f0f7f95692023-02-08 09:48:44.984root 11241100x8000000000000000280289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388e9fe99dcaafbd2023-02-08 09:48:44.984root 11241100x8000000000000000280288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88afdea65c37794f2023-02-08 09:48:44.984root 11241100x8000000000000000280287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4239292a838a3c4c2023-02-08 09:48:44.984root 11241100x8000000000000000280286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab782cbf0a4ee522023-02-08 09:48:44.984root 11241100x8000000000000000280304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089ae26929e330392023-02-08 09:48:44.985root 11241100x8000000000000000280303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c926593245f2e02023-02-08 09:48:44.985root 11241100x8000000000000000280302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b40c59c3f8e93e2023-02-08 09:48:44.985root 11241100x8000000000000000280301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523400f12757adfa2023-02-08 09:48:44.985root 11241100x8000000000000000280300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64712f9ba95c96202023-02-08 09:48:44.985root 11241100x8000000000000000280299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b113b82761d493bd2023-02-08 09:48:44.985root 11241100x8000000000000000280298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894e0322410ce88e2023-02-08 09:48:44.985root 11241100x8000000000000000280297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86787a2e21aedf742023-02-08 09:48:44.985root 11241100x8000000000000000280296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a120a23f080b17d2023-02-08 09:48:44.985root 11241100x8000000000000000280295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47e0b78b3b18bdc2023-02-08 09:48:44.985root 11241100x8000000000000000280306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53e139876d5b8a2023-02-08 09:48:45.484root 11241100x8000000000000000280305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f32ec8fde28bf2023-02-08 09:48:45.484root 11241100x8000000000000000280319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4c3182817906182023-02-08 09:48:45.485root 11241100x8000000000000000280318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4478ee6af08922023-02-08 09:48:45.485root 11241100x8000000000000000280317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eceaba260d94fe32023-02-08 09:48:45.485root 11241100x8000000000000000280316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68ad53f5b415faa2023-02-08 09:48:45.485root 11241100x8000000000000000280315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8086d3e69ec305472023-02-08 09:48:45.485root 11241100x8000000000000000280314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e460e1aa5c093f2023-02-08 09:48:45.485root 11241100x8000000000000000280313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcdc8cfc9e3699d2023-02-08 09:48:45.485root 11241100x8000000000000000280312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9653c4d20f5568ff2023-02-08 09:48:45.485root 11241100x8000000000000000280311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a2ba432c8033712023-02-08 09:48:45.485root 11241100x8000000000000000280310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06551d2855a5b1ca2023-02-08 09:48:45.485root 11241100x8000000000000000280309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d863cb5dafda48ef2023-02-08 09:48:45.485root 11241100x8000000000000000280308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ffa8a6fc9a17a32023-02-08 09:48:45.485root 11241100x8000000000000000280307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29c6e44a66deb562023-02-08 09:48:45.485root 11241100x8000000000000000280323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53d87231409cc2c2023-02-08 09:48:45.486root 11241100x8000000000000000280322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2545032ea1ff9cbb2023-02-08 09:48:45.486root 11241100x8000000000000000280321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c32f41dc357c2462023-02-08 09:48:45.486root 11241100x8000000000000000280320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed3d1a2ecd62c732023-02-08 09:48:45.486root 11241100x8000000000000000280328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d736cbd6c62b0f2023-02-08 09:48:45.984root 11241100x8000000000000000280327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13ff4bbc2d61912023-02-08 09:48:45.984root 11241100x8000000000000000280326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64642934a108bd0d2023-02-08 09:48:45.984root 11241100x8000000000000000280325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47381b5ede792eb2023-02-08 09:48:45.984root 11241100x8000000000000000280324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21dffd24cca97e22023-02-08 09:48:45.984root 11241100x8000000000000000280342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e677650d4e87ae842023-02-08 09:48:45.985root 11241100x8000000000000000280341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feffe6fa6d49ad442023-02-08 09:48:45.985root 11241100x8000000000000000280340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c275ba7674e0b2262023-02-08 09:48:45.985root 11241100x8000000000000000280339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ba7a26012abb5a2023-02-08 09:48:45.985root 11241100x8000000000000000280338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160cc13ea40d4d492023-02-08 09:48:45.985root 11241100x8000000000000000280337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7f8be98aaf93c2023-02-08 09:48:45.985root 11241100x8000000000000000280336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33555f4bca92429e2023-02-08 09:48:45.985root 11241100x8000000000000000280335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd891bb0a62af7a2023-02-08 09:48:45.985root 11241100x8000000000000000280334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb6a89abf1e39532023-02-08 09:48:45.985root 11241100x8000000000000000280333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2186e9609cbbce9e2023-02-08 09:48:45.985root 11241100x8000000000000000280332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604db62166e070422023-02-08 09:48:45.985root 11241100x8000000000000000280331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785618bb6b53444d2023-02-08 09:48:45.985root 11241100x8000000000000000280330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e642ba0904fc7f972023-02-08 09:48:45.985root 11241100x8000000000000000280329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3698d5b0863d63f2023-02-08 09:48:45.985root 11241100x8000000000000000280349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be798d8cba509b3a2023-02-08 09:48:46.484root 11241100x8000000000000000280348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5012161e1adf2df2023-02-08 09:48:46.484root 11241100x8000000000000000280347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff3e1236b3712982023-02-08 09:48:46.484root 11241100x8000000000000000280346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a994a7065d198b2023-02-08 09:48:46.484root 11241100x8000000000000000280345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a01174a8056bf2023-02-08 09:48:46.484root 11241100x8000000000000000280344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdf945787f733122023-02-08 09:48:46.484root 11241100x8000000000000000280343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d585c8aeabc822023-02-08 09:48:46.484root 11241100x8000000000000000280361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45a403796adf69f2023-02-08 09:48:46.485root 11241100x8000000000000000280360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70b2e35c4bc22672023-02-08 09:48:46.485root 11241100x8000000000000000280359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6313aef47252dd292023-02-08 09:48:46.485root 11241100x8000000000000000280358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64739604a211711c2023-02-08 09:48:46.485root 11241100x8000000000000000280357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111c860d2850fe042023-02-08 09:48:46.485root 11241100x8000000000000000280356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e612d64720dbcc302023-02-08 09:48:46.485root 11241100x8000000000000000280355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30320f51b875c45c2023-02-08 09:48:46.485root 11241100x8000000000000000280354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd839b5c6671e202023-02-08 09:48:46.485root 11241100x8000000000000000280353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edbe5ebb4d9e9cd2023-02-08 09:48:46.485root 11241100x8000000000000000280352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40a158cf15a02212023-02-08 09:48:46.485root 11241100x8000000000000000280351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8043e43af1bf80b72023-02-08 09:48:46.485root 11241100x8000000000000000280350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ea6d1648115a082023-02-08 09:48:46.485root 11241100x8000000000000000280363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2b723c7e30e3552023-02-08 09:48:46.984root 11241100x8000000000000000280362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e2d83b4203e49d2023-02-08 09:48:46.984root 11241100x8000000000000000280373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ab92bda0c57d122023-02-08 09:48:46.985root 11241100x8000000000000000280372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e4ad387f9423a2023-02-08 09:48:46.985root 11241100x8000000000000000280371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d9157191d297412023-02-08 09:48:46.985root 11241100x8000000000000000280370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b04b88b6fad0932023-02-08 09:48:46.985root 11241100x8000000000000000280369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3a6263096cb4b82023-02-08 09:48:46.985root 11241100x8000000000000000280368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fe7dce49d6efab2023-02-08 09:48:46.985root 11241100x8000000000000000280367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea97c453331cd5502023-02-08 09:48:46.985root 11241100x8000000000000000280366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74617afe5daddaac2023-02-08 09:48:46.985root 11241100x8000000000000000280365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8bfb1a0fc7c1ed2023-02-08 09:48:46.985root 11241100x8000000000000000280364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62594f9b8707cbb32023-02-08 09:48:46.985root 11241100x8000000000000000280380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9f8913614db73e2023-02-08 09:48:46.986root 11241100x8000000000000000280379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2cc099c2da5a332023-02-08 09:48:46.986root 11241100x8000000000000000280378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7babe4bfbed4ea2023-02-08 09:48:46.986root 11241100x8000000000000000280377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6883d4b34f41c12023-02-08 09:48:46.986root 11241100x8000000000000000280376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df614dfec2d58882023-02-08 09:48:46.986root 11241100x8000000000000000280375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee9a909c52d277d2023-02-08 09:48:46.986root 11241100x8000000000000000280374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d556a540df6944f2023-02-08 09:48:46.986root 11241100x8000000000000000280381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597aaf03930b69192023-02-08 09:48:47.484root 11241100x8000000000000000280396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be250e20492301d2023-02-08 09:48:47.485root 11241100x8000000000000000280395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb06dda6c394be92023-02-08 09:48:47.485root 11241100x8000000000000000280394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519ce5ab2d69d3742023-02-08 09:48:47.485root 11241100x8000000000000000280393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916520bdf8ece9ba2023-02-08 09:48:47.485root 11241100x8000000000000000280392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd12bfdede784692023-02-08 09:48:47.485root 11241100x8000000000000000280391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd298a588216dfa52023-02-08 09:48:47.485root 11241100x8000000000000000280390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c2721c6e1425a82023-02-08 09:48:47.485root 11241100x8000000000000000280389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8c982e853787532023-02-08 09:48:47.485root 11241100x8000000000000000280388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7718d9ef77ee6e2023-02-08 09:48:47.485root 11241100x8000000000000000280387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6113279e3327fe52023-02-08 09:48:47.485root 11241100x8000000000000000280386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d71b5fed116ec4a2023-02-08 09:48:47.485root 11241100x8000000000000000280385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491394ce17f37e652023-02-08 09:48:47.485root 11241100x8000000000000000280384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92c2ff3b9dda7282023-02-08 09:48:47.485root 11241100x8000000000000000280383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe123a9700689d092023-02-08 09:48:47.485root 11241100x8000000000000000280382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03411ecb8bb9b9852023-02-08 09:48:47.485root 11241100x8000000000000000280399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c75496033a323c2023-02-08 09:48:47.486root 11241100x8000000000000000280398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897296c7ede0d9d92023-02-08 09:48:47.486root 11241100x8000000000000000280397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e33704a9b299942023-02-08 09:48:47.486root 11241100x8000000000000000280401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae426ba2181c89b22023-02-08 09:48:47.984root 11241100x8000000000000000280400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c71ef4be2a9a922023-02-08 09:48:47.984root 11241100x8000000000000000280415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af0cdf4a81d301a2023-02-08 09:48:47.985root 11241100x8000000000000000280414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba70befb8d995b2023-02-08 09:48:47.985root 11241100x8000000000000000280413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156a264dd66b8c012023-02-08 09:48:47.985root 11241100x8000000000000000280412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ff05ed53385762023-02-08 09:48:47.985root 11241100x8000000000000000280411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1731eabe9923e7de2023-02-08 09:48:47.985root 11241100x8000000000000000280410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3455f86ebc1a532023-02-08 09:48:47.985root 11241100x8000000000000000280409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd69f18613f7bb52023-02-08 09:48:47.985root 11241100x8000000000000000280408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79e42ca7ad94b1d2023-02-08 09:48:47.985root 11241100x8000000000000000280407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78c7d74ec5febdd2023-02-08 09:48:47.985root 11241100x8000000000000000280406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bfa08fb235218b2023-02-08 09:48:47.985root 11241100x8000000000000000280405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609f350f7423a2b52023-02-08 09:48:47.985root 11241100x8000000000000000280404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e546651c4f982df02023-02-08 09:48:47.985root 11241100x8000000000000000280403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf697e4d4a22ec732023-02-08 09:48:47.985root 11241100x8000000000000000280402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02936dea580b98462023-02-08 09:48:47.985root 11241100x8000000000000000280418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260e722031ad5d132023-02-08 09:48:47.986root 11241100x8000000000000000280417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e716599c5378c5e32023-02-08 09:48:47.986root 11241100x8000000000000000280416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e112cb5ef4d41cc22023-02-08 09:48:47.986root 11241100x8000000000000000280419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d99f00e400e7db82023-02-08 09:48:48.484root 11241100x8000000000000000280430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300aed9299aeb96d2023-02-08 09:48:48.485root 11241100x8000000000000000280429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ebe8bf6a2cd8cc2023-02-08 09:48:48.485root 11241100x8000000000000000280428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8df4275081029ce2023-02-08 09:48:48.485root 11241100x8000000000000000280427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c564169d01edee642023-02-08 09:48:48.485root 11241100x8000000000000000280426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11d8267d1b8de552023-02-08 09:48:48.485root 11241100x8000000000000000280425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae7c5675a5a3c312023-02-08 09:48:48.485root 11241100x8000000000000000280424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1454d4ad8d4eb2792023-02-08 09:48:48.485root 11241100x8000000000000000280423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a78ed657e862882023-02-08 09:48:48.485root 11241100x8000000000000000280422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4075f880cfa9452023-02-08 09:48:48.485root 11241100x8000000000000000280421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b131face9e78aa92023-02-08 09:48:48.485root 11241100x8000000000000000280420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8853c3bb0668692023-02-08 09:48:48.485root 11241100x8000000000000000280436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc8955da182e6f2023-02-08 09:48:48.486root 11241100x8000000000000000280435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a3ec837d3e66d2023-02-08 09:48:48.486root 11241100x8000000000000000280434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c409d05cb11b8c2023-02-08 09:48:48.486root 11241100x8000000000000000280433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba9a6dea34052ff2023-02-08 09:48:48.486root 11241100x8000000000000000280432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de47f5b04c44a55c2023-02-08 09:48:48.486root 11241100x8000000000000000280431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8723ab825d93e792023-02-08 09:48:48.486root 11241100x8000000000000000280437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0b790b95d83c272023-02-08 09:48:48.487root 11241100x8000000000000000280439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933cc03b028b8fa32023-02-08 09:48:48.984root 11241100x8000000000000000280438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fcfbe52470cffd2023-02-08 09:48:48.984root 11241100x8000000000000000280451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ba78dfb14617932023-02-08 09:48:48.985root 11241100x8000000000000000280450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfac06ca353d7d2023-02-08 09:48:48.985root 11241100x8000000000000000280449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17c07c27896ff12023-02-08 09:48:48.985root 11241100x8000000000000000280448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4752ff8e06f68d192023-02-08 09:48:48.985root 11241100x8000000000000000280447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bde7e09fa7bd7d2023-02-08 09:48:48.985root 11241100x8000000000000000280446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1d6b1bec5bd05a2023-02-08 09:48:48.985root 11241100x8000000000000000280445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e97f72e1842d2d2023-02-08 09:48:48.985root 11241100x8000000000000000280444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1610e7c22291b7462023-02-08 09:48:48.985root 11241100x8000000000000000280443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd92f8a7e1fae34c2023-02-08 09:48:48.985root 11241100x8000000000000000280442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9823c8bdc732daf2023-02-08 09:48:48.985root 11241100x8000000000000000280441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ba840b55397c12023-02-08 09:48:48.985root 11241100x8000000000000000280440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea71e3f24ba4aa42023-02-08 09:48:48.985root 11241100x8000000000000000280456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8dcfb7acc192c2023-02-08 09:48:48.986root 11241100x8000000000000000280455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4b53c928f25a582023-02-08 09:48:48.986root 11241100x8000000000000000280454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4b9c74f7bbb242023-02-08 09:48:48.986root 11241100x8000000000000000280453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa1ae25493e09f02023-02-08 09:48:48.986root 11241100x8000000000000000280452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c9db3e47ebad502023-02-08 09:48:48.986root 354300x8000000000000000280457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.174{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35456-false10.0.1.12-8000- 11241100x8000000000000000280462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1d59df6838af102023-02-08 09:48:49.484root 11241100x8000000000000000280461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f6f3101bcf47a2023-02-08 09:48:49.484root 11241100x8000000000000000280460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab70117dc634a9822023-02-08 09:48:49.484root 11241100x8000000000000000280459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff02887f2b760542023-02-08 09:48:49.484root 11241100x8000000000000000280458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4864fea2288e0e2023-02-08 09:48:49.484root 11241100x8000000000000000280471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcdcd2f4fd608192023-02-08 09:48:49.485root 11241100x8000000000000000280470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c22dabec8f909ad2023-02-08 09:48:49.485root 11241100x8000000000000000280469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d98f9ff44fee02023-02-08 09:48:49.485root 11241100x8000000000000000280468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e68ae5d0d6d22b2023-02-08 09:48:49.485root 11241100x8000000000000000280467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df26b6384bc04e512023-02-08 09:48:49.485root 11241100x8000000000000000280466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c966192475b780b2023-02-08 09:48:49.485root 11241100x8000000000000000280465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de834459cef0a3f2023-02-08 09:48:49.485root 11241100x8000000000000000280464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d981268b70b7607a2023-02-08 09:48:49.485root 11241100x8000000000000000280463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031e663aa2b9632b2023-02-08 09:48:49.485root 11241100x8000000000000000280477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d641a69da62c90c52023-02-08 09:48:49.486root 11241100x8000000000000000280476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bef9ef0d3d90952023-02-08 09:48:49.486root 11241100x8000000000000000280475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a75e19c0c110b6d2023-02-08 09:48:49.486root 11241100x8000000000000000280474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa67ee9237ece242023-02-08 09:48:49.486root 11241100x8000000000000000280473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3ea297c59357b82023-02-08 09:48:49.486root 11241100x8000000000000000280472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef054ffc65958c22023-02-08 09:48:49.486root 11241100x8000000000000000280479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955e87ccbd8e7dd72023-02-08 09:48:49.984root 11241100x8000000000000000280478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3f9edfec40851e2023-02-08 09:48:49.984root 11241100x8000000000000000280483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d6e0ef5998a06f2023-02-08 09:48:49.985root 11241100x8000000000000000280482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ec642c674f282c2023-02-08 09:48:49.985root 11241100x8000000000000000280481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f362f0c8cebb5ad2023-02-08 09:48:49.985root 11241100x8000000000000000280480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a87a83c7b9aaba2023-02-08 09:48:49.985root 11241100x8000000000000000280490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b588a5a18effcff2023-02-08 09:48:49.986root 11241100x8000000000000000280489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d34890439cb82042023-02-08 09:48:49.986root 11241100x8000000000000000280488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a1a69247e10732023-02-08 09:48:49.986root 11241100x8000000000000000280487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6887ff337b9e03372023-02-08 09:48:49.986root 11241100x8000000000000000280486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23789facf62ba542023-02-08 09:48:49.986root 11241100x8000000000000000280485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b590bb317abff57b2023-02-08 09:48:49.986root 11241100x8000000000000000280484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321b7cd3938bd78c2023-02-08 09:48:49.986root 11241100x8000000000000000280497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e13971c0b61fe232023-02-08 09:48:49.987root 11241100x8000000000000000280496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2fe4265e4cfd5e2023-02-08 09:48:49.987root 11241100x8000000000000000280495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec040dcb96e8a9ff2023-02-08 09:48:49.987root 11241100x8000000000000000280494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e05dd5cb256e6e12023-02-08 09:48:49.987root 11241100x8000000000000000280493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36100fd2527f6c52023-02-08 09:48:49.987root 11241100x8000000000000000280492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9115300f417a18a2023-02-08 09:48:49.987root 11241100x8000000000000000280491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939b0fe0e73e6ac92023-02-08 09:48:49.987root 11241100x8000000000000000280498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fda641c75a92d12023-02-08 09:48:50.484root 11241100x8000000000000000280506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1321834a30598c22023-02-08 09:48:50.485root 11241100x8000000000000000280505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ffd6867137e5252023-02-08 09:48:50.485root 11241100x8000000000000000280504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a67361f27c7b732023-02-08 09:48:50.485root 11241100x8000000000000000280503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0914842125c6ffdc2023-02-08 09:48:50.485root 11241100x8000000000000000280502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d63b7e03cd40e62023-02-08 09:48:50.485root 11241100x8000000000000000280501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1db755b83b928c2023-02-08 09:48:50.485root 11241100x8000000000000000280500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec5d4223bc8a31a2023-02-08 09:48:50.485root 11241100x8000000000000000280499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f0987c12682b8c2023-02-08 09:48:50.485root 11241100x8000000000000000280515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4281d462642c91852023-02-08 09:48:50.486root 11241100x8000000000000000280514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d17e7f914680de2023-02-08 09:48:50.486root 11241100x8000000000000000280513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d24d0a816a9187c2023-02-08 09:48:50.486root 11241100x8000000000000000280512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3d9c12276d208e2023-02-08 09:48:50.486root 11241100x8000000000000000280511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e556edc20159d2023-02-08 09:48:50.486root 11241100x8000000000000000280510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3670423cd9b3565f2023-02-08 09:48:50.486root 11241100x8000000000000000280509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bb4cd9179d7e562023-02-08 09:48:50.486root 11241100x8000000000000000280508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa1043e3e43826d2023-02-08 09:48:50.486root 11241100x8000000000000000280507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708981060b6b443f2023-02-08 09:48:50.486root 11241100x8000000000000000280517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c8611c4ae2ee292023-02-08 09:48:50.487root 11241100x8000000000000000280516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3ab714ff9e3b592023-02-08 09:48:50.487root 154100x8000000000000000280518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.556{ec2a0601-7002-63e3-2030-7b0000000000}5923/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- lsbk/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{00000000-0000-0000-0000-000000000000}5922--- 154100x8000000000000000280526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.632{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command lsbk/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-7002-63e3-2030-7b0000000000}5923/usr/bin/python3.6/usr/bin/python3ubuntu 154100x8000000000000000280519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.632{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command lsbk/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-7002-63e3-2030-7b0000000000}5923/usr/bin/python3.6/usr/bin/python3ubuntu 534500x8000000000000000280525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.649{ec2a0601-7002-63e3-90ef-8bf8f2550000}5924/usr/bin/snapubuntu 534500x8000000000000000280532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.672{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.673{ec2a0601-7002-63e3-ac34-04d66f550000}5924/snap/snapd/17883/usr/bin/snapubuntu 534500x8000000000000000280535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.714{ec2a0601-6f9f-63e3-0000-000000000000}5922-ubuntu 534500x8000000000000000280534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.714{ec2a0601-7002-63e3-2030-7b0000000000}5923/usr/bin/python3.6ubuntu 11241100x8000000000000000280539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20b8f3c8823542e2023-02-08 09:48:50.984root 11241100x8000000000000000280538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07eccc76427be9c2023-02-08 09:48:50.984root 11241100x8000000000000000280537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca41a87d45bcf3d52023-02-08 09:48:50.984root 11241100x8000000000000000280536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27452a3dc761e402023-02-08 09:48:50.984root 11241100x8000000000000000280548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f56b3d14d60cd92023-02-08 09:48:50.985root 11241100x8000000000000000280547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59bc1aa1a2574d2023-02-08 09:48:50.985root 11241100x8000000000000000280546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b3738504dc3e4d2023-02-08 09:48:50.985root 11241100x8000000000000000280545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5b8adc0809a1e22023-02-08 09:48:50.985root 11241100x8000000000000000280544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42876aafdde9e082023-02-08 09:48:50.985root 11241100x8000000000000000280543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183181db3b48d74a2023-02-08 09:48:50.985root 11241100x8000000000000000280542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5260aee43ca20d12023-02-08 09:48:50.985root 11241100x8000000000000000280541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85edaaf5adf61122023-02-08 09:48:50.985root 11241100x8000000000000000280540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2f869302c160c52023-02-08 09:48:50.985root 11241100x8000000000000000280563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dca478d779d60a72023-02-08 09:48:50.986root 11241100x8000000000000000280562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332e71afd49346a82023-02-08 09:48:50.986root 11241100x8000000000000000280561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ffec39fb057da2023-02-08 09:48:50.986root 11241100x8000000000000000280560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fec566452095d2023-02-08 09:48:50.986root 11241100x8000000000000000280559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1343a42d008df72023-02-08 09:48:50.986root 11241100x8000000000000000280558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc1bb945d3ff81d2023-02-08 09:48:50.986root 11241100x8000000000000000280557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5bf9aef18ba3ee2023-02-08 09:48:50.986root 11241100x8000000000000000280556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bacfdd86328c182023-02-08 09:48:50.986root 11241100x8000000000000000280555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63715d0b3d909ed02023-02-08 09:48:50.986root 11241100x8000000000000000280554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a78d1b863eb5b2023-02-08 09:48:50.986root 11241100x8000000000000000280553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f7f4345e5a6d92023-02-08 09:48:50.986root 11241100x8000000000000000280552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4635c34ea11f4c72023-02-08 09:48:50.986root 11241100x8000000000000000280551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f43ca273b09a8c2023-02-08 09:48:50.986root 11241100x8000000000000000280550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8388581be323812023-02-08 09:48:50.986root 11241100x8000000000000000280549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d9ca3d010353a42023-02-08 09:48:50.986root 11241100x8000000000000000280578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa0db47ed9826552023-02-08 09:48:50.987root 11241100x8000000000000000280577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d932ffb3fc777bf2023-02-08 09:48:50.987root 11241100x8000000000000000280576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb4e87c99658b872023-02-08 09:48:50.987root 11241100x8000000000000000280575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e7cb74aa01a4052023-02-08 09:48:50.987root 11241100x8000000000000000280574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebb5cd3c71f4e512023-02-08 09:48:50.987root 11241100x8000000000000000280573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914cc4763bd185f02023-02-08 09:48:50.987root 11241100x8000000000000000280572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1588864d5937f22023-02-08 09:48:50.987root 11241100x8000000000000000280571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aac29cf50a71892023-02-08 09:48:50.987root 11241100x8000000000000000280570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9d3023001241ff2023-02-08 09:48:50.987root 11241100x8000000000000000280569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edbca527528a78d2023-02-08 09:48:50.987root 11241100x8000000000000000280568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d4329c48e5fde72023-02-08 09:48:50.987root 11241100x8000000000000000280567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b30ac4210570e2023-02-08 09:48:50.987root 11241100x8000000000000000280566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7e1240c45cda872023-02-08 09:48:50.987root 11241100x8000000000000000280565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e238cd7997ea12023-02-08 09:48:50.987root 11241100x8000000000000000280564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8eadc0a683429e2023-02-08 09:48:50.987root 11241100x8000000000000000280581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b00d9df9c0154fa2023-02-08 09:48:50.988root 11241100x8000000000000000280580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90f44fc54f143a12023-02-08 09:48:50.988root 11241100x8000000000000000280579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c307372f968702023-02-08 09:48:50.988root 11241100x8000000000000000280583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b610f32bf3e57c2023-02-08 09:48:51.484root 11241100x8000000000000000280582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa70a69d86e885f52023-02-08 09:48:51.484root 11241100x8000000000000000280596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b553592cf5ade62023-02-08 09:48:51.485root 11241100x8000000000000000280595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138e6911cd31ce12023-02-08 09:48:51.485root 11241100x8000000000000000280594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38d1bf64f331fea2023-02-08 09:48:51.485root 11241100x8000000000000000280593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d182b66075e05da32023-02-08 09:48:51.485root 11241100x8000000000000000280592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e53e616d17014f2023-02-08 09:48:51.485root 11241100x8000000000000000280591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789f508045cdf1f02023-02-08 09:48:51.485root 11241100x8000000000000000280590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8d69082eda10962023-02-08 09:48:51.485root 11241100x8000000000000000280589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe871a8708cad48a2023-02-08 09:48:51.485root 11241100x8000000000000000280588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6548c5d2016fd252023-02-08 09:48:51.485root 11241100x8000000000000000280587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accaaa5ad839ac2c2023-02-08 09:48:51.485root 11241100x8000000000000000280586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f240e9582105f6432023-02-08 09:48:51.485root 11241100x8000000000000000280585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd25e8f6586f27112023-02-08 09:48:51.485root 11241100x8000000000000000280584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eb4ede8f9280fa2023-02-08 09:48:51.485root 11241100x8000000000000000280606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d7900b02e58e42023-02-08 09:48:51.486root 11241100x8000000000000000280605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414aaec69ed96f1e2023-02-08 09:48:51.486root 11241100x8000000000000000280604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77b79d92c89a5b52023-02-08 09:48:51.486root 11241100x8000000000000000280603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af64dbe6d614f72a2023-02-08 09:48:51.486root 11241100x8000000000000000280602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c181d68835a61d552023-02-08 09:48:51.486root 11241100x8000000000000000280601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5b20ac91488a3b2023-02-08 09:48:51.486root 11241100x8000000000000000280600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d188c603e0255f082023-02-08 09:48:51.486root 11241100x8000000000000000280599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34a61f476c5bd272023-02-08 09:48:51.486root 11241100x8000000000000000280598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a8874039401bfa2023-02-08 09:48:51.486root 11241100x8000000000000000280597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afba7fa84d8ddd352023-02-08 09:48:51.486root 11241100x8000000000000000280616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7fa76e48a883c2023-02-08 09:48:51.487root 11241100x8000000000000000280615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a164544ddd27692023-02-08 09:48:51.487root 11241100x8000000000000000280614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033bf94949199a092023-02-08 09:48:51.487root 11241100x8000000000000000280613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79a5ca7eede54e2023-02-08 09:48:51.487root 11241100x8000000000000000280612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f51a17b07b181f2023-02-08 09:48:51.487root 11241100x8000000000000000280611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0ec1693d6134722023-02-08 09:48:51.487root 11241100x8000000000000000280610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff55b2d1d3d0ffa2023-02-08 09:48:51.487root 11241100x8000000000000000280609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae1f34657b9f112023-02-08 09:48:51.487root 11241100x8000000000000000280608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfb434f8cf4b44b2023-02-08 09:48:51.487root 11241100x8000000000000000280607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd74c3d1cbc75edf2023-02-08 09:48:51.487root 11241100x8000000000000000280621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af48864c6540f42023-02-08 09:48:51.488root 11241100x8000000000000000280620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb0c14b03289a572023-02-08 09:48:51.488root 11241100x8000000000000000280619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63dabda63f1dfb2023-02-08 09:48:51.488root 11241100x8000000000000000280618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227435990446be92023-02-08 09:48:51.488root 11241100x8000000000000000280617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05e28c9e658f0372023-02-08 09:48:51.488root 11241100x8000000000000000280626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137d4089d13dc3f2023-02-08 09:48:51.984root 11241100x8000000000000000280625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69406891623ff162023-02-08 09:48:51.984root 11241100x8000000000000000280624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ee8da7b81c6e802023-02-08 09:48:51.984root 11241100x8000000000000000280623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019e64a36b2c7ef92023-02-08 09:48:51.984root 11241100x8000000000000000280622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b81106aaa66eb202023-02-08 09:48:51.984root 11241100x8000000000000000280637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9c44555e8f81862023-02-08 09:48:51.985root 11241100x8000000000000000280636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cc28778eb7a3312023-02-08 09:48:51.985root 11241100x8000000000000000280635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa40d364639d8a922023-02-08 09:48:51.985root 11241100x8000000000000000280634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a92089e80901342023-02-08 09:48:51.985root 11241100x8000000000000000280633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403db86051e603c12023-02-08 09:48:51.985root 11241100x8000000000000000280632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae14de396cb7ad2023-02-08 09:48:51.985root 11241100x8000000000000000280631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f29a0dca04f602023-02-08 09:48:51.985root 11241100x8000000000000000280630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd2e6c422b674d2023-02-08 09:48:51.985root 11241100x8000000000000000280629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055994c32afcfc1d2023-02-08 09:48:51.985root 11241100x8000000000000000280628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a575f470e13bd22023-02-08 09:48:51.985root 11241100x8000000000000000280627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d4e1a64b4e6592023-02-08 09:48:51.985root 11241100x8000000000000000280649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b9fa772bb77d3d2023-02-08 09:48:51.986root 11241100x8000000000000000280648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a150193eda20a02023-02-08 09:48:51.986root 11241100x8000000000000000280647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e063007901941d2023-02-08 09:48:51.986root 11241100x8000000000000000280646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8697953f59e92eff2023-02-08 09:48:51.986root 11241100x8000000000000000280645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1b6b3ac41c51402023-02-08 09:48:51.986root 11241100x8000000000000000280644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777212176aaee662023-02-08 09:48:51.986root 11241100x8000000000000000280643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0c36eccefefb2a2023-02-08 09:48:51.986root 11241100x8000000000000000280642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0374deb12d9e19d42023-02-08 09:48:51.986root 11241100x8000000000000000280641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c414af78c78274c92023-02-08 09:48:51.986root 11241100x8000000000000000280640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382c0cd82f26d5632023-02-08 09:48:51.986root 11241100x8000000000000000280639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35113121700fcf642023-02-08 09:48:51.986root 11241100x8000000000000000280638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3466095d6a5a4a2023-02-08 09:48:51.986root 11241100x8000000000000000280660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0324d0a3bae102023-02-08 09:48:51.987root 11241100x8000000000000000280659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055cbdd88c9b2932023-02-08 09:48:51.987root 11241100x8000000000000000280658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4c7800a5ab6a732023-02-08 09:48:51.987root 11241100x8000000000000000280657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011765f34329b2d02023-02-08 09:48:51.987root 11241100x8000000000000000280656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13d5d485b376b1e2023-02-08 09:48:51.987root 11241100x8000000000000000280655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8847bf8300fcc21b2023-02-08 09:48:51.987root 11241100x8000000000000000280654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7e31d47bed3fec2023-02-08 09:48:51.987root 11241100x8000000000000000280653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fac6d5e7974fb8e2023-02-08 09:48:51.987root 11241100x8000000000000000280652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d05b52c230a036d2023-02-08 09:48:51.987root 11241100x8000000000000000280651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845377f8d0c8be632023-02-08 09:48:51.987root 11241100x8000000000000000280650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c441ce482ee5092023-02-08 09:48:51.987root 11241100x8000000000000000280672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbffdb51e1dfb83c2023-02-08 09:48:51.988root 11241100x8000000000000000280671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3a07edc8f5112c2023-02-08 09:48:51.988root 11241100x8000000000000000280670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2c931422ac796c2023-02-08 09:48:51.988root 11241100x8000000000000000280669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3244af1f9d94bbce2023-02-08 09:48:51.988root 11241100x8000000000000000280668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31850de809a6d3752023-02-08 09:48:51.988root 11241100x8000000000000000280667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38877b3043ef4f682023-02-08 09:48:51.988root 11241100x8000000000000000280666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dc1c0077fba0992023-02-08 09:48:51.988root 11241100x8000000000000000280665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd48f9a696b2b752023-02-08 09:48:51.988root 11241100x8000000000000000280664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ba4f52065876dd2023-02-08 09:48:51.988root 11241100x8000000000000000280663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf24aea5f72aac2023-02-08 09:48:51.988root 11241100x8000000000000000280662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da3e2ffd424223d2023-02-08 09:48:51.988root 11241100x8000000000000000280661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3403add641b15cda2023-02-08 09:48:51.988root 11241100x8000000000000000280675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4a9e861bab8f3e2023-02-08 09:48:51.989root 11241100x8000000000000000280674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e15f3007a995a72023-02-08 09:48:51.989root 11241100x8000000000000000280673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a22cbda98036d3f2023-02-08 09:48:51.989root 11241100x8000000000000000280676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b32ee7d03f7bcd12023-02-08 09:48:52.484root 11241100x8000000000000000280680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6ee9c9e11079dc2023-02-08 09:48:52.485root 11241100x8000000000000000280679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c02133d257bd5b2023-02-08 09:48:52.485root 11241100x8000000000000000280678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64537248c4b30cdd2023-02-08 09:48:52.485root 11241100x8000000000000000280677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0a198d4df9fd232023-02-08 09:48:52.485root 11241100x8000000000000000280689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6a6e0be2c1ee9f2023-02-08 09:48:52.486root 11241100x8000000000000000280688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08ff548e893cf4c2023-02-08 09:48:52.486root 11241100x8000000000000000280687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df43aba24d83feb42023-02-08 09:48:52.486root 11241100x8000000000000000280686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a051a8e1a8d05122023-02-08 09:48:52.486root 11241100x8000000000000000280685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c7c2ffd57af7812023-02-08 09:48:52.486root 11241100x8000000000000000280684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d294243252a8a7352023-02-08 09:48:52.486root 11241100x8000000000000000280683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e04ec2bb570fc9f2023-02-08 09:48:52.486root 11241100x8000000000000000280682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c3d81d95899c122023-02-08 09:48:52.486root 11241100x8000000000000000280681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc2773a39387792023-02-08 09:48:52.486root 11241100x8000000000000000280698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231751756320ea672023-02-08 09:48:52.487root 11241100x8000000000000000280697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a00fb8f3c29b532023-02-08 09:48:52.487root 11241100x8000000000000000280696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86296594b539ddc2023-02-08 09:48:52.487root 11241100x8000000000000000280695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4658e920703d08652023-02-08 09:48:52.487root 11241100x8000000000000000280694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec0aa8efc6241a62023-02-08 09:48:52.487root 11241100x8000000000000000280693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3de8ec56635b7e32023-02-08 09:48:52.487root 11241100x8000000000000000280692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5a45e28ce854832023-02-08 09:48:52.487root 11241100x8000000000000000280691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e37a04556146c02023-02-08 09:48:52.487root 11241100x8000000000000000280690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4a8fa048f1dcf2023-02-08 09:48:52.487root 11241100x8000000000000000280708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b54759bfeff8622023-02-08 09:48:52.488root 11241100x8000000000000000280707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba73afdc697744692023-02-08 09:48:52.488root 11241100x8000000000000000280706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98ea7883db2e602023-02-08 09:48:52.488root 11241100x8000000000000000280705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b0d14a61c468062023-02-08 09:48:52.488root 11241100x8000000000000000280704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbe7d598172c342023-02-08 09:48:52.488root 11241100x8000000000000000280703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0818d5d50531c3b2023-02-08 09:48:52.488root 11241100x8000000000000000280702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107c2e521f999cd2023-02-08 09:48:52.488root 11241100x8000000000000000280701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a280a0b9b2b50d2023-02-08 09:48:52.488root 11241100x8000000000000000280700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108d49a76090e8b82023-02-08 09:48:52.488root 11241100x8000000000000000280699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85953332704c5682023-02-08 09:48:52.488root 11241100x8000000000000000280715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee6b0cc448653ac2023-02-08 09:48:52.489root 11241100x8000000000000000280714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa27749be69aecad2023-02-08 09:48:52.489root 11241100x8000000000000000280713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b58f9cf3d2a572023-02-08 09:48:52.489root 11241100x8000000000000000280712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e66be1a0ab57852023-02-08 09:48:52.489root 11241100x8000000000000000280711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846e2bb52aabdc022023-02-08 09:48:52.489root 11241100x8000000000000000280710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af18c92da22cc2b2023-02-08 09:48:52.489root 11241100x8000000000000000280709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f3eb50c377a4062023-02-08 09:48:52.489root 11241100x8000000000000000280718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8cf49f7a39fede2023-02-08 09:48:52.984root 11241100x8000000000000000280717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91a8c2bdce1efac2023-02-08 09:48:52.984root 11241100x8000000000000000280716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585ba0e3bc532822023-02-08 09:48:52.984root 11241100x8000000000000000280722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faffc5cad3e75132023-02-08 09:48:52.985root 11241100x8000000000000000280721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85723a92567dad672023-02-08 09:48:52.985root 11241100x8000000000000000280720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a496abe68ef87fb32023-02-08 09:48:52.985root 11241100x8000000000000000280719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2932afdbdc4e002023-02-08 09:48:52.985root 11241100x8000000000000000280726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83486be5ccb97a372023-02-08 09:48:52.986root 11241100x8000000000000000280725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f937888cb77be22e2023-02-08 09:48:52.986root 11241100x8000000000000000280724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8506425abe570d92023-02-08 09:48:52.986root 11241100x8000000000000000280723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeab4058f1e96ef52023-02-08 09:48:52.986root 11241100x8000000000000000280728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4bb04043f8f2412023-02-08 09:48:52.987root 11241100x8000000000000000280727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a3c3fe19bb1ee2023-02-08 09:48:52.987root 11241100x8000000000000000280730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69094a2f3a9b59992023-02-08 09:48:52.988root 11241100x8000000000000000280729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bbebbd0195bdbd2023-02-08 09:48:52.988root 11241100x8000000000000000280733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eb76f43a1ac9e62023-02-08 09:48:52.989root 11241100x8000000000000000280732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970a3be7b2af84f72023-02-08 09:48:52.989root 11241100x8000000000000000280731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7991afc57090f3d2023-02-08 09:48:52.989root 11241100x8000000000000000280741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bb239022ac5c4e2023-02-08 09:48:52.990root 11241100x8000000000000000280740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a1b1339894aa22023-02-08 09:48:52.990root 11241100x8000000000000000280739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cc404966729cde2023-02-08 09:48:52.990root 11241100x8000000000000000280738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd360793f1728ec02023-02-08 09:48:52.990root 11241100x8000000000000000280737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6929def4576252023-02-08 09:48:52.990root 11241100x8000000000000000280736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c5940f6e98f6532023-02-08 09:48:52.990root 11241100x8000000000000000280735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e829523ff7e4dc332023-02-08 09:48:52.990root 11241100x8000000000000000280734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395ab4ab920c6fb02023-02-08 09:48:52.990root 11241100x8000000000000000280750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea328d3347fd93b2023-02-08 09:48:52.991root 11241100x8000000000000000280749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9628cf4a71736232023-02-08 09:48:52.991root 11241100x8000000000000000280748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f619f5e34ab150fb2023-02-08 09:48:52.991root 11241100x8000000000000000280747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5357a60c9e6105532023-02-08 09:48:52.991root 11241100x8000000000000000280746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda5be40137d60682023-02-08 09:48:52.991root 11241100x8000000000000000280745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8507b16231c18dd02023-02-08 09:48:52.991root 11241100x8000000000000000280744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a9d11980c0cd4c2023-02-08 09:48:52.991root 11241100x8000000000000000280743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e6b4e16bac91ec2023-02-08 09:48:52.991root 11241100x8000000000000000280742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472c9140a1321d852023-02-08 09:48:52.991root 11241100x8000000000000000280758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414c22a213ac1b2b2023-02-08 09:48:52.992root 11241100x8000000000000000280757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cb71ff7a0727f92023-02-08 09:48:52.992root 11241100x8000000000000000280756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52614dd850c00cd2023-02-08 09:48:52.992root 11241100x8000000000000000280755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d007abd1aeaaf9b2023-02-08 09:48:52.992root 11241100x8000000000000000280754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1e6b670b05094c2023-02-08 09:48:52.992root 11241100x8000000000000000280753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29beec6285830b9a2023-02-08 09:48:52.992root 11241100x8000000000000000280752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b098d05b4d2f097e2023-02-08 09:48:52.992root 11241100x8000000000000000280751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:52.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb29ecc42b9af42023-02-08 09:48:52.992root 11241100x8000000000000000280761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed0281a985f964a2023-02-08 09:48:53.485root 11241100x8000000000000000280760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796b9df27007bddd2023-02-08 09:48:53.485root 11241100x8000000000000000280759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffa68aae2d1ab662023-02-08 09:48:53.485root 11241100x8000000000000000280766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fba3a99b491eb382023-02-08 09:48:53.486root 11241100x8000000000000000280765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74400eb8335e6212023-02-08 09:48:53.486root 11241100x8000000000000000280764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b2f2f377d976992023-02-08 09:48:53.486root 11241100x8000000000000000280763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af2084981db52512023-02-08 09:48:53.486root 11241100x8000000000000000280762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427c742d431cc472023-02-08 09:48:53.486root 11241100x8000000000000000280770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7ab8f7d97e8472023-02-08 09:48:53.487root 11241100x8000000000000000280769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f2c4bc0df5e9a92023-02-08 09:48:53.487root 11241100x8000000000000000280768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8de56ad72f080622023-02-08 09:48:53.487root 11241100x8000000000000000280767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5d5928b40d871e2023-02-08 09:48:53.487root 11241100x8000000000000000280772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5201166df8170f52023-02-08 09:48:53.488root 11241100x8000000000000000280771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050426c1c7b8fc352023-02-08 09:48:53.488root 11241100x8000000000000000280773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ae30bdf0349c322023-02-08 09:48:53.489root 11241100x8000000000000000280783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d74562a217e3d22023-02-08 09:48:53.490root 11241100x8000000000000000280782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d45190b31fb1d12023-02-08 09:48:53.490root 11241100x8000000000000000280781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2359299eda361af92023-02-08 09:48:53.490root 11241100x8000000000000000280780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a424b42fd5171242023-02-08 09:48:53.490root 11241100x8000000000000000280779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7da9db5bca25ee82023-02-08 09:48:53.490root 11241100x8000000000000000280778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cad900481ac3c62023-02-08 09:48:53.490root 11241100x8000000000000000280777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38ad9949d34a302023-02-08 09:48:53.490root 11241100x8000000000000000280776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c72bf44cd2d51602023-02-08 09:48:53.490root 11241100x8000000000000000280775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01fd71a124e29272023-02-08 09:48:53.490root 11241100x8000000000000000280774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c568bbd85753652023-02-08 09:48:53.490root 11241100x8000000000000000280795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d939658f1f6e042023-02-08 09:48:53.491root 11241100x8000000000000000280794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864fa5db25dacb3c2023-02-08 09:48:53.491root 11241100x8000000000000000280793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3095eafb7b2b22023-02-08 09:48:53.491root 11241100x8000000000000000280792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacef428b9a79c332023-02-08 09:48:53.491root 11241100x8000000000000000280791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc22500dfc75acc2023-02-08 09:48:53.491root 11241100x8000000000000000280790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aadc6c2d04c9d2d2023-02-08 09:48:53.491root 11241100x8000000000000000280789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b561de9ff85562023-02-08 09:48:53.491root 11241100x8000000000000000280788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29803d813ce789292023-02-08 09:48:53.491root 11241100x8000000000000000280787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7dbaea2ee400e42023-02-08 09:48:53.491root 11241100x8000000000000000280786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64267285a871d42c2023-02-08 09:48:53.491root 11241100x8000000000000000280785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa4cb8f5c7d3f052023-02-08 09:48:53.491root 11241100x8000000000000000280784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796cc332fa83d9d42023-02-08 09:48:53.491root 11241100x8000000000000000280798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800fbf2ed7e104572023-02-08 09:48:53.492root 11241100x8000000000000000280797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa98c6aea35f56902023-02-08 09:48:53.492root 11241100x8000000000000000280796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c852fb23b43de882023-02-08 09:48:53.492root 11241100x8000000000000000280799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06bba978fca96922023-02-08 09:48:53.984root 11241100x8000000000000000280802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7f5cab8c7053b82023-02-08 09:48:53.985root 11241100x8000000000000000280801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfae2a8159b65502023-02-08 09:48:53.985root 11241100x8000000000000000280800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab56a2936989352023-02-08 09:48:53.985root 11241100x8000000000000000280810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed08db6545dca2452023-02-08 09:48:53.986root 11241100x8000000000000000280809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4f750964ad4c752023-02-08 09:48:53.986root 11241100x8000000000000000280808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241626d06daa23202023-02-08 09:48:53.986root 11241100x8000000000000000280807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b3a8fc434a8ca02023-02-08 09:48:53.986root 11241100x8000000000000000280806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0956c3a402a30e892023-02-08 09:48:53.986root 11241100x8000000000000000280805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d96707bc58ad6092023-02-08 09:48:53.986root 11241100x8000000000000000280804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d1abe183e80172023-02-08 09:48:53.986root 11241100x8000000000000000280803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a44f19dd228bc332023-02-08 09:48:53.986root 11241100x8000000000000000280823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ff308e86f38ffd2023-02-08 09:48:53.987root 11241100x8000000000000000280822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20460c6a0d1bb6ec2023-02-08 09:48:53.987root 11241100x8000000000000000280821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a8dd2e31ea13e2023-02-08 09:48:53.987root 11241100x8000000000000000280820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ff8a44b59aa2302023-02-08 09:48:53.987root 11241100x8000000000000000280819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9eca3d6c8f0b02023-02-08 09:48:53.987root 11241100x8000000000000000280818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8a5c5c2c4e7d682023-02-08 09:48:53.987root 11241100x8000000000000000280817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812c06ba3784605e2023-02-08 09:48:53.987root 11241100x8000000000000000280816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517d78fc31e689b2023-02-08 09:48:53.987root 11241100x8000000000000000280815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01849c7652dbb6612023-02-08 09:48:53.987root 11241100x8000000000000000280814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df574df784073592023-02-08 09:48:53.987root 11241100x8000000000000000280813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c097d8c14d930d402023-02-08 09:48:53.987root 11241100x8000000000000000280812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eec230ea1c41192023-02-08 09:48:53.987root 11241100x8000000000000000280811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a7ca6770c2c77d2023-02-08 09:48:53.987root 11241100x8000000000000000280837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec2769c3694d21e2023-02-08 09:48:53.988root 11241100x8000000000000000280836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a337ab7a3d9f92023-02-08 09:48:53.988root 11241100x8000000000000000280835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54a99ff2c1bca62023-02-08 09:48:53.988root 11241100x8000000000000000280834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd28cc39e4b8ecd02023-02-08 09:48:53.988root 11241100x8000000000000000280833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544fc6e2b84f08232023-02-08 09:48:53.988root 11241100x8000000000000000280832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90620e81e898332023-02-08 09:48:53.988root 11241100x8000000000000000280831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a84852407ede1f2023-02-08 09:48:53.988root 11241100x8000000000000000280830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636029ea5804f17e2023-02-08 09:48:53.988root 11241100x8000000000000000280829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c85358b70be312023-02-08 09:48:53.988root 11241100x8000000000000000280828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b6374cbaa2d8802023-02-08 09:48:53.988root 11241100x8000000000000000280827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a2f36ff375348b2023-02-08 09:48:53.988root 11241100x8000000000000000280826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e1416b7628d0f2023-02-08 09:48:53.988root 11241100x8000000000000000280825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30305b96e7049322023-02-08 09:48:53.988root 11241100x8000000000000000280824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357ed2b4e17bd5852023-02-08 09:48:53.988root 354300x8000000000000000280838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.183{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35462-false10.0.1.12-8000- 11241100x8000000000000000280840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcbc7d2ca4282752023-02-08 09:48:54.484root 11241100x8000000000000000280839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7f9488d9bbab62023-02-08 09:48:54.484root 11241100x8000000000000000280849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a1dee6d0757c672023-02-08 09:48:54.485root 11241100x8000000000000000280848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b653db3b32e1c3b2023-02-08 09:48:54.485root 11241100x8000000000000000280847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb34ccc7bb3f59d2023-02-08 09:48:54.485root 11241100x8000000000000000280846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31902ec71aa27c72023-02-08 09:48:54.485root 11241100x8000000000000000280845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a521fe43b971a2f52023-02-08 09:48:54.485root 11241100x8000000000000000280844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9464dc6e353f1f6a2023-02-08 09:48:54.485root 11241100x8000000000000000280843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899d58ed91b8a3b82023-02-08 09:48:54.485root 11241100x8000000000000000280842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa86a0c3e3271622023-02-08 09:48:54.485root 11241100x8000000000000000280841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b62e6466d6342e2023-02-08 09:48:54.485root 11241100x8000000000000000280858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671147f0424e9b332023-02-08 09:48:54.486root 11241100x8000000000000000280857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc330696538d0c6f2023-02-08 09:48:54.486root 11241100x8000000000000000280856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067612a30e53c8a42023-02-08 09:48:54.486root 11241100x8000000000000000280855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19271dacc6f755442023-02-08 09:48:54.486root 11241100x8000000000000000280854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0a65e9e0bbdea72023-02-08 09:48:54.486root 11241100x8000000000000000280853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58a268d82d22c5f2023-02-08 09:48:54.486root 11241100x8000000000000000280852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a06a80113962032023-02-08 09:48:54.486root 11241100x8000000000000000280851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e918497fc7e2c8c92023-02-08 09:48:54.486root 11241100x8000000000000000280850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddec74d2211df3d82023-02-08 09:48:54.486root 11241100x8000000000000000280865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce8c837bdeb66322023-02-08 09:48:54.487root 11241100x8000000000000000280864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfb913d6037198c2023-02-08 09:48:54.487root 11241100x8000000000000000280863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe628adc2af0baae2023-02-08 09:48:54.487root 11241100x8000000000000000280862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d87863335c98c32023-02-08 09:48:54.487root 11241100x8000000000000000280861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85b0d3e75aee7e32023-02-08 09:48:54.487root 11241100x8000000000000000280860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea338f7f09f845b02023-02-08 09:48:54.487root 11241100x8000000000000000280859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb03dd9941812b32023-02-08 09:48:54.487root 11241100x8000000000000000280869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f620cbef6d992f4f2023-02-08 09:48:54.488root 11241100x8000000000000000280868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2211f54f2370e25c2023-02-08 09:48:54.488root 11241100x8000000000000000280867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadd517414163f3f2023-02-08 09:48:54.488root 11241100x8000000000000000280866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe27dbb190d873e2023-02-08 09:48:54.488root 11241100x8000000000000000280876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d926e73760a78562023-02-08 09:48:54.489root 11241100x8000000000000000280875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09df06f616044612023-02-08 09:48:54.489root 11241100x8000000000000000280874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba442d8376ba202023-02-08 09:48:54.489root 11241100x8000000000000000280873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0a41ee33593f102023-02-08 09:48:54.489root 11241100x8000000000000000280872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b750f9e9af18ab0a2023-02-08 09:48:54.489root 11241100x8000000000000000280871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a6b6bab6a01ce32023-02-08 09:48:54.489root 11241100x8000000000000000280870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b313d0870bf74d0b2023-02-08 09:48:54.489root 11241100x8000000000000000280882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b9f31dc3ac675f2023-02-08 09:48:54.490root 11241100x8000000000000000280881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a2557b8a3a5fb72023-02-08 09:48:54.490root 11241100x8000000000000000280880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ffd633dfb0856b2023-02-08 09:48:54.490root 11241100x8000000000000000280879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1077b29f9c01f50c2023-02-08 09:48:54.490root 11241100x8000000000000000280878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3057798479f0b54f2023-02-08 09:48:54.490root 11241100x8000000000000000280877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd864903b235402023-02-08 09:48:54.490root 11241100x8000000000000000280890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672fa89b49e1a3a2023-02-08 09:48:54.491root 11241100x8000000000000000280889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9539f07e4f26e4cf2023-02-08 09:48:54.491root 11241100x8000000000000000280888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69dfccff719406c2023-02-08 09:48:54.491root 11241100x8000000000000000280887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c903a460d8aecb32023-02-08 09:48:54.491root 11241100x8000000000000000280886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64d49d6667834b32023-02-08 09:48:54.491root 11241100x8000000000000000280885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb7a70578bda032023-02-08 09:48:54.491root 11241100x8000000000000000280884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d432fb558c44ac2023-02-08 09:48:54.491root 11241100x8000000000000000280883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac10777cc1fbaf92023-02-08 09:48:54.491root 11241100x8000000000000000280895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd400907968cc262023-02-08 09:48:54.492root 11241100x8000000000000000280894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82485e4395b7c7272023-02-08 09:48:54.492root 11241100x8000000000000000280893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1710732ee113902023-02-08 09:48:54.492root 11241100x8000000000000000280892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe36f658511cc5022023-02-08 09:48:54.492root 11241100x8000000000000000280891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32738d543555dd1f2023-02-08 09:48:54.492root 11241100x8000000000000000280898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8f0ca2348a34012023-02-08 09:48:54.493root 11241100x8000000000000000280897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a59ed9eae07fc72023-02-08 09:48:54.493root 11241100x8000000000000000280896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52eb2364d28c7c62023-02-08 09:48:54.493root 11241100x8000000000000000280901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbf0dd6543320212023-02-08 09:48:54.494root 11241100x8000000000000000280900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20a796007f700b32023-02-08 09:48:54.494root 11241100x8000000000000000280899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b18a8102ce1a282023-02-08 09:48:54.494root 11241100x8000000000000000280903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97095d67a50126062023-02-08 09:48:54.495root 11241100x8000000000000000280902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af19ba30e30a16be2023-02-08 09:48:54.495root 11241100x8000000000000000280904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cb3ca8d6fe4fb2023-02-08 09:48:54.984root 11241100x8000000000000000280912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c856157feb780abd2023-02-08 09:48:54.985root 11241100x8000000000000000280911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a74561d4d4c5712023-02-08 09:48:54.985root 11241100x8000000000000000280910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d34d34fa5adfa2023-02-08 09:48:54.985root 11241100x8000000000000000280909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7328d823e5b9ea2023-02-08 09:48:54.985root 11241100x8000000000000000280908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ecd09ae8386ac52023-02-08 09:48:54.985root 11241100x8000000000000000280907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9931ec3a5d3b8c752023-02-08 09:48:54.985root 11241100x8000000000000000280906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd82951bd1bff732023-02-08 09:48:54.985root 11241100x8000000000000000280905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc6496644d6f9532023-02-08 09:48:54.985root 11241100x8000000000000000280921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c85146fd1cf8be2023-02-08 09:48:54.986root 11241100x8000000000000000280920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3be223708b572d32023-02-08 09:48:54.986root 11241100x8000000000000000280919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46295c68744d792023-02-08 09:48:54.986root 11241100x8000000000000000280918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc0a42f58276d7d2023-02-08 09:48:54.986root 11241100x8000000000000000280917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0177ca3f35f099b02023-02-08 09:48:54.986root 11241100x8000000000000000280916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc0b9194f4c2fff2023-02-08 09:48:54.986root 11241100x8000000000000000280915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee41142eddf1e692023-02-08 09:48:54.986root 11241100x8000000000000000280914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb6ef0bb27cbeed2023-02-08 09:48:54.986root 11241100x8000000000000000280913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be2e52c8da4d1a2023-02-08 09:48:54.986root 11241100x8000000000000000280929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296bee6d61dd04002023-02-08 09:48:54.987root 11241100x8000000000000000280928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bffbc3eee5d7332023-02-08 09:48:54.987root 11241100x8000000000000000280927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec22b2d92f64ce02023-02-08 09:48:54.987root 11241100x8000000000000000280926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bbd8a6047b2feb2023-02-08 09:48:54.987root 11241100x8000000000000000280925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53bec3f61ec89222023-02-08 09:48:54.987root 11241100x8000000000000000280924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c18bcef64cf29992023-02-08 09:48:54.987root 11241100x8000000000000000280923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd37ef5544e558b2023-02-08 09:48:54.987root 11241100x8000000000000000280922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924783dbea7a0ec72023-02-08 09:48:54.987root 11241100x8000000000000000280939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd8b682b46e53f2023-02-08 09:48:54.988root 11241100x8000000000000000280938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd11a03bdbce5ae2023-02-08 09:48:54.988root 11241100x8000000000000000280937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae472f1cbe6d9a82023-02-08 09:48:54.988root 11241100x8000000000000000280936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f6006fcec24aa2023-02-08 09:48:54.988root 11241100x8000000000000000280935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88046c4ab64c4b6c2023-02-08 09:48:54.988root 11241100x8000000000000000280934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f51e630a37339b32023-02-08 09:48:54.988root 11241100x8000000000000000280933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b97fd684829e0da2023-02-08 09:48:54.988root 11241100x8000000000000000280932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f0f7c879a7f942023-02-08 09:48:54.988root 11241100x8000000000000000280931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c53bc4e193c2612023-02-08 09:48:54.988root 11241100x8000000000000000280930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e93bb6ebc1c3a3b2023-02-08 09:48:54.988root 11241100x8000000000000000280945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209c4ab8c36e49792023-02-08 09:48:54.989root 11241100x8000000000000000280944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da19e7e2a2f65d292023-02-08 09:48:54.989root 11241100x8000000000000000280943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1d3cf0c0a58962023-02-08 09:48:54.989root 11241100x8000000000000000280942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c45a4ea903e0242023-02-08 09:48:54.989root 11241100x8000000000000000280941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38ac8f1639e739d2023-02-08 09:48:54.989root 11241100x8000000000000000280940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9502214c629bbdeb2023-02-08 09:48:54.989root 11241100x8000000000000000280952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1619c259bce604ea2023-02-08 09:48:55.485root 11241100x8000000000000000280951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a3b4dbd0b67a4c2023-02-08 09:48:55.485root 11241100x8000000000000000280950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ea3cc9206fc7cd2023-02-08 09:48:55.485root 11241100x8000000000000000280949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48ef5c6559cbfda2023-02-08 09:48:55.485root 11241100x8000000000000000280948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6821ca789158c52023-02-08 09:48:55.485root 11241100x8000000000000000280947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733e3b7aab01544a2023-02-08 09:48:55.485root 11241100x8000000000000000280946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0da5c2cbd2f1c8e2023-02-08 09:48:55.485root 11241100x8000000000000000280967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437dd017560d1ede2023-02-08 09:48:55.486root 11241100x8000000000000000280966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e97393299c3f5382023-02-08 09:48:55.486root 11241100x8000000000000000280965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00d22a964d56992023-02-08 09:48:55.486root 11241100x8000000000000000280964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379b69785e8d06132023-02-08 09:48:55.486root 11241100x8000000000000000280963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428408a6d5a5ba9a2023-02-08 09:48:55.486root 11241100x8000000000000000280962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdcfecbe43e16142023-02-08 09:48:55.486root 11241100x8000000000000000280961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9329a3160e59ad2023-02-08 09:48:55.486root 11241100x8000000000000000280960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c959f8e392cfa62023-02-08 09:48:55.486root 11241100x8000000000000000280959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a310764f03e68d792023-02-08 09:48:55.486root 11241100x8000000000000000280958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c81f3050db106d42023-02-08 09:48:55.486root 11241100x8000000000000000280957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eb13bbfa96e6c52023-02-08 09:48:55.486root 11241100x8000000000000000280956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598801cb0d94a77b2023-02-08 09:48:55.486root 11241100x8000000000000000280955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f621c4646c9fe1e2023-02-08 09:48:55.486root 11241100x8000000000000000280954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baae1f39137b22a12023-02-08 09:48:55.486root 11241100x8000000000000000280953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d3b8450da86d22023-02-08 09:48:55.486root 11241100x8000000000000000280983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba2891dd24cc7e42023-02-08 09:48:55.487root 11241100x8000000000000000280982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2557b55407dc1c9b2023-02-08 09:48:55.487root 11241100x8000000000000000280981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c0928c0fdc1b582023-02-08 09:48:55.487root 11241100x8000000000000000280980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1999f05ab335922023-02-08 09:48:55.487root 11241100x8000000000000000280979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d177fa97406e85c12023-02-08 09:48:55.487root 11241100x8000000000000000280978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dce9aaf6065a3dc2023-02-08 09:48:55.487root 11241100x8000000000000000280977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46610ff3b2c2d2f2023-02-08 09:48:55.487root 11241100x8000000000000000280976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05728998283885a42023-02-08 09:48:55.487root 11241100x8000000000000000280975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38066218684ebb52023-02-08 09:48:55.487root 11241100x8000000000000000280974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c27c5b13841c372023-02-08 09:48:55.487root 11241100x8000000000000000280973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdc9b6c5b97e6162023-02-08 09:48:55.487root 11241100x8000000000000000280972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b7cdeb862862062023-02-08 09:48:55.487root 11241100x8000000000000000280971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d4c4dc739429b2023-02-08 09:48:55.487root 11241100x8000000000000000280970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8bed919ea39d102023-02-08 09:48:55.487root 11241100x8000000000000000280969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efa2d86a7b7982c2023-02-08 09:48:55.487root 11241100x8000000000000000280968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cd02945b6361b62023-02-08 09:48:55.487root 11241100x8000000000000000280985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60197ce8585dd04d2023-02-08 09:48:55.488root 11241100x8000000000000000280984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d650616df76e3b02023-02-08 09:48:55.488root 11241100x8000000000000000280989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db498a8ee52b5ee92023-02-08 09:48:55.984root 11241100x8000000000000000280988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a93f06eb42a7242023-02-08 09:48:55.984root 11241100x8000000000000000280987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3882d19dac4eb2382023-02-08 09:48:55.984root 11241100x8000000000000000280986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55184958323a7e3a2023-02-08 09:48:55.984root 11241100x8000000000000000280998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b65f103a2c091e2023-02-08 09:48:55.985root 11241100x8000000000000000280997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598a0be7e58176e72023-02-08 09:48:55.985root 11241100x8000000000000000280996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80baf748db31a8c62023-02-08 09:48:55.985root 11241100x8000000000000000280995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecfe059ae41cb932023-02-08 09:48:55.985root 11241100x8000000000000000280994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cde132a9efb5d52023-02-08 09:48:55.985root 11241100x8000000000000000280993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc2a2b86b3a1dfd2023-02-08 09:48:55.985root 11241100x8000000000000000280992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf29ae8acb534ee2023-02-08 09:48:55.985root 11241100x8000000000000000280991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c609ad08f9b7733f2023-02-08 09:48:55.985root 11241100x8000000000000000280990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cfa20fac1eaa662023-02-08 09:48:55.985root 11241100x8000000000000000281011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ed254f57f0aaa82023-02-08 09:48:55.986root 11241100x8000000000000000281010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca34b6e33a31e8da2023-02-08 09:48:55.986root 11241100x8000000000000000281009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17cff5b6282f2372023-02-08 09:48:55.986root 11241100x8000000000000000281008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dbd65ce057893c2023-02-08 09:48:55.986root 11241100x8000000000000000281007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59bf77489cc03fc2023-02-08 09:48:55.986root 11241100x8000000000000000281006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091011207fa3431b2023-02-08 09:48:55.986root 11241100x8000000000000000281005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d441ef314121002023-02-08 09:48:55.986root 11241100x8000000000000000281004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8f89a1414ab0c02023-02-08 09:48:55.986root 11241100x8000000000000000281003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d91e63563031e722023-02-08 09:48:55.986root 11241100x8000000000000000281002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d29c0523faf2a2023-02-08 09:48:55.986root 11241100x8000000000000000281001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b052095347169a12023-02-08 09:48:55.986root 11241100x8000000000000000281000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b951ea418e8ee2682023-02-08 09:48:55.986root 11241100x8000000000000000280999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc42ff63fe5cad632023-02-08 09:48:55.986root 11241100x8000000000000000281021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af284344b2f475a2023-02-08 09:48:55.987root 11241100x8000000000000000281020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2df5f9df36cc852023-02-08 09:48:55.987root 11241100x8000000000000000281019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e72af2f66c90762023-02-08 09:48:55.987root 11241100x8000000000000000281018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319137c11bbf9d052023-02-08 09:48:55.987root 11241100x8000000000000000281017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4fccbeddcb00b02023-02-08 09:48:55.987root 11241100x8000000000000000281016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6776068be968b22023-02-08 09:48:55.987root 11241100x8000000000000000281015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb90abbe9820a532023-02-08 09:48:55.987root 11241100x8000000000000000281014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64027dfae95339322023-02-08 09:48:55.987root 11241100x8000000000000000281013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e13d814b02224b2023-02-08 09:48:55.987root 11241100x8000000000000000281012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b96d28b03b81552023-02-08 09:48:55.987root 11241100x8000000000000000281027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2c9d28238281052023-02-08 09:48:55.988root 11241100x8000000000000000281026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d4a9e126c9c1da2023-02-08 09:48:55.988root 11241100x8000000000000000281025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207ee0f6523d02c42023-02-08 09:48:55.988root 11241100x8000000000000000281024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7f2981e347730e2023-02-08 09:48:55.988root 11241100x8000000000000000281023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e12725b461691282023-02-08 09:48:55.988root 11241100x8000000000000000281022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2562529ddfd47cc02023-02-08 09:48:55.988root 11241100x8000000000000000281028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630ce4453a4f56912023-02-08 09:48:56.484root 11241100x8000000000000000281038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52a1995948d8142023-02-08 09:48:56.485root 11241100x8000000000000000281037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d9f13d7ae7a02c2023-02-08 09:48:56.485root 11241100x8000000000000000281036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab725ec8f75ec7c2023-02-08 09:48:56.485root 11241100x8000000000000000281035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbd7ccb28dd198b2023-02-08 09:48:56.485root 11241100x8000000000000000281034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3cc91291f9b12f2023-02-08 09:48:56.485root 11241100x8000000000000000281033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e138778802fdb2023-02-08 09:48:56.485root 11241100x8000000000000000281032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ef312f18646ba2023-02-08 09:48:56.485root 11241100x8000000000000000281031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb872ba8a8756472023-02-08 09:48:56.485root 11241100x8000000000000000281030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6f609c91686c622023-02-08 09:48:56.485root 11241100x8000000000000000281029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f921c10e0dd1532023-02-08 09:48:56.485root 11241100x8000000000000000281047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969e6e295779c3642023-02-08 09:48:56.486root 11241100x8000000000000000281046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d4285bff7f554d2023-02-08 09:48:56.486root 11241100x8000000000000000281045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0d90ba38bfc5072023-02-08 09:48:56.486root 11241100x8000000000000000281044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f941e03688fe195c2023-02-08 09:48:56.486root 11241100x8000000000000000281043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4fc199f18462362023-02-08 09:48:56.486root 11241100x8000000000000000281042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e249ac342f46bbe2023-02-08 09:48:56.486root 11241100x8000000000000000281041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02483aebde1efae52023-02-08 09:48:56.486root 11241100x8000000000000000281040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ccb73135dea0122023-02-08 09:48:56.486root 11241100x8000000000000000281039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff9358cee51f8062023-02-08 09:48:56.486root 11241100x8000000000000000281057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966a5f61fbe004742023-02-08 09:48:56.487root 11241100x8000000000000000281056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8234c68d1b7625d92023-02-08 09:48:56.487root 11241100x8000000000000000281055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff5d7da0729b7ea2023-02-08 09:48:56.487root 11241100x8000000000000000281054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696fb3cc683a000d2023-02-08 09:48:56.487root 11241100x8000000000000000281053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e70c9fab6063292023-02-08 09:48:56.487root 11241100x8000000000000000281052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca729375ff79dc72023-02-08 09:48:56.487root 11241100x8000000000000000281051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c982d45d83a4f85c2023-02-08 09:48:56.487root 11241100x8000000000000000281050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bcd552c46d542d2023-02-08 09:48:56.487root 11241100x8000000000000000281049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f809f75802bcc3e12023-02-08 09:48:56.487root 11241100x8000000000000000281048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cde2517814e4ff42023-02-08 09:48:56.487root 11241100x8000000000000000281068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81ca5e40c0623e62023-02-08 09:48:56.488root 11241100x8000000000000000281067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe9ca44135fe8a2023-02-08 09:48:56.488root 11241100x8000000000000000281066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5e77295a4fa76c2023-02-08 09:48:56.488root 11241100x8000000000000000281065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc76d3f02017d6e2023-02-08 09:48:56.488root 11241100x8000000000000000281064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26f04fc089e49522023-02-08 09:48:56.488root 11241100x8000000000000000281063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100e372deb71c1b92023-02-08 09:48:56.488root 11241100x8000000000000000281062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c843636af1df92023-02-08 09:48:56.488root 11241100x8000000000000000281061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd5d7f3be3c36bf2023-02-08 09:48:56.488root 11241100x8000000000000000281060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28d886d4becd672023-02-08 09:48:56.488root 11241100x8000000000000000281059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347d64ac82258c2e2023-02-08 09:48:56.488root 11241100x8000000000000000281058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a303399982d1fce2023-02-08 09:48:56.488root 11241100x8000000000000000281074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66cbae0e349cb4f2023-02-08 09:48:56.984root 11241100x8000000000000000281073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c53cf507716e6d2023-02-08 09:48:56.984root 11241100x8000000000000000281072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4163bb2b740a9a6d2023-02-08 09:48:56.984root 11241100x8000000000000000281071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e33862164b56e82023-02-08 09:48:56.984root 11241100x8000000000000000281070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08e47f07ef04e22023-02-08 09:48:56.984root 11241100x8000000000000000281069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5ffc98fa51f2dd2023-02-08 09:48:56.984root 11241100x8000000000000000281085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8d521d33d276272023-02-08 09:48:56.985root 11241100x8000000000000000281084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b311c844cc3a61332023-02-08 09:48:56.985root 11241100x8000000000000000281083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52b49b994ac3f32023-02-08 09:48:56.985root 11241100x8000000000000000281082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c6a500269bdf9c2023-02-08 09:48:56.985root 11241100x8000000000000000281081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb77ea462a690e02023-02-08 09:48:56.985root 11241100x8000000000000000281080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b28ca11ba427702023-02-08 09:48:56.985root 11241100x8000000000000000281079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40885aca9c9675c72023-02-08 09:48:56.985root 11241100x8000000000000000281078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac674e8f1e74bf2023-02-08 09:48:56.985root 11241100x8000000000000000281077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390115675821fae52023-02-08 09:48:56.985root 11241100x8000000000000000281076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c8d99aad626f32023-02-08 09:48:56.985root 11241100x8000000000000000281075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b0d735dc39f4e2023-02-08 09:48:56.985root 11241100x8000000000000000281096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3ed4efcc84be672023-02-08 09:48:56.986root 11241100x8000000000000000281095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ac55bc431a7fca2023-02-08 09:48:56.986root 11241100x8000000000000000281094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091bc584f2c14e422023-02-08 09:48:56.986root 11241100x8000000000000000281093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1e6b98a4502f122023-02-08 09:48:56.986root 11241100x8000000000000000281092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd207a5803c54212023-02-08 09:48:56.986root 11241100x8000000000000000281091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd9527f3ca28c0b2023-02-08 09:48:56.986root 11241100x8000000000000000281090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aba3b3343b777e2023-02-08 09:48:56.986root 11241100x8000000000000000281089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d055e32c00965c52023-02-08 09:48:56.986root 11241100x8000000000000000281088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5893c5e4e11b4cdd2023-02-08 09:48:56.986root 11241100x8000000000000000281087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e796682c4c7d7492023-02-08 09:48:56.986root 11241100x8000000000000000281086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cf175040fde0652023-02-08 09:48:56.986root 11241100x8000000000000000281099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c04bcfbfbe667f62023-02-08 09:48:56.987root 11241100x8000000000000000281098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70b1df79d8e55532023-02-08 09:48:56.987root 11241100x8000000000000000281097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5024ccae8959691d2023-02-08 09:48:56.987root 11241100x8000000000000000281105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472e5e2ee8e42702023-02-08 09:48:56.988root 11241100x8000000000000000281104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82508dc35a2f60032023-02-08 09:48:56.988root 11241100x8000000000000000281103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97c2ff238a40812023-02-08 09:48:56.988root 11241100x8000000000000000281102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4fc73345d93b52023-02-08 09:48:56.988root 11241100x8000000000000000281101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ef28d21ab9900e2023-02-08 09:48:56.988root 11241100x8000000000000000281100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682e3d620c7caca72023-02-08 09:48:56.988root 11241100x8000000000000000281111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b185c93fc773df2023-02-08 09:48:56.989root 11241100x8000000000000000281110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a44a64865950a82023-02-08 09:48:56.989root 11241100x8000000000000000281109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b736adfdec4214a52023-02-08 09:48:56.989root 11241100x8000000000000000281108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721320eb31115cf72023-02-08 09:48:56.989root 11241100x8000000000000000281107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae8d40fc22e8682023-02-08 09:48:56.989root 11241100x8000000000000000281106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89716dc040ffb7d2023-02-08 09:48:56.989root 11241100x8000000000000000281117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59fa9c1c02750912023-02-08 09:48:56.990root 11241100x8000000000000000281116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e8ec22f634a692023-02-08 09:48:56.990root 11241100x8000000000000000281115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b38d7039eea24aa2023-02-08 09:48:56.990root 11241100x8000000000000000281114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca33189ce0da5c002023-02-08 09:48:56.990root 11241100x8000000000000000281113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e93befed1615cee2023-02-08 09:48:56.990root 11241100x8000000000000000281112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f675a34deddb6932023-02-08 09:48:56.990root 11241100x8000000000000000281121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2909f6457f13242023-02-08 09:48:56.991root 11241100x8000000000000000281120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfec14245d686872023-02-08 09:48:56.991root 11241100x8000000000000000281119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd93d93bc936c8a2023-02-08 09:48:56.991root 11241100x8000000000000000281118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6ba9cd88c60da42023-02-08 09:48:56.991root 11241100x8000000000000000281124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1aa036f524f45a2023-02-08 09:48:56.992root 11241100x8000000000000000281123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbc3c0bf828a43f2023-02-08 09:48:56.992root 11241100x8000000000000000281122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1acd53ae6823882023-02-08 09:48:56.992root 11241100x8000000000000000281130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01143739d22cf6c62023-02-08 09:48:56.993root 11241100x8000000000000000281129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd6b06bd85f5be72023-02-08 09:48:56.993root 11241100x8000000000000000281128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b754fa22a996512023-02-08 09:48:56.993root 11241100x8000000000000000281127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea910a9916ee07ee2023-02-08 09:48:56.993root 11241100x8000000000000000281126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d4e105ec7337a2023-02-08 09:48:56.993root 11241100x8000000000000000281125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:56.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024260a89fb050592023-02-08 09:48:56.993root 11241100x8000000000000000281139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e3ccda596a9452023-02-08 09:48:57.484root 11241100x8000000000000000281138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cec63e79895d562023-02-08 09:48:57.484root 11241100x8000000000000000281137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bb9bc1029b71142023-02-08 09:48:57.484root 11241100x8000000000000000281136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0681f766e2968c52023-02-08 09:48:57.484root 11241100x8000000000000000281135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d562bed863579f92023-02-08 09:48:57.484root 11241100x8000000000000000281134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13e7a964b07a5f2023-02-08 09:48:57.484root 11241100x8000000000000000281133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f018fcf55b64a7682023-02-08 09:48:57.484root 11241100x8000000000000000281132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899ddb3a8fd41832023-02-08 09:48:57.484root 11241100x8000000000000000281131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e6dfd94de23a7c2023-02-08 09:48:57.484root 11241100x8000000000000000281151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a61bfb688ed12f12023-02-08 09:48:57.485root 11241100x8000000000000000281150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1fb4f1055728aa2023-02-08 09:48:57.485root 11241100x8000000000000000281149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b680499a941f9c22023-02-08 09:48:57.485root 11241100x8000000000000000281148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b3f3b795a897632023-02-08 09:48:57.485root 11241100x8000000000000000281147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f82720e1163482023-02-08 09:48:57.485root 11241100x8000000000000000281146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de87e3ffb6eb94d2023-02-08 09:48:57.485root 11241100x8000000000000000281145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab11b36cdf39c762023-02-08 09:48:57.485root 11241100x8000000000000000281144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10d57a8c887de112023-02-08 09:48:57.485root 11241100x8000000000000000281143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210d9898853457512023-02-08 09:48:57.485root 11241100x8000000000000000281142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddbe76ce779c36b2023-02-08 09:48:57.485root 11241100x8000000000000000281141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba80573b786fdc82023-02-08 09:48:57.485root 11241100x8000000000000000281140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99f49ca8d197532023-02-08 09:48:57.485root 11241100x8000000000000000281166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1749621d3ce72b512023-02-08 09:48:57.486root 11241100x8000000000000000281165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1799f073e4f49e542023-02-08 09:48:57.486root 11241100x8000000000000000281164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6209b981b92cc3e2023-02-08 09:48:57.486root 11241100x8000000000000000281163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052dab4dfc97fe842023-02-08 09:48:57.486root 11241100x8000000000000000281162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7b8f9f16cd00c2023-02-08 09:48:57.486root 11241100x8000000000000000281161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b99c71b4ccf98c2023-02-08 09:48:57.486root 11241100x8000000000000000281160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce371e81fb798f2023-02-08 09:48:57.486root 11241100x8000000000000000281159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad83388bce3378c2023-02-08 09:48:57.486root 11241100x8000000000000000281158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dd760414435522023-02-08 09:48:57.486root 11241100x8000000000000000281157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54513def7f651402023-02-08 09:48:57.486root 11241100x8000000000000000281156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fff15aa774e53c2023-02-08 09:48:57.486root 11241100x8000000000000000281155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c970a45bf5eba1de2023-02-08 09:48:57.486root 11241100x8000000000000000281154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39560924cf7c481b2023-02-08 09:48:57.486root 11241100x8000000000000000281153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf86064fe546de42023-02-08 09:48:57.486root 11241100x8000000000000000281152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf480030dcff02d2023-02-08 09:48:57.486root 11241100x8000000000000000281182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0b73492ff06932023-02-08 09:48:57.487root 11241100x8000000000000000281181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ddc2b68580c90e2023-02-08 09:48:57.487root 11241100x8000000000000000281180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae04fe0b72537612023-02-08 09:48:57.487root 11241100x8000000000000000281179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09f49225200b8932023-02-08 09:48:57.487root 11241100x8000000000000000281178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27ef735898409592023-02-08 09:48:57.487root 11241100x8000000000000000281177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1393a35fd4c682fe2023-02-08 09:48:57.487root 11241100x8000000000000000281176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daad1680ab678cd2023-02-08 09:48:57.487root 11241100x8000000000000000281175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7549abba985b1262023-02-08 09:48:57.487root 11241100x8000000000000000281174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cf35b6c9a5ae532023-02-08 09:48:57.487root 11241100x8000000000000000281173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5462ed298e1f39992023-02-08 09:48:57.487root 11241100x8000000000000000281172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce23d10ed5ffe9862023-02-08 09:48:57.487root 11241100x8000000000000000281171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba47af22251403012023-02-08 09:48:57.487root 11241100x8000000000000000281170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23558744a7f3d4d2023-02-08 09:48:57.487root 11241100x8000000000000000281169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcc4c9eb00a27a92023-02-08 09:48:57.487root 11241100x8000000000000000281168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5b0ea4afc53d1d2023-02-08 09:48:57.487root 11241100x8000000000000000281167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c25dce1dd0406f82023-02-08 09:48:57.487root 11241100x8000000000000000281185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a26b981e712eed22023-02-08 09:48:57.488root 11241100x8000000000000000281184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d062a91be3fad2c2023-02-08 09:48:57.488root 11241100x8000000000000000281183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51f9d555445cced2023-02-08 09:48:57.488root 11241100x8000000000000000281186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812d99c2715a51b72023-02-08 09:48:57.984root 11241100x8000000000000000281198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe335cc993bdc6b2023-02-08 09:48:57.985root 11241100x8000000000000000281197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4dfb13344339202023-02-08 09:48:57.985root 11241100x8000000000000000281196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05314fb88b44e672023-02-08 09:48:57.985root 11241100x8000000000000000281195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992639b6426da7782023-02-08 09:48:57.985root 11241100x8000000000000000281194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ad251f9f39ffe82023-02-08 09:48:57.985root 11241100x8000000000000000281193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a587556a016f1322023-02-08 09:48:57.985root 11241100x8000000000000000281192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7738f993d8ad142023-02-08 09:48:57.985root 11241100x8000000000000000281191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f1137d64a36aa2023-02-08 09:48:57.985root 11241100x8000000000000000281190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4896a3cdbf46dc882023-02-08 09:48:57.985root 11241100x8000000000000000281189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e17a9e7b5b7ff562023-02-08 09:48:57.985root 11241100x8000000000000000281188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e73985af1eee6f2023-02-08 09:48:57.985root 11241100x8000000000000000281187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f54d450eb70fe642023-02-08 09:48:57.985root 11241100x8000000000000000281212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79417a36e3ae7cc72023-02-08 09:48:57.986root 11241100x8000000000000000281211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f50aba6430b8a2023-02-08 09:48:57.986root 11241100x8000000000000000281210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5051ad106531b8e22023-02-08 09:48:57.986root 11241100x8000000000000000281209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04755305098379f2023-02-08 09:48:57.986root 11241100x8000000000000000281208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1575213907786dd12023-02-08 09:48:57.986root 11241100x8000000000000000281207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888b038ce987f2172023-02-08 09:48:57.986root 11241100x8000000000000000281206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2845306594aaae732023-02-08 09:48:57.986root 11241100x8000000000000000281205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49325873f78ad5fc2023-02-08 09:48:57.986root 11241100x8000000000000000281204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2587ceaf8aac8cc92023-02-08 09:48:57.986root 11241100x8000000000000000281203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0dde1f3032ef4f2023-02-08 09:48:57.986root 11241100x8000000000000000281202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10d353fd5cb458a2023-02-08 09:48:57.986root 11241100x8000000000000000281201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eefcf06d3e67bc72023-02-08 09:48:57.986root 11241100x8000000000000000281200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dd27e99f5f5a642023-02-08 09:48:57.986root 11241100x8000000000000000281199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed5b65d899940f2023-02-08 09:48:57.986root 11241100x8000000000000000281227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2872c48161fdec742023-02-08 09:48:57.987root 11241100x8000000000000000281226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e9669bf4ccea022023-02-08 09:48:57.987root 11241100x8000000000000000281225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f1f1471df096272023-02-08 09:48:57.987root 11241100x8000000000000000281224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136eb50ba95ebdaa2023-02-08 09:48:57.987root 11241100x8000000000000000281223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f3504c140a03a92023-02-08 09:48:57.987root 11241100x8000000000000000281222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688395051d286c192023-02-08 09:48:57.987root 11241100x8000000000000000281221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f40bcb8d9820462023-02-08 09:48:57.987root 11241100x8000000000000000281220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22db9ffbdd652e842023-02-08 09:48:57.987root 11241100x8000000000000000281219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740b45a92150ca062023-02-08 09:48:57.987root 11241100x8000000000000000281218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a4622328c08c2f2023-02-08 09:48:57.987root 11241100x8000000000000000281217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99b688bd7f07bf22023-02-08 09:48:57.987root 11241100x8000000000000000281216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b767ce43d848a2023-02-08 09:48:57.987root 11241100x8000000000000000281215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b4b51c22158da02023-02-08 09:48:57.987root 11241100x8000000000000000281214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6be93578a3e491b2023-02-08 09:48:57.987root 11241100x8000000000000000281213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f904ac7d037610c22023-02-08 09:48:57.987root 11241100x8000000000000000281228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98c49d923ab19b2023-02-08 09:48:57.988root 11241100x8000000000000000281232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb2d50897e33652023-02-08 09:48:58.484root 11241100x8000000000000000281231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a6ff6b0d483c282023-02-08 09:48:58.484root 11241100x8000000000000000281230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76946f7f7fa62fd92023-02-08 09:48:58.484root 11241100x8000000000000000281229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cf16dd96cde5a42023-02-08 09:48:58.484root 11241100x8000000000000000281245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741ec5ec69ca263e2023-02-08 09:48:58.485root 11241100x8000000000000000281244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1467f14b9c2f992023-02-08 09:48:58.485root 11241100x8000000000000000281243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ebe4d3d29182ae2023-02-08 09:48:58.485root 11241100x8000000000000000281242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365fb70090b36f42023-02-08 09:48:58.485root 11241100x8000000000000000281241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d6f33dbebe79c2023-02-08 09:48:58.485root 11241100x8000000000000000281240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d9cd3bd32219d2023-02-08 09:48:58.485root 11241100x8000000000000000281239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d41e6b1a369b42023-02-08 09:48:58.485root 11241100x8000000000000000281238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fae6f94f89a0ab2023-02-08 09:48:58.485root 11241100x8000000000000000281237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b43e383247e905b2023-02-08 09:48:58.485root 11241100x8000000000000000281236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc62c63f56809912023-02-08 09:48:58.485root 11241100x8000000000000000281235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14933ea9c6c28ee2023-02-08 09:48:58.485root 11241100x8000000000000000281234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06163270688036682023-02-08 09:48:58.485root 11241100x8000000000000000281233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5073b4fd6f63be152023-02-08 09:48:58.485root 11241100x8000000000000000281260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f8a05698f41b42023-02-08 09:48:58.486root 11241100x8000000000000000281259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126136f29bffa9af2023-02-08 09:48:58.486root 11241100x8000000000000000281258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8c7b01f5b727302023-02-08 09:48:58.486root 11241100x8000000000000000281257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806d37e2d22e42bc2023-02-08 09:48:58.486root 11241100x8000000000000000281256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4116f4eb5c61aa2b2023-02-08 09:48:58.486root 11241100x8000000000000000281255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0e6566fdd2cbe82023-02-08 09:48:58.486root 11241100x8000000000000000281254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9023a4bf4b6458a2023-02-08 09:48:58.486root 11241100x8000000000000000281253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7535d896ca26882023-02-08 09:48:58.486root 11241100x8000000000000000281252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057c8549f4cdc7352023-02-08 09:48:58.486root 11241100x8000000000000000281251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aeb8b13b83433912023-02-08 09:48:58.486root 11241100x8000000000000000281250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e50c0b8448a622023-02-08 09:48:58.486root 11241100x8000000000000000281249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d0a0f5592787112023-02-08 09:48:58.486root 11241100x8000000000000000281248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129e143a9c194dfd2023-02-08 09:48:58.486root 11241100x8000000000000000281247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a328cedf38f58902023-02-08 09:48:58.486root 11241100x8000000000000000281246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79702dedb1d84df32023-02-08 09:48:58.486root 11241100x8000000000000000281269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f3eedfb2e977bf2023-02-08 09:48:58.487root 11241100x8000000000000000281268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76857cbf33dc41e42023-02-08 09:48:58.487root 11241100x8000000000000000281267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c024b38c139d6c762023-02-08 09:48:58.487root 11241100x8000000000000000281266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b88613e1f0762262023-02-08 09:48:58.487root 11241100x8000000000000000281265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb19afdb881e9a22023-02-08 09:48:58.487root 11241100x8000000000000000281264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5e643f8eb2e75f2023-02-08 09:48:58.487root 11241100x8000000000000000281263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba54f5078b694e02023-02-08 09:48:58.487root 11241100x8000000000000000281262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173f4c93952d865a2023-02-08 09:48:58.487root 11241100x8000000000000000281261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f13aa596f1bb65d2023-02-08 09:48:58.487root 11241100x8000000000000000281270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917a5e1b0405d0e52023-02-08 09:48:58.488root 11241100x8000000000000000281275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c44f7a9dba1b862023-02-08 09:48:58.984root 11241100x8000000000000000281274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f961e50875159cc2023-02-08 09:48:58.984root 11241100x8000000000000000281273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97529a9191daa0a2023-02-08 09:48:58.984root 11241100x8000000000000000281272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc4970f71ca2d132023-02-08 09:48:58.984root 11241100x8000000000000000281271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc7b455a8e9fd42023-02-08 09:48:58.984root 11241100x8000000000000000281281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22128e2d5708ff72023-02-08 09:48:58.985root 11241100x8000000000000000281280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9e25008cbe3ca2023-02-08 09:48:58.985root 11241100x8000000000000000281279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059cd59d5c1c1552023-02-08 09:48:58.985root 11241100x8000000000000000281278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e371da321a3219b62023-02-08 09:48:58.985root 11241100x8000000000000000281277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4f8fb3f6c2dbc02023-02-08 09:48:58.985root 11241100x8000000000000000281276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6fd773a4898f822023-02-08 09:48:58.985root 11241100x8000000000000000281293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c05afa9fa8d921a2023-02-08 09:48:58.986root 11241100x8000000000000000281292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89fd0a38542756d2023-02-08 09:48:58.986root 11241100x8000000000000000281291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ae8e51faadefac2023-02-08 09:48:58.986root 11241100x8000000000000000281290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0bce7d27f60e772023-02-08 09:48:58.986root 11241100x8000000000000000281289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60c7d9af3b60a62023-02-08 09:48:58.986root 11241100x8000000000000000281288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5bbd557be62fb82023-02-08 09:48:58.986root 11241100x8000000000000000281287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8713ba22288947bd2023-02-08 09:48:58.986root 11241100x8000000000000000281286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aea32e07212ef12023-02-08 09:48:58.986root 11241100x8000000000000000281285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd04b720da4c0f92023-02-08 09:48:58.986root 11241100x8000000000000000281284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ba29c84fc643d02023-02-08 09:48:58.986root 11241100x8000000000000000281283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a0c578e67967952023-02-08 09:48:58.986root 11241100x8000000000000000281282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15359c1ebc199bd02023-02-08 09:48:58.986root 11241100x8000000000000000281300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecde6028538e88fa2023-02-08 09:48:58.987root 11241100x8000000000000000281299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6247ee5e18760422023-02-08 09:48:58.987root 11241100x8000000000000000281298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3a656c92276e82023-02-08 09:48:58.987root 11241100x8000000000000000281297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6103d97c8ec992023-02-08 09:48:58.987root 11241100x8000000000000000281296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2b7c25634aedc2023-02-08 09:48:58.987root 11241100x8000000000000000281295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cf742f80f628af2023-02-08 09:48:58.987root 11241100x8000000000000000281294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac051fe0222e1492023-02-08 09:48:58.987root 11241100x8000000000000000281305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c038b8a14c93f0f2023-02-08 09:48:58.988root 11241100x8000000000000000281304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc51dc6ea0a78dff2023-02-08 09:48:58.988root 11241100x8000000000000000281303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90adc67cfe4001572023-02-08 09:48:58.988root 11241100x8000000000000000281302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc49a9982cfe5d02023-02-08 09:48:58.988root 11241100x8000000000000000281301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4118d76f7d8c742023-02-08 09:48:58.988root 11241100x8000000000000000281309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8646be4d61ec315e2023-02-08 09:48:58.989root 11241100x8000000000000000281308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489aa433bf5709c22023-02-08 09:48:58.989root 11241100x8000000000000000281307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e6f6f318f0718d2023-02-08 09:48:58.989root 11241100x8000000000000000281306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9037af8c370b99312023-02-08 09:48:58.989root 11241100x8000000000000000281313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bbfa1054885aa42023-02-08 09:48:58.990root 11241100x8000000000000000281312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005d0f3bb5e65162023-02-08 09:48:58.990root 11241100x8000000000000000281311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59600f6abed8d2ba2023-02-08 09:48:58.990root 11241100x8000000000000000281310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d2e5b89df2eb92023-02-08 09:48:58.990root 11241100x8000000000000000281316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bae4ccf2fde83c2023-02-08 09:48:58.991root 11241100x8000000000000000281315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20418dbd9a996e282023-02-08 09:48:58.991root 11241100x8000000000000000281314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a981b578442f53502023-02-08 09:48:58.991root 11241100x8000000000000000281320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f067a0d52c1f22023-02-08 09:48:58.992root 11241100x8000000000000000281319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9361dcae0cc604a42023-02-08 09:48:58.992root 11241100x8000000000000000281318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc25b7b55459db22023-02-08 09:48:58.992root 11241100x8000000000000000281317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:58.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d58a7d16e6176e2023-02-08 09:48:58.992root 11241100x8000000000000000281322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ad8d547c67d6252023-02-08 09:48:59.484root 11241100x8000000000000000281321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3642baa1113e31d2023-02-08 09:48:59.484root 11241100x8000000000000000281326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24383e7739da05642023-02-08 09:48:59.485root 11241100x8000000000000000281325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6533cf2efe9d397b2023-02-08 09:48:59.485root 11241100x8000000000000000281324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8dba4f2d4202e32023-02-08 09:48:59.485root 11241100x8000000000000000281323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e3a955297079ce2023-02-08 09:48:59.485root 11241100x8000000000000000281335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a41c0782c562572023-02-08 09:48:59.486root 11241100x8000000000000000281334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9eda6f0a56b0382023-02-08 09:48:59.486root 11241100x8000000000000000281333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bd3a86ed81a8542023-02-08 09:48:59.486root 11241100x8000000000000000281332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f209a36c4931be2023-02-08 09:48:59.486root 11241100x8000000000000000281331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b68d379c0bf2c82023-02-08 09:48:59.486root 11241100x8000000000000000281330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f92f0fe21d4a882023-02-08 09:48:59.486root 11241100x8000000000000000281329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd51305cb4895dc52023-02-08 09:48:59.486root 11241100x8000000000000000281328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e326b7dd70d71052023-02-08 09:48:59.486root 11241100x8000000000000000281327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2dfa749e36b2e02023-02-08 09:48:59.486root 11241100x8000000000000000281346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c59284bfa7ef0702023-02-08 09:48:59.487root 11241100x8000000000000000281345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809cc4867dba1ac82023-02-08 09:48:59.487root 11241100x8000000000000000281344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37303a48d98a65242023-02-08 09:48:59.487root 11241100x8000000000000000281343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27ce0cc4bd1ffb92023-02-08 09:48:59.487root 11241100x8000000000000000281342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eec184afed935222023-02-08 09:48:59.487root 11241100x8000000000000000281341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f51a291544b4b62023-02-08 09:48:59.487root 11241100x8000000000000000281340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b0f1e7a27e6bb32023-02-08 09:48:59.487root 11241100x8000000000000000281339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c56f2e50032e15a2023-02-08 09:48:59.487root 11241100x8000000000000000281338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c008ffabd2432c012023-02-08 09:48:59.487root 11241100x8000000000000000281337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f504ec7e7d3f0a212023-02-08 09:48:59.487root 11241100x8000000000000000281336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2b7cff2efeb2be2023-02-08 09:48:59.487root 11241100x8000000000000000281359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e404867327da1e2023-02-08 09:48:59.488root 11241100x8000000000000000281358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4652e64def376ee62023-02-08 09:48:59.488root 11241100x8000000000000000281357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417bacfc14eaa16e2023-02-08 09:48:59.488root 11241100x8000000000000000281356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f461988774ad972023-02-08 09:48:59.488root 11241100x8000000000000000281355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca48124e7999362023-02-08 09:48:59.488root 11241100x8000000000000000281354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495489b5c9c0963e2023-02-08 09:48:59.488root 11241100x8000000000000000281353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b12da9cd3229512023-02-08 09:48:59.488root 11241100x8000000000000000281352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8bedf28861d58e2023-02-08 09:48:59.488root 11241100x8000000000000000281351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317cb47b906933e82023-02-08 09:48:59.488root 11241100x8000000000000000281350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368d3b7752cf180e2023-02-08 09:48:59.488root 11241100x8000000000000000281349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a12e70fcdb8463c2023-02-08 09:48:59.488root 11241100x8000000000000000281348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a71556b9fa880222023-02-08 09:48:59.488root 11241100x8000000000000000281347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee3a88fbcbd43ec2023-02-08 09:48:59.488root 11241100x8000000000000000281364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8746ab46c5f5ba2023-02-08 09:48:59.489root 11241100x8000000000000000281363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea3861ae9e5119a2023-02-08 09:48:59.489root 11241100x8000000000000000281362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a9aedc092e12c42023-02-08 09:48:59.489root 11241100x8000000000000000281361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4532f5eb077c31fd2023-02-08 09:48:59.489root 11241100x8000000000000000281360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c495bdd7e68b72cd2023-02-08 09:48:59.489root 11241100x8000000000000000281371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da27955a8107bb9a2023-02-08 09:48:59.984root 11241100x8000000000000000281370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d2516715fba6662023-02-08 09:48:59.984root 11241100x8000000000000000281369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3da6096846f0c92023-02-08 09:48:59.984root 11241100x8000000000000000281368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4a949313b424ae2023-02-08 09:48:59.984root 11241100x8000000000000000281367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb1fc197421a112023-02-08 09:48:59.984root 11241100x8000000000000000281366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ea34c42422bb2c2023-02-08 09:48:59.984root 11241100x8000000000000000281365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6815404dbbbdae2023-02-08 09:48:59.984root 11241100x8000000000000000281377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257f79ee2be294be2023-02-08 09:48:59.985root 11241100x8000000000000000281376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dbb0482ca3eb4d2023-02-08 09:48:59.985root 11241100x8000000000000000281375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10afe5a61e849f2e2023-02-08 09:48:59.985root 11241100x8000000000000000281374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243a6697d79447d82023-02-08 09:48:59.985root 11241100x8000000000000000281373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953543043699518b2023-02-08 09:48:59.985root 11241100x8000000000000000281372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f685ad7f262bcf2023-02-08 09:48:59.985root 11241100x8000000000000000281385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78754c72ff61521f2023-02-08 09:48:59.986root 11241100x8000000000000000281384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7e3e8dbfd901c22023-02-08 09:48:59.986root 11241100x8000000000000000281383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3eb609fdcfcf9a2023-02-08 09:48:59.986root 11241100x8000000000000000281382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b51cc3d63371302023-02-08 09:48:59.986root 11241100x8000000000000000281381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb8cd090701ceb42023-02-08 09:48:59.986root 11241100x8000000000000000281380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44810b41ee645452023-02-08 09:48:59.986root 11241100x8000000000000000281379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99adb993569a155a2023-02-08 09:48:59.986root 11241100x8000000000000000281378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9890241f8bb1022023-02-08 09:48:59.986root 11241100x8000000000000000281389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5168c3574aafe9632023-02-08 09:48:59.987root 11241100x8000000000000000281388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e31b35197f115e2023-02-08 09:48:59.987root 11241100x8000000000000000281387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7380aa14ed563d2023-02-08 09:48:59.987root 11241100x8000000000000000281386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16cc67eb3efa1b32023-02-08 09:48:59.987root 11241100x8000000000000000281397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf28da1d3e34fb92023-02-08 09:48:59.988root 11241100x8000000000000000281396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18463fb91669f4c92023-02-08 09:48:59.988root 11241100x8000000000000000281395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd8d1f47e190bd2023-02-08 09:48:59.988root 11241100x8000000000000000281394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0127e7515e159d392023-02-08 09:48:59.988root 11241100x8000000000000000281393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6ddd1b792aeb532023-02-08 09:48:59.988root 11241100x8000000000000000281392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddac98ea302d14b2023-02-08 09:48:59.988root 11241100x8000000000000000281391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bf8c206d06c8db2023-02-08 09:48:59.988root 11241100x8000000000000000281390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af2c1cf87130f6c2023-02-08 09:48:59.988root 11241100x8000000000000000281405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451b4a7f25902df2023-02-08 09:48:59.989root 11241100x8000000000000000281404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808e47a860c355952023-02-08 09:48:59.989root 11241100x8000000000000000281403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44495badb812b8c2023-02-08 09:48:59.989root 11241100x8000000000000000281402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e911454ee67564bf2023-02-08 09:48:59.989root 11241100x8000000000000000281401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a34b87c5e967b2023-02-08 09:48:59.989root 11241100x8000000000000000281400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff58cc57c60719262023-02-08 09:48:59.989root 11241100x8000000000000000281399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6bcb4768bf1af02023-02-08 09:48:59.989root 11241100x8000000000000000281398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dd592ce3e56abb2023-02-08 09:48:59.989root 11241100x8000000000000000281413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78405b0cdcd173b62023-02-08 09:48:59.990root 11241100x8000000000000000281412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985266d668a911682023-02-08 09:48:59.990root 11241100x8000000000000000281411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a3fdbb4620930b2023-02-08 09:48:59.990root 11241100x8000000000000000281410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da11f81772213b8e2023-02-08 09:48:59.990root 11241100x8000000000000000281409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7834215b26e6c91d2023-02-08 09:48:59.990root 11241100x8000000000000000281408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750c1d710add60d2023-02-08 09:48:59.990root 11241100x8000000000000000281407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee2662ae8bd9ccb2023-02-08 09:48:59.990root 11241100x8000000000000000281406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3567258f9419d2023-02-08 09:48:59.990root 11241100x8000000000000000281420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e0aac44e9c3aa22023-02-08 09:48:59.991root 11241100x8000000000000000281419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d841b11204c2132023-02-08 09:48:59.991root 11241100x8000000000000000281418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ae1ce01407c93d2023-02-08 09:48:59.991root 11241100x8000000000000000281417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45aa21feb395e79b2023-02-08 09:48:59.991root 11241100x8000000000000000281416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca347fb1eb649432023-02-08 09:48:59.991root 11241100x8000000000000000281415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b653a45ae297644e2023-02-08 09:48:59.991root 11241100x8000000000000000281414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713e986ec0bcd1b52023-02-08 09:48:59.991root 11241100x8000000000000000281427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ae725692c14fe62023-02-08 09:48:59.992root 11241100x8000000000000000281426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5701639685e951be2023-02-08 09:48:59.992root 11241100x8000000000000000281425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72233096ec4abc82023-02-08 09:48:59.992root 11241100x8000000000000000281424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1267c058caa39c7a2023-02-08 09:48:59.992root 11241100x8000000000000000281423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8106cf2d35ded2023-02-08 09:48:59.992root 11241100x8000000000000000281422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e853a58c26bff372023-02-08 09:48:59.992root 11241100x8000000000000000281421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122706c19a245e472023-02-08 09:48:59.992root 11241100x8000000000000000281433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f2e089d6b4903b2023-02-08 09:48:59.993root 11241100x8000000000000000281432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbccf1c8e3a21a8d2023-02-08 09:48:59.993root 11241100x8000000000000000281431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e35a9acb3c31d2c2023-02-08 09:48:59.993root 11241100x8000000000000000281430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984b038e9a3883d2023-02-08 09:48:59.993root 11241100x8000000000000000281429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4bec55da15c3652023-02-08 09:48:59.993root 11241100x8000000000000000281428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33beb6ce274053c92023-02-08 09:48:59.993root 11241100x8000000000000000281445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de44d8a0c1f19d4b2023-02-08 09:48:59.994root 11241100x8000000000000000281444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de565f51e42a02282023-02-08 09:48:59.994root 11241100x8000000000000000281443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b0aba76fd3749e2023-02-08 09:48:59.994root 11241100x8000000000000000281442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88db00019e0b8382023-02-08 09:48:59.994root 11241100x8000000000000000281441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409f4819d71ee6882023-02-08 09:48:59.994root 11241100x8000000000000000281440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8955f6125a233592023-02-08 09:48:59.994root 11241100x8000000000000000281439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9631875a8a694942023-02-08 09:48:59.994root 11241100x8000000000000000281438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5a468d4697855b2023-02-08 09:48:59.994root 11241100x8000000000000000281437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6e2d394cb7ec9a2023-02-08 09:48:59.994root 11241100x8000000000000000281436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61008183cef1c65f2023-02-08 09:48:59.994root 11241100x8000000000000000281435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f24fede6f160b0f2023-02-08 09:48:59.994root 11241100x8000000000000000281434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533cd7cb899913c42023-02-08 09:48:59.994root 11241100x8000000000000000281455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430ad76347ea25252023-02-08 09:48:59.995root 11241100x8000000000000000281454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b389186f5d6a03a2023-02-08 09:48:59.995root 11241100x8000000000000000281453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a6acb0f99cfdd02023-02-08 09:48:59.995root 11241100x8000000000000000281452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b4dfcc27eef0962023-02-08 09:48:59.995root 11241100x8000000000000000281451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08090ddbf02164182023-02-08 09:48:59.995root 11241100x8000000000000000281450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de85e43c6cf8f672023-02-08 09:48:59.995root 11241100x8000000000000000281449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ad5b8c40f6b73b2023-02-08 09:48:59.995root 11241100x8000000000000000281448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0e86be608956c52023-02-08 09:48:59.995root 11241100x8000000000000000281447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a738a84067dc292023-02-08 09:48:59.995root 11241100x8000000000000000281446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5285e3338f18372023-02-08 09:48:59.995root 11241100x8000000000000000281463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5df6719ffaf64492023-02-08 09:48:59.996root 11241100x8000000000000000281462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4e1ea43d6f2bd02023-02-08 09:48:59.996root 11241100x8000000000000000281461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21882d014160d1cd2023-02-08 09:48:59.996root 11241100x8000000000000000281460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668db7ad7c8c7fb2023-02-08 09:48:59.996root 11241100x8000000000000000281459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9e00f408ff64c82023-02-08 09:48:59.996root 11241100x8000000000000000281458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79afbfdee7f8db852023-02-08 09:48:59.996root 11241100x8000000000000000281457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929d65bd8e61d532023-02-08 09:48:59.996root 11241100x8000000000000000281456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd4b122958bdc152023-02-08 09:48:59.996root 11241100x8000000000000000281466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4b30983c4297ba2023-02-08 09:48:59.997root 11241100x8000000000000000281465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e41dbe95a3ded32023-02-08 09:48:59.997root 11241100x8000000000000000281464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:48:59.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e52f5aa4ae09a12023-02-08 09:48:59.997root 354300x8000000000000000281467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.155{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53060-false10.0.1.12-8000- 11241100x8000000000000000281474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da30e21ea9aade2023-02-08 09:49:00.484root 11241100x8000000000000000281473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba5ca8d9b2fee4d2023-02-08 09:49:00.484root 11241100x8000000000000000281472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbfa1532b9f84282023-02-08 09:49:00.484root 11241100x8000000000000000281471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86e658f6c0090862023-02-08 09:49:00.484root 11241100x8000000000000000281470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3180aaacdd9e93fc2023-02-08 09:49:00.484root 11241100x8000000000000000281469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2580a262750ad0192023-02-08 09:49:00.484root 11241100x8000000000000000281468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cbc375e98313a62023-02-08 09:49:00.484root 11241100x8000000000000000281483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6329e31ee9e594232023-02-08 09:49:00.485root 11241100x8000000000000000281482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f96c8720ec8ce232023-02-08 09:49:00.485root 11241100x8000000000000000281481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c4fe938bac85392023-02-08 09:49:00.485root 11241100x8000000000000000281480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2be9b41c582c3a32023-02-08 09:49:00.485root 11241100x8000000000000000281479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3285eff1d950592e2023-02-08 09:49:00.485root 11241100x8000000000000000281478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28234ab5070d0702023-02-08 09:49:00.485root 11241100x8000000000000000281477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03253a3bdd667b8c2023-02-08 09:49:00.485root 11241100x8000000000000000281476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2284340771a8a72023-02-08 09:49:00.485root 11241100x8000000000000000281475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15635e5196ec850c2023-02-08 09:49:00.485root 11241100x8000000000000000281495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc24fef212576462023-02-08 09:49:00.486root 11241100x8000000000000000281494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c0a72d1dc83e6b2023-02-08 09:49:00.486root 11241100x8000000000000000281493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450972c850b0bcfe2023-02-08 09:49:00.486root 11241100x8000000000000000281492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7aef1e0d6353102023-02-08 09:49:00.486root 11241100x8000000000000000281491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d70a2ff0394dfa2023-02-08 09:49:00.486root 11241100x8000000000000000281490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3f4090dc819a482023-02-08 09:49:00.486root 11241100x8000000000000000281489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fef3b6451696db32023-02-08 09:49:00.486root 11241100x8000000000000000281488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fffaaaaf1808fb52023-02-08 09:49:00.486root 11241100x8000000000000000281487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0343509a69a4d2d2023-02-08 09:49:00.486root 11241100x8000000000000000281486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6727d8c853e570982023-02-08 09:49:00.486root 11241100x8000000000000000281485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593de9e6b3d6198a2023-02-08 09:49:00.486root 11241100x8000000000000000281484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488dec591a3976412023-02-08 09:49:00.486root 11241100x8000000000000000281501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093ad76ef3f2d4282023-02-08 09:49:00.487root 11241100x8000000000000000281500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a309faba36db8b2023-02-08 09:49:00.487root 11241100x8000000000000000281499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87839d13e0f92a0a2023-02-08 09:49:00.487root 11241100x8000000000000000281498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa164cf0d5abfc02023-02-08 09:49:00.487root 11241100x8000000000000000281497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603aa3c706f951532023-02-08 09:49:00.487root 11241100x8000000000000000281496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3466e0aba07515eb2023-02-08 09:49:00.487root 11241100x8000000000000000281506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3d1e45c21ecb62023-02-08 09:49:00.488root 11241100x8000000000000000281505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6214f27d8c1e7862023-02-08 09:49:00.488root 11241100x8000000000000000281504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e162767f4a9a372023-02-08 09:49:00.488root 11241100x8000000000000000281503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4d7304b2a19adc2023-02-08 09:49:00.488root 11241100x8000000000000000281502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19682ac9ab7b9f4c2023-02-08 09:49:00.488root 11241100x8000000000000000281509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adad65459c0ab592023-02-08 09:49:00.489root 11241100x8000000000000000281508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e058483ec32f71072023-02-08 09:49:00.489root 11241100x8000000000000000281507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917d979eec824cbf2023-02-08 09:49:00.489root 11241100x8000000000000000281513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5635764e0bb0ec9c2023-02-08 09:49:00.984root 11241100x8000000000000000281512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e94db373a273632023-02-08 09:49:00.984root 11241100x8000000000000000281511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e773e48a07a6e2023-02-08 09:49:00.984root 11241100x8000000000000000281510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec626a95dba992b2023-02-08 09:49:00.984root 11241100x8000000000000000281522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cbba02bae680182023-02-08 09:49:00.985root 11241100x8000000000000000281521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f049e3b93453b0c2023-02-08 09:49:00.985root 11241100x8000000000000000281520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f3b7038e8767202023-02-08 09:49:00.985root 11241100x8000000000000000281519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86d1cd873c90c4b2023-02-08 09:49:00.985root 11241100x8000000000000000281518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48af3159ed5d4582023-02-08 09:49:00.985root 11241100x8000000000000000281517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56e1589a63fcae02023-02-08 09:49:00.985root 11241100x8000000000000000281516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f743cc888fe346992023-02-08 09:49:00.985root 11241100x8000000000000000281515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e224aff8c9342d192023-02-08 09:49:00.985root 11241100x8000000000000000281514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed3073d290034382023-02-08 09:49:00.985root 11241100x8000000000000000281531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63b229c0a3d83c32023-02-08 09:49:00.986root 11241100x8000000000000000281530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9581c729b8d43472023-02-08 09:49:00.986root 11241100x8000000000000000281529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543725fc7b3249cd2023-02-08 09:49:00.986root 11241100x8000000000000000281528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb6b6f22f4cd8d32023-02-08 09:49:00.986root 11241100x8000000000000000281527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2999c13bb999c4562023-02-08 09:49:00.986root 11241100x8000000000000000281526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60a4886bb9f4762023-02-08 09:49:00.986root 11241100x8000000000000000281525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887cd303d2cb9a5e2023-02-08 09:49:00.986root 11241100x8000000000000000281524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdda9e36475207e52023-02-08 09:49:00.986root 11241100x8000000000000000281523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdcfb9d5c82aa922023-02-08 09:49:00.986root 11241100x8000000000000000281541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e016be8c5466c32023-02-08 09:49:00.987root 11241100x8000000000000000281540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f9988daa8f0d852023-02-08 09:49:00.987root 11241100x8000000000000000281539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c9c4855165df252023-02-08 09:49:00.987root 11241100x8000000000000000281538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e88945787bdbfe2023-02-08 09:49:00.987root 11241100x8000000000000000281537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b160a1158e401f102023-02-08 09:49:00.987root 11241100x8000000000000000281536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df1c805f7b2505b2023-02-08 09:49:00.987root 11241100x8000000000000000281535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cceb4532dcedf62023-02-08 09:49:00.987root 11241100x8000000000000000281534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20670e2e06a6d94f2023-02-08 09:49:00.987root 11241100x8000000000000000281533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dd2d6073716a932023-02-08 09:49:00.987root 11241100x8000000000000000281532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4234bb9112ba8ac52023-02-08 09:49:00.987root 11241100x8000000000000000281550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c827e6677d5a02023-02-08 09:49:00.988root 11241100x8000000000000000281549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe538e5305d9122023-02-08 09:49:00.988root 11241100x8000000000000000281548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f29aee7ba856fed2023-02-08 09:49:00.988root 11241100x8000000000000000281547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d994f9489151042023-02-08 09:49:00.988root 11241100x8000000000000000281546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ebf1023d7587a2023-02-08 09:49:00.988root 11241100x8000000000000000281545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7691d5be88f6b69c2023-02-08 09:49:00.988root 11241100x8000000000000000281544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8a1b3fdb8196182023-02-08 09:49:00.988root 11241100x8000000000000000281543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c11a0aab1d36b82023-02-08 09:49:00.988root 11241100x8000000000000000281542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c22ee42e573dc0d2023-02-08 09:49:00.988root 11241100x8000000000000000281551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc2a228d097345a2023-02-08 09:49:00.989root 11241100x8000000000000000281555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947e49ef8699c8e52023-02-08 09:49:00.990root 11241100x8000000000000000281554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853f7acd7bfb79ea2023-02-08 09:49:00.990root 11241100x8000000000000000281553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb24588ada05fbc2023-02-08 09:49:00.990root 11241100x8000000000000000281552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af11b4699ff68e22023-02-08 09:49:00.990root 11241100x8000000000000000281557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735c8f50542ab4552023-02-08 09:49:00.991root 11241100x8000000000000000281556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:00.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28a07bd0f2dc8f32023-02-08 09:49:00.991root 154100x8000000000000000281558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.345{ec2a0601-700d-63e3-8881-91405f550000}5937/bin/lsblk-----lsblk/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash-bashubuntu 11241100x8000000000000000281568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1e74a273f09a952023-02-08 09:49:01.349root 11241100x8000000000000000281567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78edb298b0dcae5a2023-02-08 09:49:01.349root 11241100x8000000000000000281566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79238c8ab5cb85b2023-02-08 09:49:01.349root 11241100x8000000000000000281565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02387978f4f87d092023-02-08 09:49:01.349root 11241100x8000000000000000281564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894ab77b60e3ff632023-02-08 09:49:01.349root 11241100x8000000000000000281563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc1d2b6812f5642023-02-08 09:49:01.349root 11241100x8000000000000000281562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fd11894a87178b2023-02-08 09:49:01.349root 11241100x8000000000000000281561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fe3525020285172023-02-08 09:49:01.349root 11241100x8000000000000000281560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2def37278f9db1602023-02-08 09:49:01.349root 11241100x8000000000000000281559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.349{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b735ce8e3e855d5a2023-02-08 09:49:01.349root 11241100x8000000000000000281574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a339022cb97b6a42023-02-08 09:49:01.351root 11241100x8000000000000000281573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51eedc58630f51ec2023-02-08 09:49:01.351root 11241100x8000000000000000281572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758b4c1a1ad519f22023-02-08 09:49:01.351root 11241100x8000000000000000281571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33537cc9fad2af82023-02-08 09:49:01.351root 11241100x8000000000000000281570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d058b8a54c153e9c2023-02-08 09:49:01.351root 11241100x8000000000000000281569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.351{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd649fcae19ba2cb2023-02-08 09:49:01.351root 11241100x8000000000000000281580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af8c037ed3192392023-02-08 09:49:01.352root 11241100x8000000000000000281579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e69a3eafc07d632023-02-08 09:49:01.352root 11241100x8000000000000000281578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d7f2abacbed682023-02-08 09:49:01.352root 11241100x8000000000000000281577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13533af508875f32023-02-08 09:49:01.352root 11241100x8000000000000000281576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5b04c16de177712023-02-08 09:49:01.352root 11241100x8000000000000000281575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.352{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529e933f121c03b62023-02-08 09:49:01.352root 11241100x8000000000000000281588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74d6524053dcbd62023-02-08 09:49:01.353root 11241100x8000000000000000281587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330ea65e9f476192023-02-08 09:49:01.353root 11241100x8000000000000000281586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd2ab73d2a9e9d2023-02-08 09:49:01.353root 11241100x8000000000000000281585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0e533591c2f6a32023-02-08 09:49:01.353root 11241100x8000000000000000281584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb80447a317520292023-02-08 09:49:01.353root 11241100x8000000000000000281583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132bd493457496162023-02-08 09:49:01.353root 11241100x8000000000000000281582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0a9b90fff46b692023-02-08 09:49:01.353root 11241100x8000000000000000281581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.353{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc302f85d5e6a82023-02-08 09:49:01.353root 534500x8000000000000000281596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-700d-63e3-8881-91405f550000}5937/bin/lsblkubuntu 11241100x8000000000000000281595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfcfbae3f49bcd12023-02-08 09:49:01.354root 11241100x8000000000000000281594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408db51be6751162023-02-08 09:49:01.354root 11241100x8000000000000000281593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37045af6199cee992023-02-08 09:49:01.354root 11241100x8000000000000000281592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf4f7da8cb6613b2023-02-08 09:49:01.354root 11241100x8000000000000000281591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0882ff737e0a85e92023-02-08 09:49:01.354root 11241100x8000000000000000281590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67813eea1e94babb2023-02-08 09:49:01.354root 11241100x8000000000000000281589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.354{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e6336acf3e44b62023-02-08 09:49:01.354root 11241100x8000000000000000281604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82715a5107cef92d2023-02-08 09:49:01.355root 11241100x8000000000000000281603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c487a4db9458dab2023-02-08 09:49:01.355root 11241100x8000000000000000281602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3f9ab842dac8162023-02-08 09:49:01.355root 11241100x8000000000000000281601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e575119d56ed4e2023-02-08 09:49:01.355root 11241100x8000000000000000281600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853a0beb3e8e54f22023-02-08 09:49:01.355root 11241100x8000000000000000281599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00ee30742e62d62023-02-08 09:49:01.355root 11241100x8000000000000000281598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a838433c3fa792ce2023-02-08 09:49:01.355root 11241100x8000000000000000281597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.355{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74c2b3e46db1aa32023-02-08 09:49:01.355root 11241100x8000000000000000281617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4124404532ad4a5f2023-02-08 09:49:01.356root 11241100x8000000000000000281616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b7b0fdc8bdf6362023-02-08 09:49:01.356root 11241100x8000000000000000281615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13dabd3915669012023-02-08 09:49:01.356root 11241100x8000000000000000281614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4699c4bc038c082023-02-08 09:49:01.356root 11241100x8000000000000000281613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba5221879ca11a2023-02-08 09:49:01.356root 11241100x8000000000000000281612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d232ffdc3fa79882023-02-08 09:49:01.356root 11241100x8000000000000000281611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae90061f519290802023-02-08 09:49:01.356root 11241100x8000000000000000281610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc280662032e8bcb2023-02-08 09:49:01.356root 11241100x8000000000000000281609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f3ef2ea0237a072023-02-08 09:49:01.356root 11241100x8000000000000000281608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069119daeab677bc2023-02-08 09:49:01.356root 11241100x8000000000000000281607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba569f3b47fd20c32023-02-08 09:49:01.356root 11241100x8000000000000000281606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bc2454dae6ca2c2023-02-08 09:49:01.356root 11241100x8000000000000000281605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.356{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e5b371d6d09ef72023-02-08 09:49:01.356root 11241100x8000000000000000281622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c99e51c931b72152023-02-08 09:49:01.735root 11241100x8000000000000000281621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f805d92d226c512023-02-08 09:49:01.735root 11241100x8000000000000000281620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8279053d2cb3b712023-02-08 09:49:01.735root 11241100x8000000000000000281619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e95d4cae0792ec2023-02-08 09:49:01.735root 11241100x8000000000000000281618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012af9ab64277e532023-02-08 09:49:01.735root 11241100x8000000000000000281630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c48f003300f6462023-02-08 09:49:01.736root 11241100x8000000000000000281629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40597e7f46a20292023-02-08 09:49:01.736root 11241100x8000000000000000281628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a58b4152fc023f2023-02-08 09:49:01.736root 11241100x8000000000000000281627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9499e40d9fb9fb92023-02-08 09:49:01.736root 11241100x8000000000000000281626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f707bb4551c7db12023-02-08 09:49:01.736root 11241100x8000000000000000281625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f3d8c3baeaabb92023-02-08 09:49:01.736root 11241100x8000000000000000281624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f560873c69ebb2023-02-08 09:49:01.736root 11241100x8000000000000000281623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d87a3dcb6f225b2023-02-08 09:49:01.736root 11241100x8000000000000000281631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f9daea6f9f5ad12023-02-08 09:49:01.737root 11241100x8000000000000000281638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e733108f497b042023-02-08 09:49:01.738root 11241100x8000000000000000281637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ad967e81dbec1b2023-02-08 09:49:01.738root 11241100x8000000000000000281636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043f158fd227acf02023-02-08 09:49:01.738root 11241100x8000000000000000281635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98a991fc1b9e2662023-02-08 09:49:01.738root 11241100x8000000000000000281634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902223aa7b3203e22023-02-08 09:49:01.738root 11241100x8000000000000000281633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c18fa51ac222f02023-02-08 09:49:01.738root 11241100x8000000000000000281632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66032ac2bced9b62023-02-08 09:49:01.738root 11241100x8000000000000000281639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b213ba457f4d82023-02-08 09:49:01.739root 11241100x8000000000000000281645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bad6077cf425c52023-02-08 09:49:01.740root 11241100x8000000000000000281644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7807f1203297a67e2023-02-08 09:49:01.740root 11241100x8000000000000000281643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99756cd8bfa8712023-02-08 09:49:01.740root 11241100x8000000000000000281642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306593e902dcb01b2023-02-08 09:49:01.740root 11241100x8000000000000000281641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad801d574aaabf12023-02-08 09:49:01.740root 11241100x8000000000000000281640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197c3e40c02183992023-02-08 09:49:01.740root 11241100x8000000000000000281649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e8bdc52b28be42023-02-08 09:49:01.741root 11241100x8000000000000000281648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2534040a5f92df2023-02-08 09:49:01.741root 11241100x8000000000000000281647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c090baacda5d8e92023-02-08 09:49:01.741root 11241100x8000000000000000281646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7781ab467266e8262023-02-08 09:49:01.741root 11241100x8000000000000000281652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9d1d8bd83f53d42023-02-08 09:49:01.742root 11241100x8000000000000000281651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f910ad66fbe22e72023-02-08 09:49:01.742root 11241100x8000000000000000281650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0409d1fe05c947ac2023-02-08 09:49:01.742root 11241100x8000000000000000281660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43f7ce872f119692023-02-08 09:49:01.746root 11241100x8000000000000000281659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bd9a27a240832d2023-02-08 09:49:01.746root 11241100x8000000000000000281658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72d4c68fad75b7c2023-02-08 09:49:01.746root 11241100x8000000000000000281657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ced79dae24d28d92023-02-08 09:49:01.746root 11241100x8000000000000000281656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963347d64adbd4032023-02-08 09:49:01.746root 11241100x8000000000000000281655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371f1d0f6fead6552023-02-08 09:49:01.746root 11241100x8000000000000000281654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f11a4066d290b82023-02-08 09:49:01.746root 11241100x8000000000000000281653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885a1f60a4b5dd9f2023-02-08 09:49:01.746root 11241100x8000000000000000281662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7549d2db1d0596c2023-02-08 09:49:01.747root 11241100x8000000000000000281661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5a09b36f5ca4d92023-02-08 09:49:01.747root 11241100x8000000000000000281671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ab70edec97c0b12023-02-08 09:49:01.748root 11241100x8000000000000000281670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac521cdecc9ef1f2023-02-08 09:49:01.748root 11241100x8000000000000000281669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a297fa741259012023-02-08 09:49:01.748root 11241100x8000000000000000281668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc57883c99a00582023-02-08 09:49:01.748root 11241100x8000000000000000281667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626b34eeb81619812023-02-08 09:49:01.748root 11241100x8000000000000000281666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad9618ad692e0992023-02-08 09:49:01.748root 11241100x8000000000000000281665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8325a14fe898026c2023-02-08 09:49:01.748root 11241100x8000000000000000281664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59918edd9e61ff932023-02-08 09:49:01.748root 11241100x8000000000000000281663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38567377fcfcb3372023-02-08 09:49:01.748root 11241100x8000000000000000281673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3cd1702372988a2023-02-08 09:49:01.749root 11241100x8000000000000000281672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.749{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98862f5fef3138772023-02-08 09:49:01.749root 11241100x8000000000000000281676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e12b58e6edd7ed2023-02-08 09:49:01.750root 11241100x8000000000000000281675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e070fe9e6c7c2412023-02-08 09:49:01.750root 11241100x8000000000000000281674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:01.750{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f5985927f226b22023-02-08 09:49:01.750root 11241100x8000000000000000281678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11deb0d7ad4e1bd2023-02-08 09:49:02.234root 11241100x8000000000000000281677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a208e42550d728a2023-02-08 09:49:02.234root 11241100x8000000000000000281686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decb170f5f1314582023-02-08 09:49:02.235root 11241100x8000000000000000281685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70480ecbce37acd52023-02-08 09:49:02.235root 11241100x8000000000000000281684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c9c35db76d0ce92023-02-08 09:49:02.235root 11241100x8000000000000000281683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f0183896afbaf2023-02-08 09:49:02.235root 11241100x8000000000000000281682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5530fcc78b61e6b2023-02-08 09:49:02.235root 11241100x8000000000000000281681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16de76319546c9e2023-02-08 09:49:02.235root 11241100x8000000000000000281680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f9021cdbb6e972023-02-08 09:49:02.235root 11241100x8000000000000000281679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d1be466e6b80882023-02-08 09:49:02.235root 11241100x8000000000000000281694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d68cb7fcf64780c2023-02-08 09:49:02.236root 11241100x8000000000000000281693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5024f65dbb9fa3aa2023-02-08 09:49:02.236root 11241100x8000000000000000281692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b63a4607e06bd32023-02-08 09:49:02.236root 11241100x8000000000000000281691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7700ac5651d71672023-02-08 09:49:02.236root 11241100x8000000000000000281690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6895d43c2910ef2023-02-08 09:49:02.236root 11241100x8000000000000000281689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c13e94913038ede2023-02-08 09:49:02.236root 11241100x8000000000000000281688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3605a18b1fc380682023-02-08 09:49:02.236root 11241100x8000000000000000281687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fa1e4d2c68f4f42023-02-08 09:49:02.236root 11241100x8000000000000000281699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795dec74251e75132023-02-08 09:49:02.237root 11241100x8000000000000000281698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4088749ca045082023-02-08 09:49:02.237root 11241100x8000000000000000281697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc1fa42fafb7e3d2023-02-08 09:49:02.237root 11241100x8000000000000000281696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3cd219bad544052023-02-08 09:49:02.237root 11241100x8000000000000000281695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9feb8a76b965fd2023-02-08 09:49:02.237root 11241100x8000000000000000281707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648874b996c0fbf82023-02-08 09:49:02.238root 11241100x8000000000000000281706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5670dd7a14917eb2023-02-08 09:49:02.238root 11241100x8000000000000000281705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e4fe1ac04ff0262023-02-08 09:49:02.238root 11241100x8000000000000000281704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34c6e7d2b024c3a2023-02-08 09:49:02.238root 11241100x8000000000000000281703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b385b07a94811b2023-02-08 09:49:02.238root 11241100x8000000000000000281702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc2ed52df456fb2023-02-08 09:49:02.238root 11241100x8000000000000000281701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac07348ec3d582f2023-02-08 09:49:02.238root 11241100x8000000000000000281700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e736c8e670ccb892023-02-08 09:49:02.238root 11241100x8000000000000000281715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89697fe708283c2023-02-08 09:49:02.239root 11241100x8000000000000000281714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff47c7f5578b4f482023-02-08 09:49:02.239root 11241100x8000000000000000281713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70726c0b3c67c89b2023-02-08 09:49:02.239root 11241100x8000000000000000281712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94cf2b4db9c64572023-02-08 09:49:02.239root 11241100x8000000000000000281711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c91db7f3c8eef702023-02-08 09:49:02.239root 11241100x8000000000000000281710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f606e1c28ad2742023-02-08 09:49:02.239root 11241100x8000000000000000281709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1d0e62c4bc6ab2023-02-08 09:49:02.239root 11241100x8000000000000000281708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7938951479bcd52023-02-08 09:49:02.239root 11241100x8000000000000000281722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9438489902f63d2023-02-08 09:49:02.240root 11241100x8000000000000000281721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dfa353069d54e62023-02-08 09:49:02.240root 11241100x8000000000000000281720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59bd2213c8a6d0f2023-02-08 09:49:02.240root 11241100x8000000000000000281719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde1da8bad48e5172023-02-08 09:49:02.240root 11241100x8000000000000000281718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518319488f18a05f2023-02-08 09:49:02.240root 11241100x8000000000000000281717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a68f782765eb3f2023-02-08 09:49:02.240root 11241100x8000000000000000281716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a404e92ddbf9c222023-02-08 09:49:02.240root 11241100x8000000000000000281729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61702da6d87eca382023-02-08 09:49:02.241root 11241100x8000000000000000281728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beab3da2c972e762023-02-08 09:49:02.241root 11241100x8000000000000000281727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512e5089be2055f72023-02-08 09:49:02.241root 11241100x8000000000000000281726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772e311fc861aee12023-02-08 09:49:02.241root 11241100x8000000000000000281725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d6af68a2bc50992023-02-08 09:49:02.241root 11241100x8000000000000000281724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6984f2b3673e07862023-02-08 09:49:02.241root 11241100x8000000000000000281723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7882283cf7d641852023-02-08 09:49:02.241root 11241100x8000000000000000281739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67766b1744310b972023-02-08 09:49:02.242root 11241100x8000000000000000281738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587d4ed494a71ab22023-02-08 09:49:02.242root 11241100x8000000000000000281737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a22db59fc87f88a2023-02-08 09:49:02.242root 11241100x8000000000000000281736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb9d8cd76f5cd3d2023-02-08 09:49:02.242root 11241100x8000000000000000281735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd563630a8e0e8902023-02-08 09:49:02.242root 11241100x8000000000000000281734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5ab44572b18eb02023-02-08 09:49:02.242root 11241100x8000000000000000281733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9db528a58aadc512023-02-08 09:49:02.242root 11241100x8000000000000000281732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b497cbce840322023-02-08 09:49:02.242root 11241100x8000000000000000281731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d3a4ef060f3ccc2023-02-08 09:49:02.242root 11241100x8000000000000000281730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4956500df009ab3b2023-02-08 09:49:02.242root 11241100x8000000000000000281740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864308a9530b2b1b2023-02-08 09:49:02.243root 11241100x8000000000000000281742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1a7076d525ad832023-02-08 09:49:02.246root 11241100x8000000000000000281741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e73db7e3cd7a71b2023-02-08 09:49:02.246root 11241100x8000000000000000281744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2548262a0d78329d2023-02-08 09:49:02.247root 11241100x8000000000000000281743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d700ebf73a3f55522023-02-08 09:49:02.247root 11241100x8000000000000000281745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.248{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be3b5a334594b5f2023-02-08 09:49:02.248root 11241100x8000000000000000281746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.249{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77cbfc9335147222023-02-08 09:49:02.249root 11241100x8000000000000000281749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369a6e3e0ec19a8d2023-02-08 09:49:02.250root 11241100x8000000000000000281748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0445e87d116385962023-02-08 09:49:02.250root 11241100x8000000000000000281747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.250{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6c7ed3c09121052023-02-08 09:49:02.250root 11241100x8000000000000000281751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5933abed138f95fd2023-02-08 09:49:02.251root 11241100x8000000000000000281750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.251{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e44749f387094732023-02-08 09:49:02.251root 11241100x8000000000000000281752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da9aa6375dbe18c2023-02-08 09:49:02.734root 11241100x8000000000000000281755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5d4255e710312b2023-02-08 09:49:02.735root 11241100x8000000000000000281754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2564489b37e49fa42023-02-08 09:49:02.735root 11241100x8000000000000000281753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bb0a8a4db25c352023-02-08 09:49:02.735root 11241100x8000000000000000281759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930de910ffacfa602023-02-08 09:49:02.736root 11241100x8000000000000000281758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9885ad93a99e286d2023-02-08 09:49:02.736root 11241100x8000000000000000281757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875fea18cd1644132023-02-08 09:49:02.736root 11241100x8000000000000000281756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234aa8daab023b972023-02-08 09:49:02.736root 11241100x8000000000000000281767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c9f1319bf824682023-02-08 09:49:02.737root 11241100x8000000000000000281766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe5b60f4369f1332023-02-08 09:49:02.737root 11241100x8000000000000000281765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a95fd13f763f4f2023-02-08 09:49:02.737root 11241100x8000000000000000281764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80aaf238ec564f72023-02-08 09:49:02.737root 11241100x8000000000000000281763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365915a8198c237f2023-02-08 09:49:02.737root 11241100x8000000000000000281762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8feec8b655cb702023-02-08 09:49:02.737root 11241100x8000000000000000281761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37237b75685022d32023-02-08 09:49:02.737root 11241100x8000000000000000281760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2609115bb314a42023-02-08 09:49:02.737root 11241100x8000000000000000281775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80522fedaf3bc09d2023-02-08 09:49:02.738root 11241100x8000000000000000281774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30d5cb857cb01712023-02-08 09:49:02.738root 11241100x8000000000000000281773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311fe23e6b361cf32023-02-08 09:49:02.738root 11241100x8000000000000000281772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3cd6e458dd11612023-02-08 09:49:02.738root 11241100x8000000000000000281771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab6019af84f26f02023-02-08 09:49:02.738root 11241100x8000000000000000281770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc3f4d8c73e4be2023-02-08 09:49:02.738root 11241100x8000000000000000281769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1455fdf4b6b06032023-02-08 09:49:02.738root 11241100x8000000000000000281768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b41f399e6d5762023-02-08 09:49:02.738root 11241100x8000000000000000281782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d991dd5d4043ee6f2023-02-08 09:49:02.739root 11241100x8000000000000000281781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0369c7ee4cc708b2023-02-08 09:49:02.739root 11241100x8000000000000000281780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf7e7bc9df18b512023-02-08 09:49:02.739root 11241100x8000000000000000281779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1928daa93b10e8402023-02-08 09:49:02.739root 11241100x8000000000000000281778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea65695ba506be92023-02-08 09:49:02.739root 11241100x8000000000000000281777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856ad3b407a28eb2023-02-08 09:49:02.739root 11241100x8000000000000000281776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216a3e62d44556102023-02-08 09:49:02.739root 11241100x8000000000000000281790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682a64836fe0df7a2023-02-08 09:49:02.740root 11241100x8000000000000000281789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7938c2d4d0b590672023-02-08 09:49:02.740root 11241100x8000000000000000281788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5437555dc6cbd6b2023-02-08 09:49:02.740root 11241100x8000000000000000281787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f560e47025e55a82023-02-08 09:49:02.740root 11241100x8000000000000000281786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25b95e05f8148b92023-02-08 09:49:02.740root 11241100x8000000000000000281785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4056ee14a784ac32023-02-08 09:49:02.740root 11241100x8000000000000000281784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c314cb31ff7e4992023-02-08 09:49:02.740root 11241100x8000000000000000281783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683107302e407b522023-02-08 09:49:02.740root 11241100x8000000000000000281798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac105fa8a1d64f32023-02-08 09:49:02.741root 11241100x8000000000000000281797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129c8c0c31a9dc722023-02-08 09:49:02.741root 11241100x8000000000000000281796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8c1aec46a139af2023-02-08 09:49:02.741root 11241100x8000000000000000281795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2e719e06a879a22023-02-08 09:49:02.741root 11241100x8000000000000000281794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42da6461053187c42023-02-08 09:49:02.741root 11241100x8000000000000000281793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315f275cf135321e2023-02-08 09:49:02.741root 11241100x8000000000000000281792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d4a1573a78d9372023-02-08 09:49:02.741root 11241100x8000000000000000281791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a93bbffbd05bf9e2023-02-08 09:49:02.741root 11241100x8000000000000000281800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c046b685a1c1b74f2023-02-08 09:49:02.742root 11241100x8000000000000000281799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:02.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8433fae365480e572023-02-08 09:49:02.742root 11241100x8000000000000000281803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5828765b336a452023-02-08 09:49:03.234root 11241100x8000000000000000281802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cbbc7c655e2dd2023-02-08 09:49:03.234root 11241100x8000000000000000281801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52375b756bf3b4022023-02-08 09:49:03.234root 11241100x8000000000000000281814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1850300723f59b4d2023-02-08 09:49:03.235root 11241100x8000000000000000281813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67caf5b91dc689d2023-02-08 09:49:03.235root 11241100x8000000000000000281812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c6883852be7f0c2023-02-08 09:49:03.235root 11241100x8000000000000000281811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414b334a3d06b2792023-02-08 09:49:03.235root 11241100x8000000000000000281810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a7098a7a3920a62023-02-08 09:49:03.235root 11241100x8000000000000000281809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c14a50e1e86b52023-02-08 09:49:03.235root 11241100x8000000000000000281808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab254d622d352d5b2023-02-08 09:49:03.235root 11241100x8000000000000000281807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418fe9b80bf07e7e2023-02-08 09:49:03.235root 11241100x8000000000000000281806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b2ad3e9df868492023-02-08 09:49:03.235root 11241100x8000000000000000281805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce8e1ac2c077a72023-02-08 09:49:03.235root 11241100x8000000000000000281804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6accf93c07f960482023-02-08 09:49:03.235root 11241100x8000000000000000281820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e72177b7fc9afc52023-02-08 09:49:03.236root 11241100x8000000000000000281819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645620a9eaf6620b2023-02-08 09:49:03.236root 11241100x8000000000000000281818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a6e900fdb3d5fa2023-02-08 09:49:03.236root 11241100x8000000000000000281817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01215fde9519f6272023-02-08 09:49:03.236root 11241100x8000000000000000281816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832db0eaea4c80c72023-02-08 09:49:03.236root 11241100x8000000000000000281815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0276a8aa6cd712023-02-08 09:49:03.236root 11241100x8000000000000000281824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4878aa83d7a27a642023-02-08 09:49:03.237root 11241100x8000000000000000281823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f01a9c93e27e9042023-02-08 09:49:03.237root 11241100x8000000000000000281822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d963accc2cea3d0e2023-02-08 09:49:03.237root 11241100x8000000000000000281821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a471a2e133596bd92023-02-08 09:49:03.237root 11241100x8000000000000000281829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05547c6873acd8312023-02-08 09:49:03.238root 11241100x8000000000000000281828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785ee1a618315e032023-02-08 09:49:03.238root 11241100x8000000000000000281827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69915dcd931e6ad72023-02-08 09:49:03.238root 11241100x8000000000000000281826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5c8799fad6ee312023-02-08 09:49:03.238root 11241100x8000000000000000281825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29df428edfcf78912023-02-08 09:49:03.238root 11241100x8000000000000000281833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669d8b3f74563b4a2023-02-08 09:49:03.239root 11241100x8000000000000000281832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929fd128a03efd5e2023-02-08 09:49:03.239root 11241100x8000000000000000281831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a6721a60bdba02023-02-08 09:49:03.239root 11241100x8000000000000000281830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e51b8d0dec4cfe92023-02-08 09:49:03.239root 11241100x8000000000000000281835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7260ec51df6e4082023-02-08 09:49:03.240root 11241100x8000000000000000281834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325c540a182fefbb2023-02-08 09:49:03.240root 11241100x8000000000000000281836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8231c3413708f9a82023-02-08 09:49:03.241root 11241100x8000000000000000281843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4e5eeecb7c9d502023-02-08 09:49:03.242root 11241100x8000000000000000281842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8464828340641df2023-02-08 09:49:03.242root 11241100x8000000000000000281841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dc56f7cee95bd82023-02-08 09:49:03.242root 11241100x8000000000000000281840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b3589f4487643b2023-02-08 09:49:03.242root 11241100x8000000000000000281839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a5e4e577c0dd932023-02-08 09:49:03.242root 11241100x8000000000000000281838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4700054968d8127f2023-02-08 09:49:03.242root 11241100x8000000000000000281837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a320b935a09de21f2023-02-08 09:49:03.242root 11241100x8000000000000000281851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42b086bb5d429822023-02-08 09:49:03.243root 11241100x8000000000000000281850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e2c172aada94df2023-02-08 09:49:03.243root 11241100x8000000000000000281849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44deecb23f40662d2023-02-08 09:49:03.243root 11241100x8000000000000000281848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c82ab8ba5a02252023-02-08 09:49:03.243root 11241100x8000000000000000281847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbaae9648b62d32c2023-02-08 09:49:03.243root 11241100x8000000000000000281846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb57670c0623792023-02-08 09:49:03.243root 11241100x8000000000000000281845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d03c73d9fa1e1b2023-02-08 09:49:03.243root 11241100x8000000000000000281844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f402b6bb5f1892023-02-08 09:49:03.243root 11241100x8000000000000000281861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd00c4e5c53335c22023-02-08 09:49:03.244root 11241100x8000000000000000281860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1320da7e609b862023-02-08 09:49:03.244root 11241100x8000000000000000281859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b2ed05557ed712023-02-08 09:49:03.244root 11241100x8000000000000000281858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bd91778e08077b2023-02-08 09:49:03.244root 11241100x8000000000000000281857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668eb603538a8d4e2023-02-08 09:49:03.244root 11241100x8000000000000000281856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f45f8fa884b213b2023-02-08 09:49:03.244root 11241100x8000000000000000281855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb3a2f7ca77a3342023-02-08 09:49:03.244root 11241100x8000000000000000281854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1f313aa7c670eb2023-02-08 09:49:03.244root 11241100x8000000000000000281853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428d4bd8d5401af42023-02-08 09:49:03.244root 11241100x8000000000000000281852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f01561f6306cb52023-02-08 09:49:03.244root 11241100x8000000000000000281862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5148f71e77f01992023-02-08 09:49:03.245root 11241100x8000000000000000281866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e50ebf753a4ff02023-02-08 09:49:03.735root 11241100x8000000000000000281865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33221887bd419392023-02-08 09:49:03.735root 11241100x8000000000000000281864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26602b75a86c8dac2023-02-08 09:49:03.735root 11241100x8000000000000000281863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0fd0b3b0d270c12023-02-08 09:49:03.735root 11241100x8000000000000000281869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3978feea186fa522023-02-08 09:49:03.736root 11241100x8000000000000000281868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220b5a4b7dbd7672023-02-08 09:49:03.736root 11241100x8000000000000000281867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fe2bf9a487415b2023-02-08 09:49:03.736root 11241100x8000000000000000281873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297b7e2a966f29732023-02-08 09:49:03.737root 11241100x8000000000000000281872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008929f34d1e8c9f2023-02-08 09:49:03.737root 11241100x8000000000000000281871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90393be2a9731d842023-02-08 09:49:03.737root 11241100x8000000000000000281870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c524727a6f47ff62023-02-08 09:49:03.737root 11241100x8000000000000000281882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd812283e6c4a06e2023-02-08 09:49:03.738root 11241100x8000000000000000281881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0160f8f79119470f2023-02-08 09:49:03.738root 11241100x8000000000000000281880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7358af94e59c14aa2023-02-08 09:49:03.738root 11241100x8000000000000000281879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c884707b2398d13e2023-02-08 09:49:03.738root 11241100x8000000000000000281878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d1ff784ae62a702023-02-08 09:49:03.738root 11241100x8000000000000000281877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6861731c690007032023-02-08 09:49:03.738root 11241100x8000000000000000281876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c321e32875ee412023-02-08 09:49:03.738root 11241100x8000000000000000281875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7366c91958537de2023-02-08 09:49:03.738root 11241100x8000000000000000281874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291116398dd00bea2023-02-08 09:49:03.738root 11241100x8000000000000000281886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002457f24132dc6d2023-02-08 09:49:03.739root 11241100x8000000000000000281885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb82e019ec74c882023-02-08 09:49:03.739root 11241100x8000000000000000281884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699a7478a58c49112023-02-08 09:49:03.739root 11241100x8000000000000000281883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e045313aae9577592023-02-08 09:49:03.739root 11241100x8000000000000000281894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a91f3a7e228e6f2023-02-08 09:49:03.741root 11241100x8000000000000000281893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f71525c1ac47c342023-02-08 09:49:03.741root 11241100x8000000000000000281892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0cceaea41478b42023-02-08 09:49:03.741root 11241100x8000000000000000281891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f7c5da8dbd27d92023-02-08 09:49:03.741root 11241100x8000000000000000281890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa8a9f04e4e530a2023-02-08 09:49:03.741root 11241100x8000000000000000281889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de86a41ab2244f032023-02-08 09:49:03.741root 11241100x8000000000000000281888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bc45dc8f7665092023-02-08 09:49:03.741root 11241100x8000000000000000281887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815b7c5e7b5392062023-02-08 09:49:03.741root 11241100x8000000000000000281904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d194384662d6d6fb2023-02-08 09:49:03.742root 11241100x8000000000000000281903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27005dc3c10dcd4c2023-02-08 09:49:03.742root 11241100x8000000000000000281902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9016e306b320a762023-02-08 09:49:03.742root 11241100x8000000000000000281901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9991040c4fee842023-02-08 09:49:03.742root 11241100x8000000000000000281900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1d59dea776ddd42023-02-08 09:49:03.742root 11241100x8000000000000000281899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092bada4a81bbddf2023-02-08 09:49:03.742root 11241100x8000000000000000281898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62a3410a031da592023-02-08 09:49:03.742root 11241100x8000000000000000281897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd2e9f6680df9652023-02-08 09:49:03.742root 11241100x8000000000000000281896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f71a697afd94c8b2023-02-08 09:49:03.742root 11241100x8000000000000000281895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fef6660307670652023-02-08 09:49:03.742root 11241100x8000000000000000281906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1ce74a962d0fd02023-02-08 09:49:03.743root 11241100x8000000000000000281905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7644648b5fde5e2023-02-08 09:49:03.743root 11241100x8000000000000000281909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b23e8fb7ff7e4a2023-02-08 09:49:03.744root 11241100x8000000000000000281908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c72d65deae035332023-02-08 09:49:03.744root 11241100x8000000000000000281907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:03.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6fb76558ed21972023-02-08 09:49:03.744root 11241100x8000000000000000281912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b210a7630f39de2023-02-08 09:49:04.234root 11241100x8000000000000000281911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dbd7f7ecd3a7de2023-02-08 09:49:04.234root 11241100x8000000000000000281910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8378e1004956a5d12023-02-08 09:49:04.234root 11241100x8000000000000000281921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86df450007f40bc12023-02-08 09:49:04.235root 11241100x8000000000000000281920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165ba5d2f88d3ada2023-02-08 09:49:04.235root 11241100x8000000000000000281919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c91d987a053c1122023-02-08 09:49:04.235root 11241100x8000000000000000281918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86678edfcbaea1a82023-02-08 09:49:04.235root 11241100x8000000000000000281917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afa96a040be82232023-02-08 09:49:04.235root 11241100x8000000000000000281916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba31d67dfc948a32023-02-08 09:49:04.235root 11241100x8000000000000000281915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a221b04ee54aa42023-02-08 09:49:04.235root 11241100x8000000000000000281914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd535a70bec80e2d2023-02-08 09:49:04.235root 11241100x8000000000000000281913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da12279a6038e57e2023-02-08 09:49:04.235root 11241100x8000000000000000281930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5cca284a19a3652023-02-08 09:49:04.236root 11241100x8000000000000000281929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2361f583a73b9ec42023-02-08 09:49:04.236root 11241100x8000000000000000281928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd93ae54062574202023-02-08 09:49:04.236root 11241100x8000000000000000281927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bd7c728fcfcafb2023-02-08 09:49:04.236root 11241100x8000000000000000281926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb62d52ad3f23f92023-02-08 09:49:04.236root 11241100x8000000000000000281925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac178b98b0c60e72023-02-08 09:49:04.236root 11241100x8000000000000000281924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9146240c9e993242023-02-08 09:49:04.236root 11241100x8000000000000000281923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702414b6ffd89172023-02-08 09:49:04.236root 11241100x8000000000000000281922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d98b1c0f79a0af22023-02-08 09:49:04.236root 11241100x8000000000000000281938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c037cd1bc12b0e2023-02-08 09:49:04.237root 11241100x8000000000000000281937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b5baac6b3261592023-02-08 09:49:04.237root 11241100x8000000000000000281936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13838761f0c822a2023-02-08 09:49:04.237root 11241100x8000000000000000281935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a026fa0c2bf65302023-02-08 09:49:04.237root 11241100x8000000000000000281934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3634914050ff709f2023-02-08 09:49:04.237root 11241100x8000000000000000281933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c87d1ca4b0a2cb2023-02-08 09:49:04.237root 11241100x8000000000000000281932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6919af681afe492023-02-08 09:49:04.237root 11241100x8000000000000000281931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3c944f5eeb340f2023-02-08 09:49:04.237root 11241100x8000000000000000281948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c16b673b4a7ad372023-02-08 09:49:04.238root 11241100x8000000000000000281947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2625fecc5dae8552023-02-08 09:49:04.238root 11241100x8000000000000000281946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3f9845041411a22023-02-08 09:49:04.238root 11241100x8000000000000000281945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab77be48fb58f7622023-02-08 09:49:04.238root 11241100x8000000000000000281944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926593961aa73e832023-02-08 09:49:04.238root 11241100x8000000000000000281943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479bf5e0b8489852023-02-08 09:49:04.238root 11241100x8000000000000000281942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d69db77d84b9e942023-02-08 09:49:04.238root 11241100x8000000000000000281941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65e24e4af2c9ebd2023-02-08 09:49:04.238root 11241100x8000000000000000281940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3084bf7d617028352023-02-08 09:49:04.238root 11241100x8000000000000000281939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85075ea060f9e4542023-02-08 09:49:04.238root 11241100x8000000000000000281951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a0a652a033c5502023-02-08 09:49:04.239root 11241100x8000000000000000281950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5044e297362fbe82023-02-08 09:49:04.239root 11241100x8000000000000000281949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e76cb215e3b2452023-02-08 09:49:04.239root 11241100x8000000000000000281955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb8b755f7772e5c2023-02-08 09:49:04.736root 11241100x8000000000000000281954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f835a409b20672e2023-02-08 09:49:04.736root 11241100x8000000000000000281953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3c6a55e0c1207d2023-02-08 09:49:04.736root 11241100x8000000000000000281952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4f2536c17994c2023-02-08 09:49:04.736root 11241100x8000000000000000281957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ac049c0bb2e8762023-02-08 09:49:04.737root 11241100x8000000000000000281956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e8d07ade04a0fe2023-02-08 09:49:04.737root 11241100x8000000000000000281961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a927d7160ef76c2023-02-08 09:49:04.738root 11241100x8000000000000000281960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71334bfa00cc5a592023-02-08 09:49:04.738root 11241100x8000000000000000281959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59972242d45280c12023-02-08 09:49:04.738root 11241100x8000000000000000281958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315cf0fd5c6b66852023-02-08 09:49:04.738root 11241100x8000000000000000281969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a718871f6705ed582023-02-08 09:49:04.739root 11241100x8000000000000000281968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd15cae542e984e2023-02-08 09:49:04.739root 11241100x8000000000000000281967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7f89252aea40732023-02-08 09:49:04.739root 11241100x8000000000000000281966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66b687fba23f9992023-02-08 09:49:04.739root 11241100x8000000000000000281965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849b13880679a21e2023-02-08 09:49:04.739root 11241100x8000000000000000281964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471cb23a22ba0c6d2023-02-08 09:49:04.739root 11241100x8000000000000000281963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088c35ce3b8556042023-02-08 09:49:04.739root 11241100x8000000000000000281962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09988ba2bee6aab72023-02-08 09:49:04.739root 11241100x8000000000000000281981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10dd034a0563be42023-02-08 09:49:04.740root 11241100x8000000000000000281980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33621d97073d64232023-02-08 09:49:04.740root 11241100x8000000000000000281979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70ec07599a09b3f2023-02-08 09:49:04.740root 11241100x8000000000000000281978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e398407d2213f12023-02-08 09:49:04.740root 11241100x8000000000000000281977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2f8ecf4ec9d24c2023-02-08 09:49:04.740root 11241100x8000000000000000281976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8853b22201e5f1092023-02-08 09:49:04.740root 11241100x8000000000000000281975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd19f5175889bc2b2023-02-08 09:49:04.740root 11241100x8000000000000000281974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367a25288d1d48722023-02-08 09:49:04.740root 11241100x8000000000000000281973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca75e14adde40112023-02-08 09:49:04.740root 11241100x8000000000000000281972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2436bd017ed1db282023-02-08 09:49:04.740root 11241100x8000000000000000281971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb478609fe061202023-02-08 09:49:04.740root 11241100x8000000000000000281970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344cc6a634b25ce32023-02-08 09:49:04.740root 11241100x8000000000000000281994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265931868c4cfdfb2023-02-08 09:49:04.741root 11241100x8000000000000000281993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cff99b0062a44e32023-02-08 09:49:04.741root 11241100x8000000000000000281992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f90c92492d1f3d02023-02-08 09:49:04.741root 11241100x8000000000000000281991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e378e521df51692023-02-08 09:49:04.741root 11241100x8000000000000000281990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8dae78853b18742023-02-08 09:49:04.741root 11241100x8000000000000000281989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d2cddeff935b6c2023-02-08 09:49:04.741root 11241100x8000000000000000281988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b37a12c97f5ca082023-02-08 09:49:04.741root 11241100x8000000000000000281987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5ed5e60b4d93652023-02-08 09:49:04.741root 11241100x8000000000000000281986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46f78b4b6b28d1a2023-02-08 09:49:04.741root 11241100x8000000000000000281985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f44dc71b900de962023-02-08 09:49:04.741root 11241100x8000000000000000281984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438a4401eede0e382023-02-08 09:49:04.741root 11241100x8000000000000000281983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d391cbc76adcc92023-02-08 09:49:04.741root 11241100x8000000000000000281982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfe6755cb2545c42023-02-08 09:49:04.741root 11241100x8000000000000000281996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b7c0649ef01ee62023-02-08 09:49:04.742root 11241100x8000000000000000281995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:04.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52281af16d9dedfa2023-02-08 09:49:04.742root 11241100x8000000000000000281998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20c181b9fe1636b2023-02-08 09:49:05.234root 11241100x8000000000000000281997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b9fc77acee23c12023-02-08 09:49:05.234root 11241100x8000000000000000282006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26afb40057811ae2023-02-08 09:49:05.235root 11241100x8000000000000000282005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e3658a2cdefbca2023-02-08 09:49:05.235root 11241100x8000000000000000282004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6462e8f085eb94af2023-02-08 09:49:05.235root 11241100x8000000000000000282003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09a3b450f552bcf2023-02-08 09:49:05.235root 11241100x8000000000000000282002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fba437e95ea0a92023-02-08 09:49:05.235root 11241100x8000000000000000282001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2071997185c9d122023-02-08 09:49:05.235root 11241100x8000000000000000282000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19c1fdaa9b4a7a42023-02-08 09:49:05.235root 11241100x8000000000000000281999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37daa41678ace5752023-02-08 09:49:05.235root 11241100x8000000000000000282009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998f517c1c273e392023-02-08 09:49:05.236root 11241100x8000000000000000282008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e366ab743307e6a32023-02-08 09:49:05.236root 11241100x8000000000000000282007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff9a15baeef5d5d2023-02-08 09:49:05.236root 11241100x8000000000000000282016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18017e7c35cfb3332023-02-08 09:49:05.238root 11241100x8000000000000000282015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1d89c5babc3e7f2023-02-08 09:49:05.238root 11241100x8000000000000000282014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17098a04834a86182023-02-08 09:49:05.238root 11241100x8000000000000000282013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bcb64ce3f3c7c42023-02-08 09:49:05.238root 11241100x8000000000000000282012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b911ae51fe0fbbf2023-02-08 09:49:05.238root 11241100x8000000000000000282011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241747a3c2da8e12023-02-08 09:49:05.238root 11241100x8000000000000000282010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f860ca5ad97b6a2023-02-08 09:49:05.238root 11241100x8000000000000000282019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e89faf81d8ca3b2023-02-08 09:49:05.239root 11241100x8000000000000000282018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f50655bb7f6e722023-02-08 09:49:05.239root 11241100x8000000000000000282017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f694f17b6675c2023-02-08 09:49:05.239root 11241100x8000000000000000282024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1218b69e3ac3460e2023-02-08 09:49:05.240root 11241100x8000000000000000282023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2e79ad73b411502023-02-08 09:49:05.240root 11241100x8000000000000000282022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d62a61f1271f7f72023-02-08 09:49:05.240root 11241100x8000000000000000282021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e32f825e135562023-02-08 09:49:05.240root 11241100x8000000000000000282020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee6d511a23cf54c2023-02-08 09:49:05.240root 11241100x8000000000000000282031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eac932e9a67e672023-02-08 09:49:05.241root 11241100x8000000000000000282030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896db7fa052f04442023-02-08 09:49:05.241root 11241100x8000000000000000282029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ba6c28bc89f08e2023-02-08 09:49:05.241root 11241100x8000000000000000282028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b91b469f9e326c2023-02-08 09:49:05.241root 11241100x8000000000000000282027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74429612c47238382023-02-08 09:49:05.241root 11241100x8000000000000000282026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7e93d8727a37ef2023-02-08 09:49:05.241root 11241100x8000000000000000282025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68de625fb2b38292023-02-08 09:49:05.241root 11241100x8000000000000000282038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d6210d746523d12023-02-08 09:49:05.242root 11241100x8000000000000000282037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc510d036eb0f3d2023-02-08 09:49:05.242root 11241100x8000000000000000282036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474cb0061166bea62023-02-08 09:49:05.242root 11241100x8000000000000000282035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb590f7544e9262023-02-08 09:49:05.242root 11241100x8000000000000000282034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47541b27fd1dcf822023-02-08 09:49:05.242root 11241100x8000000000000000282033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05aad36b985b87282023-02-08 09:49:05.242root 11241100x8000000000000000282032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a450f5f87ef55a7a2023-02-08 09:49:05.242root 11241100x8000000000000000282042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bbf35a394796212023-02-08 09:49:05.243root 11241100x8000000000000000282041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7efa8f6c26b8a32023-02-08 09:49:05.243root 11241100x8000000000000000282040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542b9bea860b6ba52023-02-08 09:49:05.243root 11241100x8000000000000000282039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a8d3a57f3820a2023-02-08 09:49:05.243root 11241100x8000000000000000282046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fe67c4726b85462023-02-08 09:49:05.244root 11241100x8000000000000000282045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f85f9eaaf5da02023-02-08 09:49:05.244root 11241100x8000000000000000282044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214ff8c355daf762023-02-08 09:49:05.244root 11241100x8000000000000000282043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8329d3cc61102622023-02-08 09:49:05.244root 11241100x8000000000000000282049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8dfeb0b71f9ee02023-02-08 09:49:05.245root 11241100x8000000000000000282048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb06ddac7c8f7352023-02-08 09:49:05.245root 11241100x8000000000000000282047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c21e0a435db627f2023-02-08 09:49:05.245root 11241100x8000000000000000282058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf08839121d57892023-02-08 09:49:05.246root 11241100x8000000000000000282057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299d1cd6ef9f332c2023-02-08 09:49:05.246root 11241100x8000000000000000282056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c4457f8ffdd2f2023-02-08 09:49:05.246root 11241100x8000000000000000282055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385551299cb169a12023-02-08 09:49:05.246root 11241100x8000000000000000282054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838aac4063febe3a2023-02-08 09:49:05.246root 11241100x8000000000000000282053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a1c4d5226ae242023-02-08 09:49:05.246root 11241100x8000000000000000282052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6383fdcb8d43e16b2023-02-08 09:49:05.246root 11241100x8000000000000000282051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ec9c1e2cb1f5252023-02-08 09:49:05.246root 11241100x8000000000000000282050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf357cf7c014efe2023-02-08 09:49:05.246root 11241100x8000000000000000282071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e232f1d54ad921c2023-02-08 09:49:05.247root 11241100x8000000000000000282070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057324a2519943a22023-02-08 09:49:05.247root 11241100x8000000000000000282069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0663f2fefa071c82023-02-08 09:49:05.247root 11241100x8000000000000000282068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2b8d974a1d6c202023-02-08 09:49:05.247root 11241100x8000000000000000282067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3abcd0de76adc412023-02-08 09:49:05.247root 11241100x8000000000000000282066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcce6ca0162264a2023-02-08 09:49:05.247root 11241100x8000000000000000282065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bc3e0d937482b42023-02-08 09:49:05.247root 11241100x8000000000000000282064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177e15886f2d1c562023-02-08 09:49:05.247root 11241100x8000000000000000282063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50335270509c3e372023-02-08 09:49:05.247root 11241100x8000000000000000282062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a91246bb17414032023-02-08 09:49:05.247root 11241100x8000000000000000282061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61c26e018bea6df2023-02-08 09:49:05.247root 11241100x8000000000000000282060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b760f7dbc5bec12023-02-08 09:49:05.247root 11241100x8000000000000000282059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.247{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9868bd8fb9fc40412023-02-08 09:49:05.247root 11241100x8000000000000000282073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cf34ad6eb696a32023-02-08 09:49:05.734root 11241100x8000000000000000282072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f433d30ddaa6b8ca2023-02-08 09:49:05.734root 11241100x8000000000000000282083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dddf86d762c80d42023-02-08 09:49:05.735root 11241100x8000000000000000282082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cb2dd1c9068d02023-02-08 09:49:05.735root 11241100x8000000000000000282081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014bdea294408792023-02-08 09:49:05.735root 11241100x8000000000000000282080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2cb3aaf3fc13192023-02-08 09:49:05.735root 11241100x8000000000000000282079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b66723164b360702023-02-08 09:49:05.735root 11241100x8000000000000000282078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc791d10d286182023-02-08 09:49:05.735root 11241100x8000000000000000282077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a3eee7d62abea02023-02-08 09:49:05.735root 11241100x8000000000000000282076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e47aac2a44330332023-02-08 09:49:05.735root 11241100x8000000000000000282075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d0178c901c836d2023-02-08 09:49:05.735root 11241100x8000000000000000282074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5319b4bf7f8c7de82023-02-08 09:49:05.735root 11241100x8000000000000000282094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ce5d341b4e89462023-02-08 09:49:05.736root 11241100x8000000000000000282093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5995d2fc1aed862023-02-08 09:49:05.736root 11241100x8000000000000000282092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf601f632011dbb2023-02-08 09:49:05.736root 11241100x8000000000000000282091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80662610444554bb2023-02-08 09:49:05.736root 11241100x8000000000000000282090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe55effa89c0a4c2023-02-08 09:49:05.736root 11241100x8000000000000000282089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dff7b762a7305ec2023-02-08 09:49:05.736root 11241100x8000000000000000282088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f3a53fe01c929a2023-02-08 09:49:05.736root 11241100x8000000000000000282087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd2639ddb9fe19b2023-02-08 09:49:05.736root 11241100x8000000000000000282086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b020fe6560ec66752023-02-08 09:49:05.736root 11241100x8000000000000000282085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1394dca14062b142023-02-08 09:49:05.736root 11241100x8000000000000000282084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfcb2816629fadd2023-02-08 09:49:05.736root 11241100x8000000000000000282103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052bf5cd604dfa202023-02-08 09:49:05.737root 11241100x8000000000000000282102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eebd510797785a72023-02-08 09:49:05.737root 11241100x8000000000000000282101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0c483f10bbb3532023-02-08 09:49:05.737root 11241100x8000000000000000282100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545fcec5f883311d2023-02-08 09:49:05.737root 11241100x8000000000000000282099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea1ffdf060078d52023-02-08 09:49:05.737root 11241100x8000000000000000282098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece6e446e00859772023-02-08 09:49:05.737root 11241100x8000000000000000282097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2286d4adfe4bc3662023-02-08 09:49:05.737root 11241100x8000000000000000282096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7600afffb4260672023-02-08 09:49:05.737root 11241100x8000000000000000282095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9daa9acd7126792023-02-08 09:49:05.737root 11241100x8000000000000000282106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc39419f890f3502023-02-08 09:49:05.738root 11241100x8000000000000000282105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5426c598adef03ce2023-02-08 09:49:05.738root 11241100x8000000000000000282104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6000fac5379615a62023-02-08 09:49:05.738root 11241100x8000000000000000282119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08588f2359a3fa092023-02-08 09:49:05.739root 11241100x8000000000000000282118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df840527c3780be2023-02-08 09:49:05.739root 11241100x8000000000000000282117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43415d80482637b72023-02-08 09:49:05.739root 11241100x8000000000000000282116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87fe4cd51fc8ef62023-02-08 09:49:05.739root 11241100x8000000000000000282115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec0e60437410dc42023-02-08 09:49:05.739root 11241100x8000000000000000282114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9338c938e03577952023-02-08 09:49:05.739root 11241100x8000000000000000282113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4bcb2c0f81fbc22023-02-08 09:49:05.739root 11241100x8000000000000000282112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd4e75be81f129d2023-02-08 09:49:05.739root 11241100x8000000000000000282111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592a166b898d4b32023-02-08 09:49:05.739root 11241100x8000000000000000282110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0bb1f4d14b15722023-02-08 09:49:05.739root 11241100x8000000000000000282109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcca9b56a89bc842023-02-08 09:49:05.739root 11241100x8000000000000000282108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4166ed9830d05c052023-02-08 09:49:05.739root 11241100x8000000000000000282107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37acdcc000aca4532023-02-08 09:49:05.739root 11241100x8000000000000000282123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5daca10030de702023-02-08 09:49:05.740root 11241100x8000000000000000282122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a810218a2c62307e2023-02-08 09:49:05.740root 11241100x8000000000000000282121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb8a8021f20a0372023-02-08 09:49:05.740root 11241100x8000000000000000282120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:05.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862a04324f3dedaa2023-02-08 09:49:05.740root 354300x8000000000000000282124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.136{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53068-false10.0.1.12-8000- 11241100x8000000000000000282130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfa71def9e3ec142023-02-08 09:49:06.137root 11241100x8000000000000000282129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b963b24f426f06c2023-02-08 09:49:06.137root 11241100x8000000000000000282128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad7119cc711c0802023-02-08 09:49:06.137root 11241100x8000000000000000282127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78349f40269d6cad2023-02-08 09:49:06.137root 11241100x8000000000000000282126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6903a8b80b7bdc292023-02-08 09:49:06.137root 11241100x8000000000000000282125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.137{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b9c591bc9b94972023-02-08 09:49:06.137root 11241100x8000000000000000282139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3315d4860cf31a622023-02-08 09:49:06.138root 11241100x8000000000000000282138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764f5cc2e04035802023-02-08 09:49:06.138root 11241100x8000000000000000282137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267fda7096df17152023-02-08 09:49:06.138root 11241100x8000000000000000282136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383a966fdc835f9c2023-02-08 09:49:06.138root 11241100x8000000000000000282135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e7f816e9a13b5e2023-02-08 09:49:06.138root 11241100x8000000000000000282134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d5918124bd6c12023-02-08 09:49:06.138root 11241100x8000000000000000282133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f7fabbd4ec77a92023-02-08 09:49:06.138root 11241100x8000000000000000282132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f038087e317c442023-02-08 09:49:06.138root 11241100x8000000000000000282131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.138{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ecc75772bef5a2023-02-08 09:49:06.138root 11241100x8000000000000000282149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8b1329d5edba0d2023-02-08 09:49:06.139root 11241100x8000000000000000282148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fa28de6a54a042023-02-08 09:49:06.139root 11241100x8000000000000000282147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15453e53a874427b2023-02-08 09:49:06.139root 11241100x8000000000000000282146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60fefca9338a9e2023-02-08 09:49:06.139root 11241100x8000000000000000282145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084b7039564f844c2023-02-08 09:49:06.139root 11241100x8000000000000000282144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c1ecd6c1c730bd2023-02-08 09:49:06.139root 11241100x8000000000000000282143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f66e4b2a1b9782023-02-08 09:49:06.139root 11241100x8000000000000000282142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d491e1ab5c0060f2023-02-08 09:49:06.139root 11241100x8000000000000000282141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c499313d6b9a53032023-02-08 09:49:06.139root 11241100x8000000000000000282140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.139{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f36ea62f1eedc5d2023-02-08 09:49:06.139root 11241100x8000000000000000282162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb38ab5c431012c2023-02-08 09:49:06.140root 11241100x8000000000000000282161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f216fd259ecbee0b2023-02-08 09:49:06.140root 11241100x8000000000000000282160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bfcdcdd837060a2023-02-08 09:49:06.140root 11241100x8000000000000000282159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef55315cdf5be2432023-02-08 09:49:06.140root 11241100x8000000000000000282158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501b21e91acc0d0b2023-02-08 09:49:06.140root 11241100x8000000000000000282157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c97216ecebf18ca2023-02-08 09:49:06.140root 11241100x8000000000000000282156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df76a6b3455d82422023-02-08 09:49:06.140root 11241100x8000000000000000282155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6da4bee8b22e292023-02-08 09:49:06.140root 11241100x8000000000000000282154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef763e5844ddabab2023-02-08 09:49:06.140root 11241100x8000000000000000282153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c8f6f6e7797142023-02-08 09:49:06.140root 11241100x8000000000000000282152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4757be17d6081c412023-02-08 09:49:06.140root 11241100x8000000000000000282151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b6be2d9a43b692023-02-08 09:49:06.140root 11241100x8000000000000000282150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.140{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8150576cbb0acaab2023-02-08 09:49:06.140root 11241100x8000000000000000282174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc00b076c6ae0df72023-02-08 09:49:06.141root 11241100x8000000000000000282173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5ebd1bc16285412023-02-08 09:49:06.141root 11241100x8000000000000000282172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a53eb50dd062612023-02-08 09:49:06.141root 11241100x8000000000000000282171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6582330fa5a5b52023-02-08 09:49:06.141root 11241100x8000000000000000282170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e1eb9e241499582023-02-08 09:49:06.141root 11241100x8000000000000000282169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba9b60c4a907f52023-02-08 09:49:06.141root 11241100x8000000000000000282168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f73c178a656cdf2023-02-08 09:49:06.141root 11241100x8000000000000000282167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bbbe7ca6e4e8742023-02-08 09:49:06.141root 11241100x8000000000000000282166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51120b15174df83a2023-02-08 09:49:06.141root 11241100x8000000000000000282165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c4b24442e819fb2023-02-08 09:49:06.141root 11241100x8000000000000000282164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a137c6fc606d7e3a2023-02-08 09:49:06.141root 11241100x8000000000000000282163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc825e8d9d35b7e22023-02-08 09:49:06.141root 11241100x8000000000000000282176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9449d573148821fc2023-02-08 09:49:06.142root 11241100x8000000000000000282175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e71f14bbf7db8362023-02-08 09:49:06.142root 11241100x8000000000000000282177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:49:06.362root 11241100x8000000000000000282178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070803f104aa2f352023-02-08 09:49:06.484root 11241100x8000000000000000282180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb656444aa4a0d4f2023-02-08 09:49:06.485root 11241100x8000000000000000282179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afeb5aabb1c4329b2023-02-08 09:49:06.485root 11241100x8000000000000000282183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ad222ae1174a292023-02-08 09:49:06.486root 11241100x8000000000000000282182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e20cd634e51183a2023-02-08 09:49:06.486root 11241100x8000000000000000282181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da50140635f820d02023-02-08 09:49:06.486root 11241100x8000000000000000282186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beabe3e9c8b0ec4e2023-02-08 09:49:06.487root 11241100x8000000000000000282185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcdef9cf77d26102023-02-08 09:49:06.487root 11241100x8000000000000000282184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530670d70192b2d72023-02-08 09:49:06.487root 11241100x8000000000000000282189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7dbb773c53d2b72023-02-08 09:49:06.488root 11241100x8000000000000000282188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759708a41c81f4df2023-02-08 09:49:06.488root 11241100x8000000000000000282187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c788a00d0a6b1132023-02-08 09:49:06.488root 11241100x8000000000000000282194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20c881a0f70ce7b2023-02-08 09:49:06.489root 11241100x8000000000000000282193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f5cf4d63c83cb52023-02-08 09:49:06.489root 11241100x8000000000000000282192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185aa9d547beee002023-02-08 09:49:06.489root 11241100x8000000000000000282191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4255ca1e90e81fa2023-02-08 09:49:06.489root 11241100x8000000000000000282190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6866f157986082e2023-02-08 09:49:06.489root 11241100x8000000000000000282201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b54ccd47010b5662023-02-08 09:49:06.490root 11241100x8000000000000000282200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb3631759da52f2023-02-08 09:49:06.490root 11241100x8000000000000000282199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a13bdb4b23125b2023-02-08 09:49:06.490root 11241100x8000000000000000282198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e945866631c6e982023-02-08 09:49:06.490root 11241100x8000000000000000282197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f614a3ee0735e5c92023-02-08 09:49:06.490root 11241100x8000000000000000282196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc6cb7a0bdb0d22023-02-08 09:49:06.490root 11241100x8000000000000000282195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a341cd86f87bcfb2023-02-08 09:49:06.490root 11241100x8000000000000000282208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc545b42915bd22023-02-08 09:49:06.491root 11241100x8000000000000000282207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5774bef37774a2023-02-08 09:49:06.491root 11241100x8000000000000000282206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79541e06cb59d4eb2023-02-08 09:49:06.491root 11241100x8000000000000000282205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6968aa7dce1c8d2023-02-08 09:49:06.491root 11241100x8000000000000000282204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f68a99284e6dad62023-02-08 09:49:06.491root 11241100x8000000000000000282203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4a40c68c8074642023-02-08 09:49:06.491root 11241100x8000000000000000282202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05234b0b2dcae0992023-02-08 09:49:06.491root 11241100x8000000000000000282223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a910a27167ea5e62023-02-08 09:49:06.492root 11241100x8000000000000000282222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597355856cbaaeba2023-02-08 09:49:06.492root 11241100x8000000000000000282221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f377cdbdfb8e91432023-02-08 09:49:06.492root 11241100x8000000000000000282220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766d9c9b331dee792023-02-08 09:49:06.492root 11241100x8000000000000000282219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb2a941bff366902023-02-08 09:49:06.492root 11241100x8000000000000000282218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb498359d561cc2023-02-08 09:49:06.492root 11241100x8000000000000000282217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5143c8e76749152023-02-08 09:49:06.492root 11241100x8000000000000000282216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3c1fb392c6bf292023-02-08 09:49:06.492root 11241100x8000000000000000282215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e77d47e2ba8ea62023-02-08 09:49:06.492root 11241100x8000000000000000282214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7ac3901df649332023-02-08 09:49:06.492root 11241100x8000000000000000282213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0210090343b6aef62023-02-08 09:49:06.492root 11241100x8000000000000000282212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2b907608ed87172023-02-08 09:49:06.492root 11241100x8000000000000000282211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d9d80ec066b6e92023-02-08 09:49:06.492root 11241100x8000000000000000282210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e065f96f53246d2023-02-08 09:49:06.492root 11241100x8000000000000000282209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0052bd92f492492023-02-08 09:49:06.492root 11241100x8000000000000000282226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d048e370a9d71982023-02-08 09:49:06.493root 11241100x8000000000000000282225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c4c139a6fc72902023-02-08 09:49:06.493root 11241100x8000000000000000282224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af29c396363efa1d2023-02-08 09:49:06.493root 354300x8000000000000000282227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.739{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-49100-false10.0.1.12-8089- 11241100x8000000000000000282228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9fa1974a392cc92023-02-08 09:49:06.740root 11241100x8000000000000000282238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346c7059c6dcef522023-02-08 09:49:06.741root 11241100x8000000000000000282237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd237a0f10fa7062023-02-08 09:49:06.741root 11241100x8000000000000000282236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb83196de6250272023-02-08 09:49:06.741root 11241100x8000000000000000282235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae54b71847c57e9b2023-02-08 09:49:06.741root 11241100x8000000000000000282234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5995833b05bf4a042023-02-08 09:49:06.741root 11241100x8000000000000000282233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a0354470ee00732023-02-08 09:49:06.741root 11241100x8000000000000000282232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9f0582392328052023-02-08 09:49:06.741root 11241100x8000000000000000282231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30a66cca46057d2023-02-08 09:49:06.741root 11241100x8000000000000000282230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087927fd6ed4a4aa2023-02-08 09:49:06.741root 11241100x8000000000000000282229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd80b662f62e04832023-02-08 09:49:06.741root 11241100x8000000000000000282247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd44b8c43faf5322023-02-08 09:49:06.742root 11241100x8000000000000000282246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2360debf1338b7e2023-02-08 09:49:06.742root 11241100x8000000000000000282245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c105850155b414ac2023-02-08 09:49:06.742root 11241100x8000000000000000282244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7389cb841cb8b3b32023-02-08 09:49:06.742root 11241100x8000000000000000282243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfa68a3318bbebe2023-02-08 09:49:06.742root 11241100x8000000000000000282242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6647816a0090ac552023-02-08 09:49:06.742root 11241100x8000000000000000282241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a98c4c5a8cd2a3f2023-02-08 09:49:06.742root 11241100x8000000000000000282240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a28f5255c06c062023-02-08 09:49:06.742root 11241100x8000000000000000282239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f776e8bbf8862b2023-02-08 09:49:06.742root 11241100x8000000000000000282257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3513a82b5748c21e2023-02-08 09:49:06.743root 11241100x8000000000000000282256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4226900c7a2c4e0b2023-02-08 09:49:06.743root 11241100x8000000000000000282255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355b0afc8562a00e2023-02-08 09:49:06.743root 11241100x8000000000000000282254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062e5503a5d037d2023-02-08 09:49:06.743root 11241100x8000000000000000282253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5493bbbdd8aa2e2f2023-02-08 09:49:06.743root 11241100x8000000000000000282252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537c917de59eec762023-02-08 09:49:06.743root 11241100x8000000000000000282251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf59f1f3cf74bdb2023-02-08 09:49:06.743root 11241100x8000000000000000282250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099fa64ec3c1a8e2023-02-08 09:49:06.743root 11241100x8000000000000000282249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbbc12f10a29e3e2023-02-08 09:49:06.743root 11241100x8000000000000000282248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918df2d281636932023-02-08 09:49:06.743root 11241100x8000000000000000282268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fa84e78a9545472023-02-08 09:49:06.744root 11241100x8000000000000000282267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202541679210562e2023-02-08 09:49:06.744root 11241100x8000000000000000282266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d486d92d2d50ae2023-02-08 09:49:06.744root 11241100x8000000000000000282265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ba9c46ab6f79d2023-02-08 09:49:06.744root 11241100x8000000000000000282264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf5d42fd22102d2023-02-08 09:49:06.744root 11241100x8000000000000000282263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f814c12be233902023-02-08 09:49:06.744root 11241100x8000000000000000282262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506feb7185d554f22023-02-08 09:49:06.744root 11241100x8000000000000000282261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09768f5ec331b1cf2023-02-08 09:49:06.744root 11241100x8000000000000000282260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b6ebc30fa50cdc2023-02-08 09:49:06.744root 11241100x8000000000000000282259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd828b99b7a37902023-02-08 09:49:06.744root 11241100x8000000000000000282258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf7453d39617c152023-02-08 09:49:06.744root 11241100x8000000000000000282280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b90a27a319926522023-02-08 09:49:06.745root 11241100x8000000000000000282279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e762d59144d66b2023-02-08 09:49:06.745root 11241100x8000000000000000282278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dddae36b95da5a22023-02-08 09:49:06.745root 11241100x8000000000000000282277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895d3a6a27e98d52023-02-08 09:49:06.745root 11241100x8000000000000000282276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fcbe5163618ae12023-02-08 09:49:06.745root 11241100x8000000000000000282275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9669bb2491c752822023-02-08 09:49:06.745root 11241100x8000000000000000282274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23799bd90baefee42023-02-08 09:49:06.745root 11241100x8000000000000000282273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb1829735c4c872023-02-08 09:49:06.745root 11241100x8000000000000000282272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1961c8c965d0f912023-02-08 09:49:06.745root 11241100x8000000000000000282271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817bd2e0aee423c02023-02-08 09:49:06.745root 11241100x8000000000000000282270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee5bd56a0ea4cb42023-02-08 09:49:06.745root 11241100x8000000000000000282269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ac7c34b37bb6f52023-02-08 09:49:06.745root 11241100x8000000000000000282285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1df5cd9176348f2023-02-08 09:49:06.746root 11241100x8000000000000000282284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a93227502f57e5f2023-02-08 09:49:06.746root 11241100x8000000000000000282283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d15e83652b8c282023-02-08 09:49:06.746root 11241100x8000000000000000282282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e76af98bb585b2023-02-08 09:49:06.746root 11241100x8000000000000000282281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:06.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16e47053b57814e2023-02-08 09:49:06.746root 154100x8000000000000000282286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.138{ec2a0601-7013-63e3-6834-63d70e560000}5938/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000282287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.141{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647897e7a005677b2023-02-08 09:49:07.141root 11241100x8000000000000000282302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df607ab7281c8f432023-02-08 09:49:07.142root 11241100x8000000000000000282301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5cc97e8ea899992023-02-08 09:49:07.142root 11241100x8000000000000000282300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97668ad62c757b42023-02-08 09:49:07.142root 11241100x8000000000000000282299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158bc879dce6a45c2023-02-08 09:49:07.142root 11241100x8000000000000000282298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a51c2be316f43002023-02-08 09:49:07.142root 11241100x8000000000000000282297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40c83bd47e1f2ae2023-02-08 09:49:07.142root 11241100x8000000000000000282296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b342be7eb5ad132023-02-08 09:49:07.142root 11241100x8000000000000000282295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a86f49cba4ad5842023-02-08 09:49:07.142root 11241100x8000000000000000282294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9bd9c26d4f6952023-02-08 09:49:07.142root 11241100x8000000000000000282293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5193191557d28dfa2023-02-08 09:49:07.142root 11241100x8000000000000000282292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061dd99980e9c1cb2023-02-08 09:49:07.142root 11241100x8000000000000000282291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564663451d40ecff2023-02-08 09:49:07.142root 11241100x8000000000000000282290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec9a70ec7da3a0a2023-02-08 09:49:07.142root 11241100x8000000000000000282289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7abd98ffc2b7992023-02-08 09:49:07.142root 11241100x8000000000000000282288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.142{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcbd60eee78878d2023-02-08 09:49:07.142root 11241100x8000000000000000282317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f75f26a46e782f42023-02-08 09:49:07.143root 11241100x8000000000000000282316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f476698c045c67b2023-02-08 09:49:07.143root 11241100x8000000000000000282315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5554b63ba27f4a2023-02-08 09:49:07.143root 11241100x8000000000000000282314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b9bd317be2167a2023-02-08 09:49:07.143root 11241100x8000000000000000282313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31a08fde11a340b2023-02-08 09:49:07.143root 11241100x8000000000000000282312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe431a6a2e12b2e2023-02-08 09:49:07.143root 11241100x8000000000000000282311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3683eeb93a168d2023-02-08 09:49:07.143root 11241100x8000000000000000282310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424c4f5a47844e1f2023-02-08 09:49:07.143root 11241100x8000000000000000282309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083b01445a6c97222023-02-08 09:49:07.143root 11241100x8000000000000000282308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cf6d41029f91442023-02-08 09:49:07.143root 11241100x8000000000000000282307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3981f3d3b5f6e24b2023-02-08 09:49:07.143root 11241100x8000000000000000282306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2a355a8e1b56062023-02-08 09:49:07.143root 11241100x8000000000000000282305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21170f8d3cc5daf52023-02-08 09:49:07.143root 11241100x8000000000000000282304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1ba915cb48529c2023-02-08 09:49:07.143root 11241100x8000000000000000282303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.143{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6ca85d8a59a9572023-02-08 09:49:07.143root 11241100x8000000000000000282333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c8faa494f838c2023-02-08 09:49:07.144root 11241100x8000000000000000282332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac358dc5663aaa362023-02-08 09:49:07.144root 11241100x8000000000000000282331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b524530a8b88afdb2023-02-08 09:49:07.144root 11241100x8000000000000000282330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9997b86dd880702023-02-08 09:49:07.144root 11241100x8000000000000000282329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a373829562ff5632023-02-08 09:49:07.144root 11241100x8000000000000000282328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ee179e244561b62023-02-08 09:49:07.144root 11241100x8000000000000000282327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57822ffbd5f622b82023-02-08 09:49:07.144root 11241100x8000000000000000282326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4efa6dee8641bc2023-02-08 09:49:07.144root 11241100x8000000000000000282325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc226de3e97a8f82023-02-08 09:49:07.144root 11241100x8000000000000000282324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa208f084676d052023-02-08 09:49:07.144root 11241100x8000000000000000282323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ada3d14d2af9b1b2023-02-08 09:49:07.144root 11241100x8000000000000000282322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93483d9fc549a932023-02-08 09:49:07.144root 11241100x8000000000000000282321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae782872030a492023-02-08 09:49:07.144root 11241100x8000000000000000282320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4de6ded790530422023-02-08 09:49:07.144root 11241100x8000000000000000282319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f277f579dbd909fa2023-02-08 09:49:07.144root 11241100x8000000000000000282318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.144{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c76d3136de2e2d42023-02-08 09:49:07.144root 11241100x8000000000000000282341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a740a8474d3ff32023-02-08 09:49:07.145root 11241100x8000000000000000282340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad365ec6fd9d1ef2023-02-08 09:49:07.145root 11241100x8000000000000000282339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58b4d80acc8a8222023-02-08 09:49:07.145root 11241100x8000000000000000282338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40daf81e872e68352023-02-08 09:49:07.145root 11241100x8000000000000000282337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43b57655942f3432023-02-08 09:49:07.145root 11241100x8000000000000000282336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf141c49c8f43c52023-02-08 09:49:07.145root 11241100x8000000000000000282335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8091a02d3769f1442023-02-08 09:49:07.145root 11241100x8000000000000000282334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.145{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6478a8fba4d5b3592023-02-08 09:49:07.145root 11241100x8000000000000000282350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202d48e8eb9240432023-02-08 09:49:07.146root 11241100x8000000000000000282349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ee599c04c9adb32023-02-08 09:49:07.146root 11241100x8000000000000000282348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189697f6b6ba7d662023-02-08 09:49:07.146root 11241100x8000000000000000282347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b017d8fba5f02c3b2023-02-08 09:49:07.146root 11241100x8000000000000000282346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86303a3cdb73f382023-02-08 09:49:07.146root 11241100x8000000000000000282345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a030c4d04b9d5d2023-02-08 09:49:07.146root 11241100x8000000000000000282344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7132d7004fb1e6e2023-02-08 09:49:07.146root 11241100x8000000000000000282343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e29c8520f3d0bfd2023-02-08 09:49:07.146root 11241100x8000000000000000282342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.146{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431db93cd6249cff2023-02-08 09:49:07.146root 11241100x8000000000000000282355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.147{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e1f5d25ea28612023-02-08 09:49:07.147root 11241100x8000000000000000282354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.147{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a9f36c79e3a9c2023-02-08 09:49:07.147root 11241100x8000000000000000282353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.147{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57877903337d90df2023-02-08 09:49:07.147root 11241100x8000000000000000282352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.147{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e610ae02e8e0032023-02-08 09:49:07.147root 11241100x8000000000000000282351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.147{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad2ec630892a8772023-02-08 09:49:07.147root 11241100x8000000000000000282365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08e2f3e50161eb52023-02-08 09:49:07.148root 11241100x8000000000000000282364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f17c893855380f2023-02-08 09:49:07.148root 11241100x8000000000000000282363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d7e7ad463f92702023-02-08 09:49:07.148root 11241100x8000000000000000282362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254e1a1ed81c11c72023-02-08 09:49:07.148root 11241100x8000000000000000282361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027dd2341a8789a52023-02-08 09:49:07.148root 11241100x8000000000000000282360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d02a3aee1c58a2023-02-08 09:49:07.148root 11241100x8000000000000000282359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b61bc658bfad7b62023-02-08 09:49:07.148root 11241100x8000000000000000282358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5549439abf70002023-02-08 09:49:07.148root 11241100x8000000000000000282357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ae9e24d4f0a3782023-02-08 09:49:07.148root 11241100x8000000000000000282356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.148{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d3cc686cc95692023-02-08 09:49:07.148root 11241100x8000000000000000282370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.150{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f108a412181d7f2023-02-08 09:49:07.150root 11241100x8000000000000000282369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.150{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3be188119bfaa922023-02-08 09:49:07.150root 11241100x8000000000000000282368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.150{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ed99b99d904d6b2023-02-08 09:49:07.150root 11241100x8000000000000000282367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.150{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb944a29a097cf32023-02-08 09:49:07.150root 11241100x8000000000000000282366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.150{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5baabad92715e42023-02-08 09:49:07.150root 11241100x8000000000000000282375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6e7a3e7cdf13e52023-02-08 09:49:07.151root 11241100x8000000000000000282374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089fc30285ab19d82023-02-08 09:49:07.151root 11241100x8000000000000000282373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ace8088266f0b732023-02-08 09:49:07.151root 11241100x8000000000000000282372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f09d37e33c8f3e2023-02-08 09:49:07.151root 11241100x8000000000000000282371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.151{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4818a1e46735f52023-02-08 09:49:07.151root 11241100x8000000000000000282385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cf43fa1143f1902023-02-08 09:49:07.152root 11241100x8000000000000000282384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64747d33ddba4c42023-02-08 09:49:07.152root 11241100x8000000000000000282383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0f418d4686a6e2023-02-08 09:49:07.152root 11241100x8000000000000000282382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a000c64cd8bdf3b2023-02-08 09:49:07.152root 11241100x8000000000000000282381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec9097432e70c822023-02-08 09:49:07.152root 11241100x8000000000000000282380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3458293924179eb22023-02-08 09:49:07.152root 11241100x8000000000000000282379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814cd3a5abf9407a2023-02-08 09:49:07.152root 11241100x8000000000000000282378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e35391f706b8d2023-02-08 09:49:07.152root 11241100x8000000000000000282377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926014b09b47323a2023-02-08 09:49:07.152root 11241100x8000000000000000282376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.152{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea35248e3757dde2023-02-08 09:49:07.152root 11241100x8000000000000000282386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.153{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0398a8af928a975d2023-02-08 09:49:07.153root 11241100x8000000000000000282388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383aa576f3f04e9e2023-02-08 09:49:07.154root 11241100x8000000000000000282387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.154{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d393357e923d5312023-02-08 09:49:07.154root 11241100x8000000000000000282396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118000802c845ebc2023-02-08 09:49:07.155root 11241100x8000000000000000282395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90872cd6684e922023-02-08 09:49:07.155root 11241100x8000000000000000282394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cdf3d8134315da2023-02-08 09:49:07.155root 11241100x8000000000000000282393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fdae4a8da777702023-02-08 09:49:07.155root 11241100x8000000000000000282392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc76654fa035f502023-02-08 09:49:07.155root 11241100x8000000000000000282391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947802dd52f669ff2023-02-08 09:49:07.155root 11241100x8000000000000000282390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989bce1e8da295682023-02-08 09:49:07.155root 11241100x8000000000000000282389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.155{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d30b1fd24bac6f32023-02-08 09:49:07.155root 11241100x8000000000000000282399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74ea051da52cdc42023-02-08 09:49:07.156root 11241100x8000000000000000282398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb6e77a840358b82023-02-08 09:49:07.156root 11241100x8000000000000000282397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.156{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9fdd130ecf8aa92023-02-08 09:49:07.156root 11241100x8000000000000000282400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7cace649cdfbdd2023-02-08 09:49:07.157root 11241100x8000000000000000282401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404d9f197d5d8f472023-02-08 09:49:07.158root 11241100x8000000000000000282407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3bb84da4f64c362023-02-08 09:49:07.159root 11241100x8000000000000000282406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984c9a21f53d61b2023-02-08 09:49:07.159root 11241100x8000000000000000282405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1c3749f7e99e622023-02-08 09:49:07.159root 11241100x8000000000000000282404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291bc2860b2f99802023-02-08 09:49:07.159root 11241100x8000000000000000282403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f846516b3228c4462023-02-08 09:49:07.159root 11241100x8000000000000000282402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e50ba4f64cc4e2023-02-08 09:49:07.159root 11241100x8000000000000000282410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93f1f0cc7ae407a2023-02-08 09:49:07.160root 11241100x8000000000000000282409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca97279b7cb174c62023-02-08 09:49:07.160root 11241100x8000000000000000282408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbda2d64ccfe4bc2023-02-08 09:49:07.160root 11241100x8000000000000000282416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617951750b5def7a2023-02-08 09:49:07.161root 11241100x8000000000000000282415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b36cf19a11e122023-02-08 09:49:07.161root 11241100x8000000000000000282414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c5fb8ce48488a2023-02-08 09:49:07.161root 11241100x8000000000000000282413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68637c037adae2d82023-02-08 09:49:07.161root 11241100x8000000000000000282412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6f98a8dca0e2a2023-02-08 09:49:07.161root 11241100x8000000000000000282411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756c26e03c06e2b82023-02-08 09:49:07.161root 11241100x8000000000000000282425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e773441527e2c842023-02-08 09:49:07.162root 11241100x8000000000000000282424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6dac381e7f915d2023-02-08 09:49:07.162root 11241100x8000000000000000282423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059629398fff9e392023-02-08 09:49:07.162root 11241100x8000000000000000282422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e8e3ec5e0a5f1d2023-02-08 09:49:07.162root 11241100x8000000000000000282421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc795eb8df8ccde2023-02-08 09:49:07.162root 11241100x8000000000000000282420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec803b8d61d3167c2023-02-08 09:49:07.162root 11241100x8000000000000000282419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616feceea308372b2023-02-08 09:49:07.162root 11241100x8000000000000000282418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcd79ac0d0593702023-02-08 09:49:07.162root 11241100x8000000000000000282417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.162{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f18245a8f2c132023-02-08 09:49:07.162root 11241100x8000000000000000282427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a5c94e50052ed52023-02-08 09:49:07.163root 11241100x8000000000000000282426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.163{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dd9461dedea8a72023-02-08 09:49:07.163root 11241100x8000000000000000282433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1391850d1bdc72ed2023-02-08 09:49:07.164root 11241100x8000000000000000282432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a4a1568796e2fc2023-02-08 09:49:07.164root 11241100x8000000000000000282431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e69a804a8f62ad72023-02-08 09:49:07.164root 11241100x8000000000000000282430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc622708360a977a2023-02-08 09:49:07.164root 11241100x8000000000000000282429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453cd3396ba2c2952023-02-08 09:49:07.164root 11241100x8000000000000000282428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.164{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33f65dec6ee6682023-02-08 09:49:07.164root 11241100x8000000000000000282434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.165{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b8bc00974d987f2023-02-08 09:49:07.165root 534500x8000000000000000282435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.168{ec2a0601-7013-63e3-6834-63d70e560000}5938/bin/psroot 11241100x8000000000000000282446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d34d7e3091aeff2023-02-08 09:49:07.485root 11241100x8000000000000000282445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da9056f08f5e522023-02-08 09:49:07.485root 11241100x8000000000000000282444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a6d241aa995af2023-02-08 09:49:07.485root 11241100x8000000000000000282443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bb586c0fd968312023-02-08 09:49:07.485root 11241100x8000000000000000282442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667888a7ad409d5d2023-02-08 09:49:07.485root 11241100x8000000000000000282441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cff0dd228dcce82023-02-08 09:49:07.485root 11241100x8000000000000000282440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7bea3e6fb05a802023-02-08 09:49:07.485root 11241100x8000000000000000282439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658d04a31cbab2c32023-02-08 09:49:07.485root 11241100x8000000000000000282438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e07fbbc2df945512023-02-08 09:49:07.485root 11241100x8000000000000000282437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f526998deca6a852023-02-08 09:49:07.485root 11241100x8000000000000000282436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c6a415b3a75a322023-02-08 09:49:07.485root 11241100x8000000000000000282460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c449ae962bf4658b2023-02-08 09:49:07.486root 11241100x8000000000000000282459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5b6a582829a79c2023-02-08 09:49:07.486root 11241100x8000000000000000282458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f49cbce838063122023-02-08 09:49:07.486root 11241100x8000000000000000282457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c88aa4e44b13f2023-02-08 09:49:07.486root 11241100x8000000000000000282456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0bbdf22f4299bf2023-02-08 09:49:07.486root 11241100x8000000000000000282455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbed86b9172be5c2023-02-08 09:49:07.486root 11241100x8000000000000000282454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872cea02a214944f2023-02-08 09:49:07.486root 11241100x8000000000000000282453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33695b64151d602e2023-02-08 09:49:07.486root 11241100x8000000000000000282452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c20516905ec9e2023-02-08 09:49:07.486root 11241100x8000000000000000282451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752ccd20ff86857d2023-02-08 09:49:07.486root 11241100x8000000000000000282450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2252d6979d9ab5462023-02-08 09:49:07.486root 11241100x8000000000000000282449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb74dd83dc609f792023-02-08 09:49:07.486root 11241100x8000000000000000282448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eca0a6179895ffe2023-02-08 09:49:07.486root 11241100x8000000000000000282447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf46640ef08cc442023-02-08 09:49:07.486root 11241100x8000000000000000282463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6083f51839318d2023-02-08 09:49:07.487root 11241100x8000000000000000282462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f014dc5346a362322023-02-08 09:49:07.487root 11241100x8000000000000000282461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc5db6ebde39702023-02-08 09:49:07.487root 11241100x8000000000000000282477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df64c0e31330fe202023-02-08 09:49:07.488root 11241100x8000000000000000282476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607bec907804d2542023-02-08 09:49:07.488root 11241100x8000000000000000282475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34670a2e7742e8822023-02-08 09:49:07.488root 11241100x8000000000000000282474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476ad0ca46e2a7512023-02-08 09:49:07.488root 11241100x8000000000000000282473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62ac6f17da646762023-02-08 09:49:07.488root 11241100x8000000000000000282472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dcb1f3d72ccaef2023-02-08 09:49:07.488root 11241100x8000000000000000282471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a0eba7133fea692023-02-08 09:49:07.488root 11241100x8000000000000000282470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed6fe8286f08c7e2023-02-08 09:49:07.488root 11241100x8000000000000000282469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afb2ea6e7ca47822023-02-08 09:49:07.488root 11241100x8000000000000000282468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416dea858e65c80f2023-02-08 09:49:07.488root 11241100x8000000000000000282467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee64d3fe45a6d23f2023-02-08 09:49:07.488root 11241100x8000000000000000282466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7089c975a21d97962023-02-08 09:49:07.488root 11241100x8000000000000000282465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5379e1c697681ba2023-02-08 09:49:07.488root 11241100x8000000000000000282464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0659eb61d52df3482023-02-08 09:49:07.488root 11241100x8000000000000000282482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcac1c1c0ed9ca72023-02-08 09:49:07.489root 11241100x8000000000000000282481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f0eee710a992412023-02-08 09:49:07.489root 11241100x8000000000000000282480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ed5e37ff78a0b2023-02-08 09:49:07.489root 11241100x8000000000000000282479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4201b691756a779c2023-02-08 09:49:07.489root 11241100x8000000000000000282478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbbc82fbf4cf2762023-02-08 09:49:07.489root 11241100x8000000000000000282492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c5be32117e4ce62023-02-08 09:49:07.984root 11241100x8000000000000000282491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e406a5064a6ec9f2023-02-08 09:49:07.984root 11241100x8000000000000000282490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65959daeb8d4a4a52023-02-08 09:49:07.984root 11241100x8000000000000000282489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d7c50e5dd883692023-02-08 09:49:07.984root 11241100x8000000000000000282488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c514c256a50da6742023-02-08 09:49:07.984root 11241100x8000000000000000282487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8a834689be41632023-02-08 09:49:07.984root 11241100x8000000000000000282486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38125a821524da382023-02-08 09:49:07.984root 11241100x8000000000000000282485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87c632b7d3662102023-02-08 09:49:07.984root 11241100x8000000000000000282484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf05c1250d66c32023-02-08 09:49:07.984root 11241100x8000000000000000282483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563254c0bbf04f8e2023-02-08 09:49:07.984root 11241100x8000000000000000282502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dde70ad08fb70a2023-02-08 09:49:07.985root 11241100x8000000000000000282501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fd459ac248f1272023-02-08 09:49:07.985root 11241100x8000000000000000282500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f56079973baf2f2023-02-08 09:49:07.985root 11241100x8000000000000000282499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106c7a99ae04c0492023-02-08 09:49:07.985root 11241100x8000000000000000282498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea831dd480f88bc2023-02-08 09:49:07.985root 11241100x8000000000000000282497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1c4b1edea91b4c2023-02-08 09:49:07.985root 11241100x8000000000000000282496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af8011cc5c4ecb2023-02-08 09:49:07.985root 11241100x8000000000000000282495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1acdd86a59ad92023-02-08 09:49:07.985root 11241100x8000000000000000282494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d4c29889a8788c2023-02-08 09:49:07.985root 11241100x8000000000000000282493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bb42ead383dfbb2023-02-08 09:49:07.985root 11241100x8000000000000000282511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653575aae938db402023-02-08 09:49:07.986root 11241100x8000000000000000282510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a8d3351f9faa12023-02-08 09:49:07.986root 11241100x8000000000000000282509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3462d67ec22012023-02-08 09:49:07.986root 11241100x8000000000000000282508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d57e7aabfa7c5c92023-02-08 09:49:07.986root 11241100x8000000000000000282507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f98007e83d7d0d2023-02-08 09:49:07.986root 11241100x8000000000000000282506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b968573a356f9d2023-02-08 09:49:07.986root 11241100x8000000000000000282505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1036c6ca840b38ed2023-02-08 09:49:07.986root 11241100x8000000000000000282504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68fb141ad8fb02d2023-02-08 09:49:07.986root 11241100x8000000000000000282503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5ae7b2eab771342023-02-08 09:49:07.986root 11241100x8000000000000000282518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e8dcd015537792023-02-08 09:49:07.987root 11241100x8000000000000000282517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074bd499399180fb2023-02-08 09:49:07.987root 11241100x8000000000000000282516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5135b0ea414af32023-02-08 09:49:07.987root 11241100x8000000000000000282515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e27979cbcb54fff2023-02-08 09:49:07.987root 11241100x8000000000000000282514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a17a398e58c222023-02-08 09:49:07.987root 11241100x8000000000000000282513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435b23518031a962023-02-08 09:49:07.987root 11241100x8000000000000000282512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fbea3e398958e72023-02-08 09:49:07.987root 11241100x8000000000000000282524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70c2bc75b94d6f02023-02-08 09:49:07.988root 11241100x8000000000000000282523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12696475ad6ce3492023-02-08 09:49:07.988root 11241100x8000000000000000282522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f550b899ce9e8032023-02-08 09:49:07.988root 11241100x8000000000000000282521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88217eef4f4008f82023-02-08 09:49:07.988root 11241100x8000000000000000282520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ea2479e73be34d2023-02-08 09:49:07.988root 11241100x8000000000000000282519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903c4313dc434a592023-02-08 09:49:07.988root 11241100x8000000000000000282532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f2abd20d76fb832023-02-08 09:49:07.989root 11241100x8000000000000000282531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bbbc272d36ab262023-02-08 09:49:07.989root 11241100x8000000000000000282530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a88aeb426d1b5b42023-02-08 09:49:07.989root 11241100x8000000000000000282529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9289d090121fff2023-02-08 09:49:07.989root 11241100x8000000000000000282528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f4525150b6d11c2023-02-08 09:49:07.989root 11241100x8000000000000000282527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398635b8c7bb18322023-02-08 09:49:07.989root 11241100x8000000000000000282526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed085ee6409ad752023-02-08 09:49:07.989root 11241100x8000000000000000282525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233e5538173063772023-02-08 09:49:07.989root 11241100x8000000000000000282537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409d32b30909f27d2023-02-08 09:49:07.990root 11241100x8000000000000000282536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72613c2b48ea8352023-02-08 09:49:07.990root 11241100x8000000000000000282535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c98653410881cdd2023-02-08 09:49:07.990root 11241100x8000000000000000282534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae234948605937a2023-02-08 09:49:07.990root 11241100x8000000000000000282533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:07.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3995e750dc11fdba2023-02-08 09:49:07.990root 11241100x8000000000000000282540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615761704be389372023-02-08 09:49:08.484root 11241100x8000000000000000282539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0947d1941f70b3312023-02-08 09:49:08.484root 11241100x8000000000000000282538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b7e0f6bc8dfb7f2023-02-08 09:49:08.484root 11241100x8000000000000000282551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52faea76c2d0da312023-02-08 09:49:08.485root 11241100x8000000000000000282550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f155b7ac12d8b122023-02-08 09:49:08.485root 11241100x8000000000000000282549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1327d53832334e2023-02-08 09:49:08.485root 11241100x8000000000000000282548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aae76906027ae82023-02-08 09:49:08.485root 11241100x8000000000000000282547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc31e1dcc1554d252023-02-08 09:49:08.485root 11241100x8000000000000000282546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26da4da5a42ac1582023-02-08 09:49:08.485root 11241100x8000000000000000282545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5180145dfbe51a62023-02-08 09:49:08.485root 11241100x8000000000000000282544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca91c2db02d41862023-02-08 09:49:08.485root 11241100x8000000000000000282543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7107b5b2fb88616b2023-02-08 09:49:08.485root 11241100x8000000000000000282542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75331916ba5437152023-02-08 09:49:08.485root 11241100x8000000000000000282541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d15ae187b289abd2023-02-08 09:49:08.485root 11241100x8000000000000000282564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5912b12ecf64122023-02-08 09:49:08.486root 11241100x8000000000000000282563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8da3bd9a015ed42023-02-08 09:49:08.486root 11241100x8000000000000000282562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce5c21218b9890d2023-02-08 09:49:08.486root 11241100x8000000000000000282561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e9d89a490aef02023-02-08 09:49:08.486root 11241100x8000000000000000282560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ce80dc87529192023-02-08 09:49:08.486root 11241100x8000000000000000282559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfab3325aa07a3bb2023-02-08 09:49:08.486root 11241100x8000000000000000282558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b56d836f990657a2023-02-08 09:49:08.486root 11241100x8000000000000000282557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2185005cada3e56e2023-02-08 09:49:08.486root 11241100x8000000000000000282556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa68cfda098cd762023-02-08 09:49:08.486root 11241100x8000000000000000282555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296b94aea4dd849e2023-02-08 09:49:08.486root 11241100x8000000000000000282554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf47dedf9d03e282023-02-08 09:49:08.486root 11241100x8000000000000000282553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e72e775a7696c02023-02-08 09:49:08.486root 11241100x8000000000000000282552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85d22d30bfcda4c2023-02-08 09:49:08.486root 11241100x8000000000000000282570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980ec8090c2999fa2023-02-08 09:49:08.487root 11241100x8000000000000000282569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e53c97971bba3b12023-02-08 09:49:08.487root 11241100x8000000000000000282568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6b4378d00a22122023-02-08 09:49:08.487root 11241100x8000000000000000282567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc167bc581eff222023-02-08 09:49:08.487root 11241100x8000000000000000282566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f7d0a14f072ffb2023-02-08 09:49:08.487root 11241100x8000000000000000282565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49eb33b17cbfb27b2023-02-08 09:49:08.487root 11241100x8000000000000000282581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f8f33fb78ce86b2023-02-08 09:49:08.488root 11241100x8000000000000000282580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2102adb995e75a822023-02-08 09:49:08.488root 11241100x8000000000000000282579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2b3ca4db9c44682023-02-08 09:49:08.488root 11241100x8000000000000000282578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba159774c141522023-02-08 09:49:08.488root 11241100x8000000000000000282577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c9c7a47f1a7ca62023-02-08 09:49:08.488root 11241100x8000000000000000282576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69986387d54ec6c2023-02-08 09:49:08.488root 11241100x8000000000000000282575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c68a85dd911c052023-02-08 09:49:08.488root 11241100x8000000000000000282574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32b6c0b938b0e0a2023-02-08 09:49:08.488root 11241100x8000000000000000282573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67e6ed7b7bce812023-02-08 09:49:08.488root 11241100x8000000000000000282572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7cb34143dfa1172023-02-08 09:49:08.488root 11241100x8000000000000000282571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488f9de5e48ab9382023-02-08 09:49:08.488root 11241100x8000000000000000282588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ed96dda14f4dab2023-02-08 09:49:08.489root 11241100x8000000000000000282587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ea3c3b92a952de2023-02-08 09:49:08.489root 11241100x8000000000000000282586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da40cfd65e2ab932023-02-08 09:49:08.489root 11241100x8000000000000000282585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35f59c77546aa532023-02-08 09:49:08.489root 11241100x8000000000000000282584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f37d2effa8a4142023-02-08 09:49:08.489root 11241100x8000000000000000282583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313ecf7937edd6f92023-02-08 09:49:08.489root 11241100x8000000000000000282582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8c629f9b4640dd2023-02-08 09:49:08.489root 11241100x8000000000000000282594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5d09b6b8621b4a2023-02-08 09:49:08.984root 11241100x8000000000000000282593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9931a3ce42fff1152023-02-08 09:49:08.984root 11241100x8000000000000000282592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439107b7c0c31ea2023-02-08 09:49:08.984root 11241100x8000000000000000282591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba4d2c51f4c13e82023-02-08 09:49:08.984root 11241100x8000000000000000282590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8cd7e0241ef5f42023-02-08 09:49:08.984root 11241100x8000000000000000282589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebc44ecb46907d42023-02-08 09:49:08.984root 11241100x8000000000000000282604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b0dafacb3e7562023-02-08 09:49:08.985root 11241100x8000000000000000282603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a70120584d0862023-02-08 09:49:08.985root 11241100x8000000000000000282602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a763f1767fb93c32023-02-08 09:49:08.985root 11241100x8000000000000000282601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7ea4899596ab732023-02-08 09:49:08.985root 11241100x8000000000000000282600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99ce8b5703d6d912023-02-08 09:49:08.985root 11241100x8000000000000000282599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9515570c7ad4fc872023-02-08 09:49:08.985root 11241100x8000000000000000282598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e17490010a06162023-02-08 09:49:08.985root 11241100x8000000000000000282597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c38a1c0c4c9dbf2023-02-08 09:49:08.985root 11241100x8000000000000000282596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9be1d47347ff72023-02-08 09:49:08.985root 11241100x8000000000000000282595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4149e7bb8cd03a2023-02-08 09:49:08.985root 11241100x8000000000000000282614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9214af58b9dd2a2023-02-08 09:49:08.986root 11241100x8000000000000000282613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded9d6e8e76166cf2023-02-08 09:49:08.986root 11241100x8000000000000000282612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fe6ff42f0172652023-02-08 09:49:08.986root 11241100x8000000000000000282611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac302b04aa749c642023-02-08 09:49:08.986root 11241100x8000000000000000282610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103ab7bb3bb256c2023-02-08 09:49:08.986root 11241100x8000000000000000282609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b9ac4e59d398992023-02-08 09:49:08.986root 11241100x8000000000000000282608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6025a33f8fa643862023-02-08 09:49:08.986root 11241100x8000000000000000282607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03f7a2124669cdb2023-02-08 09:49:08.986root 11241100x8000000000000000282606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d72c783fc593202023-02-08 09:49:08.986root 11241100x8000000000000000282605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a13a4125f029d9d2023-02-08 09:49:08.986root 11241100x8000000000000000282625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e5951866ec41b42023-02-08 09:49:08.987root 11241100x8000000000000000282624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25beb70ba44dd88e2023-02-08 09:49:08.987root 11241100x8000000000000000282623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97bdf907c7d4a3e2023-02-08 09:49:08.987root 11241100x8000000000000000282622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5342cd431f2be02023-02-08 09:49:08.987root 11241100x8000000000000000282621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75407c5b9a130402023-02-08 09:49:08.987root 11241100x8000000000000000282620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f71b53795d6d7b2023-02-08 09:49:08.987root 11241100x8000000000000000282619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335f291a0dbce6af2023-02-08 09:49:08.987root 11241100x8000000000000000282618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f061d223e3757a2023-02-08 09:49:08.987root 11241100x8000000000000000282617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875c6a14383731932023-02-08 09:49:08.987root 11241100x8000000000000000282616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdcea9f48ad101f2023-02-08 09:49:08.987root 11241100x8000000000000000282615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29205a20e85e6c4d2023-02-08 09:49:08.987root 11241100x8000000000000000282636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4ce473a99451382023-02-08 09:49:08.988root 11241100x8000000000000000282635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2d9662eb1d78e2023-02-08 09:49:08.988root 11241100x8000000000000000282634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec6c8b1cb6af532023-02-08 09:49:08.988root 11241100x8000000000000000282633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25645afefbecc5802023-02-08 09:49:08.988root 11241100x8000000000000000282632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3855ada5d8f956042023-02-08 09:49:08.988root 11241100x8000000000000000282631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ba20f17d3f14ea2023-02-08 09:49:08.988root 11241100x8000000000000000282630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b42e0fea1e2824a2023-02-08 09:49:08.988root 11241100x8000000000000000282629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce14080d7418b9132023-02-08 09:49:08.988root 11241100x8000000000000000282628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7215f8ed35184f3a2023-02-08 09:49:08.988root 11241100x8000000000000000282627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d5d6ebd6059e832023-02-08 09:49:08.988root 11241100x8000000000000000282626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40053be480a202b72023-02-08 09:49:08.988root 11241100x8000000000000000282638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d1c2ae604b72ba2023-02-08 09:49:08.989root 11241100x8000000000000000282637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351622f2610b61ff2023-02-08 09:49:08.989root 23542300x8000000000000000282639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.208{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000282647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f358238a2b7e3f2023-02-08 09:49:09.484root 11241100x8000000000000000282646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b575ac326adfc5722023-02-08 09:49:09.484root 11241100x8000000000000000282645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a3a7ea33975d862023-02-08 09:49:09.484root 11241100x8000000000000000282644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc05ccb82ee081b52023-02-08 09:49:09.484root 11241100x8000000000000000282643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108debc7063a78aa2023-02-08 09:49:09.484root 11241100x8000000000000000282642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20525f7322c73182023-02-08 09:49:09.484root 11241100x8000000000000000282641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875225accab50d4b2023-02-08 09:49:09.484root 11241100x8000000000000000282640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d5ec44fb55fbdb2023-02-08 09:49:09.484root 11241100x8000000000000000282661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97d160482b8a81d2023-02-08 09:49:09.485root 11241100x8000000000000000282660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9939c57723e1ed72023-02-08 09:49:09.485root 11241100x8000000000000000282659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25565d44a0ed15802023-02-08 09:49:09.485root 11241100x8000000000000000282658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdecadbc0e2440c12023-02-08 09:49:09.485root 11241100x8000000000000000282657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a3665821a65d9a2023-02-08 09:49:09.485root 11241100x8000000000000000282656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960986fb071e41d2023-02-08 09:49:09.485root 11241100x8000000000000000282655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fff6f25463092572023-02-08 09:49:09.485root 11241100x8000000000000000282654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dddef200d2a9a82023-02-08 09:49:09.485root 11241100x8000000000000000282653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e79714b7838d8262023-02-08 09:49:09.485root 11241100x8000000000000000282652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8131d3e83b0f43682023-02-08 09:49:09.485root 11241100x8000000000000000282651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f66b25129eec66c2023-02-08 09:49:09.485root 11241100x8000000000000000282650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965d211401d57cc2023-02-08 09:49:09.485root 11241100x8000000000000000282649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fce1738a5b9cf102023-02-08 09:49:09.485root 11241100x8000000000000000282648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f288a1a35a4c7e1b2023-02-08 09:49:09.485root 11241100x8000000000000000282672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a652bf341d351a2023-02-08 09:49:09.486root 11241100x8000000000000000282671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191fc14fd8864b8a2023-02-08 09:49:09.486root 11241100x8000000000000000282670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35c271899f29d3e2023-02-08 09:49:09.486root 11241100x8000000000000000282669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb8544a66409a402023-02-08 09:49:09.486root 11241100x8000000000000000282668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cbf50735367dbd2023-02-08 09:49:09.486root 11241100x8000000000000000282667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbae4857e8a52f02023-02-08 09:49:09.486root 11241100x8000000000000000282666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbdecbbda0ab6ef2023-02-08 09:49:09.486root 11241100x8000000000000000282665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22d3016d626392c2023-02-08 09:49:09.486root 11241100x8000000000000000282664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c890064dcad901252023-02-08 09:49:09.486root 11241100x8000000000000000282663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af2d30cec50f3592023-02-08 09:49:09.486root 11241100x8000000000000000282662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f75103af4bcadd22023-02-08 09:49:09.486root 11241100x8000000000000000282686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b440f71241b1e3a52023-02-08 09:49:09.487root 11241100x8000000000000000282685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3974d88615dbc02023-02-08 09:49:09.487root 11241100x8000000000000000282684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2ee9ca606187cb2023-02-08 09:49:09.487root 11241100x8000000000000000282683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0329a0455f623b8f2023-02-08 09:49:09.487root 11241100x8000000000000000282682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c184a33198cdf422023-02-08 09:49:09.487root 11241100x8000000000000000282681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485ceeccf93d42c82023-02-08 09:49:09.487root 11241100x8000000000000000282680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a200f11478b292023-02-08 09:49:09.487root 11241100x8000000000000000282679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8238c9000f5453a22023-02-08 09:49:09.487root 11241100x8000000000000000282678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b08e346193cc352023-02-08 09:49:09.487root 11241100x8000000000000000282677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb00d74e246355c2023-02-08 09:49:09.487root 11241100x8000000000000000282676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f878480d3822c0a2023-02-08 09:49:09.487root 11241100x8000000000000000282675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becbb8153871bd342023-02-08 09:49:09.487root 11241100x8000000000000000282674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df351b2287d09112023-02-08 09:49:09.487root 11241100x8000000000000000282673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a9f2b8c3624082023-02-08 09:49:09.487root 11241100x8000000000000000282693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835e4a2b3ed3e9f2023-02-08 09:49:09.488root 11241100x8000000000000000282692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a587497c1feaa1c2023-02-08 09:49:09.488root 11241100x8000000000000000282691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309c88f2e88016712023-02-08 09:49:09.488root 11241100x8000000000000000282690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934522f8c9ba22e12023-02-08 09:49:09.488root 11241100x8000000000000000282689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4222d143641e448d2023-02-08 09:49:09.488root 11241100x8000000000000000282688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016b3a5557da32c12023-02-08 09:49:09.488root 11241100x8000000000000000282687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596566eb59365dda2023-02-08 09:49:09.488root 11241100x8000000000000000282698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b9094e526e57e82023-02-08 09:49:09.985root 11241100x8000000000000000282697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e496760a9e65bb572023-02-08 09:49:09.985root 11241100x8000000000000000282696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5c026f87056f7a2023-02-08 09:49:09.985root 11241100x8000000000000000282695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde9191ad24da012023-02-08 09:49:09.985root 11241100x8000000000000000282694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b71e8308c741eb2023-02-08 09:49:09.985root 11241100x8000000000000000282707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb5716988e3aea12023-02-08 09:49:09.986root 11241100x8000000000000000282706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aecea0f5893fea22023-02-08 09:49:09.986root 11241100x8000000000000000282705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60634fae61de2d52023-02-08 09:49:09.986root 11241100x8000000000000000282704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46b55239b1125652023-02-08 09:49:09.986root 11241100x8000000000000000282703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b637e647856d5542023-02-08 09:49:09.986root 11241100x8000000000000000282702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50dd4794b4c049e2023-02-08 09:49:09.986root 11241100x8000000000000000282701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60436cbf04b5e72023-02-08 09:49:09.986root 11241100x8000000000000000282700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98c1e35ad32815a2023-02-08 09:49:09.986root 11241100x8000000000000000282699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc1f0ec71988b3a2023-02-08 09:49:09.986root 11241100x8000000000000000282716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44be2ad8ad0c3cb02023-02-08 09:49:09.987root 11241100x8000000000000000282715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72835777f1a752d2023-02-08 09:49:09.987root 11241100x8000000000000000282714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab67a44663e8b8ef2023-02-08 09:49:09.987root 11241100x8000000000000000282713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c3fe62b3953f682023-02-08 09:49:09.987root 11241100x8000000000000000282712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6d2e848a4be4d92023-02-08 09:49:09.987root 11241100x8000000000000000282711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aba794a576f6cb2023-02-08 09:49:09.987root 11241100x8000000000000000282710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060bea56cc2e42e22023-02-08 09:49:09.987root 11241100x8000000000000000282709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb551c22efc82baa2023-02-08 09:49:09.987root 11241100x8000000000000000282708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea44a079864e5642023-02-08 09:49:09.987root 11241100x8000000000000000282719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca0e133d3c494fb2023-02-08 09:49:09.988root 11241100x8000000000000000282718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206d09e29344bb8d2023-02-08 09:49:09.988root 11241100x8000000000000000282717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ee7b233ab9f2292023-02-08 09:49:09.988root 11241100x8000000000000000282725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43539ed8922996c2023-02-08 09:49:09.989root 11241100x8000000000000000282724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea025f5290e146302023-02-08 09:49:09.989root 11241100x8000000000000000282723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d260a77cf1fbc282023-02-08 09:49:09.989root 11241100x8000000000000000282722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03c961330a5225f2023-02-08 09:49:09.989root 11241100x8000000000000000282721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11f44342e988e1a2023-02-08 09:49:09.989root 11241100x8000000000000000282720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c005d8ebcf6728822023-02-08 09:49:09.989root 11241100x8000000000000000282731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e9e23fdead9232023-02-08 09:49:09.990root 11241100x8000000000000000282730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809fb707684209472023-02-08 09:49:09.990root 11241100x8000000000000000282729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008386c871219d402023-02-08 09:49:09.990root 11241100x8000000000000000282728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc279adffcd8c5e2023-02-08 09:49:09.990root 11241100x8000000000000000282727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d152c00c93871a32023-02-08 09:49:09.990root 11241100x8000000000000000282726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b713eebca014a8452023-02-08 09:49:09.990root 11241100x8000000000000000282736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536231b2dd35f4952023-02-08 09:49:09.991root 11241100x8000000000000000282735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60c1e3acda2614b2023-02-08 09:49:09.991root 11241100x8000000000000000282734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d8e481aaca87d52023-02-08 09:49:09.991root 11241100x8000000000000000282733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437cd2bbdfa3781e2023-02-08 09:49:09.991root 11241100x8000000000000000282732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3107094e1d294e6f2023-02-08 09:49:09.991root 11241100x8000000000000000282743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9395ff02e93aef12023-02-08 09:49:09.992root 11241100x8000000000000000282742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cd06aa3f5aeaab2023-02-08 09:49:09.992root 11241100x8000000000000000282741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515acd5725f5d24f2023-02-08 09:49:09.992root 11241100x8000000000000000282740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a13fc6974997fb2023-02-08 09:49:09.992root 11241100x8000000000000000282739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0301a272b71642023-02-08 09:49:09.992root 11241100x8000000000000000282738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a177e6d851f100742023-02-08 09:49:09.992root 11241100x8000000000000000282737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a37de91d61d9bd52023-02-08 09:49:09.992root 11241100x8000000000000000282744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1787857150c4b82023-02-08 09:49:10.484root 11241100x8000000000000000282747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d625a3e96de84c2023-02-08 09:49:10.485root 11241100x8000000000000000282746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8056e6e155d8f31f2023-02-08 09:49:10.485root 11241100x8000000000000000282745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8d113e263605812023-02-08 09:49:10.485root 11241100x8000000000000000282750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5bfb69e22e38b02023-02-08 09:49:10.486root 11241100x8000000000000000282749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e831c71fa16505692023-02-08 09:49:10.486root 11241100x8000000000000000282748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f222f1cb249a812023-02-08 09:49:10.486root 11241100x8000000000000000282756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136f4fb825abf2f92023-02-08 09:49:10.487root 11241100x8000000000000000282755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccf887a437a728f2023-02-08 09:49:10.487root 11241100x8000000000000000282754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27473a0d968f2aef2023-02-08 09:49:10.487root 11241100x8000000000000000282753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4284bb77876ddf2023-02-08 09:49:10.487root 11241100x8000000000000000282752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5aa057c91b70c02023-02-08 09:49:10.487root 11241100x8000000000000000282751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50eda3d86d78e062023-02-08 09:49:10.487root 11241100x8000000000000000282763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac656967ca01216a2023-02-08 09:49:10.488root 11241100x8000000000000000282762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c821a28842890fa52023-02-08 09:49:10.488root 11241100x8000000000000000282761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb231f80812e456e2023-02-08 09:49:10.488root 11241100x8000000000000000282760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00035ad9ea61b72023-02-08 09:49:10.488root 11241100x8000000000000000282759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc8751e0ec3cc3f2023-02-08 09:49:10.488root 11241100x8000000000000000282758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9794fb949fd52ba32023-02-08 09:49:10.488root 11241100x8000000000000000282757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54477a36b4475a22023-02-08 09:49:10.488root 11241100x8000000000000000282766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81335cbb8b772012023-02-08 09:49:10.489root 11241100x8000000000000000282765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c4b2d09ba32112023-02-08 09:49:10.489root 11241100x8000000000000000282764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4907a4f0df5725c2023-02-08 09:49:10.489root 11241100x8000000000000000282778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e85844114dc88762023-02-08 09:49:10.490root 11241100x8000000000000000282777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0156590e6e75d112023-02-08 09:49:10.490root 11241100x8000000000000000282776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b0be08f9c1240e2023-02-08 09:49:10.490root 11241100x8000000000000000282775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe87fc8fdd1be39d2023-02-08 09:49:10.490root 11241100x8000000000000000282774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902a9f80baab61242023-02-08 09:49:10.490root 11241100x8000000000000000282773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7b3e9f3442397e2023-02-08 09:49:10.490root 11241100x8000000000000000282772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fe360b7d15887b2023-02-08 09:49:10.490root 11241100x8000000000000000282771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee0e6c72ff0a99a2023-02-08 09:49:10.490root 11241100x8000000000000000282770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec997f056043af1c2023-02-08 09:49:10.490root 11241100x8000000000000000282769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aac3b138a07a0982023-02-08 09:49:10.490root 11241100x8000000000000000282768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0089307b4ace625f2023-02-08 09:49:10.490root 11241100x8000000000000000282767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60167ef724daf4502023-02-08 09:49:10.490root 11241100x8000000000000000282784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab59e855e075eec22023-02-08 09:49:10.491root 11241100x8000000000000000282783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac0759f959923e52023-02-08 09:49:10.491root 11241100x8000000000000000282782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2415f66dfcf2c4ab2023-02-08 09:49:10.491root 11241100x8000000000000000282781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc47cca9465adf2023-02-08 09:49:10.491root 11241100x8000000000000000282780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dac0d63dd80e3c2023-02-08 09:49:10.491root 11241100x8000000000000000282779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da55f68a6186798f2023-02-08 09:49:10.491root 11241100x8000000000000000282788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7747065cd7578062023-02-08 09:49:10.492root 11241100x8000000000000000282787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ce2e05ac6a91a2023-02-08 09:49:10.492root 11241100x8000000000000000282786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe42aa018d722572023-02-08 09:49:10.492root 11241100x8000000000000000282785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5505a0ca2d65abb2023-02-08 09:49:10.492root 11241100x8000000000000000282790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d3fbd92c89d54c2023-02-08 09:49:10.493root 11241100x8000000000000000282789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9de2e19ebf95fa2023-02-08 09:49:10.493root 11241100x8000000000000000282796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60872374e28b5c412023-02-08 09:49:10.494root 11241100x8000000000000000282795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60710260d9fff8752023-02-08 09:49:10.494root 11241100x8000000000000000282794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd0b9e64fa8d9292023-02-08 09:49:10.494root 11241100x8000000000000000282793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbe3f794a0950552023-02-08 09:49:10.494root 11241100x8000000000000000282792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39895d53c7190d22023-02-08 09:49:10.494root 11241100x8000000000000000282791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009a0e2db20c34e2023-02-08 09:49:10.494root 11241100x8000000000000000282801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae351f244356e1452023-02-08 09:49:10.495root 11241100x8000000000000000282800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9aa1cc9f63becb2023-02-08 09:49:10.495root 11241100x8000000000000000282799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7327e3376325f02023-02-08 09:49:10.495root 11241100x8000000000000000282798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ac374e6c1417d32023-02-08 09:49:10.495root 11241100x8000000000000000282797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a8250b29599e8b2023-02-08 09:49:10.495root 11241100x8000000000000000282803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113b2076e1327e9e2023-02-08 09:49:10.496root 11241100x8000000000000000282802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241caba84d83ab492023-02-08 09:49:10.496root 11241100x8000000000000000282809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8143a49e4a39a9732023-02-08 09:49:10.497root 11241100x8000000000000000282808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e39b1bdf1831fd72023-02-08 09:49:10.497root 11241100x8000000000000000282807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09ada7957bd4ad02023-02-08 09:49:10.497root 11241100x8000000000000000282806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4a3fb612f8d4e52023-02-08 09:49:10.497root 11241100x8000000000000000282805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082bc2fc6422fec32023-02-08 09:49:10.497root 11241100x8000000000000000282804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634c6d8fec5bb392023-02-08 09:49:10.497root 11241100x8000000000000000282811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aed4146449eb992023-02-08 09:49:10.498root 11241100x8000000000000000282810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03b6ccc49f4d6f72023-02-08 09:49:10.498root 11241100x8000000000000000282812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e957ec93da9c63262023-02-08 09:49:10.985root 11241100x8000000000000000282819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92f8adb91d623862023-02-08 09:49:10.986root 11241100x8000000000000000282818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3cfb193d5ecd2f2023-02-08 09:49:10.986root 11241100x8000000000000000282817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddcd98f6dc9361e2023-02-08 09:49:10.986root 11241100x8000000000000000282816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d882ada0afd815e02023-02-08 09:49:10.986root 11241100x8000000000000000282815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59e04dc390f35d92023-02-08 09:49:10.986root 11241100x8000000000000000282814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611ec76d0df138ce2023-02-08 09:49:10.986root 11241100x8000000000000000282813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44eb7d9d418ecf82023-02-08 09:49:10.986root 11241100x8000000000000000282826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97872c275f2fe6bd2023-02-08 09:49:10.987root 11241100x8000000000000000282825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d73f69c183cd33d2023-02-08 09:49:10.987root 11241100x8000000000000000282824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007167b59d881f0f2023-02-08 09:49:10.987root 11241100x8000000000000000282823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961cb30ff6a7059d2023-02-08 09:49:10.987root 11241100x8000000000000000282822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c712cf3cacf4a72023-02-08 09:49:10.987root 11241100x8000000000000000282821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d087c5d3db78989b2023-02-08 09:49:10.987root 11241100x8000000000000000282820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f34f37943f91a902023-02-08 09:49:10.987root 11241100x8000000000000000282835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16901e41052e466c2023-02-08 09:49:10.988root 11241100x8000000000000000282834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba750b7401bd6c922023-02-08 09:49:10.988root 11241100x8000000000000000282833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515268d3b6acf3232023-02-08 09:49:10.988root 11241100x8000000000000000282832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf96bf5ca6262352023-02-08 09:49:10.988root 11241100x8000000000000000282831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c9244002ab1d812023-02-08 09:49:10.988root 11241100x8000000000000000282830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941158277598697f2023-02-08 09:49:10.988root 11241100x8000000000000000282829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24a852f02593462023-02-08 09:49:10.988root 11241100x8000000000000000282828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e01cdad78488472023-02-08 09:49:10.988root 11241100x8000000000000000282827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d40a6e08e241422023-02-08 09:49:10.988root 11241100x8000000000000000282843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147a193e4f6c94df2023-02-08 09:49:10.989root 11241100x8000000000000000282842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b33a4a00d286862023-02-08 09:49:10.989root 11241100x8000000000000000282841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee384ba8a851974a2023-02-08 09:49:10.989root 11241100x8000000000000000282840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1311da033afa212023-02-08 09:49:10.989root 11241100x8000000000000000282839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4a9bcebbb91f742023-02-08 09:49:10.989root 11241100x8000000000000000282838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e687d484df93d2b32023-02-08 09:49:10.989root 11241100x8000000000000000282837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c43a6beb9861652023-02-08 09:49:10.989root 11241100x8000000000000000282836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc2011209882d062023-02-08 09:49:10.989root 11241100x8000000000000000282850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef4ef5b413462e42023-02-08 09:49:10.990root 11241100x8000000000000000282849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15f7d3ef2a9bb6b2023-02-08 09:49:10.990root 11241100x8000000000000000282848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646bca12fe957e32023-02-08 09:49:10.990root 11241100x8000000000000000282847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468491d2768487892023-02-08 09:49:10.990root 11241100x8000000000000000282846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44c4584e2f197482023-02-08 09:49:10.990root 11241100x8000000000000000282845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3291f393a34dcd2023-02-08 09:49:10.990root 11241100x8000000000000000282844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cf6cf99ae3745f2023-02-08 09:49:10.990root 11241100x8000000000000000282858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf0f5e4b54852532023-02-08 09:49:10.991root 11241100x8000000000000000282857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94e9273aeadf4302023-02-08 09:49:10.991root 11241100x8000000000000000282856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d57e40f6c325b2023-02-08 09:49:10.991root 11241100x8000000000000000282855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b963e3a8a5ce0f1c2023-02-08 09:49:10.991root 11241100x8000000000000000282854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37598adf99a5d5812023-02-08 09:49:10.991root 11241100x8000000000000000282853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a97694ba9422f52023-02-08 09:49:10.991root 11241100x8000000000000000282852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0246abb52f2a25e62023-02-08 09:49:10.991root 11241100x8000000000000000282851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a36b48fbbf8f652023-02-08 09:49:10.991root 11241100x8000000000000000282859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:10.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d30ba6a1c45382023-02-08 09:49:10.992root 354300x8000000000000000282860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.190{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35486-false10.0.1.12-8000- 11241100x8000000000000000282861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7334e444f4f02732023-02-08 09:49:11.485root 11241100x8000000000000000282872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac896b56671367aa2023-02-08 09:49:11.486root 11241100x8000000000000000282871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efa746797828d0d2023-02-08 09:49:11.486root 11241100x8000000000000000282870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bcba86bd5cbd2d2023-02-08 09:49:11.486root 11241100x8000000000000000282869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f12131df29d4de2023-02-08 09:49:11.486root 11241100x8000000000000000282868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8320e990a2475ff2023-02-08 09:49:11.486root 11241100x8000000000000000282867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ae3b396ff2137e2023-02-08 09:49:11.486root 11241100x8000000000000000282866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fff9ddb98538642023-02-08 09:49:11.486root 11241100x8000000000000000282865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9160c7294e495fe32023-02-08 09:49:11.486root 11241100x8000000000000000282864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b9a84df2d2e2f2023-02-08 09:49:11.486root 11241100x8000000000000000282863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd166890b599e0e22023-02-08 09:49:11.486root 11241100x8000000000000000282862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d665fd671c86f8202023-02-08 09:49:11.486root 11241100x8000000000000000282886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac14939ff0bd483c2023-02-08 09:49:11.487root 11241100x8000000000000000282885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156154fa779bc14c2023-02-08 09:49:11.487root 11241100x8000000000000000282884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23692bc0f1f6502023-02-08 09:49:11.487root 11241100x8000000000000000282883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43b3e2b2522d462023-02-08 09:49:11.487root 11241100x8000000000000000282882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b4dc32589dac232023-02-08 09:49:11.487root 11241100x8000000000000000282881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa226381082c4fb72023-02-08 09:49:11.487root 11241100x8000000000000000282880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5ad4d8440089782023-02-08 09:49:11.487root 11241100x8000000000000000282879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00be0123cb216cc12023-02-08 09:49:11.487root 11241100x8000000000000000282878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f35d6c83f0adf2023-02-08 09:49:11.487root 11241100x8000000000000000282877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f133a0feb652982023-02-08 09:49:11.487root 11241100x8000000000000000282876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12afcbf5d753e1842023-02-08 09:49:11.487root 11241100x8000000000000000282875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cdacf6bec0140a2023-02-08 09:49:11.487root 11241100x8000000000000000282874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeb54c40e26d75f2023-02-08 09:49:11.487root 11241100x8000000000000000282873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9812b963e68e542023-02-08 09:49:11.487root 11241100x8000000000000000282896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fd79dca792b9d82023-02-08 09:49:11.488root 11241100x8000000000000000282895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe1a6458224ff142023-02-08 09:49:11.488root 11241100x8000000000000000282894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0428cf45f1a1c92023-02-08 09:49:11.488root 11241100x8000000000000000282893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8a202dd39f5f552023-02-08 09:49:11.488root 11241100x8000000000000000282892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1be9cc322d6d88b2023-02-08 09:49:11.488root 11241100x8000000000000000282891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a802ead937d8eaf2023-02-08 09:49:11.488root 11241100x8000000000000000282890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a940ea5f6502f2023-02-08 09:49:11.488root 11241100x8000000000000000282889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b54e977a273a1212023-02-08 09:49:11.488root 11241100x8000000000000000282888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afe4a2b9c0fa1d2023-02-08 09:49:11.488root 11241100x8000000000000000282887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4469315056f5b2f32023-02-08 09:49:11.488root 11241100x8000000000000000282906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36e65d1a26c97dc2023-02-08 09:49:11.489root 11241100x8000000000000000282905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a27cd0a7ac1b59f2023-02-08 09:49:11.489root 11241100x8000000000000000282904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab127c685e2f25e2023-02-08 09:49:11.489root 11241100x8000000000000000282903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a670cb5129e4ba62023-02-08 09:49:11.489root 11241100x8000000000000000282902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce7cc1a2a7553072023-02-08 09:49:11.489root 11241100x8000000000000000282901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f951f8f7b9db082023-02-08 09:49:11.489root 11241100x8000000000000000282900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01483cc5ce800bd02023-02-08 09:49:11.489root 11241100x8000000000000000282899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a5a01f7836a7a92023-02-08 09:49:11.489root 11241100x8000000000000000282898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69feaad1d37d23712023-02-08 09:49:11.489root 11241100x8000000000000000282897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ca5d3d87a3c822023-02-08 09:49:11.489root 11241100x8000000000000000282909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4242f3c7f4230812023-02-08 09:49:11.490root 11241100x8000000000000000282908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a17a0fd39ede6d62023-02-08 09:49:11.490root 11241100x8000000000000000282907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778e46646a8526212023-02-08 09:49:11.490root 11241100x8000000000000000282919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b408a5c478663902023-02-08 09:49:11.986root 11241100x8000000000000000282918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4902d5a4f3c29842023-02-08 09:49:11.986root 11241100x8000000000000000282917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2ffd38d85f04032023-02-08 09:49:11.986root 11241100x8000000000000000282916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c88704df85ce3bd2023-02-08 09:49:11.986root 11241100x8000000000000000282915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d060c6c87d84d4b2023-02-08 09:49:11.986root 11241100x8000000000000000282914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7604205b01547bd12023-02-08 09:49:11.986root 11241100x8000000000000000282913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6647b762865aa592023-02-08 09:49:11.986root 11241100x8000000000000000282912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2f2b7faaaf68342023-02-08 09:49:11.986root 11241100x8000000000000000282911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25442725f040e48c2023-02-08 09:49:11.986root 11241100x8000000000000000282910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794d15db8014c8d62023-02-08 09:49:11.986root 11241100x8000000000000000282934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eec81c6f2979ac92023-02-08 09:49:11.987root 11241100x8000000000000000282933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca4b9841e92f572023-02-08 09:49:11.987root 11241100x8000000000000000282932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de609025784f4992023-02-08 09:49:11.987root 11241100x8000000000000000282931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2442b59270bb36942023-02-08 09:49:11.987root 11241100x8000000000000000282930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d063758c36b5809b2023-02-08 09:49:11.987root 11241100x8000000000000000282929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045f59ef221c8852023-02-08 09:49:11.987root 11241100x8000000000000000282928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bf743f98b838f82023-02-08 09:49:11.987root 11241100x8000000000000000282927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afd587109684a172023-02-08 09:49:11.987root 11241100x8000000000000000282926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30faaaf0360fb2b2023-02-08 09:49:11.987root 11241100x8000000000000000282925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a833eca928450c2023-02-08 09:49:11.987root 11241100x8000000000000000282924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac681e6193bf17f2023-02-08 09:49:11.987root 11241100x8000000000000000282923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481adcd9fa5d5cc32023-02-08 09:49:11.987root 11241100x8000000000000000282922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95367f3bed009bae2023-02-08 09:49:11.987root 11241100x8000000000000000282921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea045d7ae308a4a2023-02-08 09:49:11.987root 11241100x8000000000000000282920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68f3ad42e3b92a12023-02-08 09:49:11.987root 11241100x8000000000000000282942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ff0933a71667202023-02-08 09:49:11.988root 11241100x8000000000000000282941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5607f8311f9897e82023-02-08 09:49:11.988root 11241100x8000000000000000282940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b57bd02ca1a631f2023-02-08 09:49:11.988root 11241100x8000000000000000282939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a124312cd97c441c2023-02-08 09:49:11.988root 11241100x8000000000000000282938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09844bb15ddbcbe72023-02-08 09:49:11.988root 11241100x8000000000000000282937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4823763a3a083fd02023-02-08 09:49:11.988root 11241100x8000000000000000282936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1add51de4bcd87612023-02-08 09:49:11.988root 11241100x8000000000000000282935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc811c4cdd784682023-02-08 09:49:11.988root 11241100x8000000000000000282954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddddbf0d582d2ed2023-02-08 09:49:11.989root 11241100x8000000000000000282953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5501b64e0f7672982023-02-08 09:49:11.989root 11241100x8000000000000000282952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37fa9062479c8f42023-02-08 09:49:11.989root 11241100x8000000000000000282951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ae82341ad3fea2023-02-08 09:49:11.989root 11241100x8000000000000000282950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c9310832eed9bb2023-02-08 09:49:11.989root 11241100x8000000000000000282949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3963323bc98fe2023-02-08 09:49:11.989root 11241100x8000000000000000282948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cb016292a61662023-02-08 09:49:11.989root 11241100x8000000000000000282947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fda829f1e8d83f42023-02-08 09:49:11.989root 11241100x8000000000000000282946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a0961108016d3c2023-02-08 09:49:11.989root 11241100x8000000000000000282945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aedfae06274ab562023-02-08 09:49:11.989root 11241100x8000000000000000282944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373f3693c9b556c52023-02-08 09:49:11.989root 11241100x8000000000000000282943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2696045575fe8b1b2023-02-08 09:49:11.989root 11241100x8000000000000000282959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05f5308a1cf70ca2023-02-08 09:49:11.990root 11241100x8000000000000000282958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba092fffc9f8340e2023-02-08 09:49:11.990root 11241100x8000000000000000282957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef6bb56a7419f272023-02-08 09:49:11.990root 11241100x8000000000000000282956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bf866e383da0af2023-02-08 09:49:11.990root 11241100x8000000000000000282955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:11.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66798f428461a62023-02-08 09:49:11.990root 11241100x8000000000000000282960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876f918d112b9d412023-02-08 09:49:12.485root 11241100x8000000000000000282974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbacbb0551f7a6e2023-02-08 09:49:12.486root 11241100x8000000000000000282973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fead5f4e9970f72023-02-08 09:49:12.486root 11241100x8000000000000000282972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df9cec3a424ea62023-02-08 09:49:12.486root 11241100x8000000000000000282971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470c02ad658cf1262023-02-08 09:49:12.486root 11241100x8000000000000000282970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4234dc3a951fb72023-02-08 09:49:12.486root 11241100x8000000000000000282969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7255361da02a9882023-02-08 09:49:12.486root 11241100x8000000000000000282968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95cddd71e0919662023-02-08 09:49:12.486root 11241100x8000000000000000282967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2d770b083434492023-02-08 09:49:12.486root 11241100x8000000000000000282966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9731880bf3a727722023-02-08 09:49:12.486root 11241100x8000000000000000282965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef043d2d5230ef82023-02-08 09:49:12.486root 11241100x8000000000000000282964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4be250eb27b38df2023-02-08 09:49:12.486root 11241100x8000000000000000282963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58d549109ab1f082023-02-08 09:49:12.486root 11241100x8000000000000000282962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a5820ad934a4432023-02-08 09:49:12.486root 11241100x8000000000000000282961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f535e17320c946d02023-02-08 09:49:12.486root 11241100x8000000000000000282987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90c8c007afa638e2023-02-08 09:49:12.487root 11241100x8000000000000000282986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10710f322a11c8f2023-02-08 09:49:12.487root 11241100x8000000000000000282985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d71d268605e405a2023-02-08 09:49:12.487root 11241100x8000000000000000282984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7748a49012bf24602023-02-08 09:49:12.487root 11241100x8000000000000000282983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1e4662102559392023-02-08 09:49:12.487root 11241100x8000000000000000282982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5124c5f501dffeff2023-02-08 09:49:12.487root 11241100x8000000000000000282981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4bf76fc5d64f802023-02-08 09:49:12.487root 11241100x8000000000000000282980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71df042a2d6ca7fa2023-02-08 09:49:12.487root 11241100x8000000000000000282979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd15fbe486f39c82023-02-08 09:49:12.487root 11241100x8000000000000000282978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2687a9d7aa9bd7aa2023-02-08 09:49:12.487root 11241100x8000000000000000282977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad88dbc1b14af79b2023-02-08 09:49:12.487root 11241100x8000000000000000282976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163dbe79f15e13a2023-02-08 09:49:12.487root 11241100x8000000000000000282975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9d63ff0bd6cf7d2023-02-08 09:49:12.487root 11241100x8000000000000000282994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a74bddcb59fae32023-02-08 09:49:12.488root 11241100x8000000000000000282993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e6bc96b7c04fc82023-02-08 09:49:12.488root 11241100x8000000000000000282992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8772fdc96ef3b32023-02-08 09:49:12.488root 11241100x8000000000000000282991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07290ee7402c322023-02-08 09:49:12.488root 11241100x8000000000000000282990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42c65d2771ddce32023-02-08 09:49:12.488root 11241100x8000000000000000282989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25dec1c127ac4762023-02-08 09:49:12.488root 11241100x8000000000000000282988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83d3a2712e8ce032023-02-08 09:49:12.488root 11241100x8000000000000000283007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bfca36d12418292023-02-08 09:49:12.489root 11241100x8000000000000000283006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895a2929205e0bf02023-02-08 09:49:12.489root 11241100x8000000000000000283005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968da84341dc17a22023-02-08 09:49:12.489root 11241100x8000000000000000283004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c186b21ef884f52023-02-08 09:49:12.489root 11241100x8000000000000000283003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0297bd5c7e4fb92023-02-08 09:49:12.489root 11241100x8000000000000000283002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0090e39bc247aa3f2023-02-08 09:49:12.489root 11241100x8000000000000000283001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1e9e598fd65d5f2023-02-08 09:49:12.489root 11241100x8000000000000000283000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986c30d08c69b01d2023-02-08 09:49:12.489root 11241100x8000000000000000282999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2c1ae6503ed3bb2023-02-08 09:49:12.489root 11241100x8000000000000000282998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b638dfb4404bc3d72023-02-08 09:49:12.489root 11241100x8000000000000000282997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b878c1239fbcac2023-02-08 09:49:12.489root 11241100x8000000000000000282996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb0a92fc0abf612023-02-08 09:49:12.489root 11241100x8000000000000000282995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134731f15cd636ed2023-02-08 09:49:12.489root 11241100x8000000000000000283011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0695984a4c960aa2023-02-08 09:49:12.490root 11241100x8000000000000000283010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ee62c8b7752692023-02-08 09:49:12.490root 11241100x8000000000000000283009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c252fef1d2ebde332023-02-08 09:49:12.490root 11241100x8000000000000000283008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c6abee7125dc472023-02-08 09:49:12.490root 11241100x8000000000000000283017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b810316dde63cc22023-02-08 09:49:12.985root 11241100x8000000000000000283016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59ffc4dabd5ddb82023-02-08 09:49:12.985root 11241100x8000000000000000283015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb182187cd19712023-02-08 09:49:12.985root 11241100x8000000000000000283014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d20fb2efb0195e2023-02-08 09:49:12.985root 11241100x8000000000000000283013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4baf22baee8367d2023-02-08 09:49:12.985root 11241100x8000000000000000283012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369cdad504e70b062023-02-08 09:49:12.985root 11241100x8000000000000000283032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1462893876311f892023-02-08 09:49:12.986root 11241100x8000000000000000283031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c14b23d3b492a2023-02-08 09:49:12.986root 11241100x8000000000000000283030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530f42c847b35982023-02-08 09:49:12.986root 11241100x8000000000000000283029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e015bc033b3d0e2023-02-08 09:49:12.986root 11241100x8000000000000000283028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4571bf7e46bfb14d2023-02-08 09:49:12.986root 11241100x8000000000000000283027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea33deaaa8fa482023-02-08 09:49:12.986root 11241100x8000000000000000283026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246926373ff8b5ae2023-02-08 09:49:12.986root 11241100x8000000000000000283025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a94d93a17e5aa72023-02-08 09:49:12.986root 11241100x8000000000000000283024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6214bbcb733149982023-02-08 09:49:12.986root 11241100x8000000000000000283023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898143fd1c0cd182023-02-08 09:49:12.986root 11241100x8000000000000000283022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ad8618fbc4677a2023-02-08 09:49:12.986root 11241100x8000000000000000283021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c265efa12a40c0302023-02-08 09:49:12.986root 11241100x8000000000000000283020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067d6b232cccd1cd2023-02-08 09:49:12.986root 11241100x8000000000000000283019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464f054e3c1ebaba2023-02-08 09:49:12.986root 11241100x8000000000000000283018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a2947e293ceb52023-02-08 09:49:12.986root 11241100x8000000000000000283048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7224bf436c9bcd62023-02-08 09:49:12.987root 11241100x8000000000000000283047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b9024728ba35ef2023-02-08 09:49:12.987root 11241100x8000000000000000283046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c645865e7ff3162023-02-08 09:49:12.987root 11241100x8000000000000000283045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acc4930d0c86dea2023-02-08 09:49:12.987root 11241100x8000000000000000283044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a84d0028f179c82023-02-08 09:49:12.987root 11241100x8000000000000000283043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54897cc7403303742023-02-08 09:49:12.987root 11241100x8000000000000000283042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d248f28a0a4acc2023-02-08 09:49:12.987root 11241100x8000000000000000283041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07adc69cdbf0b992023-02-08 09:49:12.987root 11241100x8000000000000000283040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94aa9ffc18eb52a72023-02-08 09:49:12.987root 11241100x8000000000000000283039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2327230dd40b402023-02-08 09:49:12.987root 11241100x8000000000000000283038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12124febff02a4532023-02-08 09:49:12.987root 11241100x8000000000000000283037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6f0e8e810b8d2b2023-02-08 09:49:12.987root 11241100x8000000000000000283036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d83390869ad5d52023-02-08 09:49:12.987root 11241100x8000000000000000283035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d5381d2161daad2023-02-08 09:49:12.987root 11241100x8000000000000000283034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4350f6c9c515622023-02-08 09:49:12.987root 11241100x8000000000000000283033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc321d18495fbf762023-02-08 09:49:12.987root 11241100x8000000000000000283054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e765f5e8437239012023-02-08 09:49:12.988root 11241100x8000000000000000283053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4122d5c41319fa672023-02-08 09:49:12.988root 11241100x8000000000000000283052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c619d436365144e62023-02-08 09:49:12.988root 11241100x8000000000000000283051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cf2c0106f080122023-02-08 09:49:12.988root 11241100x8000000000000000283050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03fe6be651977d82023-02-08 09:49:12.988root 11241100x8000000000000000283049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ad1ad41c066b612023-02-08 09:49:12.988root 11241100x8000000000000000283055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8c65d7c51cb8fd2023-02-08 09:49:12.989root 11241100x8000000000000000283061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9cc081ee3998922023-02-08 09:49:12.990root 11241100x8000000000000000283060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8ef4f39bf870d02023-02-08 09:49:12.990root 11241100x8000000000000000283059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4948af3ab0158e262023-02-08 09:49:12.990root 11241100x8000000000000000283058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92d7b90b85f2f582023-02-08 09:49:12.990root 11241100x8000000000000000283057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9842f84bd812582023-02-08 09:49:12.990root 11241100x8000000000000000283056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:12.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc672545adecf3f12023-02-08 09:49:12.990root 11241100x8000000000000000283066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feed6339dcc214b82023-02-08 09:49:13.486root 11241100x8000000000000000283065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6142fd92dd7f8a3e2023-02-08 09:49:13.486root 11241100x8000000000000000283064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c1e052bab264842023-02-08 09:49:13.486root 11241100x8000000000000000283063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca3eafb75cc7c82023-02-08 09:49:13.486root 11241100x8000000000000000283062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396faeb50303d9d62023-02-08 09:49:13.486root 11241100x8000000000000000283074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd50cccdec041c832023-02-08 09:49:13.487root 11241100x8000000000000000283073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f027566f1d23bd52023-02-08 09:49:13.487root 11241100x8000000000000000283072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f2ba4462fdca092023-02-08 09:49:13.487root 11241100x8000000000000000283071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47718cbc330bb2d2023-02-08 09:49:13.487root 11241100x8000000000000000283070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f4edbe2b10bc402023-02-08 09:49:13.487root 11241100x8000000000000000283069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b61d2e523b2fd52023-02-08 09:49:13.487root 11241100x8000000000000000283068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c89029c2b1b0ab2023-02-08 09:49:13.487root 11241100x8000000000000000283067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d32444b2298d8f2023-02-08 09:49:13.487root 11241100x8000000000000000283088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f5447c563a59a32023-02-08 09:49:13.488root 11241100x8000000000000000283087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a0096493e1ebba2023-02-08 09:49:13.488root 11241100x8000000000000000283086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57378413ee024fc32023-02-08 09:49:13.488root 11241100x8000000000000000283085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84597a341a9ea50d2023-02-08 09:49:13.488root 11241100x8000000000000000283084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf2455a8f2400c52023-02-08 09:49:13.488root 11241100x8000000000000000283083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078094914b853acb2023-02-08 09:49:13.488root 11241100x8000000000000000283082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf75870d2e6cc0732023-02-08 09:49:13.488root 11241100x8000000000000000283081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5087daee7db4f81f2023-02-08 09:49:13.488root 11241100x8000000000000000283080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17595da0f07906fc2023-02-08 09:49:13.488root 11241100x8000000000000000283079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fd75e325e911e82023-02-08 09:49:13.488root 11241100x8000000000000000283078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bff832f09858f22023-02-08 09:49:13.488root 11241100x8000000000000000283077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb95dd868a9edf2023-02-08 09:49:13.488root 11241100x8000000000000000283076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76be568eb1ef5942023-02-08 09:49:13.488root 11241100x8000000000000000283075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3461ae2a6edc849a2023-02-08 09:49:13.488root 11241100x8000000000000000283101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb992f585f124902023-02-08 09:49:13.489root 11241100x8000000000000000283100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c210355f7079644c2023-02-08 09:49:13.489root 11241100x8000000000000000283099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8810c64f2f3d082023-02-08 09:49:13.489root 11241100x8000000000000000283098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819725b591fe48c52023-02-08 09:49:13.489root 11241100x8000000000000000283097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1079184dc654892023-02-08 09:49:13.489root 11241100x8000000000000000283096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292d0a6b8dc9b06f2023-02-08 09:49:13.489root 11241100x8000000000000000283095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a312fb0ed9420592023-02-08 09:49:13.489root 11241100x8000000000000000283094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b0a5e626495852023-02-08 09:49:13.489root 11241100x8000000000000000283093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e4b01db9eb56c22023-02-08 09:49:13.489root 11241100x8000000000000000283092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ae997b95ab1bb22023-02-08 09:49:13.489root 11241100x8000000000000000283091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36ffb81c26e07b22023-02-08 09:49:13.489root 11241100x8000000000000000283090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8405a2678f79c0912023-02-08 09:49:13.489root 11241100x8000000000000000283089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcf4217436ddb042023-02-08 09:49:13.489root 11241100x8000000000000000283111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a024bdbd65f64c372023-02-08 09:49:13.490root 11241100x8000000000000000283110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdefc470187c0bd2023-02-08 09:49:13.490root 11241100x8000000000000000283109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caeb6dc82ce06632023-02-08 09:49:13.490root 11241100x8000000000000000283108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5c2e4af137be572023-02-08 09:49:13.490root 11241100x8000000000000000283107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bbb44e11d6f9422023-02-08 09:49:13.490root 11241100x8000000000000000283106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1fb2b84e5bcedd2023-02-08 09:49:13.490root 11241100x8000000000000000283105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39937ba9dfc6a6de2023-02-08 09:49:13.490root 11241100x8000000000000000283104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491dd03c16a3824c2023-02-08 09:49:13.490root 11241100x8000000000000000283103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec2b3aa13da0d062023-02-08 09:49:13.490root 11241100x8000000000000000283102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08748e40c9b4e52023-02-08 09:49:13.490root 154100x8000000000000000283112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.766{ec2a0601-7019-63e3-8891-3c6ed8550000}5939/bin/lsblk-----lsblk --nodeps --noheadings --output NAME,TYPE/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash-bashubuntu 11241100x8000000000000000283113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.769{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d33648853e63e92023-02-08 09:49:13.769root 11241100x8000000000000000283121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7443c071d73ffb822023-02-08 09:49:13.770root 11241100x8000000000000000283120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aac527f95186ae2023-02-08 09:49:13.770root 11241100x8000000000000000283119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91621bdcbc48f5cc2023-02-08 09:49:13.770root 11241100x8000000000000000283118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358e1638f26e05332023-02-08 09:49:13.770root 11241100x8000000000000000283117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec186e4a0cdfb9102023-02-08 09:49:13.770root 11241100x8000000000000000283116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ac451500fe8802023-02-08 09:49:13.770root 11241100x8000000000000000283115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0761275aad4ce8422023-02-08 09:49:13.770root 11241100x8000000000000000283114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.770{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395dd8ba0b1f9be82023-02-08 09:49:13.770root 11241100x8000000000000000283128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baf8b7cad9fbe662023-02-08 09:49:13.771root 11241100x8000000000000000283127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f8767d67f4dc3c2023-02-08 09:49:13.771root 11241100x8000000000000000283126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f65eb5946573f972023-02-08 09:49:13.771root 11241100x8000000000000000283125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d857cccb5b490dbf2023-02-08 09:49:13.771root 11241100x8000000000000000283124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589657e9bae6bd222023-02-08 09:49:13.771root 534500x8000000000000000283123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-7019-63e3-8891-3c6ed8550000}5939/bin/lsblkubuntu 11241100x8000000000000000283122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.771{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98d3a54406952492023-02-08 09:49:13.771root 11241100x8000000000000000283142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c422040f951840632023-02-08 09:49:13.772root 11241100x8000000000000000283141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceae27ccfea5f4b2023-02-08 09:49:13.772root 11241100x8000000000000000283140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f09f5387dabbd502023-02-08 09:49:13.772root 11241100x8000000000000000283139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ba5327c7caf19d2023-02-08 09:49:13.772root 11241100x8000000000000000283138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157728af7296bb182023-02-08 09:49:13.772root 11241100x8000000000000000283137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aaf8291e55184c2023-02-08 09:49:13.772root 11241100x8000000000000000283136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3224050b825d4a2023-02-08 09:49:13.772root 11241100x8000000000000000283135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8185359ba8b25d692023-02-08 09:49:13.772root 11241100x8000000000000000283134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f552651d896272023-02-08 09:49:13.772root 11241100x8000000000000000283133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4573f445d0e85d2023-02-08 09:49:13.772root 11241100x8000000000000000283132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a703378400d3c0cb2023-02-08 09:49:13.772root 11241100x8000000000000000283131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1289297a89ff42522023-02-08 09:49:13.772root 11241100x8000000000000000283130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d138df3d1bffdbdd2023-02-08 09:49:13.772root 11241100x8000000000000000283129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.772{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5326e5928cc9ad4e2023-02-08 09:49:13.772root 11241100x8000000000000000283157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8e3298b981b9432023-02-08 09:49:13.773root 11241100x8000000000000000283156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a6c88d95670dd82023-02-08 09:49:13.773root 11241100x8000000000000000283155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cd7090735bb9db2023-02-08 09:49:13.773root 11241100x8000000000000000283154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4830af6e38b7f8812023-02-08 09:49:13.773root 11241100x8000000000000000283153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd3b5e36fca7952023-02-08 09:49:13.773root 11241100x8000000000000000283152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9e33ce7643379b2023-02-08 09:49:13.773root 11241100x8000000000000000283151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2021f0582965349e2023-02-08 09:49:13.773root 11241100x8000000000000000283150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b3a3a148fe1322023-02-08 09:49:13.773root 11241100x8000000000000000283149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401bad315b3444f22023-02-08 09:49:13.773root 11241100x8000000000000000283148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17bd1143127e7fc2023-02-08 09:49:13.773root 11241100x8000000000000000283147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b05179711337832023-02-08 09:49:13.773root 11241100x8000000000000000283146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75080c27dadd603e2023-02-08 09:49:13.773root 11241100x8000000000000000283145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f24eb562dc4bd02023-02-08 09:49:13.773root 11241100x8000000000000000283144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a84d41c02d7effb2023-02-08 09:49:13.773root 11241100x8000000000000000283143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.773{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654a8bab9e60bc672023-02-08 09:49:13.773root 11241100x8000000000000000283166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2d9ead564038842023-02-08 09:49:13.774root 11241100x8000000000000000283165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef383e5eca53cfca2023-02-08 09:49:13.774root 11241100x8000000000000000283164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a556cd3b2cffac2023-02-08 09:49:13.774root 11241100x8000000000000000283163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f66ac46edd13fab2023-02-08 09:49:13.774root 11241100x8000000000000000283162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1041e7a97efcb1112023-02-08 09:49:13.774root 11241100x8000000000000000283161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a785eac46353502023-02-08 09:49:13.774root 11241100x8000000000000000283160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e39c84a5b4353aa2023-02-08 09:49:13.774root 11241100x8000000000000000283159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204b819b713c3d82023-02-08 09:49:13.774root 11241100x8000000000000000283158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:13.774{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f71d71394807b12023-02-08 09:49:13.774root 11241100x8000000000000000283172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a22514527ac094f2023-02-08 09:49:14.234root 11241100x8000000000000000283171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792edba6c87640b42023-02-08 09:49:14.234root 11241100x8000000000000000283170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f35484ab69b4b72023-02-08 09:49:14.234root 11241100x8000000000000000283169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0695efa605b1f02023-02-08 09:49:14.234root 11241100x8000000000000000283168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe070b42994ee322023-02-08 09:49:14.234root 11241100x8000000000000000283167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ca7dba77cb1a22023-02-08 09:49:14.234root 11241100x8000000000000000283187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329a210ad3af63c22023-02-08 09:49:14.235root 11241100x8000000000000000283186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c319e599ca226d2023-02-08 09:49:14.235root 11241100x8000000000000000283185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59f83ddcbdd5132023-02-08 09:49:14.235root 11241100x8000000000000000283184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cae13fe7f4019c2023-02-08 09:49:14.235root 11241100x8000000000000000283183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6359402fdfcb1b2023-02-08 09:49:14.235root 11241100x8000000000000000283182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db981ca2bd98a8a22023-02-08 09:49:14.235root 11241100x8000000000000000283181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4345a77a08848bf2023-02-08 09:49:14.235root 11241100x8000000000000000283180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8013d1b9572804e2023-02-08 09:49:14.235root 11241100x8000000000000000283179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be1151adbfe6b452023-02-08 09:49:14.235root 11241100x8000000000000000283178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8699e734ab3cdb7b2023-02-08 09:49:14.235root 11241100x8000000000000000283177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001897d55cec0cc22023-02-08 09:49:14.235root 11241100x8000000000000000283176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ce8b3ed6e8127a2023-02-08 09:49:14.235root 11241100x8000000000000000283175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ab555c82fecfab2023-02-08 09:49:14.235root 11241100x8000000000000000283174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6a96099ab68bed2023-02-08 09:49:14.235root 11241100x8000000000000000283173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5525f00629d95672023-02-08 09:49:14.235root 11241100x8000000000000000283203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b9c0d16731c892023-02-08 09:49:14.236root 11241100x8000000000000000283202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e91aee934690d052023-02-08 09:49:14.236root 11241100x8000000000000000283201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2de6a962a931a512023-02-08 09:49:14.236root 11241100x8000000000000000283200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081146830ca6c27b2023-02-08 09:49:14.236root 11241100x8000000000000000283199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46fc257cdff9d752023-02-08 09:49:14.236root 11241100x8000000000000000283198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51abfb002d46cc982023-02-08 09:49:14.236root 11241100x8000000000000000283197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b48252185cf9e12023-02-08 09:49:14.236root 11241100x8000000000000000283196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71a30cd4e6649292023-02-08 09:49:14.236root 11241100x8000000000000000283195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d4e65ed60529dd2023-02-08 09:49:14.236root 11241100x8000000000000000283194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647fa5c68931577e2023-02-08 09:49:14.236root 11241100x8000000000000000283193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6239baa28c8789e82023-02-08 09:49:14.236root 11241100x8000000000000000283192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6004e3a84c91a5e2023-02-08 09:49:14.236root 11241100x8000000000000000283191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91be56597055ddd2023-02-08 09:49:14.236root 11241100x8000000000000000283190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7300fbffa78c1722023-02-08 09:49:14.236root 11241100x8000000000000000283189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb2de6c3649693e2023-02-08 09:49:14.236root 11241100x8000000000000000283188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61a98e50cae2d792023-02-08 09:49:14.236root 11241100x8000000000000000283214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15787f251b7af42023-02-08 09:49:14.237root 11241100x8000000000000000283213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857b541cda73e7862023-02-08 09:49:14.237root 11241100x8000000000000000283212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fd0e5df9096ccc2023-02-08 09:49:14.237root 11241100x8000000000000000283211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d7e552d4fc68e62023-02-08 09:49:14.237root 11241100x8000000000000000283210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dc1d6ce3a0afae2023-02-08 09:49:14.237root 11241100x8000000000000000283209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8e0c98dac9e7742023-02-08 09:49:14.237root 11241100x8000000000000000283208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c1eeca60b196152023-02-08 09:49:14.237root 11241100x8000000000000000283207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928cc480bf8a5d92023-02-08 09:49:14.237root 11241100x8000000000000000283206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f715e931cdd71c92023-02-08 09:49:14.237root 11241100x8000000000000000283205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38749582b27889ec2023-02-08 09:49:14.237root 11241100x8000000000000000283204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895bb9d0559752f12023-02-08 09:49:14.237root 11241100x8000000000000000283224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86656d7b3e1f9572023-02-08 09:49:14.238root 11241100x8000000000000000283223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45bc1f1856a257b2023-02-08 09:49:14.238root 11241100x8000000000000000283222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e758ef64bf8e7f2023-02-08 09:49:14.238root 11241100x8000000000000000283221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cfe23acb00ddf82023-02-08 09:49:14.238root 11241100x8000000000000000283220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dc78e7b3c139712023-02-08 09:49:14.238root 11241100x8000000000000000283219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef4007987327dd2023-02-08 09:49:14.238root 11241100x8000000000000000283218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be938753cd783472023-02-08 09:49:14.238root 11241100x8000000000000000283217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62602ce03284632d2023-02-08 09:49:14.238root 11241100x8000000000000000283216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2896e18e9897b2023-02-08 09:49:14.238root 11241100x8000000000000000283215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ea1d7f7a7266202023-02-08 09:49:14.238root 11241100x8000000000000000283233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef06b6c335978002023-02-08 09:49:14.239root 11241100x8000000000000000283232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d856bb8cc8c4ea182023-02-08 09:49:14.239root 11241100x8000000000000000283231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88686b0c51deb7a12023-02-08 09:49:14.239root 11241100x8000000000000000283230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519b2b09e1a357112023-02-08 09:49:14.239root 11241100x8000000000000000283229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e1cc19a581e2c2023-02-08 09:49:14.239root 11241100x8000000000000000283228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3423d314e1aa42302023-02-08 09:49:14.239root 11241100x8000000000000000283227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8249ef7ff52e82982023-02-08 09:49:14.239root 11241100x8000000000000000283226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411916af75842ab12023-02-08 09:49:14.239root 11241100x8000000000000000283225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f43faf84b7db632023-02-08 09:49:14.239root 11241100x8000000000000000283247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd6a26b9614bcaa2023-02-08 09:49:14.240root 11241100x8000000000000000283246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c62d9834a60345e2023-02-08 09:49:14.240root 11241100x8000000000000000283245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eda3499071de132023-02-08 09:49:14.240root 11241100x8000000000000000283244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82581ff1836d1d42023-02-08 09:49:14.240root 11241100x8000000000000000283243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed2f9f9c78b4d12023-02-08 09:49:14.240root 11241100x8000000000000000283242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665666894dbd864c2023-02-08 09:49:14.240root 11241100x8000000000000000283241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fa359c1290fe9f2023-02-08 09:49:14.240root 11241100x8000000000000000283240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f66d52b0f9cdad2023-02-08 09:49:14.240root 11241100x8000000000000000283239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cfdb7b753b909f2023-02-08 09:49:14.240root 11241100x8000000000000000283238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de87da07db84df452023-02-08 09:49:14.240root 11241100x8000000000000000283237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92361809fc696f22023-02-08 09:49:14.240root 11241100x8000000000000000283236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329a808984908e572023-02-08 09:49:14.240root 11241100x8000000000000000283235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d962140d6461092023-02-08 09:49:14.240root 11241100x8000000000000000283234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7bc7d595d5fdca2023-02-08 09:49:14.240root 11241100x8000000000000000283252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf85288025382c52023-02-08 09:49:14.241root 11241100x8000000000000000283251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5ddbacd8607edf2023-02-08 09:49:14.241root 11241100x8000000000000000283250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210968a317f9e7b22023-02-08 09:49:14.241root 11241100x8000000000000000283249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a76634daac4d2c12023-02-08 09:49:14.241root 11241100x8000000000000000283248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8238fb16309aedb2023-02-08 09:49:14.241root 11241100x8000000000000000283263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1923fcb7197fe00f2023-02-08 09:49:14.735root 11241100x8000000000000000283262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6408fe3a68516a3a2023-02-08 09:49:14.735root 11241100x8000000000000000283261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5cf80a3f26e7dd2023-02-08 09:49:14.735root 11241100x8000000000000000283260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59206b4e7d2e8aba2023-02-08 09:49:14.735root 11241100x8000000000000000283259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0a109be48fc0812023-02-08 09:49:14.735root 11241100x8000000000000000283258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90ea6b2254c00672023-02-08 09:49:14.735root 11241100x8000000000000000283257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23af0c3fafcedfeb2023-02-08 09:49:14.735root 11241100x8000000000000000283256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe6d792c22ca0822023-02-08 09:49:14.735root 11241100x8000000000000000283255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f41e751b0b5dbe2023-02-08 09:49:14.735root 11241100x8000000000000000283254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59254057b971ae432023-02-08 09:49:14.735root 11241100x8000000000000000283253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929b609f23613d0f2023-02-08 09:49:14.735root 11241100x8000000000000000283279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa84f2ea9597654a2023-02-08 09:49:14.736root 11241100x8000000000000000283278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38173aa0d8f4af62023-02-08 09:49:14.736root 11241100x8000000000000000283277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7dd7c26827d1d2023-02-08 09:49:14.736root 11241100x8000000000000000283276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe35e60607d81d72023-02-08 09:49:14.736root 11241100x8000000000000000283275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3216c3b08b4ea84c2023-02-08 09:49:14.736root 11241100x8000000000000000283274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5492cf12d296fd092023-02-08 09:49:14.736root 11241100x8000000000000000283273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24979bb914a2b8592023-02-08 09:49:14.736root 11241100x8000000000000000283272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c719ea8cd587ebce2023-02-08 09:49:14.736root 11241100x8000000000000000283271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266488db4e67f19e2023-02-08 09:49:14.736root 11241100x8000000000000000283270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73e9ddfe2029fa82023-02-08 09:49:14.736root 11241100x8000000000000000283269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850d118e6e03bc0d2023-02-08 09:49:14.736root 11241100x8000000000000000283268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fdd3eb706971912023-02-08 09:49:14.736root 11241100x8000000000000000283267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1abfa98c42b2e2023-02-08 09:49:14.736root 11241100x8000000000000000283266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc9170165a8a2812023-02-08 09:49:14.736root 11241100x8000000000000000283265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64616fae03d6066a2023-02-08 09:49:14.736root 11241100x8000000000000000283264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585af1486907f94c2023-02-08 09:49:14.736root 11241100x8000000000000000283293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342c48332eb313432023-02-08 09:49:14.737root 11241100x8000000000000000283292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207388893116e8c12023-02-08 09:49:14.737root 11241100x8000000000000000283291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd8618f1f07e3152023-02-08 09:49:14.737root 11241100x8000000000000000283290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c036806b200d922a2023-02-08 09:49:14.737root 11241100x8000000000000000283289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382a85e7fc2ba172023-02-08 09:49:14.737root 11241100x8000000000000000283288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff588c0ba479dcb62023-02-08 09:49:14.737root 11241100x8000000000000000283287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e04ad422eef1d02023-02-08 09:49:14.737root 11241100x8000000000000000283286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f7665de3f429852023-02-08 09:49:14.737root 11241100x8000000000000000283285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcae58cef77aadee2023-02-08 09:49:14.737root 11241100x8000000000000000283284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83dfd7345fd80b22023-02-08 09:49:14.737root 11241100x8000000000000000283283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb25aabba4829b722023-02-08 09:49:14.737root 11241100x8000000000000000283282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5b02cc93e4b5292023-02-08 09:49:14.737root 11241100x8000000000000000283281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c148999faa5a842023-02-08 09:49:14.737root 11241100x8000000000000000283280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224e8dfed874a1922023-02-08 09:49:14.737root 11241100x8000000000000000283303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa584a86c2bc98ab2023-02-08 09:49:14.738root 11241100x8000000000000000283302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7fbe5335c35d682023-02-08 09:49:14.738root 11241100x8000000000000000283301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4910c7274b195702023-02-08 09:49:14.738root 11241100x8000000000000000283300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8293c06cb3e231ce2023-02-08 09:49:14.738root 11241100x8000000000000000283299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a6a26de571b8da2023-02-08 09:49:14.738root 11241100x8000000000000000283298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c423469795997e2023-02-08 09:49:14.738root 11241100x8000000000000000283297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be78bc4c21e843ac2023-02-08 09:49:14.738root 11241100x8000000000000000283296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1eff59017981d62023-02-08 09:49:14.738root 11241100x8000000000000000283295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc069bc65f8a0cd32023-02-08 09:49:14.738root 11241100x8000000000000000283294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:14.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591eaae196e4c2b92023-02-08 09:49:14.738root 11241100x8000000000000000283306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690b8d2277e98db12023-02-08 09:49:15.234root 11241100x8000000000000000283305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7da4ee3072f3aaa2023-02-08 09:49:15.234root 11241100x8000000000000000283304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34c9dc682c5ee392023-02-08 09:49:15.234root 11241100x8000000000000000283314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da925f97b5a405102023-02-08 09:49:15.235root 11241100x8000000000000000283313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b5d342be83ce292023-02-08 09:49:15.235root 11241100x8000000000000000283312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d6113e5e15ca162023-02-08 09:49:15.235root 11241100x8000000000000000283311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3210fab04e07c22023-02-08 09:49:15.235root 11241100x8000000000000000283310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed05197c5387d02023-02-08 09:49:15.235root 11241100x8000000000000000283309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8e3797a62b9da2023-02-08 09:49:15.235root 11241100x8000000000000000283308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c13c6bc5f4e1d252023-02-08 09:49:15.235root 11241100x8000000000000000283307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaa59d0f1a67aae2023-02-08 09:49:15.235root 11241100x8000000000000000283322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339628cae0ad43c82023-02-08 09:49:15.236root 11241100x8000000000000000283321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0176f03b83bf892023-02-08 09:49:15.236root 11241100x8000000000000000283320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd280c09ca8c829f2023-02-08 09:49:15.236root 11241100x8000000000000000283319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745bf83d980112192023-02-08 09:49:15.236root 11241100x8000000000000000283318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e86d53ad101362023-02-08 09:49:15.236root 11241100x8000000000000000283317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2b665df4dedb852023-02-08 09:49:15.236root 11241100x8000000000000000283316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577ab62ba759bb1d2023-02-08 09:49:15.236root 11241100x8000000000000000283315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83f1e21d06559722023-02-08 09:49:15.236root 11241100x8000000000000000283330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db76aa4ad7761e2023-02-08 09:49:15.237root 11241100x8000000000000000283329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa45ddf13ea01c6e2023-02-08 09:49:15.237root 11241100x8000000000000000283328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35815e2f463ad9682023-02-08 09:49:15.237root 11241100x8000000000000000283327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126712a3e07ae9802023-02-08 09:49:15.237root 11241100x8000000000000000283326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2a17920dedc31f2023-02-08 09:49:15.237root 11241100x8000000000000000283325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4090e3f9a836242023-02-08 09:49:15.237root 11241100x8000000000000000283324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7338c96efec247502023-02-08 09:49:15.237root 11241100x8000000000000000283323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3dcfdde843e1d82023-02-08 09:49:15.237root 11241100x8000000000000000283334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a2027237579f02023-02-08 09:49:15.238root 11241100x8000000000000000283333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923719ed79c452112023-02-08 09:49:15.238root 11241100x8000000000000000283332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f704f4a1c23dc502023-02-08 09:49:15.238root 11241100x8000000000000000283331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc68c62d9022132023-02-08 09:49:15.238root 11241100x8000000000000000283339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b33b3fb477cd172023-02-08 09:49:15.239root 11241100x8000000000000000283338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9784e71ec4919c8d2023-02-08 09:49:15.239root 11241100x8000000000000000283337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b39c9980447f2152023-02-08 09:49:15.239root 11241100x8000000000000000283336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b78f4f44f2d532023-02-08 09:49:15.239root 11241100x8000000000000000283335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf7f23cf4a157aa2023-02-08 09:49:15.239root 11241100x8000000000000000283347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe32d5fafe12b812023-02-08 09:49:15.240root 11241100x8000000000000000283346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2c2af2493e1b52023-02-08 09:49:15.240root 11241100x8000000000000000283345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18761ff401356b0f2023-02-08 09:49:15.240root 11241100x8000000000000000283344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5d0ac33bd146542023-02-08 09:49:15.240root 11241100x8000000000000000283343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fed2a328e5cfb9f2023-02-08 09:49:15.240root 11241100x8000000000000000283342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d767f3b4d29bc12023-02-08 09:49:15.240root 11241100x8000000000000000283341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee1312e4f670e802023-02-08 09:49:15.240root 11241100x8000000000000000283340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e64d4c3c4098832023-02-08 09:49:15.240root 11241100x8000000000000000283356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118efbcf6ae12e762023-02-08 09:49:15.241root 11241100x8000000000000000283355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf416659b3913912023-02-08 09:49:15.241root 11241100x8000000000000000283354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d46643341d1e8112023-02-08 09:49:15.241root 11241100x8000000000000000283353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2981473bd9e74142023-02-08 09:49:15.241root 11241100x8000000000000000283352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88915e4175541e62023-02-08 09:49:15.241root 11241100x8000000000000000283351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8f948eecb854282023-02-08 09:49:15.241root 11241100x8000000000000000283350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dc20d9a3380f412023-02-08 09:49:15.241root 11241100x8000000000000000283349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2faf784b3e5005312023-02-08 09:49:15.241root 11241100x8000000000000000283348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84afb0f86eb17e192023-02-08 09:49:15.241root 11241100x8000000000000000283357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e656a4cc5109882023-02-08 09:49:15.734root 11241100x8000000000000000283361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b48c31e3ca61f8c2023-02-08 09:49:15.735root 11241100x8000000000000000283360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fc428e241372ee2023-02-08 09:49:15.735root 11241100x8000000000000000283359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b976973d63761a2023-02-08 09:49:15.735root 11241100x8000000000000000283358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4eeda3b2473f7c2023-02-08 09:49:15.735root 11241100x8000000000000000283365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05ad7e905f5e1702023-02-08 09:49:15.736root 11241100x8000000000000000283364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a187cf74ba3f6e2023-02-08 09:49:15.736root 11241100x8000000000000000283363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13eb78f580ede52a2023-02-08 09:49:15.736root 11241100x8000000000000000283362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80adcc38f67725242023-02-08 09:49:15.736root 11241100x8000000000000000283370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e473b2e1976c4432023-02-08 09:49:15.737root 11241100x8000000000000000283369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1024044119ade70f2023-02-08 09:49:15.737root 11241100x8000000000000000283368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c6456a306b2f132023-02-08 09:49:15.737root 11241100x8000000000000000283367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48637a53eac108d2023-02-08 09:49:15.737root 11241100x8000000000000000283366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67fb5e05c1f53762023-02-08 09:49:15.737root 11241100x8000000000000000283375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e983eda3e6ae5e92023-02-08 09:49:15.738root 11241100x8000000000000000283374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4902b85fe376d1c2023-02-08 09:49:15.738root 11241100x8000000000000000283373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7acbc386287b7142023-02-08 09:49:15.738root 11241100x8000000000000000283372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0726b510ff39d83f2023-02-08 09:49:15.738root 11241100x8000000000000000283371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78124dba0d9590e22023-02-08 09:49:15.738root 11241100x8000000000000000283381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97759362271f705f2023-02-08 09:49:15.739root 11241100x8000000000000000283380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceb27e57815b5752023-02-08 09:49:15.739root 11241100x8000000000000000283379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae9fec61ceb86ad2023-02-08 09:49:15.739root 11241100x8000000000000000283378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c0b61347a095bf2023-02-08 09:49:15.739root 11241100x8000000000000000283377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794f656e2d4b445a2023-02-08 09:49:15.739root 11241100x8000000000000000283376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57eee2290ae3d9f42023-02-08 09:49:15.739root 11241100x8000000000000000283389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9932faab34f9002023-02-08 09:49:15.740root 11241100x8000000000000000283388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ee9130512eb1cd2023-02-08 09:49:15.740root 11241100x8000000000000000283387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4593d5f244504e2023-02-08 09:49:15.740root 11241100x8000000000000000283386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da206401f35744202023-02-08 09:49:15.740root 11241100x8000000000000000283385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246e66ca7f3fa2f2023-02-08 09:49:15.740root 11241100x8000000000000000283384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7ed8ba657b660a2023-02-08 09:49:15.740root 11241100x8000000000000000283383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892b0d2e7801f9532023-02-08 09:49:15.740root 11241100x8000000000000000283382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfecb2b0691ffa22023-02-08 09:49:15.740root 11241100x8000000000000000283402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556bd9b4812a09602023-02-08 09:49:15.741root 11241100x8000000000000000283401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657e5d6509f83a072023-02-08 09:49:15.741root 11241100x8000000000000000283400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aede2c01bbf926e2023-02-08 09:49:15.741root 11241100x8000000000000000283399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757b40f8113161c62023-02-08 09:49:15.741root 11241100x8000000000000000283398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f869ed482535bccd2023-02-08 09:49:15.741root 11241100x8000000000000000283397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5a80321afc871e2023-02-08 09:49:15.741root 11241100x8000000000000000283396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782050d11f7fc8d42023-02-08 09:49:15.741root 11241100x8000000000000000283395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5756ba8ca5401602023-02-08 09:49:15.741root 11241100x8000000000000000283394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db990a9233222c5b2023-02-08 09:49:15.741root 11241100x8000000000000000283393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cdc600476147132023-02-08 09:49:15.741root 11241100x8000000000000000283392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e694937d78b8c4022023-02-08 09:49:15.741root 11241100x8000000000000000283391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7783a333f0ad00732023-02-08 09:49:15.741root 11241100x8000000000000000283390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6a35eb05ea2be92023-02-08 09:49:15.741root 11241100x8000000000000000283412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe64967109eb4462023-02-08 09:49:15.742root 11241100x8000000000000000283411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72f73a789b7aa732023-02-08 09:49:15.742root 11241100x8000000000000000283410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912747cbc1781c542023-02-08 09:49:15.742root 11241100x8000000000000000283409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197824e2182386aa2023-02-08 09:49:15.742root 11241100x8000000000000000283408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b03a18d59e84ba32023-02-08 09:49:15.742root 11241100x8000000000000000283407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5092911cc61733e2023-02-08 09:49:15.742root 11241100x8000000000000000283406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4878164e803dbc2023-02-08 09:49:15.742root 11241100x8000000000000000283405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ac1af7983e057d2023-02-08 09:49:15.742root 11241100x8000000000000000283404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b27c2d6cf30cd32023-02-08 09:49:15.742root 11241100x8000000000000000283403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11871a835bb6df0b2023-02-08 09:49:15.742root 11241100x8000000000000000283422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048b6559870ffd7f2023-02-08 09:49:15.743root 11241100x8000000000000000283421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af809686314661792023-02-08 09:49:15.743root 11241100x8000000000000000283420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5579273e0886d7a02023-02-08 09:49:15.743root 11241100x8000000000000000283419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f66fd861b6f58f2023-02-08 09:49:15.743root 11241100x8000000000000000283418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d09628c0c9224172023-02-08 09:49:15.743root 11241100x8000000000000000283417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c5ee37f70b865e2023-02-08 09:49:15.743root 11241100x8000000000000000283416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f7fa2e00a87fd2023-02-08 09:49:15.743root 11241100x8000000000000000283415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5824fc43f135c2023-02-08 09:49:15.743root 11241100x8000000000000000283414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321521196d4482372023-02-08 09:49:15.743root 11241100x8000000000000000283413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a005b02fb61ca77b2023-02-08 09:49:15.743root 11241100x8000000000000000283430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649372d491aa47ef2023-02-08 09:49:15.744root 11241100x8000000000000000283429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33eeec725018d552023-02-08 09:49:15.744root 11241100x8000000000000000283428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eab00c484afa1f2023-02-08 09:49:15.744root 11241100x8000000000000000283427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c0a7b51270fd2f2023-02-08 09:49:15.744root 11241100x8000000000000000283426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b467ed9ca52567782023-02-08 09:49:15.744root 11241100x8000000000000000283425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0cbdde3c7d7f0f2023-02-08 09:49:15.744root 11241100x8000000000000000283424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf75fd59972b71c2023-02-08 09:49:15.744root 11241100x8000000000000000283423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f796ce520fefd46b2023-02-08 09:49:15.744root 11241100x8000000000000000283436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fccdbe4e8b5a7992023-02-08 09:49:15.745root 11241100x8000000000000000283435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174f486c42ac09592023-02-08 09:49:15.745root 11241100x8000000000000000283434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32d9eb237e565712023-02-08 09:49:15.745root 11241100x8000000000000000283433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e229da4cd419b52023-02-08 09:49:15.745root 11241100x8000000000000000283432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194b2a47089102042023-02-08 09:49:15.745root 11241100x8000000000000000283431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:15.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54d27c09740d2b2023-02-08 09:49:15.745root 11241100x8000000000000000283441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e78eee2c517e1b82023-02-08 09:49:16.236root 11241100x8000000000000000283440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474c0c48a7ed212d2023-02-08 09:49:16.236root 11241100x8000000000000000283439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba866ecb59e83e92023-02-08 09:49:16.236root 11241100x8000000000000000283438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d758dc431bcdea2023-02-08 09:49:16.236root 11241100x8000000000000000283437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41161575044a57022023-02-08 09:49:16.236root 11241100x8000000000000000283448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6c4de568b7e1622023-02-08 09:49:16.237root 11241100x8000000000000000283447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d3df1e8de1e9862023-02-08 09:49:16.237root 11241100x8000000000000000283446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cba4d77911367d2023-02-08 09:49:16.237root 11241100x8000000000000000283445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366d73bc9ee8d802023-02-08 09:49:16.237root 11241100x8000000000000000283444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e40c32ed9ebf6f2023-02-08 09:49:16.237root 11241100x8000000000000000283443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2f7d6146d7a28f2023-02-08 09:49:16.237root 11241100x8000000000000000283442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8135bfb6ef14405c2023-02-08 09:49:16.237root 11241100x8000000000000000283456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1577b1e9a02d2d2023-02-08 09:49:16.238root 11241100x8000000000000000283455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76b1f5f2701c4da2023-02-08 09:49:16.238root 11241100x8000000000000000283454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fc4322d4f240d32023-02-08 09:49:16.238root 11241100x8000000000000000283453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb605fa14dc707522023-02-08 09:49:16.238root 11241100x8000000000000000283452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa36be697a9c3ae2023-02-08 09:49:16.238root 11241100x8000000000000000283451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fc0c124ce8f99d2023-02-08 09:49:16.238root 11241100x8000000000000000283450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d8de3ad5dff86d2023-02-08 09:49:16.238root 11241100x8000000000000000283449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a5eb8544435df52023-02-08 09:49:16.238root 11241100x8000000000000000283464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f84637a43527032023-02-08 09:49:16.239root 11241100x8000000000000000283463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d760519abcd0a1b2023-02-08 09:49:16.239root 11241100x8000000000000000283462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cc9793b16222862023-02-08 09:49:16.239root 11241100x8000000000000000283461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bf047f01ed7232023-02-08 09:49:16.239root 11241100x8000000000000000283460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdd78d307b24952023-02-08 09:49:16.239root 11241100x8000000000000000283459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b88342f4c398342023-02-08 09:49:16.239root 11241100x8000000000000000283458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52cdd1a9d10282cc2023-02-08 09:49:16.239root 11241100x8000000000000000283457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d80baad3e1682892023-02-08 09:49:16.239root 11241100x8000000000000000283473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f5fde72c18e052023-02-08 09:49:16.240root 11241100x8000000000000000283472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb73f44c2dffccf12023-02-08 09:49:16.240root 11241100x8000000000000000283471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc673bdf4a4eb3c2023-02-08 09:49:16.240root 11241100x8000000000000000283470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f15461ad841ac22023-02-08 09:49:16.240root 11241100x8000000000000000283469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cfc4700e4be96a2023-02-08 09:49:16.240root 11241100x8000000000000000283468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a94248dbbdc1e9a2023-02-08 09:49:16.240root 11241100x8000000000000000283467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e075da88abc1d4f62023-02-08 09:49:16.240root 11241100x8000000000000000283466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c6e027b4a16d82023-02-08 09:49:16.240root 11241100x8000000000000000283465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed76862aba9d7b392023-02-08 09:49:16.240root 11241100x8000000000000000283488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c331cfee8f652c2023-02-08 09:49:16.241root 11241100x8000000000000000283487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972835d4c426225d2023-02-08 09:49:16.241root 11241100x8000000000000000283486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c26c699c00bb3c2023-02-08 09:49:16.241root 11241100x8000000000000000283485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b4d0ec58416b02023-02-08 09:49:16.241root 11241100x8000000000000000283484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85442567823c56442023-02-08 09:49:16.241root 11241100x8000000000000000283483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39934a422d91ea722023-02-08 09:49:16.241root 11241100x8000000000000000283482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1891c3f4ae9bacf82023-02-08 09:49:16.241root 11241100x8000000000000000283481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60688ae97edbf9852023-02-08 09:49:16.241root 11241100x8000000000000000283480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af97902703ab1fe2023-02-08 09:49:16.241root 11241100x8000000000000000283479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc281e07d86c66d02023-02-08 09:49:16.241root 11241100x8000000000000000283478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f32b70fcc082742023-02-08 09:49:16.241root 11241100x8000000000000000283477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f918d19d2f18bd22023-02-08 09:49:16.241root 11241100x8000000000000000283476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d8903fb2b42f42023-02-08 09:49:16.241root 11241100x8000000000000000283475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52c59b2f28f21352023-02-08 09:49:16.241root 11241100x8000000000000000283474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca950ded67e5350c2023-02-08 09:49:16.241root 11241100x8000000000000000283504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e29f62529686c852023-02-08 09:49:16.242root 11241100x8000000000000000283503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71b000b269912e72023-02-08 09:49:16.242root 11241100x8000000000000000283502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15be3e19579255702023-02-08 09:49:16.242root 11241100x8000000000000000283501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a334f36716ef51cc2023-02-08 09:49:16.242root 11241100x8000000000000000283500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06324e379f839a952023-02-08 09:49:16.242root 11241100x8000000000000000283499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb69fdcb820ddb8b2023-02-08 09:49:16.242root 11241100x8000000000000000283498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd676111cd4564952023-02-08 09:49:16.242root 11241100x8000000000000000283497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1774b49067d9f32023-02-08 09:49:16.242root 11241100x8000000000000000283496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e946c9f2b517b02023-02-08 09:49:16.242root 11241100x8000000000000000283495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d9230b7c16b8fb2023-02-08 09:49:16.242root 11241100x8000000000000000283494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd20ca0bb26e9df2023-02-08 09:49:16.242root 11241100x8000000000000000283493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707de9192b3f0fd2023-02-08 09:49:16.242root 11241100x8000000000000000283492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94552796441caf4d2023-02-08 09:49:16.242root 11241100x8000000000000000283491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e93ec3671864dc32023-02-08 09:49:16.242root 11241100x8000000000000000283490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e08a9bc1107f32023-02-08 09:49:16.242root 11241100x8000000000000000283489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14895fb7d67e4ce42023-02-08 09:49:16.242root 11241100x8000000000000000283515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a43e26c4c8327b2023-02-08 09:49:16.243root 11241100x8000000000000000283514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195de7ad8719e2272023-02-08 09:49:16.243root 11241100x8000000000000000283513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74126860cefd72b62023-02-08 09:49:16.243root 11241100x8000000000000000283512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7000105e3c14f4d82023-02-08 09:49:16.243root 11241100x8000000000000000283511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4203bc9bc9746fb02023-02-08 09:49:16.243root 11241100x8000000000000000283510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b577fd8ac6e349102023-02-08 09:49:16.243root 11241100x8000000000000000283509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78997916c8c60d832023-02-08 09:49:16.243root 11241100x8000000000000000283508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29e143eb5ddb4c82023-02-08 09:49:16.243root 11241100x8000000000000000283507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bf78a16c6c10112023-02-08 09:49:16.243root 11241100x8000000000000000283506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e2fffc6bf634da2023-02-08 09:49:16.243root 11241100x8000000000000000283505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a57b1c60859a9d2023-02-08 09:49:16.243root 11241100x8000000000000000283523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e40d211b146d5822023-02-08 09:49:16.735root 11241100x8000000000000000283522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd42112ae1c9a7092023-02-08 09:49:16.735root 11241100x8000000000000000283521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80e52eebc1d2ec72023-02-08 09:49:16.735root 11241100x8000000000000000283520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3638222312261eab2023-02-08 09:49:16.735root 11241100x8000000000000000283519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385534b7d554d6e12023-02-08 09:49:16.735root 11241100x8000000000000000283518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eb9b4b359288022023-02-08 09:49:16.735root 11241100x8000000000000000283517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e1be946a6972022023-02-08 09:49:16.735root 11241100x8000000000000000283516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7517621f1721d2023-02-08 09:49:16.735root 11241100x8000000000000000283528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3851d8ed294f13692023-02-08 09:49:16.736root 11241100x8000000000000000283527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6e775f9356ef072023-02-08 09:49:16.736root 11241100x8000000000000000283526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5425c5dcb1329c2023-02-08 09:49:16.736root 11241100x8000000000000000283525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e127825679b5502a2023-02-08 09:49:16.736root 11241100x8000000000000000283524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a91800a8f7bf8e02023-02-08 09:49:16.736root 11241100x8000000000000000283530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec598c20ad9fcff72023-02-08 09:49:16.737root 11241100x8000000000000000283529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd6f0326826048f2023-02-08 09:49:16.737root 11241100x8000000000000000283533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98431dd4d312bf762023-02-08 09:49:16.738root 11241100x8000000000000000283532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e6e6f33dcaeb722023-02-08 09:49:16.738root 11241100x8000000000000000283531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f1993dba4ed2982023-02-08 09:49:16.738root 11241100x8000000000000000283537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ba15a5a3fef4932023-02-08 09:49:16.739root 11241100x8000000000000000283536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f04b8caad7efa602023-02-08 09:49:16.739root 11241100x8000000000000000283535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac75ae51a937d6b62023-02-08 09:49:16.739root 11241100x8000000000000000283534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec97df738ede032023-02-08 09:49:16.739root 11241100x8000000000000000283538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14616e69769222d02023-02-08 09:49:16.740root 11241100x8000000000000000283546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bfa97333ac59452023-02-08 09:49:16.742root 11241100x8000000000000000283545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9136f906c0618af2023-02-08 09:49:16.742root 11241100x8000000000000000283544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f6a4153d51defd2023-02-08 09:49:16.742root 11241100x8000000000000000283543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ec86304e26d96e2023-02-08 09:49:16.742root 11241100x8000000000000000283542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89577b00c495be4c2023-02-08 09:49:16.742root 11241100x8000000000000000283541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8a20f533d38132023-02-08 09:49:16.742root 11241100x8000000000000000283540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9da3ba75921e6cb2023-02-08 09:49:16.742root 11241100x8000000000000000283539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4846ce6afc7f86382023-02-08 09:49:16.742root 11241100x8000000000000000283561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0549576ddce56fb32023-02-08 09:49:16.743root 11241100x8000000000000000283560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e132063997622d2023-02-08 09:49:16.743root 11241100x8000000000000000283559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae2af92007f3a002023-02-08 09:49:16.743root 11241100x8000000000000000283558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de64d878d25965542023-02-08 09:49:16.743root 11241100x8000000000000000283557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c83cac286613bb2023-02-08 09:49:16.743root 11241100x8000000000000000283556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9588757315f68b232023-02-08 09:49:16.743root 11241100x8000000000000000283555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e673f9cdc7f6e2023-02-08 09:49:16.743root 11241100x8000000000000000283554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890ea51e904e86e82023-02-08 09:49:16.743root 11241100x8000000000000000283553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0848aa50140c902023-02-08 09:49:16.743root 11241100x8000000000000000283552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953490ac44e7cc912023-02-08 09:49:16.743root 11241100x8000000000000000283551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb902670f47ac8b12023-02-08 09:49:16.743root 11241100x8000000000000000283550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dfefd0ab50ca392023-02-08 09:49:16.743root 11241100x8000000000000000283549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd49ec37d246c2192023-02-08 09:49:16.743root 11241100x8000000000000000283548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74db331c00ade4c82023-02-08 09:49:16.743root 11241100x8000000000000000283547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c20bce277166a072023-02-08 09:49:16.743root 11241100x8000000000000000283577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0a5ae3a8adb5882023-02-08 09:49:16.744root 11241100x8000000000000000283576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378b59aa8f7173902023-02-08 09:49:16.744root 11241100x8000000000000000283575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c838097e964dfb2023-02-08 09:49:16.744root 11241100x8000000000000000283574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f745e2c573d2f12023-02-08 09:49:16.744root 11241100x8000000000000000283573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34b743e97db0e082023-02-08 09:49:16.744root 11241100x8000000000000000283572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2315c587ca44198f2023-02-08 09:49:16.744root 11241100x8000000000000000283571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684cc8ade3192fc02023-02-08 09:49:16.744root 11241100x8000000000000000283570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4006e92b0a0bac472023-02-08 09:49:16.744root 11241100x8000000000000000283569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed1ca2f3dd5609a2023-02-08 09:49:16.744root 11241100x8000000000000000283568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4922349c1e4389b32023-02-08 09:49:16.744root 11241100x8000000000000000283567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73cc9ba4c7f99392023-02-08 09:49:16.744root 11241100x8000000000000000283566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fab4a172472b9872023-02-08 09:49:16.744root 11241100x8000000000000000283565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f895eaef950627c2023-02-08 09:49:16.744root 11241100x8000000000000000283564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4c0bb04313e6e72023-02-08 09:49:16.744root 11241100x8000000000000000283563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389989bdf0a0d1a22023-02-08 09:49:16.744root 11241100x8000000000000000283562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe9fa8466a886f2023-02-08 09:49:16.744root 11241100x8000000000000000283589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b9e1db17977e342023-02-08 09:49:16.745root 11241100x8000000000000000283588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4207f15b6a90596c2023-02-08 09:49:16.745root 11241100x8000000000000000283587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7481a54e50be3bcf2023-02-08 09:49:16.745root 11241100x8000000000000000283586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785abba8267178372023-02-08 09:49:16.745root 11241100x8000000000000000283585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd5786e0a1ee3ae2023-02-08 09:49:16.745root 11241100x8000000000000000283584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9239a526d17338af2023-02-08 09:49:16.745root 11241100x8000000000000000283583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85294f26aaafe95c2023-02-08 09:49:16.745root 11241100x8000000000000000283582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a1eca5fc6753602023-02-08 09:49:16.745root 11241100x8000000000000000283581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d151bb4761c954992023-02-08 09:49:16.745root 11241100x8000000000000000283580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100ec8dc8d5e9e612023-02-08 09:49:16.745root 11241100x8000000000000000283579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9736be51ae8e253a2023-02-08 09:49:16.745root 11241100x8000000000000000283578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:16.745{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdd388c21233b062023-02-08 09:49:16.745root 354300x8000000000000000283590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.002{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35498-false10.0.1.12-8000- 11241100x8000000000000000283598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe8be2b87f877db2023-02-08 09:49:17.003root 11241100x8000000000000000283597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86bc25023a47ed02023-02-08 09:49:17.003root 11241100x8000000000000000283596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb8e1166516d6e42023-02-08 09:49:17.003root 11241100x8000000000000000283595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0b1ada42c0f6a72023-02-08 09:49:17.003root 11241100x8000000000000000283594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeeb1128e1626152023-02-08 09:49:17.003root 11241100x8000000000000000283593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f860615ed01e48902023-02-08 09:49:17.003root 11241100x8000000000000000283592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d00ca77a2eda1c12023-02-08 09:49:17.003root 11241100x8000000000000000283591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5bf4fef09381a2023-02-08 09:49:17.003root 11241100x8000000000000000283608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b13b306fb857322023-02-08 09:49:17.004root 11241100x8000000000000000283607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9b4ca8f16c99402023-02-08 09:49:17.004root 11241100x8000000000000000283606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eb2601f6ba78972023-02-08 09:49:17.004root 11241100x8000000000000000283605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b59d816fd3c4f92023-02-08 09:49:17.004root 11241100x8000000000000000283604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473d681e81a782ec2023-02-08 09:49:17.004root 11241100x8000000000000000283603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6707ecbddb46325f2023-02-08 09:49:17.004root 11241100x8000000000000000283602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b6fb70f8ed1d252023-02-08 09:49:17.004root 11241100x8000000000000000283601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcbb5703a5dbfe22023-02-08 09:49:17.004root 11241100x8000000000000000283600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22002a07d56b8b52023-02-08 09:49:17.004root 11241100x8000000000000000283599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d136a229d3b69c82023-02-08 09:49:17.004root 11241100x8000000000000000283618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3774f127282d3442023-02-08 09:49:17.005root 11241100x8000000000000000283617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd88714d06f10132023-02-08 09:49:17.005root 11241100x8000000000000000283616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc350fea69963f62023-02-08 09:49:17.005root 11241100x8000000000000000283615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffa3e85936f2d722023-02-08 09:49:17.005root 11241100x8000000000000000283614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae49caa42d671712023-02-08 09:49:17.005root 11241100x8000000000000000283613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd299e7d85d0602023-02-08 09:49:17.005root 11241100x8000000000000000283612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e62101894acc272023-02-08 09:49:17.005root 11241100x8000000000000000283611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6774ebf23f55d82023-02-08 09:49:17.005root 11241100x8000000000000000283610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58daacd7ad54b3ba2023-02-08 09:49:17.005root 11241100x8000000000000000283609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8661aa320ad1d22023-02-08 09:49:17.005root 11241100x8000000000000000283621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f82e2fcd9754b7c2023-02-08 09:49:17.006root 11241100x8000000000000000283620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870f0359baf66a462023-02-08 09:49:17.006root 11241100x8000000000000000283619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaffc41d6932e4f2023-02-08 09:49:17.006root 11241100x8000000000000000283628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aba2705f427a3ad2023-02-08 09:49:17.007root 11241100x8000000000000000283627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1564bb66f2eb423a2023-02-08 09:49:17.007root 11241100x8000000000000000283626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799c81537f2b89e82023-02-08 09:49:17.007root 11241100x8000000000000000283625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18b30bfc18e46cf2023-02-08 09:49:17.007root 11241100x8000000000000000283624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69c32c170bf3f542023-02-08 09:49:17.007root 11241100x8000000000000000283623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec700497056ea97e2023-02-08 09:49:17.007root 11241100x8000000000000000283622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaeda507d4989cdb2023-02-08 09:49:17.007root 11241100x8000000000000000283636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbd03ff8a538e642023-02-08 09:49:17.008root 11241100x8000000000000000283635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc47794054086252023-02-08 09:49:17.008root 11241100x8000000000000000283634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0804e8a345f14a6b2023-02-08 09:49:17.008root 11241100x8000000000000000283633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba66e663d0cbc252023-02-08 09:49:17.008root 11241100x8000000000000000283632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4be874f3f8fc9352023-02-08 09:49:17.008root 11241100x8000000000000000283631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefff9d924d17c402023-02-08 09:49:17.008root 11241100x8000000000000000283630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949a7bd91744d3f2023-02-08 09:49:17.008root 11241100x8000000000000000283629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f401fc8df62f232023-02-08 09:49:17.008root 11241100x8000000000000000283642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef31b14785afd262023-02-08 09:49:17.009root 11241100x8000000000000000283641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625049a86a6889f52023-02-08 09:49:17.009root 11241100x8000000000000000283640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cfce8c309ec34c2023-02-08 09:49:17.009root 11241100x8000000000000000283639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c69d4365747c5872023-02-08 09:49:17.009root 11241100x8000000000000000283638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b0850895bc62492023-02-08 09:49:17.009root 11241100x8000000000000000283637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5dbddb850f1662023-02-08 09:49:17.009root 11241100x8000000000000000283647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70f1dbd6dc742e2023-02-08 09:49:17.010root 11241100x8000000000000000283646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d09af0ca16c8142023-02-08 09:49:17.010root 11241100x8000000000000000283645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cccdfd1ad14c8002023-02-08 09:49:17.010root 11241100x8000000000000000283644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00064dc00c824a5f2023-02-08 09:49:17.010root 11241100x8000000000000000283643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c53846bcff3fce2023-02-08 09:49:17.010root 11241100x8000000000000000283653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59137d4914074b52023-02-08 09:49:17.011root 11241100x8000000000000000283652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a8c8409f3d4dd72023-02-08 09:49:17.011root 11241100x8000000000000000283651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fab239901c227a2023-02-08 09:49:17.011root 11241100x8000000000000000283650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120b133cdec71322023-02-08 09:49:17.011root 11241100x8000000000000000283649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72571f6fa910d6e92023-02-08 09:49:17.011root 11241100x8000000000000000283648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00642cb4e1b4912023-02-08 09:49:17.011root 11241100x8000000000000000283659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2276564d3471697a2023-02-08 09:49:17.012root 11241100x8000000000000000283658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60245f2689ac8c6c2023-02-08 09:49:17.012root 11241100x8000000000000000283657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a055d1191e9a0972023-02-08 09:49:17.012root 11241100x8000000000000000283656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424735e07a8380ff2023-02-08 09:49:17.012root 11241100x8000000000000000283655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca6107b07fe21f2023-02-08 09:49:17.012root 11241100x8000000000000000283654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25a99d5bd6a3b442023-02-08 09:49:17.012root 11241100x8000000000000000283664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b9911183435bfd2023-02-08 09:49:17.013root 11241100x8000000000000000283663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c00856efac44e022023-02-08 09:49:17.013root 11241100x8000000000000000283662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae0e62fbd7b6a622023-02-08 09:49:17.013root 11241100x8000000000000000283661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954078bdc6486dac2023-02-08 09:49:17.013root 11241100x8000000000000000283660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6f5ac75f84c9f92023-02-08 09:49:17.013root 11241100x8000000000000000283669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.014{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86409a508f4105ea2023-02-08 09:49:17.014root 11241100x8000000000000000283668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.014{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cb90b4c31322612023-02-08 09:49:17.014root 11241100x8000000000000000283667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.014{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c51aa7ee8e66c632023-02-08 09:49:17.014root 11241100x8000000000000000283666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.014{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b608da2d854d15732023-02-08 09:49:17.014root 11241100x8000000000000000283665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.014{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c80e3b890799cd2023-02-08 09:49:17.014root 11241100x8000000000000000283676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc3fc85664b9b42023-02-08 09:49:17.015root 11241100x8000000000000000283675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089d028e5e18046c2023-02-08 09:49:17.015root 11241100x8000000000000000283674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078360472eec7a432023-02-08 09:49:17.015root 11241100x8000000000000000283673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab9fa5bedaa6f2a2023-02-08 09:49:17.015root 11241100x8000000000000000283672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daca221b2e053d852023-02-08 09:49:17.015root 11241100x8000000000000000283671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c73cfded5787fd02023-02-08 09:49:17.015root 11241100x8000000000000000283670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.015{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c06db8e2ae04bc2023-02-08 09:49:17.015root 11241100x8000000000000000283682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a31744fe99742e52023-02-08 09:49:17.016root 11241100x8000000000000000283681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ecc058f8032c5b2023-02-08 09:49:17.016root 11241100x8000000000000000283680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfa2c5d2fe98cb32023-02-08 09:49:17.016root 11241100x8000000000000000283679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295da7fcbb5367862023-02-08 09:49:17.016root 11241100x8000000000000000283678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a195d15200e692762023-02-08 09:49:17.016root 11241100x8000000000000000283677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.016{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e64c40f9851935e2023-02-08 09:49:17.016root 11241100x8000000000000000283688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d360b5ac1fa3d4f32023-02-08 09:49:17.017root 11241100x8000000000000000283687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b06ae6548d5b492023-02-08 09:49:17.017root 11241100x8000000000000000283686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8dc8dc2102df882023-02-08 09:49:17.017root 11241100x8000000000000000283685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36aea09f798401f02023-02-08 09:49:17.017root 11241100x8000000000000000283684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe3e00635a10252023-02-08 09:49:17.017root 11241100x8000000000000000283683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.017{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f145016fc3994d2c2023-02-08 09:49:17.017root 11241100x8000000000000000283700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b2bbdf064f8412023-02-08 09:49:17.018root 11241100x8000000000000000283699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aae89aea33985d02023-02-08 09:49:17.018root 11241100x8000000000000000283698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97695842ec4a920a2023-02-08 09:49:17.018root 11241100x8000000000000000283697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31095bb0fb3435fe2023-02-08 09:49:17.018root 11241100x8000000000000000283696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928e638a0a1f1bff2023-02-08 09:49:17.018root 11241100x8000000000000000283695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da7459b1aa1de32023-02-08 09:49:17.018root 11241100x8000000000000000283694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb84a1412977e4842023-02-08 09:49:17.018root 11241100x8000000000000000283693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3e9a3f021c6312023-02-08 09:49:17.018root 11241100x8000000000000000283692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5f484aca62f1a92023-02-08 09:49:17.018root 11241100x8000000000000000283691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7a78046c5c02f02023-02-08 09:49:17.018root 11241100x8000000000000000283690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15557a5823aa5502023-02-08 09:49:17.018root 11241100x8000000000000000283689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.018{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ddc22b5fdf068c2023-02-08 09:49:17.018root 11241100x8000000000000000283702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.019{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde74a1e16f1bfff2023-02-08 09:49:17.019root 11241100x8000000000000000283701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.019{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aec9dc84331fd62023-02-08 09:49:17.019root 11241100x8000000000000000283710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a520c2ac927f6a4b2023-02-08 09:49:17.020root 11241100x8000000000000000283709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02577a1d42e13aab2023-02-08 09:49:17.020root 11241100x8000000000000000283708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024e37f16062fd7e2023-02-08 09:49:17.020root 11241100x8000000000000000283707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4dec7eb4d7fc082023-02-08 09:49:17.020root 11241100x8000000000000000283706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a624e208d02eb1632023-02-08 09:49:17.020root 11241100x8000000000000000283705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d45fd71951696462023-02-08 09:49:17.020root 11241100x8000000000000000283704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210c31b3121337a42023-02-08 09:49:17.020root 11241100x8000000000000000283703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.020{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb7d95b4e013862023-02-08 09:49:17.020root 11241100x8000000000000000283718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64582a4d272ebaa2023-02-08 09:49:17.021root 11241100x8000000000000000283717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633895b9f8bea9142023-02-08 09:49:17.021root 11241100x8000000000000000283716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1a9055ee858b012023-02-08 09:49:17.021root 11241100x8000000000000000283715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495c99dd55635c7b2023-02-08 09:49:17.021root 11241100x8000000000000000283714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7428845f41b6730e2023-02-08 09:49:17.021root 11241100x8000000000000000283713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638fdf814b9d7ad2023-02-08 09:49:17.021root 11241100x8000000000000000283712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2d37ee3d064cf12023-02-08 09:49:17.021root 11241100x8000000000000000283711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.021{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a626849ef71cd222023-02-08 09:49:17.021root 11241100x8000000000000000283728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2703d81eccdb90b32023-02-08 09:49:17.022root 11241100x8000000000000000283727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f955dfc5f61c1c052023-02-08 09:49:17.022root 11241100x8000000000000000283726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db230c6f5d80995c2023-02-08 09:49:17.022root 11241100x8000000000000000283725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecf77f586286ac42023-02-08 09:49:17.022root 11241100x8000000000000000283724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835b80e971715542023-02-08 09:49:17.022root 11241100x8000000000000000283723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a328d77f5afd10992023-02-08 09:49:17.022root 11241100x8000000000000000283722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1f94532893f5ec2023-02-08 09:49:17.022root 11241100x8000000000000000283721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15873ec032698312023-02-08 09:49:17.022root 11241100x8000000000000000283720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82a0454f6527b322023-02-08 09:49:17.022root 11241100x8000000000000000283719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.022{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c65fcfc140da682023-02-08 09:49:17.022root 11241100x8000000000000000283738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4654d53b0b42329f2023-02-08 09:49:17.023root 11241100x8000000000000000283737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dddfda2ce713fce2023-02-08 09:49:17.023root 11241100x8000000000000000283736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bd98c008b7b03b2023-02-08 09:49:17.023root 11241100x8000000000000000283735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efb866385ec28d72023-02-08 09:49:17.023root 11241100x8000000000000000283734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0103fd7eb09071112023-02-08 09:49:17.023root 11241100x8000000000000000283733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd388b2cee9daf6c2023-02-08 09:49:17.023root 11241100x8000000000000000283732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ece81f28ba4340b2023-02-08 09:49:17.023root 11241100x8000000000000000283731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc1819a52c418d02023-02-08 09:49:17.023root 11241100x8000000000000000283730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80893513daab1f292023-02-08 09:49:17.023root 11241100x8000000000000000283729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.023{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6be71ea53c19f2023-02-08 09:49:17.023root 11241100x8000000000000000283748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb8da8d0f4571ab2023-02-08 09:49:17.024root 11241100x8000000000000000283747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4182cea685a460b02023-02-08 09:49:17.024root 11241100x8000000000000000283746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f124a7b169d6cd182023-02-08 09:49:17.024root 11241100x8000000000000000283745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d85ec046d4a7e2e2023-02-08 09:49:17.024root 11241100x8000000000000000283744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ff334c938715682023-02-08 09:49:17.024root 11241100x8000000000000000283743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c59888019eb9b82023-02-08 09:49:17.024root 11241100x8000000000000000283742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1462235871afea792023-02-08 09:49:17.024root 11241100x8000000000000000283741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a548213616071e402023-02-08 09:49:17.024root 11241100x8000000000000000283740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f84b548d36a90752023-02-08 09:49:17.024root 11241100x8000000000000000283739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.024{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70929d834f1f65342023-02-08 09:49:17.024root 11241100x8000000000000000283756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b389ce4b19b5d0222023-02-08 09:49:17.025root 11241100x8000000000000000283755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4bd39c57d686312023-02-08 09:49:17.025root 11241100x8000000000000000283754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52fcdc54e7174a22023-02-08 09:49:17.025root 11241100x8000000000000000283753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddfaf7cc09f111a2023-02-08 09:49:17.025root 11241100x8000000000000000283752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e48373caae888022023-02-08 09:49:17.025root 11241100x8000000000000000283751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c5600ddb0754b2023-02-08 09:49:17.025root 11241100x8000000000000000283750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bceea7bfb7b0fd2023-02-08 09:49:17.025root 11241100x8000000000000000283749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.025{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61d18a3ae5c9682023-02-08 09:49:17.025root 11241100x8000000000000000283762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b889b44af383c2023-02-08 09:49:17.026root 11241100x8000000000000000283761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb7df12781ad30c2023-02-08 09:49:17.026root 11241100x8000000000000000283760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3051350d1b8c42722023-02-08 09:49:17.026root 11241100x8000000000000000283759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345308c5f93d07492023-02-08 09:49:17.026root 11241100x8000000000000000283758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dd6e46f8bb51262023-02-08 09:49:17.026root 11241100x8000000000000000283757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.026{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958ab0efb0f7c6f02023-02-08 09:49:17.026root 11241100x8000000000000000283763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38db3f9a9977332d2023-02-08 09:49:17.485root 11241100x8000000000000000283768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e888d0381495136c2023-02-08 09:49:17.486root 11241100x8000000000000000283767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bdd070690540e92023-02-08 09:49:17.486root 11241100x8000000000000000283766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484bb83b7c853322023-02-08 09:49:17.486root 11241100x8000000000000000283765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a67af3957e513b2023-02-08 09:49:17.486root 11241100x8000000000000000283764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94d6c4dcaf06afd2023-02-08 09:49:17.486root 11241100x8000000000000000283771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48d16fde16f55432023-02-08 09:49:17.487root 11241100x8000000000000000283770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86025295c33c512023-02-08 09:49:17.487root 11241100x8000000000000000283769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e08a62a991bddc2023-02-08 09:49:17.487root 11241100x8000000000000000283776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8522f5abf05525e2023-02-08 09:49:17.488root 11241100x8000000000000000283775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bce87d35dc4bf82023-02-08 09:49:17.488root 11241100x8000000000000000283774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc0dc3cff540b242023-02-08 09:49:17.488root 11241100x8000000000000000283773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39eaf3303acc95572023-02-08 09:49:17.488root 11241100x8000000000000000283772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8b0ee421a4b122023-02-08 09:49:17.488root 11241100x8000000000000000283781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0016de217e7aa7d02023-02-08 09:49:17.489root 11241100x8000000000000000283780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad1e795faa9e22a2023-02-08 09:49:17.489root 11241100x8000000000000000283779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf05e8e464b796d2023-02-08 09:49:17.489root 11241100x8000000000000000283778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea2588667d247372023-02-08 09:49:17.489root 11241100x8000000000000000283777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ecc4fb8958fff32023-02-08 09:49:17.489root 11241100x8000000000000000283786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75638371072ea512023-02-08 09:49:17.490root 11241100x8000000000000000283785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b0f6741a21d14b2023-02-08 09:49:17.490root 11241100x8000000000000000283784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda41e8a4072ab6c2023-02-08 09:49:17.490root 11241100x8000000000000000283783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c424e7562f98fe8a2023-02-08 09:49:17.490root 11241100x8000000000000000283782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9debb027111e98be2023-02-08 09:49:17.490root 11241100x8000000000000000283792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d693d0b2ecef32023-02-08 09:49:17.491root 11241100x8000000000000000283791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d70498b474c4f2023-02-08 09:49:17.491root 11241100x8000000000000000283790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8cf6d2b0bd58552023-02-08 09:49:17.491root 11241100x8000000000000000283789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f7836b97cb7d0e2023-02-08 09:49:17.491root 11241100x8000000000000000283788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b49371f2513da42023-02-08 09:49:17.491root 11241100x8000000000000000283787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b9a197111e6f172023-02-08 09:49:17.491root 11241100x8000000000000000283797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3050da13dcf3522023-02-08 09:49:17.492root 11241100x8000000000000000283796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47a100a0ccf7fa2023-02-08 09:49:17.492root 11241100x8000000000000000283795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c90b65f86341a22023-02-08 09:49:17.492root 11241100x8000000000000000283794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380bd776924d52672023-02-08 09:49:17.492root 11241100x8000000000000000283793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004a695451674b682023-02-08 09:49:17.492root 11241100x8000000000000000283806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663da6144f5e56582023-02-08 09:49:17.493root 11241100x8000000000000000283805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c262278b8c3c3c152023-02-08 09:49:17.493root 11241100x8000000000000000283804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11371bd2441097d72023-02-08 09:49:17.493root 11241100x8000000000000000283803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cb037a84aa5ac02023-02-08 09:49:17.493root 11241100x8000000000000000283802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2b4cbb652f8be2023-02-08 09:49:17.493root 11241100x8000000000000000283801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6a1169a44135ed2023-02-08 09:49:17.493root 11241100x8000000000000000283800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10cd207625135c2023-02-08 09:49:17.493root 11241100x8000000000000000283799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d93df15b4c02b92023-02-08 09:49:17.493root 11241100x8000000000000000283798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fe315fd6d4499b2023-02-08 09:49:17.493root 11241100x8000000000000000283815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19b504c995cceca2023-02-08 09:49:17.494root 11241100x8000000000000000283814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b46a0099e4c2c2023-02-08 09:49:17.494root 11241100x8000000000000000283813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440015e817d64e0a2023-02-08 09:49:17.494root 11241100x8000000000000000283812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98fb6ce1d2e9f9a2023-02-08 09:49:17.494root 11241100x8000000000000000283811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28c3ffdfdcc4f172023-02-08 09:49:17.494root 11241100x8000000000000000283810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2d03c8a940b6762023-02-08 09:49:17.494root 11241100x8000000000000000283809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f995a038c86de3a92023-02-08 09:49:17.494root 11241100x8000000000000000283808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d5bf1510a625a2023-02-08 09:49:17.494root 11241100x8000000000000000283807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7fceffae964f0f2023-02-08 09:49:17.494root 11241100x8000000000000000283823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143411160a46b0bc2023-02-08 09:49:17.495root 11241100x8000000000000000283822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c06f5102c061f5f2023-02-08 09:49:17.495root 11241100x8000000000000000283821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fec5f4afc0a08a2023-02-08 09:49:17.495root 11241100x8000000000000000283820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69d624bebd968a62023-02-08 09:49:17.495root 11241100x8000000000000000283819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72696fcad5997b112023-02-08 09:49:17.495root 11241100x8000000000000000283818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316c54041d5beab92023-02-08 09:49:17.495root 11241100x8000000000000000283817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e0ca6b212999fb2023-02-08 09:49:17.495root 11241100x8000000000000000283816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad89d2356ee03ab2023-02-08 09:49:17.495root 11241100x8000000000000000283831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea4f98432de16bc2023-02-08 09:49:17.496root 11241100x8000000000000000283830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172804c0bd0fc49c2023-02-08 09:49:17.496root 11241100x8000000000000000283829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e46abb173527ae2023-02-08 09:49:17.496root 11241100x8000000000000000283828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6ecabc32e0a3032023-02-08 09:49:17.496root 11241100x8000000000000000283827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311b9aa6feb9e59a2023-02-08 09:49:17.496root 11241100x8000000000000000283826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510e902dcf95741a2023-02-08 09:49:17.496root 11241100x8000000000000000283825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7497c1725b31049a2023-02-08 09:49:17.496root 11241100x8000000000000000283824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd9de3ed1c6f9572023-02-08 09:49:17.496root 11241100x8000000000000000283840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4132b02bdde4a62023-02-08 09:49:17.497root 11241100x8000000000000000283839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c4090a54f8a0682023-02-08 09:49:17.497root 11241100x8000000000000000283838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b416a23f1345f4112023-02-08 09:49:17.497root 11241100x8000000000000000283837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55563c72a0d15cdc2023-02-08 09:49:17.497root 11241100x8000000000000000283836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1162b69ce73e75e12023-02-08 09:49:17.497root 11241100x8000000000000000283835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccbbc6e1fbd25ed2023-02-08 09:49:17.497root 11241100x8000000000000000283834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5768843df1f2566a2023-02-08 09:49:17.497root 11241100x8000000000000000283833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe39242fed08ce2023-02-08 09:49:17.497root 11241100x8000000000000000283832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f5237b9eb34e5c2023-02-08 09:49:17.497root 11241100x8000000000000000283849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db4974e047c14542023-02-08 09:49:17.498root 11241100x8000000000000000283848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b092543dbf04342023-02-08 09:49:17.498root 11241100x8000000000000000283847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd13f7e303f823e32023-02-08 09:49:17.498root 11241100x8000000000000000283846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e4add23dfffa0d2023-02-08 09:49:17.498root 11241100x8000000000000000283845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c00f46b93a4a46b2023-02-08 09:49:17.498root 11241100x8000000000000000283844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd6472e6bf2d22e2023-02-08 09:49:17.498root 11241100x8000000000000000283843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac4aac14b58a3802023-02-08 09:49:17.498root 11241100x8000000000000000283842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe6855279712ab92023-02-08 09:49:17.498root 11241100x8000000000000000283841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aea0045a8371542023-02-08 09:49:17.498root 11241100x8000000000000000283850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051cf32b203679712023-02-08 09:49:17.499root 11241100x8000000000000000283856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de6d4993d7266c02023-02-08 09:49:17.984root 11241100x8000000000000000283855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7e2aa174b218f2023-02-08 09:49:17.984root 11241100x8000000000000000283854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805537d892e4c5572023-02-08 09:49:17.984root 11241100x8000000000000000283853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47cbbfc22f337162023-02-08 09:49:17.984root 11241100x8000000000000000283852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c9f5fa0b918de32023-02-08 09:49:17.984root 11241100x8000000000000000283851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d91489a10be9a92023-02-08 09:49:17.984root 11241100x8000000000000000283865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfc0eac5c2443e62023-02-08 09:49:17.985root 11241100x8000000000000000283864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b7c82e1b5d9522023-02-08 09:49:17.985root 11241100x8000000000000000283863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12969ee8f9170552023-02-08 09:49:17.985root 11241100x8000000000000000283862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb53a3ed440bf51b2023-02-08 09:49:17.985root 11241100x8000000000000000283861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8ddf99677e7b542023-02-08 09:49:17.985root 11241100x8000000000000000283860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4b02f731903b0c2023-02-08 09:49:17.985root 11241100x8000000000000000283859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd0d88eeebe6f62023-02-08 09:49:17.985root 11241100x8000000000000000283858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79e7f9095db129a2023-02-08 09:49:17.985root 11241100x8000000000000000283857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b001496efbfaa0472023-02-08 09:49:17.985root 11241100x8000000000000000283875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed328f0117289852023-02-08 09:49:17.986root 11241100x8000000000000000283874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4562dcdfbb08f75b2023-02-08 09:49:17.986root 11241100x8000000000000000283873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8fc161ccebb7922023-02-08 09:49:17.986root 11241100x8000000000000000283872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad6186a5daf014e2023-02-08 09:49:17.986root 11241100x8000000000000000283871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b259d75896d342023-02-08 09:49:17.986root 11241100x8000000000000000283870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc3b642f4f6d6a92023-02-08 09:49:17.986root 11241100x8000000000000000283869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca692c708bc66272023-02-08 09:49:17.986root 11241100x8000000000000000283868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dd14350aec14462023-02-08 09:49:17.986root 11241100x8000000000000000283867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676a23cfef5bf7c2023-02-08 09:49:17.986root 11241100x8000000000000000283866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5891d7e59486c72023-02-08 09:49:17.986root 11241100x8000000000000000283884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758d5ef5f78e50842023-02-08 09:49:17.987root 11241100x8000000000000000283883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de80b592b9208a82023-02-08 09:49:17.987root 11241100x8000000000000000283882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e523cf578d56f2023-02-08 09:49:17.987root 11241100x8000000000000000283881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37034b82e7c892e2023-02-08 09:49:17.987root 11241100x8000000000000000283880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082d52559a68361f2023-02-08 09:49:17.987root 11241100x8000000000000000283879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36006d5293f55c182023-02-08 09:49:17.987root 11241100x8000000000000000283878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da16e6c146376b9e2023-02-08 09:49:17.987root 11241100x8000000000000000283877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c82eac07f4226d2023-02-08 09:49:17.987root 11241100x8000000000000000283876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270cceb02c57ad482023-02-08 09:49:17.987root 11241100x8000000000000000283894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba8e8c0edc701852023-02-08 09:49:17.988root 11241100x8000000000000000283893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5e932edd834d1f2023-02-08 09:49:17.988root 11241100x8000000000000000283892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc9cfa55577217b2023-02-08 09:49:17.988root 11241100x8000000000000000283891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7662cfc4c97c45912023-02-08 09:49:17.988root 11241100x8000000000000000283890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d02657a090af062023-02-08 09:49:17.988root 11241100x8000000000000000283889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fc5ee410fdd76e2023-02-08 09:49:17.988root 11241100x8000000000000000283888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b55d2af8697f15f2023-02-08 09:49:17.988root 11241100x8000000000000000283887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeb0081f81a6bcb2023-02-08 09:49:17.988root 11241100x8000000000000000283886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03ad9b486c7ca0d2023-02-08 09:49:17.988root 11241100x8000000000000000283885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d9ea3165f59ede2023-02-08 09:49:17.988root 11241100x8000000000000000283905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955f6b54d68b8d592023-02-08 09:49:17.989root 11241100x8000000000000000283904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e3848b2bce82952023-02-08 09:49:17.989root 11241100x8000000000000000283903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d616ca6c429ef582023-02-08 09:49:17.989root 11241100x8000000000000000283902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca45e469bb425be22023-02-08 09:49:17.989root 11241100x8000000000000000283901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600926f03d3514942023-02-08 09:49:17.989root 11241100x8000000000000000283900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa32cb16f3aac52023-02-08 09:49:17.989root 11241100x8000000000000000283899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6611b67f5c99cdee2023-02-08 09:49:17.989root 11241100x8000000000000000283898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b572ddb56878aa2023-02-08 09:49:17.989root 11241100x8000000000000000283897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa381cf017583982023-02-08 09:49:17.989root 11241100x8000000000000000283896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab841ccf9535e672023-02-08 09:49:17.989root 11241100x8000000000000000283895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39104200b6c286d2023-02-08 09:49:17.989root 11241100x8000000000000000283914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7d652ac125afb82023-02-08 09:49:17.990root 11241100x8000000000000000283913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77a1b01dafbd89a2023-02-08 09:49:17.990root 11241100x8000000000000000283912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bafbbcc555efba2023-02-08 09:49:17.990root 11241100x8000000000000000283911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62d21147472be792023-02-08 09:49:17.990root 11241100x8000000000000000283910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ff52bae05590ae2023-02-08 09:49:17.990root 11241100x8000000000000000283909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43199766930598ef2023-02-08 09:49:17.990root 11241100x8000000000000000283908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20941e9d761d62f2023-02-08 09:49:17.990root 11241100x8000000000000000283907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc8a780742ea5ce2023-02-08 09:49:17.990root 11241100x8000000000000000283906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:17.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f031a346e665442023-02-08 09:49:17.990root 11241100x8000000000000000283918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3546fb38d738472023-02-08 09:49:18.484root 11241100x8000000000000000283917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f76588efc999d52023-02-08 09:49:18.484root 11241100x8000000000000000283916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8db6f328e9dc9802023-02-08 09:49:18.484root 11241100x8000000000000000283915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50457b3a69bc7b192023-02-08 09:49:18.484root 11241100x8000000000000000283922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d3749cf2eb89a32023-02-08 09:49:18.485root 11241100x8000000000000000283921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceadfb0ef5780c52023-02-08 09:49:18.485root 11241100x8000000000000000283920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc059ed17301e43a2023-02-08 09:49:18.485root 11241100x8000000000000000283919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39f64b33aea26352023-02-08 09:49:18.485root 11241100x8000000000000000283932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354fd6c186b117c2023-02-08 09:49:18.486root 11241100x8000000000000000283931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981977196d269bf32023-02-08 09:49:18.486root 11241100x8000000000000000283930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b024e731d00454972023-02-08 09:49:18.486root 11241100x8000000000000000283929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0252c9faf7ac5c302023-02-08 09:49:18.486root 11241100x8000000000000000283928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4024b6f17b16e7062023-02-08 09:49:18.486root 11241100x8000000000000000283927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2927bd98845b80842023-02-08 09:49:18.486root 11241100x8000000000000000283926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b13c69aa22607c22023-02-08 09:49:18.486root 11241100x8000000000000000283925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f9b88d62174392023-02-08 09:49:18.486root 11241100x8000000000000000283924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204ce9e0ac867a482023-02-08 09:49:18.486root 11241100x8000000000000000283923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a577405904a3ac2023-02-08 09:49:18.486root 11241100x8000000000000000283935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a961801a29b55b3b2023-02-08 09:49:18.487root 11241100x8000000000000000283934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8944244b37711a2023-02-08 09:49:18.487root 11241100x8000000000000000283933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046b1e37dd57fd842023-02-08 09:49:18.487root 11241100x8000000000000000283937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59d2446f290a6012023-02-08 09:49:18.488root 11241100x8000000000000000283936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49017fa9013d08a2023-02-08 09:49:18.488root 11241100x8000000000000000283942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6272908556020ad92023-02-08 09:49:18.489root 11241100x8000000000000000283941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e63e2cc23368fc22023-02-08 09:49:18.489root 11241100x8000000000000000283940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4577408d1a6144652023-02-08 09:49:18.489root 11241100x8000000000000000283939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6ea379d8bb22812023-02-08 09:49:18.489root 11241100x8000000000000000283938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1978f448845efcd2023-02-08 09:49:18.489root 11241100x8000000000000000283948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b6e35298532a52023-02-08 09:49:18.490root 11241100x8000000000000000283947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2947547e353a5eb2023-02-08 09:49:18.490root 11241100x8000000000000000283946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416686420c426bb72023-02-08 09:49:18.490root 11241100x8000000000000000283945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a07416686a45aee2023-02-08 09:49:18.490root 11241100x8000000000000000283944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cde2b8c59cbcc92023-02-08 09:49:18.490root 11241100x8000000000000000283943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183dc5c50b1dcb122023-02-08 09:49:18.490root 11241100x8000000000000000283949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b46343361a295f42023-02-08 09:49:18.491root 11241100x8000000000000000283950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df081ff02ff914e2023-02-08 09:49:18.492root 11241100x8000000000000000283952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f8ac0338ed3a02023-02-08 09:49:18.493root 11241100x8000000000000000283951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc78f5a32e6f9602023-02-08 09:49:18.493root 11241100x8000000000000000283955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a75ae40529b19ce2023-02-08 09:49:18.495root 11241100x8000000000000000283954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb26e3cc7db047e2023-02-08 09:49:18.495root 11241100x8000000000000000283953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ccccea1cc0b67d2023-02-08 09:49:18.495root 11241100x8000000000000000283959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb2d9fd1e9e3782023-02-08 09:49:18.496root 11241100x8000000000000000283958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e4afb17c5318da2023-02-08 09:49:18.496root 11241100x8000000000000000283957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fe36e57cca13692023-02-08 09:49:18.496root 11241100x8000000000000000283956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbffaed0784a3552023-02-08 09:49:18.496root 11241100x8000000000000000283962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e805a5d2b8e4292023-02-08 09:49:18.497root 11241100x8000000000000000283961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6973ebffc46dae72023-02-08 09:49:18.497root 11241100x8000000000000000283960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517cd8164780a3d32023-02-08 09:49:18.497root 11241100x8000000000000000283967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b251550c9b460afe2023-02-08 09:49:18.498root 11241100x8000000000000000283966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7abc8688963a3b22023-02-08 09:49:18.498root 11241100x8000000000000000283965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cf9272c05c8342023-02-08 09:49:18.498root 11241100x8000000000000000283964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65815101630c556d2023-02-08 09:49:18.498root 11241100x8000000000000000283963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c0bdeb4859c9502023-02-08 09:49:18.498root 11241100x8000000000000000283973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f323693399f60a2023-02-08 09:49:18.499root 11241100x8000000000000000283972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8b851a735ca7652023-02-08 09:49:18.499root 11241100x8000000000000000283971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b866eec2aace3c32023-02-08 09:49:18.499root 11241100x8000000000000000283970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9708dbad9487ca512023-02-08 09:49:18.499root 11241100x8000000000000000283969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3918ecee09655cfe2023-02-08 09:49:18.499root 11241100x8000000000000000283968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3939636bcbd596772023-02-08 09:49:18.499root 11241100x8000000000000000283978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec8a5200dca13a2023-02-08 09:49:18.500root 11241100x8000000000000000283977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dee6a9f08a38c72023-02-08 09:49:18.500root 11241100x8000000000000000283976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ade9152d24ab4e92023-02-08 09:49:18.500root 11241100x8000000000000000283975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6bf7c49436a2132023-02-08 09:49:18.500root 11241100x8000000000000000283974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a72819ee20c3dc2023-02-08 09:49:18.500root 11241100x8000000000000000283983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206853f60596c1752023-02-08 09:49:18.501root 11241100x8000000000000000283982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b917bec94c49902023-02-08 09:49:18.501root 11241100x8000000000000000283981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b5af8a4c5448cb2023-02-08 09:49:18.501root 11241100x8000000000000000283980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e0143cf5cf8e842023-02-08 09:49:18.501root 11241100x8000000000000000283979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc8baeb38e1d6c62023-02-08 09:49:18.501root 11241100x8000000000000000283988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff0c3a1a9cdb2dd2023-02-08 09:49:18.502root 11241100x8000000000000000283987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6ef24cb9bffa62023-02-08 09:49:18.502root 11241100x8000000000000000283986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00049c8215ff1f242023-02-08 09:49:18.502root 11241100x8000000000000000283985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a5217bd6018a932023-02-08 09:49:18.502root 11241100x8000000000000000283984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd9f14eb3b5e482023-02-08 09:49:18.502root 11241100x8000000000000000283994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5890c7613875c4ad2023-02-08 09:49:18.503root 11241100x8000000000000000283993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0ca8c6c12c778f2023-02-08 09:49:18.503root 11241100x8000000000000000283992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f350af16b8498802023-02-08 09:49:18.503root 11241100x8000000000000000283991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cbfe79406399222023-02-08 09:49:18.503root 11241100x8000000000000000283990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de840ec785d730862023-02-08 09:49:18.503root 11241100x8000000000000000283989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa81795edba7d4e72023-02-08 09:49:18.503root 11241100x8000000000000000283997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7cbebae21f5d572023-02-08 09:49:18.504root 11241100x8000000000000000283996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f3f8a0ff724e5d2023-02-08 09:49:18.504root 11241100x8000000000000000283995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9321bdcb296bb6002023-02-08 09:49:18.504root 11241100x8000000000000000284000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e14397f465fd5c2023-02-08 09:49:18.505root 11241100x8000000000000000283999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d95b4c721776ca2023-02-08 09:49:18.505root 11241100x8000000000000000283998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2339e1196bb0d57b2023-02-08 09:49:18.505root 11241100x8000000000000000284007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4206cb08b75dcd62023-02-08 09:49:18.506root 11241100x8000000000000000284006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcb7fa5af1b95252023-02-08 09:49:18.506root 11241100x8000000000000000284005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82414395716591422023-02-08 09:49:18.506root 11241100x8000000000000000284004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c079963f03a84de92023-02-08 09:49:18.506root 11241100x8000000000000000284003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91e6b9a1d1b016b2023-02-08 09:49:18.506root 11241100x8000000000000000284002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cfc84adc5dff9f2023-02-08 09:49:18.506root 11241100x8000000000000000284001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74c6af2c441ea4d2023-02-08 09:49:18.506root 11241100x8000000000000000284016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8c3a51db9b34af2023-02-08 09:49:18.507root 11241100x8000000000000000284015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0de0632f2176462023-02-08 09:49:18.507root 11241100x8000000000000000284014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8eac121981537e2023-02-08 09:49:18.507root 11241100x8000000000000000284013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1ae826591893732023-02-08 09:49:18.507root 11241100x8000000000000000284012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ecc5ff378b3b312023-02-08 09:49:18.507root 11241100x8000000000000000284011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac1662ed210cf872023-02-08 09:49:18.507root 11241100x8000000000000000284010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4337df877639272023-02-08 09:49:18.507root 11241100x8000000000000000284009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4e66ad06e1541c2023-02-08 09:49:18.507root 11241100x8000000000000000284008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e8d515efc24092023-02-08 09:49:18.507root 11241100x8000000000000000284021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b91a731ef956852023-02-08 09:49:18.508root 11241100x8000000000000000284020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662d23521c96359b2023-02-08 09:49:18.508root 11241100x8000000000000000284019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878668b8906ad8202023-02-08 09:49:18.508root 11241100x8000000000000000284018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dae139afe8ecda2023-02-08 09:49:18.508root 11241100x8000000000000000284017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.508{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c063a7a27c7ec1e2023-02-08 09:49:18.508root 11241100x8000000000000000284027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1ea5949d966e7d2023-02-08 09:49:18.509root 11241100x8000000000000000284026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c4f7d0e2b06a0e2023-02-08 09:49:18.509root 11241100x8000000000000000284025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4e8ecf63cb77e72023-02-08 09:49:18.509root 11241100x8000000000000000284024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e54b55759d6de192023-02-08 09:49:18.509root 11241100x8000000000000000284023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19c79bf27ebc16d2023-02-08 09:49:18.509root 11241100x8000000000000000284022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.509{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532f8d01ce3213892023-02-08 09:49:18.509root 11241100x8000000000000000284029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38991ede1c2cf8d62023-02-08 09:49:18.510root 11241100x8000000000000000284028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.510{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cbda13ed53eee82023-02-08 09:49:18.510root 11241100x8000000000000000284034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb18593b748dc3882023-02-08 09:49:18.511root 11241100x8000000000000000284033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af2b294d6d092662023-02-08 09:49:18.511root 11241100x8000000000000000284032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20682c1d19c6ba072023-02-08 09:49:18.511root 11241100x8000000000000000284031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2facdf2fd61b6602023-02-08 09:49:18.511root 11241100x8000000000000000284030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.511{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1296ffec949a4ce42023-02-08 09:49:18.511root 11241100x8000000000000000284038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1303a811937abad82023-02-08 09:49:18.984root 11241100x8000000000000000284037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2ce48b9ecff8b12023-02-08 09:49:18.984root 11241100x8000000000000000284036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d804ce9b338fbd2023-02-08 09:49:18.984root 11241100x8000000000000000284035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95156614973b506a2023-02-08 09:49:18.984root 11241100x8000000000000000284048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a13722fb6c1b2c32023-02-08 09:49:18.985root 11241100x8000000000000000284047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf227819b03e62362023-02-08 09:49:18.985root 11241100x8000000000000000284046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3da1594fc77a4e2023-02-08 09:49:18.985root 11241100x8000000000000000284045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc7c08d19f77a032023-02-08 09:49:18.985root 11241100x8000000000000000284044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a60c1c1fec6e0c12023-02-08 09:49:18.985root 11241100x8000000000000000284043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6754c37231437f12023-02-08 09:49:18.985root 11241100x8000000000000000284042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80ceb66419799772023-02-08 09:49:18.985root 11241100x8000000000000000284041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd1fba655052ffb2023-02-08 09:49:18.985root 11241100x8000000000000000284040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1351401a3d19ff2023-02-08 09:49:18.985root 11241100x8000000000000000284039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac9247fbff846d12023-02-08 09:49:18.985root 11241100x8000000000000000284056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683960eb83b653d92023-02-08 09:49:18.986root 11241100x8000000000000000284055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e3a151028f21c72023-02-08 09:49:18.986root 11241100x8000000000000000284054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb466b92be3cbde82023-02-08 09:49:18.986root 11241100x8000000000000000284053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccb22cc3283d1792023-02-08 09:49:18.986root 11241100x8000000000000000284052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de9c7750b7736b92023-02-08 09:49:18.986root 11241100x8000000000000000284051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028979ca872eca7c2023-02-08 09:49:18.986root 11241100x8000000000000000284050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50408e2ee8299a1e2023-02-08 09:49:18.986root 11241100x8000000000000000284049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ae711fdd46bbe82023-02-08 09:49:18.986root 11241100x8000000000000000284059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd3e2342a83981b2023-02-08 09:49:18.987root 11241100x8000000000000000284058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835befe95bd10ab72023-02-08 09:49:18.987root 11241100x8000000000000000284057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec47689e244e92392023-02-08 09:49:18.987root 11241100x8000000000000000284065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bb8158520cc6922023-02-08 09:49:18.988root 11241100x8000000000000000284064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781fb56bede67f562023-02-08 09:49:18.988root 11241100x8000000000000000284063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae855a429fbb60b2023-02-08 09:49:18.988root 11241100x8000000000000000284062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee49b7d72d53ef32023-02-08 09:49:18.988root 11241100x8000000000000000284061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6520664d661b3e2023-02-08 09:49:18.988root 11241100x8000000000000000284060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f3651358b7a58f2023-02-08 09:49:18.988root 11241100x8000000000000000284069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed97b623cce661f2023-02-08 09:49:18.989root 11241100x8000000000000000284068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f320149b9112f3e2023-02-08 09:49:18.989root 11241100x8000000000000000284067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eaa0ba6db71a092023-02-08 09:49:18.989root 11241100x8000000000000000284066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d5ad726c0628822023-02-08 09:49:18.989root 11241100x8000000000000000284075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b9a01d61dad302023-02-08 09:49:18.990root 11241100x8000000000000000284074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b2bac6bc6d1e292023-02-08 09:49:18.990root 11241100x8000000000000000284073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db61645b5e0fa9992023-02-08 09:49:18.990root 11241100x8000000000000000284072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1860bb18593e4bf2023-02-08 09:49:18.990root 11241100x8000000000000000284071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24de3aa79b66a3a2023-02-08 09:49:18.990root 11241100x8000000000000000284070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c635d1b30dfe7c2023-02-08 09:49:18.990root 11241100x8000000000000000284082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054abe1f23785522023-02-08 09:49:18.991root 11241100x8000000000000000284081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a396a79b2610aade2023-02-08 09:49:18.991root 11241100x8000000000000000284080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad70fd5bdd4698ce2023-02-08 09:49:18.991root 11241100x8000000000000000284079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412087f38f20e262023-02-08 09:49:18.991root 11241100x8000000000000000284078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10532b7ceb56c0262023-02-08 09:49:18.991root 11241100x8000000000000000284077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d70df493d5fdc22023-02-08 09:49:18.991root 11241100x8000000000000000284076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b722f43ee903402d2023-02-08 09:49:18.991root 11241100x8000000000000000284090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc560830083ebd612023-02-08 09:49:18.992root 11241100x8000000000000000284089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad71d6407ee8c952023-02-08 09:49:18.992root 11241100x8000000000000000284088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eb850bc86cb0772023-02-08 09:49:18.992root 11241100x8000000000000000284087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28af38dde911e8bc2023-02-08 09:49:18.992root 11241100x8000000000000000284086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355649accc4865622023-02-08 09:49:18.992root 11241100x8000000000000000284085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce62959b6019b112023-02-08 09:49:18.992root 11241100x8000000000000000284084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1b17a7cd0c979e2023-02-08 09:49:18.992root 11241100x8000000000000000284083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d8d1ee6a32ba32023-02-08 09:49:18.992root 11241100x8000000000000000284095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774520d0dab323c92023-02-08 09:49:18.993root 11241100x8000000000000000284094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7519d8f1ccfd0fb42023-02-08 09:49:18.993root 11241100x8000000000000000284093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391fc0dd33b44d22023-02-08 09:49:18.993root 11241100x8000000000000000284092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188623ade4e1669d2023-02-08 09:49:18.993root 11241100x8000000000000000284091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474db5708e7ed3b2023-02-08 09:49:18.993root 11241100x8000000000000000284096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:18.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886a649ba82a7152023-02-08 09:49:18.994root 11241100x8000000000000000284098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be87aab8a8470ed2023-02-08 09:49:19.484root 11241100x8000000000000000284097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ae4d385cb504932023-02-08 09:49:19.484root 11241100x8000000000000000284110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aeccbaafd01f742023-02-08 09:49:19.485root 11241100x8000000000000000284109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc4719a51a8a8902023-02-08 09:49:19.485root 11241100x8000000000000000284108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97d896ec07135ee2023-02-08 09:49:19.485root 11241100x8000000000000000284107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5c265e9286c6292023-02-08 09:49:19.485root 11241100x8000000000000000284106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa9b80aa879ff22023-02-08 09:49:19.485root 11241100x8000000000000000284105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0529a0f097d7e9e02023-02-08 09:49:19.485root 11241100x8000000000000000284104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2db0c41f8e75cd2023-02-08 09:49:19.485root 11241100x8000000000000000284103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959782a7f1611ebe2023-02-08 09:49:19.485root 11241100x8000000000000000284102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411516f2bb57b4a32023-02-08 09:49:19.485root 11241100x8000000000000000284101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bababa13496359272023-02-08 09:49:19.485root 11241100x8000000000000000284100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0748724f3d7e8d2023-02-08 09:49:19.485root 11241100x8000000000000000284099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b4a2fc73f956642023-02-08 09:49:19.485root 11241100x8000000000000000284120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12813b204df43f4e2023-02-08 09:49:19.486root 11241100x8000000000000000284119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8ebdd65de23d52023-02-08 09:49:19.486root 11241100x8000000000000000284118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baf8be746facf8b2023-02-08 09:49:19.486root 11241100x8000000000000000284117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e42b133a9be7c02023-02-08 09:49:19.486root 11241100x8000000000000000284116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73ac2f9ed41d6be2023-02-08 09:49:19.486root 11241100x8000000000000000284115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87cb3160222d2092023-02-08 09:49:19.486root 11241100x8000000000000000284114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83d3f1b631767fe2023-02-08 09:49:19.486root 11241100x8000000000000000284113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b306b01d437ad9f62023-02-08 09:49:19.486root 11241100x8000000000000000284112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d12d84eb07f0ff2023-02-08 09:49:19.486root 11241100x8000000000000000284111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dada3c7e0fd9412023-02-08 09:49:19.486root 11241100x8000000000000000284128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ab81434f1fff12023-02-08 09:49:19.487root 11241100x8000000000000000284127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b1778c05ef7ab72023-02-08 09:49:19.487root 11241100x8000000000000000284126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c49536d4648dba52023-02-08 09:49:19.487root 11241100x8000000000000000284125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e48720df4d94602023-02-08 09:49:19.487root 11241100x8000000000000000284124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929976f6e8ac3b202023-02-08 09:49:19.487root 11241100x8000000000000000284123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576448d86272e37d2023-02-08 09:49:19.487root 11241100x8000000000000000284122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e827421a239793dc2023-02-08 09:49:19.487root 11241100x8000000000000000284121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e64fbb8ec5daa072023-02-08 09:49:19.487root 11241100x8000000000000000284130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4419977db72a012023-02-08 09:49:19.488root 11241100x8000000000000000284129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6357c1056995d12023-02-08 09:49:19.488root 11241100x8000000000000000284133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f6277c6c9fea212023-02-08 09:49:19.489root 11241100x8000000000000000284132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0834dbadc1a57682023-02-08 09:49:19.489root 11241100x8000000000000000284131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2c3c563201a1fe2023-02-08 09:49:19.489root 11241100x8000000000000000284136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd11446a6a064212023-02-08 09:49:19.490root 11241100x8000000000000000284135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9977107d0a99e22023-02-08 09:49:19.490root 11241100x8000000000000000284134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd41a3218540a9f2023-02-08 09:49:19.490root 11241100x8000000000000000284142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d8c208bc8e66c92023-02-08 09:49:19.491root 11241100x8000000000000000284141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6963994b4ea43ea2023-02-08 09:49:19.491root 11241100x8000000000000000284140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88df545154bb08ec2023-02-08 09:49:19.491root 11241100x8000000000000000284139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72008dddd23f8f522023-02-08 09:49:19.491root 11241100x8000000000000000284138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc31ce3304513402023-02-08 09:49:19.491root 11241100x8000000000000000284137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f9e296802608a62023-02-08 09:49:19.491root 11241100x8000000000000000284148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd2eef49af93af12023-02-08 09:49:19.492root 11241100x8000000000000000284147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb2efa0351820002023-02-08 09:49:19.492root 11241100x8000000000000000284146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc54195fa95ca76f2023-02-08 09:49:19.492root 11241100x8000000000000000284145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7726a5e29e788a62023-02-08 09:49:19.492root 11241100x8000000000000000284144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624558bbd678bf1c2023-02-08 09:49:19.492root 11241100x8000000000000000284143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc7e721b557236c2023-02-08 09:49:19.492root 11241100x8000000000000000284151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea5fda7fd7d345c2023-02-08 09:49:19.984root 11241100x8000000000000000284150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9adbc30ac15dead2023-02-08 09:49:19.984root 11241100x8000000000000000284149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7674c6f256d60ab42023-02-08 09:49:19.984root 11241100x8000000000000000284161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777fe4190fac9ce12023-02-08 09:49:19.985root 11241100x8000000000000000284160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f49eafe93464322023-02-08 09:49:19.985root 11241100x8000000000000000284159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d1e29a3b9c5dc2023-02-08 09:49:19.985root 11241100x8000000000000000284158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6bed6656f73ef42023-02-08 09:49:19.985root 11241100x8000000000000000284157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98c26a1adf266902023-02-08 09:49:19.985root 11241100x8000000000000000284156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5bc8c59818e0972023-02-08 09:49:19.985root 11241100x8000000000000000284155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b644664d2961432023-02-08 09:49:19.985root 11241100x8000000000000000284154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b515ddb3442c56422023-02-08 09:49:19.985root 11241100x8000000000000000284153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f9573d801c213f2023-02-08 09:49:19.985root 11241100x8000000000000000284152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6488ccc71d07b2fc2023-02-08 09:49:19.985root 11241100x8000000000000000284172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643f516f6c9a88a12023-02-08 09:49:19.986root 11241100x8000000000000000284171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfd94bbaeb12e322023-02-08 09:49:19.986root 11241100x8000000000000000284170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a297dda24dbda4c2023-02-08 09:49:19.986root 11241100x8000000000000000284169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaaef11b611f7c02023-02-08 09:49:19.986root 11241100x8000000000000000284168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778d550efd813eb2023-02-08 09:49:19.986root 11241100x8000000000000000284167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd0909c6c6ae9872023-02-08 09:49:19.986root 11241100x8000000000000000284166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc121adc65d4afd32023-02-08 09:49:19.986root 11241100x8000000000000000284165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42191f4123584f2023-02-08 09:49:19.986root 11241100x8000000000000000284164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e951c3464dbc6dd2023-02-08 09:49:19.986root 11241100x8000000000000000284163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f788ccb75f05f42023-02-08 09:49:19.986root 11241100x8000000000000000284162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4994f7ccd90fbf552023-02-08 09:49:19.986root 11241100x8000000000000000284183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe23d0288ca3ae42023-02-08 09:49:19.987root 11241100x8000000000000000284182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8605dfdc607fe1872023-02-08 09:49:19.987root 11241100x8000000000000000284181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa47931053a07752023-02-08 09:49:19.987root 11241100x8000000000000000284180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5da0d543e5137122023-02-08 09:49:19.987root 11241100x8000000000000000284179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b3af3c8058f6812023-02-08 09:49:19.987root 11241100x8000000000000000284178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0926a021c95bad2023-02-08 09:49:19.987root 11241100x8000000000000000284177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f4f8fec8e28822023-02-08 09:49:19.987root 11241100x8000000000000000284176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2848a1975ac85012023-02-08 09:49:19.987root 11241100x8000000000000000284175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac25a0171bade002023-02-08 09:49:19.987root 11241100x8000000000000000284174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3373e72239719bb82023-02-08 09:49:19.987root 11241100x8000000000000000284173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d658ade39c0b6042023-02-08 09:49:19.987root 11241100x8000000000000000284194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd437a3848f483ef2023-02-08 09:49:19.988root 11241100x8000000000000000284193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b848921bc235c92023-02-08 09:49:19.988root 11241100x8000000000000000284192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86fca8028a991892023-02-08 09:49:19.988root 11241100x8000000000000000284191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b47fb18e54258152023-02-08 09:49:19.988root 11241100x8000000000000000284190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dc769f9e07b8132023-02-08 09:49:19.988root 11241100x8000000000000000284189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce355ad7899b89be2023-02-08 09:49:19.988root 11241100x8000000000000000284188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b0c7df2fd0bc052023-02-08 09:49:19.988root 11241100x8000000000000000284187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc40a24b351b23a2023-02-08 09:49:19.988root 11241100x8000000000000000284186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1809736204280e7e2023-02-08 09:49:19.988root 11241100x8000000000000000284185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975a75bff94e0f32023-02-08 09:49:19.988root 11241100x8000000000000000284184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9de0ab04c1ddf52023-02-08 09:49:19.988root 11241100x8000000000000000284205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f093c265b262622023-02-08 09:49:19.989root 11241100x8000000000000000284204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a0fbb355ed76712023-02-08 09:49:19.989root 11241100x8000000000000000284203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ccce870e592792023-02-08 09:49:19.989root 11241100x8000000000000000284202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06becdbaf1186e9c2023-02-08 09:49:19.989root 11241100x8000000000000000284201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23f3575cb92e592023-02-08 09:49:19.989root 11241100x8000000000000000284200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55afb35ff0ab56e62023-02-08 09:49:19.989root 11241100x8000000000000000284199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790a0412b39a8fe52023-02-08 09:49:19.989root 11241100x8000000000000000284198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1602218f545962023-02-08 09:49:19.989root 11241100x8000000000000000284197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e1e330c2e426de2023-02-08 09:49:19.989root 11241100x8000000000000000284196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13c781104b90822023-02-08 09:49:19.989root 11241100x8000000000000000284195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d1ba72161eb362023-02-08 09:49:19.989root 11241100x8000000000000000284207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13be655449c4a382023-02-08 09:49:19.990root 11241100x8000000000000000284206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f544653818a3418b2023-02-08 09:49:19.990root 11241100x8000000000000000284216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd88e54e67828ae2023-02-08 09:49:19.991root 11241100x8000000000000000284215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c45569a01b40292023-02-08 09:49:19.991root 11241100x8000000000000000284214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe18be7943fb88d2023-02-08 09:49:19.991root 11241100x8000000000000000284213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27182d3ea8f5b83e2023-02-08 09:49:19.991root 11241100x8000000000000000284212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11be9a60da31d6722023-02-08 09:49:19.991root 11241100x8000000000000000284211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30027a8c17983ae42023-02-08 09:49:19.991root 11241100x8000000000000000284210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebf0c3fd8f077a2023-02-08 09:49:19.991root 11241100x8000000000000000284209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615386db774535402023-02-08 09:49:19.991root 11241100x8000000000000000284208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364e0f8c81badbac2023-02-08 09:49:19.991root 11241100x8000000000000000284230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15912546b1af59cb2023-02-08 09:49:19.992root 11241100x8000000000000000284229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d65ec19f85e0aee2023-02-08 09:49:19.992root 11241100x8000000000000000284228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fddad9668b9835a2023-02-08 09:49:19.992root 11241100x8000000000000000284227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9358515c04bf107e2023-02-08 09:49:19.992root 11241100x8000000000000000284226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702e2c43fe0cecd42023-02-08 09:49:19.992root 11241100x8000000000000000284225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0914baa83d6200e12023-02-08 09:49:19.992root 11241100x8000000000000000284224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9ebfc0e49c53aa2023-02-08 09:49:19.992root 11241100x8000000000000000284223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b865122cba161612023-02-08 09:49:19.992root 11241100x8000000000000000284222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210a80941ff8ead82023-02-08 09:49:19.992root 11241100x8000000000000000284221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f6ce598ee4367f2023-02-08 09:49:19.992root 11241100x8000000000000000284220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca73d5c10fad8a22023-02-08 09:49:19.992root 11241100x8000000000000000284219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d4ba2a5709d7002023-02-08 09:49:19.992root 11241100x8000000000000000284218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90c577a5b8a748d2023-02-08 09:49:19.992root 11241100x8000000000000000284217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ac1a3d33197c42023-02-08 09:49:19.992root 11241100x8000000000000000284242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e4de3cf9c63cb12023-02-08 09:49:19.993root 11241100x8000000000000000284241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758752aede270f6e2023-02-08 09:49:19.993root 11241100x8000000000000000284240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d33720f1e2c7a292023-02-08 09:49:19.993root 11241100x8000000000000000284239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea191b34f8b228cf2023-02-08 09:49:19.993root 11241100x8000000000000000284238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb2362077a216ec2023-02-08 09:49:19.993root 11241100x8000000000000000284237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d08d122aa23e5bf2023-02-08 09:49:19.993root 11241100x8000000000000000284236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8b884d9904c4142023-02-08 09:49:19.993root 11241100x8000000000000000284235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a037e09a8a9a132023-02-08 09:49:19.993root 11241100x8000000000000000284234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a4b8cb26c61142023-02-08 09:49:19.993root 11241100x8000000000000000284233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685e5936a990e0c42023-02-08 09:49:19.993root 11241100x8000000000000000284232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3763e3ae284e8c922023-02-08 09:49:19.993root 11241100x8000000000000000284231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b9fcc0a2f362c42023-02-08 09:49:19.993root 11241100x8000000000000000284249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1450518bb955f0d92023-02-08 09:49:19.994root 11241100x8000000000000000284248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96505e359e9c13672023-02-08 09:49:19.994root 11241100x8000000000000000284247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00428c23c7ad9e572023-02-08 09:49:19.994root 11241100x8000000000000000284246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e26867f006cda82023-02-08 09:49:19.994root 11241100x8000000000000000284245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33a048c4b93ec622023-02-08 09:49:19.994root 11241100x8000000000000000284244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34eec345a8973652023-02-08 09:49:19.994root 11241100x8000000000000000284243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad7002e4ad24bec2023-02-08 09:49:19.994root 11241100x8000000000000000284253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1372da388116b6992023-02-08 09:49:19.995root 11241100x8000000000000000284252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4180d2748b20809a2023-02-08 09:49:19.995root 11241100x8000000000000000284251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0d5fc9cebf12d82023-02-08 09:49:19.995root 11241100x8000000000000000284250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e81983e929af1eb2023-02-08 09:49:19.995root 11241100x8000000000000000284259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d68e5d5479371d2023-02-08 09:49:19.996root 11241100x8000000000000000284258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c72d7ccff81762023-02-08 09:49:19.996root 11241100x8000000000000000284257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ed92d9145a8a972023-02-08 09:49:19.996root 11241100x8000000000000000284256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc7090f86760d4c2023-02-08 09:49:19.996root 11241100x8000000000000000284255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31754ed4f08dbae32023-02-08 09:49:19.996root 11241100x8000000000000000284254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:19.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72c29ad8e8667a22023-02-08 09:49:19.996root 11241100x8000000000000000284260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e835b88be23d2f962023-02-08 09:49:20.484root 11241100x8000000000000000284271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5229c1ce9a13cbf92023-02-08 09:49:20.485root 11241100x8000000000000000284270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63b7bd3b3fd50d22023-02-08 09:49:20.485root 11241100x8000000000000000284269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6495fc36a2b62402023-02-08 09:49:20.485root 11241100x8000000000000000284268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3634f9d98eb2a42023-02-08 09:49:20.485root 11241100x8000000000000000284267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f42b3d3359f7aba2023-02-08 09:49:20.485root 11241100x8000000000000000284266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bdbaa3758123e32023-02-08 09:49:20.485root 11241100x8000000000000000284265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaf0da398daa9522023-02-08 09:49:20.485root 11241100x8000000000000000284264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be94fb33ab391162023-02-08 09:49:20.485root 11241100x8000000000000000284263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17727cd86fb500e22023-02-08 09:49:20.485root 11241100x8000000000000000284262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0deb57fc278c88bf2023-02-08 09:49:20.485root 11241100x8000000000000000284261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622f2d7e3e24a1b72023-02-08 09:49:20.485root 11241100x8000000000000000284275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70c194c5851d43d2023-02-08 09:49:20.486root 11241100x8000000000000000284274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96f8c5937d840162023-02-08 09:49:20.486root 11241100x8000000000000000284273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd64be2e0b18be3b2023-02-08 09:49:20.486root 11241100x8000000000000000284272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691807bbaaf749db2023-02-08 09:49:20.486root 11241100x8000000000000000284287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f04b17b5635e4412023-02-08 09:49:20.487root 11241100x8000000000000000284286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9fb92d0ae03e2a2023-02-08 09:49:20.487root 11241100x8000000000000000284285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eebba029afe7042023-02-08 09:49:20.487root 11241100x8000000000000000284284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a8cbfd85a0127c2023-02-08 09:49:20.487root 11241100x8000000000000000284283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630c126111bbd4af2023-02-08 09:49:20.487root 11241100x8000000000000000284282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adb3dc2948f80fb2023-02-08 09:49:20.487root 11241100x8000000000000000284281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d94b17d4f92dd352023-02-08 09:49:20.487root 11241100x8000000000000000284280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc0f27620490dcd2023-02-08 09:49:20.487root 11241100x8000000000000000284279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a20d3837d78f102023-02-08 09:49:20.487root 11241100x8000000000000000284278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e06e6ced1992e52023-02-08 09:49:20.487root 11241100x8000000000000000284277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eb187e9aaa3e992023-02-08 09:49:20.487root 11241100x8000000000000000284276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f32d2c313ffcb5e2023-02-08 09:49:20.487root 11241100x8000000000000000284293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5334216fbe4cfb22023-02-08 09:49:20.488root 11241100x8000000000000000284292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2668174116c552f02023-02-08 09:49:20.488root 11241100x8000000000000000284291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9cfa40213adab42023-02-08 09:49:20.488root 11241100x8000000000000000284290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed58ead5cc5df60b2023-02-08 09:49:20.488root 11241100x8000000000000000284289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11891639cd1dcb962023-02-08 09:49:20.488root 11241100x8000000000000000284288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dae2b39bcd61142023-02-08 09:49:20.488root 11241100x8000000000000000284302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9f283ddd421a912023-02-08 09:49:20.489root 11241100x8000000000000000284301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbab7ca98e4a84572023-02-08 09:49:20.489root 11241100x8000000000000000284300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24f2b8bee9f8f322023-02-08 09:49:20.489root 11241100x8000000000000000284299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a2fc4f81aca6b2023-02-08 09:49:20.489root 11241100x8000000000000000284298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8796a7804b6d7622023-02-08 09:49:20.489root 11241100x8000000000000000284297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e4c0eea70bbd72023-02-08 09:49:20.489root 11241100x8000000000000000284296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b976f898363602023-02-08 09:49:20.489root 11241100x8000000000000000284295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae944ecd47dac72023-02-08 09:49:20.489root 11241100x8000000000000000284294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffb444ea2b9ab6d2023-02-08 09:49:20.489root 11241100x8000000000000000284305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67be8f9d6df128c92023-02-08 09:49:20.490root 11241100x8000000000000000284304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7cf8e064dcb4e32023-02-08 09:49:20.490root 11241100x8000000000000000284303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7251bc8df042792023-02-08 09:49:20.490root 11241100x8000000000000000284313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29dfef7445683bf2023-02-08 09:49:20.491root 11241100x8000000000000000284312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d7d38c46045a892023-02-08 09:49:20.491root 11241100x8000000000000000284311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48669b323aeaa1aa2023-02-08 09:49:20.491root 11241100x8000000000000000284310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb60471819bde6542023-02-08 09:49:20.491root 11241100x8000000000000000284309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048428649e20b12b2023-02-08 09:49:20.491root 11241100x8000000000000000284308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb05f9b78a086a82023-02-08 09:49:20.491root 11241100x8000000000000000284307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce804ab770f3968c2023-02-08 09:49:20.491root 11241100x8000000000000000284306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f130ccb7552578f2023-02-08 09:49:20.491root 11241100x8000000000000000284323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f50a08b340696e82023-02-08 09:49:20.492root 11241100x8000000000000000284322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f740d9eaf82286652023-02-08 09:49:20.492root 11241100x8000000000000000284321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4c679661464ae2023-02-08 09:49:20.492root 11241100x8000000000000000284320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad4ab258d6ebe2d2023-02-08 09:49:20.492root 11241100x8000000000000000284319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0646fbf07899082023-02-08 09:49:20.492root 11241100x8000000000000000284318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de36e9ae1f63b6d82023-02-08 09:49:20.492root 11241100x8000000000000000284317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee05ed9a891b7bc32023-02-08 09:49:20.492root 11241100x8000000000000000284316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6076734582231bcd2023-02-08 09:49:20.492root 11241100x8000000000000000284315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73586e3f1168017e2023-02-08 09:49:20.492root 11241100x8000000000000000284314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c16075fbc98e82023-02-08 09:49:20.492root 11241100x8000000000000000284327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57c99ac2897cf472023-02-08 09:49:20.493root 11241100x8000000000000000284326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f68ba105531ab2023-02-08 09:49:20.493root 11241100x8000000000000000284325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3da22cc642260d2023-02-08 09:49:20.493root 11241100x8000000000000000284324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34537ae6a22b0c8d2023-02-08 09:49:20.493root 11241100x8000000000000000284332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda6b40a2b8b3542023-02-08 09:49:20.984root 11241100x8000000000000000284331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd4c72d68d74f322023-02-08 09:49:20.984root 11241100x8000000000000000284330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019ce578ea0132d12023-02-08 09:49:20.984root 11241100x8000000000000000284329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53d6f5b2d3300f82023-02-08 09:49:20.984root 11241100x8000000000000000284328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5b594f4d8e21c82023-02-08 09:49:20.984root 11241100x8000000000000000284342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3736f7ba14172a4d2023-02-08 09:49:20.985root 11241100x8000000000000000284341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f807f3e92dc98502023-02-08 09:49:20.985root 11241100x8000000000000000284340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3a625afedfb3c22023-02-08 09:49:20.985root 11241100x8000000000000000284339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2c7892351cee402023-02-08 09:49:20.985root 11241100x8000000000000000284338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14828ccc9e5e38122023-02-08 09:49:20.985root 11241100x8000000000000000284337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891d0ee9bf17d002023-02-08 09:49:20.985root 11241100x8000000000000000284336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb86c799f4ae81b2023-02-08 09:49:20.985root 11241100x8000000000000000284335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97928173092dae832023-02-08 09:49:20.985root 11241100x8000000000000000284334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0690e0a85fa7fffb2023-02-08 09:49:20.985root 11241100x8000000000000000284333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3f76b7e4bf1b72023-02-08 09:49:20.985root 11241100x8000000000000000284352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bca30d0dce4c3022023-02-08 09:49:20.986root 11241100x8000000000000000284351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef04e18d2e3a536e2023-02-08 09:49:20.986root 11241100x8000000000000000284350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b78c16c30ef462023-02-08 09:49:20.986root 11241100x8000000000000000284349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d969b90774807c492023-02-08 09:49:20.986root 11241100x8000000000000000284348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77ceb040a92786f2023-02-08 09:49:20.986root 11241100x8000000000000000284347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e3295e12d6e6f2023-02-08 09:49:20.986root 11241100x8000000000000000284346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eec25f2f82a1332023-02-08 09:49:20.986root 11241100x8000000000000000284345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c94dcfacbbf0ce2023-02-08 09:49:20.986root 11241100x8000000000000000284344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bec0a7f2c7e9182023-02-08 09:49:20.986root 11241100x8000000000000000284343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b75d35550ba18d22023-02-08 09:49:20.986root 11241100x8000000000000000284360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b321c0eef9b57b22023-02-08 09:49:20.987root 11241100x8000000000000000284359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2758146b47a9e262023-02-08 09:49:20.987root 11241100x8000000000000000284358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401fc12da42897df2023-02-08 09:49:20.987root 11241100x8000000000000000284357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31bd0cd58f01e5f2023-02-08 09:49:20.987root 11241100x8000000000000000284356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065f8c1ab5bccc902023-02-08 09:49:20.987root 11241100x8000000000000000284355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f328aa99dd8dbb5f2023-02-08 09:49:20.987root 11241100x8000000000000000284354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a0fe1f2e66cd452023-02-08 09:49:20.987root 11241100x8000000000000000284353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e066bad2ed093d262023-02-08 09:49:20.987root 11241100x8000000000000000284371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b6335e5bd187f62023-02-08 09:49:20.988root 11241100x8000000000000000284370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753df3c1c179d9a62023-02-08 09:49:20.988root 11241100x8000000000000000284369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2965a067bf11280c2023-02-08 09:49:20.988root 11241100x8000000000000000284368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0e5b7cd76017d62023-02-08 09:49:20.988root 11241100x8000000000000000284367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dca6e2b99ffd972023-02-08 09:49:20.988root 11241100x8000000000000000284366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6f052e6f24f05f2023-02-08 09:49:20.988root 11241100x8000000000000000284365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87426aaf4e525762023-02-08 09:49:20.988root 11241100x8000000000000000284364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509be55f026cef3b2023-02-08 09:49:20.988root 11241100x8000000000000000284363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e696f033eaa860342023-02-08 09:49:20.988root 11241100x8000000000000000284362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55486e43ecc42a202023-02-08 09:49:20.988root 11241100x8000000000000000284361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f32c03442cd49792023-02-08 09:49:20.988root 11241100x8000000000000000284378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52914bd83ca3d2b12023-02-08 09:49:20.989root 11241100x8000000000000000284377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6569833d5eb7ff2023-02-08 09:49:20.989root 11241100x8000000000000000284376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616f64d802a2cb652023-02-08 09:49:20.989root 11241100x8000000000000000284375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4802e2225ee37d82023-02-08 09:49:20.989root 11241100x8000000000000000284374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3252eb50852a2c892023-02-08 09:49:20.989root 11241100x8000000000000000284373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d487323e4445072023-02-08 09:49:20.989root 11241100x8000000000000000284372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07967643742b00ec2023-02-08 09:49:20.989root 11241100x8000000000000000284385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71fae8c8fe6987b2023-02-08 09:49:20.990root 11241100x8000000000000000284384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfb642cc4969bde2023-02-08 09:49:20.990root 11241100x8000000000000000284383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272b0f2f8b65b1962023-02-08 09:49:20.990root 11241100x8000000000000000284382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efa3f136cfb076e2023-02-08 09:49:20.990root 11241100x8000000000000000284381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09fc228510cd9922023-02-08 09:49:20.990root 11241100x8000000000000000284380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5b981d6f443f32023-02-08 09:49:20.990root 11241100x8000000000000000284379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4164a36fbcee98db2023-02-08 09:49:20.990root 11241100x8000000000000000284396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5a3fbb474986672023-02-08 09:49:20.991root 11241100x8000000000000000284395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8efd9e60383a70d2023-02-08 09:49:20.991root 11241100x8000000000000000284394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d1fb125ca9f7682023-02-08 09:49:20.991root 11241100x8000000000000000284393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654016fc8817509a2023-02-08 09:49:20.991root 11241100x8000000000000000284392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97fe0d8c32f87892023-02-08 09:49:20.991root 11241100x8000000000000000284391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84462834e60ac5dd2023-02-08 09:49:20.991root 11241100x8000000000000000284390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e02092252fb653c2023-02-08 09:49:20.991root 11241100x8000000000000000284389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8902bf1997cbca02023-02-08 09:49:20.991root 11241100x8000000000000000284388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56986382e56501192023-02-08 09:49:20.991root 11241100x8000000000000000284387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330722f24fa5b5812023-02-08 09:49:20.991root 11241100x8000000000000000284386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e069ed7d60eb30b2023-02-08 09:49:20.991root 11241100x8000000000000000284400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e0e74f70d8b6b52023-02-08 09:49:20.992root 11241100x8000000000000000284399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edda2f2f7ed852642023-02-08 09:49:20.992root 11241100x8000000000000000284398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae1d665bdd8de02023-02-08 09:49:20.992root 11241100x8000000000000000284397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:20.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be132f1117b0e112023-02-08 09:49:20.992root 11241100x8000000000000000284402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b24e575a57b9592023-02-08 09:49:21.484root 11241100x8000000000000000284401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e179a0cb4296e2842023-02-08 09:49:21.484root 11241100x8000000000000000284413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5838522ac7782a2023-02-08 09:49:21.485root 11241100x8000000000000000284412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf5205b541ec7532023-02-08 09:49:21.485root 11241100x8000000000000000284411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f1cec82b468e92023-02-08 09:49:21.485root 11241100x8000000000000000284410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe07628fb2e2d6c62023-02-08 09:49:21.485root 11241100x8000000000000000284409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3522ec84edd6e2f82023-02-08 09:49:21.485root 11241100x8000000000000000284408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6775e8a1b0794762023-02-08 09:49:21.485root 11241100x8000000000000000284407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183e916684a7118f2023-02-08 09:49:21.485root 11241100x8000000000000000284406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa93c8f4db67c3e2023-02-08 09:49:21.485root 11241100x8000000000000000284405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992ff592ce6d93b92023-02-08 09:49:21.485root 11241100x8000000000000000284404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bebb98e7da29f32023-02-08 09:49:21.485root 11241100x8000000000000000284403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48e7a01b90b03bb2023-02-08 09:49:21.485root 11241100x8000000000000000284420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c67358e3c1cf092023-02-08 09:49:21.486root 11241100x8000000000000000284419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31102794d902b692023-02-08 09:49:21.486root 11241100x8000000000000000284418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e23e75e3f20c5192023-02-08 09:49:21.486root 11241100x8000000000000000284417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6819e1e6bfcd4aac2023-02-08 09:49:21.486root 11241100x8000000000000000284416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c67a6a54a784abb2023-02-08 09:49:21.486root 11241100x8000000000000000284415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884752df180b65e2023-02-08 09:49:21.486root 11241100x8000000000000000284414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1634a790ec9e8e8b2023-02-08 09:49:21.486root 11241100x8000000000000000284428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf4de5df85704ad2023-02-08 09:49:21.487root 11241100x8000000000000000284427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7303c5498d15fafb2023-02-08 09:49:21.487root 11241100x8000000000000000284426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fda4ad2b7038ba2023-02-08 09:49:21.487root 11241100x8000000000000000284425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6aa574bc6a48af2023-02-08 09:49:21.487root 11241100x8000000000000000284424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61bd6025eb064e22023-02-08 09:49:21.487root 11241100x8000000000000000284423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7d7e1803958c132023-02-08 09:49:21.487root 11241100x8000000000000000284422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93687692572db19e2023-02-08 09:49:21.487root 11241100x8000000000000000284421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae257a9d231e08272023-02-08 09:49:21.487root 11241100x8000000000000000284429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e775322bce12d9e12023-02-08 09:49:21.488root 11241100x8000000000000000284433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c1ad7edf2f3d842023-02-08 09:49:21.489root 11241100x8000000000000000284432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4fead7e5595d312023-02-08 09:49:21.489root 11241100x8000000000000000284431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9daecc3ca981f922023-02-08 09:49:21.489root 11241100x8000000000000000284430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d618dc8757d7e2023-02-08 09:49:21.489root 11241100x8000000000000000284436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d0de87d5fe10682023-02-08 09:49:21.490root 11241100x8000000000000000284435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafba067cabf206e2023-02-08 09:49:21.490root 11241100x8000000000000000284434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee00b90a68002ba2023-02-08 09:49:21.490root 11241100x8000000000000000284440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dee90f7bcc410752023-02-08 09:49:21.491root 11241100x8000000000000000284439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fcfd14586fd5d02023-02-08 09:49:21.491root 11241100x8000000000000000284438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ba4d0b7ea6b5c82023-02-08 09:49:21.491root 11241100x8000000000000000284437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdba6ef15737c492023-02-08 09:49:21.491root 11241100x8000000000000000284443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffd1a4f61d71ce62023-02-08 09:49:21.492root 11241100x8000000000000000284442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98de3b0b4afc4b92023-02-08 09:49:21.492root 11241100x8000000000000000284441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf5a0971c41265f2023-02-08 09:49:21.492root 11241100x8000000000000000284449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444a344f7dd7356d2023-02-08 09:49:21.493root 11241100x8000000000000000284448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62d907f730e994a2023-02-08 09:49:21.493root 11241100x8000000000000000284447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d7f8451e385de2023-02-08 09:49:21.493root 11241100x8000000000000000284446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892d14ac158beef02023-02-08 09:49:21.493root 11241100x8000000000000000284445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2585b61b57dc12023-02-08 09:49:21.493root 11241100x8000000000000000284444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4734d8be031972c2023-02-08 09:49:21.493root 11241100x8000000000000000284458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9205dbab61420ef52023-02-08 09:49:21.494root 11241100x8000000000000000284457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7d1fad1a16b4822023-02-08 09:49:21.494root 11241100x8000000000000000284456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a343c0feab87e52023-02-08 09:49:21.494root 11241100x8000000000000000284455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a397156b4a5455472023-02-08 09:49:21.494root 11241100x8000000000000000284454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad61e2b549ebc502023-02-08 09:49:21.494root 11241100x8000000000000000284453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bca59ae93c6cadf2023-02-08 09:49:21.494root 11241100x8000000000000000284452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436a0a11aa9ff93c2023-02-08 09:49:21.494root 11241100x8000000000000000284451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607fd8d9b13261892023-02-08 09:49:21.494root 11241100x8000000000000000284450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ac3351f198b3b2023-02-08 09:49:21.494root 11241100x8000000000000000284459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f0db03d51595622023-02-08 09:49:21.984root 11241100x8000000000000000284462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b0e760ddd586f2023-02-08 09:49:21.985root 11241100x8000000000000000284461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2c9eab491048a72023-02-08 09:49:21.985root 11241100x8000000000000000284460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e55b1609f8ce5332023-02-08 09:49:21.985root 11241100x8000000000000000284467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3371f1451d33be2023-02-08 09:49:21.986root 11241100x8000000000000000284466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda6d730a21ba1812023-02-08 09:49:21.986root 11241100x8000000000000000284465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241cf3348e18dd9c2023-02-08 09:49:21.986root 11241100x8000000000000000284464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca82439efea31962023-02-08 09:49:21.986root 11241100x8000000000000000284463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e699e081daf8d1562023-02-08 09:49:21.986root 11241100x8000000000000000284469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbdf61633f197ee2023-02-08 09:49:21.987root 11241100x8000000000000000284468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5531dc3053b976792023-02-08 09:49:21.987root 11241100x8000000000000000284478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030a2f282b49ee872023-02-08 09:49:21.988root 11241100x8000000000000000284477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e899037e144e56682023-02-08 09:49:21.988root 11241100x8000000000000000284476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734af484a387ad02023-02-08 09:49:21.988root 11241100x8000000000000000284475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce362f935fdff84d2023-02-08 09:49:21.988root 11241100x8000000000000000284474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61dc3a2310ef982023-02-08 09:49:21.988root 11241100x8000000000000000284473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f93342b10856532023-02-08 09:49:21.988root 11241100x8000000000000000284472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b3e4a035ddda5c2023-02-08 09:49:21.988root 11241100x8000000000000000284471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c945df74c9adc0d2023-02-08 09:49:21.988root 11241100x8000000000000000284470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26868a0e22e3b212023-02-08 09:49:21.988root 11241100x8000000000000000284488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161809e5a82993052023-02-08 09:49:21.989root 11241100x8000000000000000284487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b2828a10590a832023-02-08 09:49:21.989root 11241100x8000000000000000284486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007d5e4677aab192023-02-08 09:49:21.989root 11241100x8000000000000000284485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e845a2639346930b2023-02-08 09:49:21.989root 11241100x8000000000000000284484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce62b8c770ef55232023-02-08 09:49:21.989root 11241100x8000000000000000284483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a5971441b3f5642023-02-08 09:49:21.989root 11241100x8000000000000000284482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf8fb9a00916912023-02-08 09:49:21.989root 11241100x8000000000000000284481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bd8d7dc10b62082023-02-08 09:49:21.989root 11241100x8000000000000000284480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088d28a567fe17f72023-02-08 09:49:21.989root 11241100x8000000000000000284479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb8b532c512da4d2023-02-08 09:49:21.989root 11241100x8000000000000000284498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d55502a55b3fd042023-02-08 09:49:21.990root 11241100x8000000000000000284497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429bdfbdba64f1252023-02-08 09:49:21.990root 11241100x8000000000000000284496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a670ec43d4ce3022023-02-08 09:49:21.990root 11241100x8000000000000000284495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b20ada4b9d0f332023-02-08 09:49:21.990root 11241100x8000000000000000284494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bca1dc601072d0f2023-02-08 09:49:21.990root 11241100x8000000000000000284493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50edc114a32862ca2023-02-08 09:49:21.990root 11241100x8000000000000000284492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcf149f2b4495982023-02-08 09:49:21.990root 11241100x8000000000000000284491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0168f85c2a25f382023-02-08 09:49:21.990root 11241100x8000000000000000284490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd97fd0b8fa10d7d2023-02-08 09:49:21.990root 11241100x8000000000000000284489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c2e6cadc4a0ae22023-02-08 09:49:21.990root 11241100x8000000000000000284506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e30e23ef19931f2023-02-08 09:49:21.991root 11241100x8000000000000000284505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a276edecf2c165682023-02-08 09:49:21.991root 11241100x8000000000000000284504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677cdd364cdea5352023-02-08 09:49:21.991root 11241100x8000000000000000284503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b13bb3ee6d748322023-02-08 09:49:21.991root 11241100x8000000000000000284502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192a04a3a17aad622023-02-08 09:49:21.991root 11241100x8000000000000000284501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f0a73ee97662b42023-02-08 09:49:21.991root 11241100x8000000000000000284500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a32e4e6c790ec2023-02-08 09:49:21.991root 11241100x8000000000000000284499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e928cd41663c62023-02-08 09:49:21.991root 11241100x8000000000000000284515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b76828e55215fa82023-02-08 09:49:21.992root 11241100x8000000000000000284514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4df05e0c034eb52023-02-08 09:49:21.992root 11241100x8000000000000000284513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a872b23b534dde3e2023-02-08 09:49:21.992root 11241100x8000000000000000284512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe79eb372ab20b6d2023-02-08 09:49:21.992root 11241100x8000000000000000284511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e22a4a41559f9a2023-02-08 09:49:21.992root 11241100x8000000000000000284510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7156638b77abc0f2023-02-08 09:49:21.992root 11241100x8000000000000000284509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96240db09f34573b2023-02-08 09:49:21.992root 11241100x8000000000000000284508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7abe17fc1f36072023-02-08 09:49:21.992root 11241100x8000000000000000284507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16952f17952e0fb2023-02-08 09:49:21.992root 11241100x8000000000000000284523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f93202236ef230d2023-02-08 09:49:21.993root 11241100x8000000000000000284522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db503faa6f772bf2023-02-08 09:49:21.993root 11241100x8000000000000000284521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852b39d8cf6a645e2023-02-08 09:49:21.993root 11241100x8000000000000000284520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab38bf37f2ba4442023-02-08 09:49:21.993root 11241100x8000000000000000284519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba342811beabac5e2023-02-08 09:49:21.993root 11241100x8000000000000000284518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf18c0a1d1ee052023-02-08 09:49:21.993root 11241100x8000000000000000284517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee4316e3567a7cb2023-02-08 09:49:21.993root 11241100x8000000000000000284516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b13016b95264ad02023-02-08 09:49:21.993root 11241100x8000000000000000284528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d9b7b617c8f0742023-02-08 09:49:21.994root 11241100x8000000000000000284527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356089d84b12fe102023-02-08 09:49:21.994root 11241100x8000000000000000284526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aabc5d1d0040982023-02-08 09:49:21.994root 11241100x8000000000000000284525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdd1a171b727d7e2023-02-08 09:49:21.994root 11241100x8000000000000000284524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7afdeddcc9243a2023-02-08 09:49:21.994root 11241100x8000000000000000284531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5c8e962e7a86c32023-02-08 09:49:21.996root 11241100x8000000000000000284530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4369553d651ce05c2023-02-08 09:49:21.996root 11241100x8000000000000000284529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e055d5e2864e6cbd2023-02-08 09:49:21.996root 11241100x8000000000000000284540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d879f5927756f2342023-02-08 09:49:21.997root 11241100x8000000000000000284539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0442a38d4d67a312023-02-08 09:49:21.997root 11241100x8000000000000000284538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3bca0bc01b33a52023-02-08 09:49:21.997root 11241100x8000000000000000284537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2063b6a2ad53ee72023-02-08 09:49:21.997root 11241100x8000000000000000284536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16881d648bd96d062023-02-08 09:49:21.997root 11241100x8000000000000000284535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd28b9b3eed7db42023-02-08 09:49:21.997root 11241100x8000000000000000284534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78322d8595281c12023-02-08 09:49:21.997root 11241100x8000000000000000284533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a76014ec642071c2023-02-08 09:49:21.997root 11241100x8000000000000000284532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f9ba83c9c2f7d22023-02-08 09:49:21.997root 11241100x8000000000000000284548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e375ac98bcea751c2023-02-08 09:49:21.998root 11241100x8000000000000000284547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf99f934edab9cb2023-02-08 09:49:21.998root 11241100x8000000000000000284546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df46f364182f4d2023-02-08 09:49:21.998root 11241100x8000000000000000284545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196ee0da6d8d77f2023-02-08 09:49:21.998root 11241100x8000000000000000284544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0accce4b7d5411a82023-02-08 09:49:21.998root 11241100x8000000000000000284543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3541e2cbeae50dc2023-02-08 09:49:21.998root 11241100x8000000000000000284542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf99caf31ed6af462023-02-08 09:49:21.998root 11241100x8000000000000000284541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be40a2b3238a46a2023-02-08 09:49:21.998root 11241100x8000000000000000284555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70781da38b185762023-02-08 09:49:21.999root 11241100x8000000000000000284554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59844a84273f349f2023-02-08 09:49:21.999root 11241100x8000000000000000284553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aba5b4443fb76ad2023-02-08 09:49:21.999root 11241100x8000000000000000284552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16283c30292125b2023-02-08 09:49:21.999root 11241100x8000000000000000284551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c841d8d0bd4522023-02-08 09:49:21.999root 11241100x8000000000000000284550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd0562b3d3cd962023-02-08 09:49:21.999root 11241100x8000000000000000284549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:21.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2c5dff65173f792023-02-08 09:49:21.999root 11241100x8000000000000000284564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74893f108538c5252023-02-08 09:49:22.000root 11241100x8000000000000000284563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436dcefc54e7a5752023-02-08 09:49:22.000root 11241100x8000000000000000284562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c8f7bbeb23da882023-02-08 09:49:22.000root 11241100x8000000000000000284561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93613361f58c510d2023-02-08 09:49:22.000root 11241100x8000000000000000284560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a399c8651008f06c2023-02-08 09:49:22.000root 11241100x8000000000000000284559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5a0f8be86abf222023-02-08 09:49:22.000root 11241100x8000000000000000284558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b6f267160774982023-02-08 09:49:22.000root 11241100x8000000000000000284557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e960f619fd4c2332023-02-08 09:49:22.000root 11241100x8000000000000000284556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef41a01c8dba4c12023-02-08 09:49:22.000root 11241100x8000000000000000284574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ca3c50d4817bc2023-02-08 09:49:22.001root 11241100x8000000000000000284573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d11e80ad6cd2072023-02-08 09:49:22.001root 11241100x8000000000000000284572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfef7f60671e054f2023-02-08 09:49:22.001root 11241100x8000000000000000284571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a29e000d0ce4212023-02-08 09:49:22.001root 11241100x8000000000000000284570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0739ad6cd71c83c62023-02-08 09:49:22.001root 11241100x8000000000000000284569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99091820b73d986e2023-02-08 09:49:22.001root 11241100x8000000000000000284568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4312d0fc454961762023-02-08 09:49:22.001root 11241100x8000000000000000284567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f55678d44d0672023-02-08 09:49:22.001root 11241100x8000000000000000284566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff04f94a006ef2b32023-02-08 09:49:22.001root 11241100x8000000000000000284565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adb0b206a169bdd2023-02-08 09:49:22.001root 11241100x8000000000000000284584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65762cdfd9d36da2023-02-08 09:49:22.002root 11241100x8000000000000000284583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2852536131be252023-02-08 09:49:22.002root 11241100x8000000000000000284582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e1211a7f3bf4732023-02-08 09:49:22.002root 11241100x8000000000000000284581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5265f4bf12e19a322023-02-08 09:49:22.002root 11241100x8000000000000000284580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20882aad4b2b53e92023-02-08 09:49:22.002root 11241100x8000000000000000284579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114a9ce9c7f177ba2023-02-08 09:49:22.002root 11241100x8000000000000000284578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baed7192a262cba2023-02-08 09:49:22.002root 11241100x8000000000000000284577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830f3ba0cba90dcc2023-02-08 09:49:22.002root 11241100x8000000000000000284576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d2cf3ce22fabfd2023-02-08 09:49:22.002root 11241100x8000000000000000284575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e093e2aa47eca2c2023-02-08 09:49:22.002root 11241100x8000000000000000284593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042a606dad5bff032023-02-08 09:49:22.003root 11241100x8000000000000000284592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5842edf1bb9bb7d22023-02-08 09:49:22.003root 11241100x8000000000000000284591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efbc0a3cee4230c2023-02-08 09:49:22.003root 11241100x8000000000000000284590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9c48b9403db3a42023-02-08 09:49:22.003root 11241100x8000000000000000284589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d6846428212b992023-02-08 09:49:22.003root 11241100x8000000000000000284588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1fba185b265ad02023-02-08 09:49:22.003root 11241100x8000000000000000284587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b506f0cde2896352023-02-08 09:49:22.003root 11241100x8000000000000000284586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989aad5942833a962023-02-08 09:49:22.003root 11241100x8000000000000000284585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081a6845160ffb0f2023-02-08 09:49:22.003root 11241100x8000000000000000284601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f035c93ff26a3162023-02-08 09:49:22.004root 11241100x8000000000000000284600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46b094372c48c5b2023-02-08 09:49:22.004root 11241100x8000000000000000284599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a625263bdd6b942023-02-08 09:49:22.004root 11241100x8000000000000000284598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe2e7b86cb2c0682023-02-08 09:49:22.004root 11241100x8000000000000000284597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f370824711292d2023-02-08 09:49:22.004root 11241100x8000000000000000284596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca55dd9ec12053a2023-02-08 09:49:22.004root 11241100x8000000000000000284595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c7b64020e7c1782023-02-08 09:49:22.004root 11241100x8000000000000000284594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bb150c85b86652023-02-08 09:49:22.004root 11241100x8000000000000000284606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50cf89fd24920b2023-02-08 09:49:22.005root 11241100x8000000000000000284605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0f1428b709af592023-02-08 09:49:22.005root 11241100x8000000000000000284604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76209dcfa16566ac2023-02-08 09:49:22.005root 11241100x8000000000000000284603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c37279b2c079afa2023-02-08 09:49:22.005root 11241100x8000000000000000284602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864bb1c07e73f34d2023-02-08 09:49:22.005root 11241100x8000000000000000284616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d37c3a3498c792023-02-08 09:49:22.006root 11241100x8000000000000000284615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7cef75483f40e12023-02-08 09:49:22.006root 11241100x8000000000000000284614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f624fabc10417932023-02-08 09:49:22.006root 11241100x8000000000000000284613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e942952dc0fe2e2023-02-08 09:49:22.006root 11241100x8000000000000000284612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e03beddf6a8c382023-02-08 09:49:22.006root 11241100x8000000000000000284611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e8348c6d1e4f232023-02-08 09:49:22.006root 11241100x8000000000000000284610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395023f57732d6d92023-02-08 09:49:22.006root 11241100x8000000000000000284609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef19b85920cdf332023-02-08 09:49:22.006root 11241100x8000000000000000284608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9b5a137b2201e12023-02-08 09:49:22.006root 11241100x8000000000000000284607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1628b72e39cceb8f2023-02-08 09:49:22.006root 11241100x8000000000000000284622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878d0d2b71815c52023-02-08 09:49:22.007root 11241100x8000000000000000284621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3450f966a8131922023-02-08 09:49:22.007root 11241100x8000000000000000284620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04912ca30a9254f32023-02-08 09:49:22.007root 11241100x8000000000000000284619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad6d8930fd4e7122023-02-08 09:49:22.007root 11241100x8000000000000000284618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8399d2b5df9bedb2023-02-08 09:49:22.007root 11241100x8000000000000000284617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f0c0448dc991502023-02-08 09:49:22.007root 11241100x8000000000000000284628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3622753523f526fa2023-02-08 09:49:22.009root 11241100x8000000000000000284627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000ffa0a6d9e3da52023-02-08 09:49:22.009root 11241100x8000000000000000284626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bdf7c886470ee82023-02-08 09:49:22.009root 11241100x8000000000000000284625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6746b181f5964da62023-02-08 09:49:22.009root 11241100x8000000000000000284624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702e330f2d597afa2023-02-08 09:49:22.009root 11241100x8000000000000000284623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b2e16a98201f1b2023-02-08 09:49:22.009root 11241100x8000000000000000284638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5c3d9da62e55a72023-02-08 09:49:22.010root 11241100x8000000000000000284637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456ff4e0235c50962023-02-08 09:49:22.010root 11241100x8000000000000000284636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a6729aaee9fbd2023-02-08 09:49:22.010root 11241100x8000000000000000284635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457b3e5bfc2a605b2023-02-08 09:49:22.010root 11241100x8000000000000000284634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f077b3d4194a57862023-02-08 09:49:22.010root 11241100x8000000000000000284633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4526892cde65782023-02-08 09:49:22.010root 11241100x8000000000000000284632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee60eb8d9b9410bb2023-02-08 09:49:22.010root 11241100x8000000000000000284631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90768e7057ab3be82023-02-08 09:49:22.010root 11241100x8000000000000000284630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c991e4c4c881bc2023-02-08 09:49:22.010root 11241100x8000000000000000284629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.010{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff4cafb4fdd30cb2023-02-08 09:49:22.010root 11241100x8000000000000000284648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57eaad64c96db0b2023-02-08 09:49:22.011root 11241100x8000000000000000284647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47409f947078a49a2023-02-08 09:49:22.011root 11241100x8000000000000000284646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529546ca7651bed52023-02-08 09:49:22.011root 11241100x8000000000000000284645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee01a62d33a8d542023-02-08 09:49:22.011root 11241100x8000000000000000284644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97e22331e5020402023-02-08 09:49:22.011root 11241100x8000000000000000284643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888a767fe509d2fb2023-02-08 09:49:22.011root 11241100x8000000000000000284642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae1cad982b95a062023-02-08 09:49:22.011root 11241100x8000000000000000284641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54c99cbea490e0e2023-02-08 09:49:22.011root 11241100x8000000000000000284640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f2c3874c456732023-02-08 09:49:22.011root 11241100x8000000000000000284639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.011{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e751a0729c3fe2a22023-02-08 09:49:22.011root 11241100x8000000000000000284658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4507d7f65229732023-02-08 09:49:22.012root 11241100x8000000000000000284657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e1bcc1d39a0f6b2023-02-08 09:49:22.012root 11241100x8000000000000000284656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3528686c8b1ed4c72023-02-08 09:49:22.012root 11241100x8000000000000000284655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708906fe7560ed272023-02-08 09:49:22.012root 11241100x8000000000000000284654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9654e9cbe407bef2023-02-08 09:49:22.012root 11241100x8000000000000000284653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d66f3a5d0599942023-02-08 09:49:22.012root 11241100x8000000000000000284652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea141f00d8ab1292023-02-08 09:49:22.012root 11241100x8000000000000000284651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cdbe6127ff60b92023-02-08 09:49:22.012root 11241100x8000000000000000284650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f4ecb8f80cc7942023-02-08 09:49:22.012root 11241100x8000000000000000284649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.012{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5a0f8525db078b2023-02-08 09:49:22.012root 11241100x8000000000000000284662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0142f4881840432023-02-08 09:49:22.013root 11241100x8000000000000000284661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b41f086c7a21b282023-02-08 09:49:22.013root 11241100x8000000000000000284660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4454035d5d477c2023-02-08 09:49:22.013root 11241100x8000000000000000284659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.013{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55861d436a2903f52023-02-08 09:49:22.013root 354300x8000000000000000284663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.045{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39862-false10.0.1.12-8000- 11241100x8000000000000000284667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e9b1f245411edb2023-02-08 09:49:22.484root 11241100x8000000000000000284666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6796f7360b84ad002023-02-08 09:49:22.484root 11241100x8000000000000000284665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d5a5c35e90173e2023-02-08 09:49:22.484root 11241100x8000000000000000284664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87adea35cb37d0a62023-02-08 09:49:22.484root 11241100x8000000000000000284674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3fd1b33425647f2023-02-08 09:49:22.485root 11241100x8000000000000000284673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d089724f936fda102023-02-08 09:49:22.485root 11241100x8000000000000000284672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d048f620818fd312023-02-08 09:49:22.485root 11241100x8000000000000000284671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f88894a1ceb6452023-02-08 09:49:22.485root 11241100x8000000000000000284670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b215120d7340272023-02-08 09:49:22.485root 11241100x8000000000000000284669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5eb8808f0f0c922023-02-08 09:49:22.485root 11241100x8000000000000000284668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0da5dfefd4ca9452023-02-08 09:49:22.485root 11241100x8000000000000000284679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74280451f315bc3d2023-02-08 09:49:22.486root 11241100x8000000000000000284678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11db8a447888f812023-02-08 09:49:22.486root 11241100x8000000000000000284677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4bb1d77895277b2023-02-08 09:49:22.486root 11241100x8000000000000000284676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70a1e673c2ac7e2023-02-08 09:49:22.486root 11241100x8000000000000000284675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adc2ce1c5360c522023-02-08 09:49:22.486root 11241100x8000000000000000284683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69364807040edab12023-02-08 09:49:22.487root 11241100x8000000000000000284682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e35e845236c8232023-02-08 09:49:22.487root 11241100x8000000000000000284681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a451a84d85c3822023-02-08 09:49:22.487root 11241100x8000000000000000284680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89d46efa5e0f4f02023-02-08 09:49:22.487root 11241100x8000000000000000284690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734fa4f4641ff1f52023-02-08 09:49:22.488root 11241100x8000000000000000284689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b559661e389cd32023-02-08 09:49:22.488root 11241100x8000000000000000284688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a11a6b045a83f6e2023-02-08 09:49:22.488root 11241100x8000000000000000284687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419d1f8cfa41cb332023-02-08 09:49:22.488root 11241100x8000000000000000284686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718c507b6bc1929d2023-02-08 09:49:22.488root 11241100x8000000000000000284685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed67800be620421f2023-02-08 09:49:22.488root 11241100x8000000000000000284684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da776887d7d48f02023-02-08 09:49:22.488root 11241100x8000000000000000284694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92801f5cd141d002023-02-08 09:49:22.489root 11241100x8000000000000000284693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80e494b1f09a0692023-02-08 09:49:22.489root 11241100x8000000000000000284692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a452d11212c1aa8f2023-02-08 09:49:22.489root 11241100x8000000000000000284691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67485cda78d69bb92023-02-08 09:49:22.489root 11241100x8000000000000000284700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ceacb4f6e554762023-02-08 09:49:22.490root 11241100x8000000000000000284699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90aa9cdb64503242023-02-08 09:49:22.490root 11241100x8000000000000000284698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b660ba8503137a712023-02-08 09:49:22.490root 11241100x8000000000000000284697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1d87c41eb8559b2023-02-08 09:49:22.490root 11241100x8000000000000000284696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b30b16eb596b7872023-02-08 09:49:22.490root 11241100x8000000000000000284695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00fbf2aca0a37792023-02-08 09:49:22.490root 11241100x8000000000000000284703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81f4ab757b001ba2023-02-08 09:49:22.491root 11241100x8000000000000000284702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9c53b1ff7d2b3a2023-02-08 09:49:22.491root 11241100x8000000000000000284701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473722a4edd654f62023-02-08 09:49:22.491root 11241100x8000000000000000284706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b2bade73ef7c4d2023-02-08 09:49:22.492root 11241100x8000000000000000284705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7667b5c2cb8255732023-02-08 09:49:22.492root 11241100x8000000000000000284704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb0ae9746c0bb572023-02-08 09:49:22.492root 11241100x8000000000000000284709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b3e00d918c4c392023-02-08 09:49:22.493root 11241100x8000000000000000284708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bd8cd78b08b622023-02-08 09:49:22.493root 11241100x8000000000000000284707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2538781a32d752262023-02-08 09:49:22.493root 11241100x8000000000000000284719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c56504b263b47a2023-02-08 09:49:22.494root 11241100x8000000000000000284718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267f637a767999ff2023-02-08 09:49:22.494root 11241100x8000000000000000284717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cbbcbb097537042023-02-08 09:49:22.494root 11241100x8000000000000000284716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d968c8df59c445772023-02-08 09:49:22.494root 11241100x8000000000000000284715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f5f2ec0a2061212023-02-08 09:49:22.494root 11241100x8000000000000000284714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42d758ad56d798b2023-02-08 09:49:22.494root 11241100x8000000000000000284713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773a272ea623f2c62023-02-08 09:49:22.494root 11241100x8000000000000000284712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e821cb44878d0002023-02-08 09:49:22.494root 11241100x8000000000000000284711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a27a7e5c859b72023-02-08 09:49:22.494root 11241100x8000000000000000284710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da1c185f9a76ed92023-02-08 09:49:22.494root 11241100x8000000000000000284725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1711ddf5f04b881a2023-02-08 09:49:22.495root 11241100x8000000000000000284724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd49c83dd220742023-02-08 09:49:22.495root 11241100x8000000000000000284723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c88796531b8ce42023-02-08 09:49:22.495root 11241100x8000000000000000284722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89cbef00a763d1e2023-02-08 09:49:22.495root 11241100x8000000000000000284721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b461d4b753d3a2023-02-08 09:49:22.495root 11241100x8000000000000000284720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4db6475ce5508272023-02-08 09:49:22.495root 11241100x8000000000000000284732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309d4453df7002f02023-02-08 09:49:22.496root 11241100x8000000000000000284731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e94e0a67bf4ce2023-02-08 09:49:22.496root 11241100x8000000000000000284730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc67ed99c840bfce2023-02-08 09:49:22.496root 11241100x8000000000000000284729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf7d9a4e85d85e2023-02-08 09:49:22.496root 11241100x8000000000000000284728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4ca22ddbcbffe02023-02-08 09:49:22.496root 11241100x8000000000000000284727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aaa733979451a42023-02-08 09:49:22.496root 11241100x8000000000000000284726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699a521aeb0431872023-02-08 09:49:22.496root 11241100x8000000000000000284734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0196103408d0f2023-02-08 09:49:22.497root 11241100x8000000000000000284733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0fbc718ee8da0b2023-02-08 09:49:22.497root 11241100x8000000000000000284740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58eb3bbdb44d99ae2023-02-08 09:49:22.498root 11241100x8000000000000000284739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665064cbd1ac15572023-02-08 09:49:22.498root 11241100x8000000000000000284738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7988febfd1913452023-02-08 09:49:22.498root 11241100x8000000000000000284737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a4ed8ea643d66f2023-02-08 09:49:22.498root 11241100x8000000000000000284736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f33d6362f9d667b2023-02-08 09:49:22.498root 11241100x8000000000000000284735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e29cf075fae7f2023-02-08 09:49:22.498root 11241100x8000000000000000284745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffed1069c76993c2023-02-08 09:49:22.499root 11241100x8000000000000000284744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d912407de0469fbf2023-02-08 09:49:22.499root 11241100x8000000000000000284743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d9ff6b98af3f3d2023-02-08 09:49:22.499root 11241100x8000000000000000284742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a44dd0d25fd0552023-02-08 09:49:22.499root 11241100x8000000000000000284741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f99da3fc83f07352023-02-08 09:49:22.499root 11241100x8000000000000000284750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98c1669e45274ad2023-02-08 09:49:22.500root 11241100x8000000000000000284749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c73b4bc2b08a0dc2023-02-08 09:49:22.500root 11241100x8000000000000000284748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dd63d01ebcb8dc2023-02-08 09:49:22.500root 11241100x8000000000000000284747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19242978413b29012023-02-08 09:49:22.500root 11241100x8000000000000000284746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96518cb35f779dec2023-02-08 09:49:22.500root 11241100x8000000000000000284760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c0131b79224b492023-02-08 09:49:22.501root 11241100x8000000000000000284759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57344c5a628d3ca82023-02-08 09:49:22.501root 11241100x8000000000000000284758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385e89e1547ba0cd2023-02-08 09:49:22.501root 11241100x8000000000000000284757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db62e6285c4ae19c2023-02-08 09:49:22.501root 11241100x8000000000000000284756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799084bba04ddbbc2023-02-08 09:49:22.501root 11241100x8000000000000000284755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73aff62e3fcdefa2023-02-08 09:49:22.501root 11241100x8000000000000000284754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f85c4d6c47ce0b32023-02-08 09:49:22.501root 11241100x8000000000000000284753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06309e7b1aa03002023-02-08 09:49:22.501root 11241100x8000000000000000284752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68387065e9cd542023-02-08 09:49:22.501root 11241100x8000000000000000284751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f4e78405b781f42023-02-08 09:49:22.501root 11241100x8000000000000000284764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e8d540ffd755ad2023-02-08 09:49:22.502root 11241100x8000000000000000284763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fae395fb5683d32023-02-08 09:49:22.502root 11241100x8000000000000000284762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15537d92eff8f43c2023-02-08 09:49:22.502root 11241100x8000000000000000284761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb45e3cce6017af02023-02-08 09:49:22.502root 11241100x8000000000000000284769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf634f3ce0453e2023-02-08 09:49:22.503root 11241100x8000000000000000284768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4456961932dd92023-02-08 09:49:22.503root 11241100x8000000000000000284767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7667c03a1ccb50ba2023-02-08 09:49:22.503root 11241100x8000000000000000284766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea53dbcde9505742023-02-08 09:49:22.503root 11241100x8000000000000000284765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb070cb273f0e8002023-02-08 09:49:22.503root 11241100x8000000000000000284774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78f85e2093c6b1e2023-02-08 09:49:22.504root 11241100x8000000000000000284773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47fee711f4edca22023-02-08 09:49:22.504root 11241100x8000000000000000284772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441e005b02b391222023-02-08 09:49:22.504root 11241100x8000000000000000284771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d99aca2b15a7402023-02-08 09:49:22.504root 11241100x8000000000000000284770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743eb9cdabccc5952023-02-08 09:49:22.504root 11241100x8000000000000000284779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92854ca76a4920e32023-02-08 09:49:22.505root 11241100x8000000000000000284778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9678af6d54356572023-02-08 09:49:22.505root 11241100x8000000000000000284777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebac9b9fbda3ab72023-02-08 09:49:22.505root 11241100x8000000000000000284776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529eea8c2c009f3c2023-02-08 09:49:22.505root 11241100x8000000000000000284775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.505{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d975d75ccb3902023-02-08 09:49:22.505root 11241100x8000000000000000284787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b516cc903948f2023-02-08 09:49:22.506root 11241100x8000000000000000284786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3aae6492fc4946f2023-02-08 09:49:22.506root 11241100x8000000000000000284785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b672a2da96e533b22023-02-08 09:49:22.506root 11241100x8000000000000000284784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb5958cac51bf3d2023-02-08 09:49:22.506root 11241100x8000000000000000284783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b80cb3cb56edbd02023-02-08 09:49:22.506root 11241100x8000000000000000284782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc0d38c73674ddc2023-02-08 09:49:22.506root 11241100x8000000000000000284781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c43ec87437dd532023-02-08 09:49:22.506root 11241100x8000000000000000284780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.506{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbacccd93216e6b2023-02-08 09:49:22.506root 11241100x8000000000000000284793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240893dba57b77f02023-02-08 09:49:22.507root 11241100x8000000000000000284792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6974c96c49cf45a2023-02-08 09:49:22.507root 11241100x8000000000000000284791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2afb03b6f3e852023-02-08 09:49:22.507root 11241100x8000000000000000284790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c978588f37ef8d2023-02-08 09:49:22.507root 11241100x8000000000000000284789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6071b23a9a2720c62023-02-08 09:49:22.507root 11241100x8000000000000000284788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.507{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b8e95d6c0af33b2023-02-08 09:49:22.507root 11241100x8000000000000000284794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc8c09cb9e393812023-02-08 09:49:22.984root 11241100x8000000000000000284804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4663f64b7bfa8dfb2023-02-08 09:49:22.985root 11241100x8000000000000000284803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac472ec57ebe3222023-02-08 09:49:22.985root 11241100x8000000000000000284802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b71bd4e054af602023-02-08 09:49:22.985root 11241100x8000000000000000284801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b205b3dce25f0b2023-02-08 09:49:22.985root 11241100x8000000000000000284800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc591b759518be32023-02-08 09:49:22.985root 11241100x8000000000000000284799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be564af30d4e01f82023-02-08 09:49:22.985root 11241100x8000000000000000284798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d932cdf28dec91152023-02-08 09:49:22.985root 11241100x8000000000000000284797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df43961bffcbb32023-02-08 09:49:22.985root 11241100x8000000000000000284796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ac4b5b708049a32023-02-08 09:49:22.985root 11241100x8000000000000000284795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d877ef9e3d2892023-02-08 09:49:22.985root 11241100x8000000000000000284814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921b92dfec627d9b2023-02-08 09:49:22.986root 11241100x8000000000000000284813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14920390cabd510a2023-02-08 09:49:22.986root 11241100x8000000000000000284812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036b9491d463af72023-02-08 09:49:22.986root 11241100x8000000000000000284811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaf8944679f066f2023-02-08 09:49:22.986root 11241100x8000000000000000284810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f2f1604a35905f2023-02-08 09:49:22.986root 11241100x8000000000000000284809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a25e4bd4ce57642023-02-08 09:49:22.986root 11241100x8000000000000000284808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fdfbefbaa385d02023-02-08 09:49:22.986root 11241100x8000000000000000284807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da793f452faf18f22023-02-08 09:49:22.986root 11241100x8000000000000000284806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca47ef25888e2e312023-02-08 09:49:22.986root 11241100x8000000000000000284805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abc743710040e12023-02-08 09:49:22.986root 11241100x8000000000000000284822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84e06f7d73000702023-02-08 09:49:22.987root 11241100x8000000000000000284821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225e23731796d362023-02-08 09:49:22.987root 11241100x8000000000000000284820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e687f5328ea1c6912023-02-08 09:49:22.987root 11241100x8000000000000000284819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d70ea52773fed02023-02-08 09:49:22.987root 11241100x8000000000000000284818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94099f1f688d89062023-02-08 09:49:22.987root 11241100x8000000000000000284817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3ec2dc0c9c0cc82023-02-08 09:49:22.987root 11241100x8000000000000000284816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9fd0296d7bf1ff2023-02-08 09:49:22.987root 11241100x8000000000000000284815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2b4bb5f045bc5b2023-02-08 09:49:22.987root 11241100x8000000000000000284825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cbc6450df36a9a2023-02-08 09:49:22.988root 11241100x8000000000000000284824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa48e32ae0692e682023-02-08 09:49:22.988root 11241100x8000000000000000284823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23b3f55bcfde58a2023-02-08 09:49:22.988root 11241100x8000000000000000284827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07bded8b5a32e9a2023-02-08 09:49:22.989root 11241100x8000000000000000284826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e7c025d71e95592023-02-08 09:49:22.989root 11241100x8000000000000000284828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4db46aa33869a302023-02-08 09:49:22.990root 11241100x8000000000000000284829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f50dffda2b1942023-02-08 09:49:22.991root 11241100x8000000000000000284833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d84ec9a0a528252023-02-08 09:49:22.992root 11241100x8000000000000000284832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef475271e84d6582023-02-08 09:49:22.992root 11241100x8000000000000000284831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaf5f0d842f2e892023-02-08 09:49:22.992root 11241100x8000000000000000284830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1619f6e4e956872023-02-08 09:49:22.992root 11241100x8000000000000000284834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bc05ead665baa82023-02-08 09:49:22.993root 11241100x8000000000000000284835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786e5247cbb1f0162023-02-08 09:49:22.994root 11241100x8000000000000000284836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db05655d78b1064b2023-02-08 09:49:22.995root 11241100x8000000000000000284841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73612fefad7e5a62023-02-08 09:49:22.996root 11241100x8000000000000000284840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53a9e4eb85febec2023-02-08 09:49:22.996root 11241100x8000000000000000284839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da45c4692bbce862023-02-08 09:49:22.996root 11241100x8000000000000000284838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050ac298e2652c052023-02-08 09:49:22.996root 11241100x8000000000000000284837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a136ddd8389ffc8d2023-02-08 09:49:22.996root 11241100x8000000000000000284847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777873580b056ddd2023-02-08 09:49:22.997root 11241100x8000000000000000284846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f8ab07fd2965d12023-02-08 09:49:22.997root 11241100x8000000000000000284845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96aad657a9c09d12023-02-08 09:49:22.997root 11241100x8000000000000000284844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d8a8eb29abdce02023-02-08 09:49:22.997root 11241100x8000000000000000284843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d593310f6ef43da52023-02-08 09:49:22.997root 11241100x8000000000000000284842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b64e8c66ba1782e2023-02-08 09:49:22.997root 11241100x8000000000000000284854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa207fe18bfbe252023-02-08 09:49:22.998root 11241100x8000000000000000284853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2946f214911e57572023-02-08 09:49:22.998root 11241100x8000000000000000284852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26147ed0ef54710d2023-02-08 09:49:22.998root 11241100x8000000000000000284851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab6a8077815e6d2023-02-08 09:49:22.998root 11241100x8000000000000000284850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a61637c3a0195b2023-02-08 09:49:22.998root 11241100x8000000000000000284849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14b226445b11e542023-02-08 09:49:22.998root 11241100x8000000000000000284848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed79a2872fa8ac462023-02-08 09:49:22.998root 11241100x8000000000000000284862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfa9fe651eff8212023-02-08 09:49:22.999root 11241100x8000000000000000284861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ae307a28aea2142023-02-08 09:49:22.999root 11241100x8000000000000000284860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9821f395619928632023-02-08 09:49:22.999root 11241100x8000000000000000284859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e621e17a08c1e02023-02-08 09:49:22.999root 11241100x8000000000000000284858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa3ffdf357f2fc32023-02-08 09:49:22.999root 11241100x8000000000000000284857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e84d21778dfeb752023-02-08 09:49:22.999root 11241100x8000000000000000284856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79280137468f8b22023-02-08 09:49:22.999root 11241100x8000000000000000284855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:22.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17709362ec917e9a2023-02-08 09:49:22.999root 11241100x8000000000000000284870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7001c1d7e34fd3c32023-02-08 09:49:23.000root 11241100x8000000000000000284869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4df4fcf1f63f092023-02-08 09:49:23.000root 11241100x8000000000000000284868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd43eef2a4b0b2712023-02-08 09:49:23.000root 11241100x8000000000000000284867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67656221142b7baa2023-02-08 09:49:23.000root 11241100x8000000000000000284866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18904c16a0f804c22023-02-08 09:49:23.000root 11241100x8000000000000000284865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c8ef40f4ab2e1c2023-02-08 09:49:23.000root 11241100x8000000000000000284864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b56804b85d1ba92023-02-08 09:49:23.000root 11241100x8000000000000000284863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8816f3363655d51d2023-02-08 09:49:23.000root 11241100x8000000000000000284878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2284b982f90232023-02-08 09:49:23.001root 11241100x8000000000000000284877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a1c2e60c8cbd102023-02-08 09:49:23.001root 11241100x8000000000000000284876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd50cc7f6d14a402023-02-08 09:49:23.001root 11241100x8000000000000000284875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c98a7f0946edf12023-02-08 09:49:23.001root 11241100x8000000000000000284874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1487c6a218ffb1f12023-02-08 09:49:23.001root 11241100x8000000000000000284873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e1cfdffde5163a2023-02-08 09:49:23.001root 11241100x8000000000000000284872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61e43095f9155852023-02-08 09:49:23.001root 11241100x8000000000000000284871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a42e7614ed13912023-02-08 09:49:23.001root 11241100x8000000000000000284886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb62f479d8c8ef6b2023-02-08 09:49:23.002root 11241100x8000000000000000284885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29b1e28e42c87fa2023-02-08 09:49:23.002root 11241100x8000000000000000284884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c00cda6b5c44462023-02-08 09:49:23.002root 11241100x8000000000000000284883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927bb1b0abd88fb02023-02-08 09:49:23.002root 11241100x8000000000000000284882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a873f9d4925d6462023-02-08 09:49:23.002root 11241100x8000000000000000284881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f3f5ab83bb9d2c2023-02-08 09:49:23.002root 11241100x8000000000000000284880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a502a1369fbdcdf62023-02-08 09:49:23.002root 11241100x8000000000000000284879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e37fba6fd1322a2023-02-08 09:49:23.002root 11241100x8000000000000000284889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030e5963afc026262023-02-08 09:49:23.003root 11241100x8000000000000000284888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c82777f38739582023-02-08 09:49:23.003root 11241100x8000000000000000284887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfebec1c96e802e42023-02-08 09:49:23.003root 11241100x8000000000000000284890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149f1a11a539c3512023-02-08 09:49:23.004root 11241100x8000000000000000284893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0933157eb4ae587c2023-02-08 09:49:23.005root 11241100x8000000000000000284892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1704ca6fd6e94cbc2023-02-08 09:49:23.005root 11241100x8000000000000000284891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3667f3bd8dc32e2023-02-08 09:49:23.005root 11241100x8000000000000000284896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1516802d3f7f477d2023-02-08 09:49:23.006root 11241100x8000000000000000284895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bb96ba5aada72b2023-02-08 09:49:23.006root 11241100x8000000000000000284894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd42d6f23a1adf42023-02-08 09:49:23.006root 11241100x8000000000000000284897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45264466b9da0c9d2023-02-08 09:49:23.485root 11241100x8000000000000000284904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c184db40bdd9b2023-02-08 09:49:23.486root 11241100x8000000000000000284903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68122f92bde795b2023-02-08 09:49:23.486root 11241100x8000000000000000284902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a79e3be48ebde02023-02-08 09:49:23.486root 11241100x8000000000000000284901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67111a3421fec382023-02-08 09:49:23.486root 11241100x8000000000000000284900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c258304f7651d5ee2023-02-08 09:49:23.486root 11241100x8000000000000000284899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a18ef0516d7e6ee2023-02-08 09:49:23.486root 11241100x8000000000000000284898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63301ee51eea5a532023-02-08 09:49:23.486root 11241100x8000000000000000284913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38c2c128d6d2e82023-02-08 09:49:23.487root 11241100x8000000000000000284912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec3a55a0601facc2023-02-08 09:49:23.487root 11241100x8000000000000000284911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a794ff7638b1e92023-02-08 09:49:23.487root 11241100x8000000000000000284910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf8220efb53f47f2023-02-08 09:49:23.487root 11241100x8000000000000000284909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf77899ac42e982023-02-08 09:49:23.487root 11241100x8000000000000000284908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9762cad85971602023-02-08 09:49:23.487root 11241100x8000000000000000284907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65f7a48ce5a082a2023-02-08 09:49:23.487root 11241100x8000000000000000284906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95834a14ee67aebc2023-02-08 09:49:23.487root 11241100x8000000000000000284905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cccb3d649413e52023-02-08 09:49:23.487root 11241100x8000000000000000284921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5f3f08d42452b72023-02-08 09:49:23.488root 11241100x8000000000000000284920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399ecd7bd6a4dbce2023-02-08 09:49:23.488root 11241100x8000000000000000284919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b3bcde9cd391802023-02-08 09:49:23.488root 11241100x8000000000000000284918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1261a9c56cbb7efc2023-02-08 09:49:23.488root 11241100x8000000000000000284917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0cfa07aa1b99912023-02-08 09:49:23.488root 11241100x8000000000000000284916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7730cfb6e5b264fc2023-02-08 09:49:23.488root 11241100x8000000000000000284915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2bd440ea1ef8f2023-02-08 09:49:23.488root 11241100x8000000000000000284914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d5faa65e1b6e2a2023-02-08 09:49:23.488root 11241100x8000000000000000284930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabce4434b96b3ba2023-02-08 09:49:23.489root 11241100x8000000000000000284929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0958af4aa82010e42023-02-08 09:49:23.489root 11241100x8000000000000000284928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21cf8313b58c06b2023-02-08 09:49:23.489root 11241100x8000000000000000284927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e4ff6397dd11e02023-02-08 09:49:23.489root 11241100x8000000000000000284926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef3b611c273ba302023-02-08 09:49:23.489root 11241100x8000000000000000284925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d9a3a5dbaac87f2023-02-08 09:49:23.489root 11241100x8000000000000000284924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0f6adfcff917a12023-02-08 09:49:23.489root 11241100x8000000000000000284923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dabbae537d2274d2023-02-08 09:49:23.489root 11241100x8000000000000000284922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe643546fe80132023-02-08 09:49:23.489root 11241100x8000000000000000284939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e970ef17da369fe72023-02-08 09:49:23.490root 11241100x8000000000000000284938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35db7843934494f2023-02-08 09:49:23.490root 11241100x8000000000000000284937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65226f4fa0bb6232023-02-08 09:49:23.490root 11241100x8000000000000000284936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ff36a66c371a982023-02-08 09:49:23.490root 11241100x8000000000000000284935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba391e3eaa6a09632023-02-08 09:49:23.490root 11241100x8000000000000000284934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa332d9c838ee0a2023-02-08 09:49:23.490root 11241100x8000000000000000284933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed4f99b00236f142023-02-08 09:49:23.490root 11241100x8000000000000000284932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e28d32b72e1c5e62023-02-08 09:49:23.490root 11241100x8000000000000000284931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e83f25349af5e222023-02-08 09:49:23.490root 11241100x8000000000000000284955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71f566413523172023-02-08 09:49:23.491root 11241100x8000000000000000284954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fbd8d399531fc02023-02-08 09:49:23.491root 11241100x8000000000000000284953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ac7742c0fc80be2023-02-08 09:49:23.491root 11241100x8000000000000000284952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687a0c3182bfa7b62023-02-08 09:49:23.491root 11241100x8000000000000000284951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3ba3a5dd979f6c2023-02-08 09:49:23.491root 11241100x8000000000000000284950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075885468e84d13e2023-02-08 09:49:23.491root 11241100x8000000000000000284949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b6a8f1fab7a6e32023-02-08 09:49:23.491root 11241100x8000000000000000284948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e73ad9595178df2023-02-08 09:49:23.491root 11241100x8000000000000000284947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc0ce3c276158722023-02-08 09:49:23.491root 11241100x8000000000000000284946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712cc4a6a9ef2b372023-02-08 09:49:23.491root 11241100x8000000000000000284945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3500f5a196938a212023-02-08 09:49:23.491root 11241100x8000000000000000284944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98b197edac8f66f2023-02-08 09:49:23.491root 11241100x8000000000000000284943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c5ae085ff231612023-02-08 09:49:23.491root 11241100x8000000000000000284942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a87e3eb644133d2023-02-08 09:49:23.491root 11241100x8000000000000000284941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26ac4d64f4160f12023-02-08 09:49:23.491root 11241100x8000000000000000284940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa9e42c232094bb2023-02-08 09:49:23.491root 11241100x8000000000000000284967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd96bf71aadd55282023-02-08 09:49:23.492root 11241100x8000000000000000284966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c215af136a9ff22023-02-08 09:49:23.492root 11241100x8000000000000000284965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6cb55697ba987e2023-02-08 09:49:23.492root 11241100x8000000000000000284964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55b4a37c0114dc2023-02-08 09:49:23.492root 11241100x8000000000000000284963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be73898f819fc502023-02-08 09:49:23.492root 11241100x8000000000000000284962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0211f724ec2ccb0a2023-02-08 09:49:23.492root 11241100x8000000000000000284961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc983bdaf94ae9b02023-02-08 09:49:23.492root 11241100x8000000000000000284960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b0310e31b14512023-02-08 09:49:23.492root 11241100x8000000000000000284959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095e308ba0482a5d2023-02-08 09:49:23.492root 11241100x8000000000000000284958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfb984df55dae12023-02-08 09:49:23.492root 11241100x8000000000000000284957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ec84afbb3987232023-02-08 09:49:23.492root 11241100x8000000000000000284956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36284cae4ea1824d2023-02-08 09:49:23.492root 11241100x8000000000000000284979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a33b8eefd863fb2023-02-08 09:49:23.493root 11241100x8000000000000000284978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7ba07c583d929e2023-02-08 09:49:23.493root 11241100x8000000000000000284977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92093306ef068a92023-02-08 09:49:23.493root 11241100x8000000000000000284976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb7d667a729339b2023-02-08 09:49:23.493root 11241100x8000000000000000284975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee01c2e036b7e2c2023-02-08 09:49:23.493root 11241100x8000000000000000284974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3329a926cb3f5d02023-02-08 09:49:23.493root 11241100x8000000000000000284973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f7f35ce2135042023-02-08 09:49:23.493root 11241100x8000000000000000284972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2557b1086f5519d2023-02-08 09:49:23.493root 11241100x8000000000000000284971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81d975470648f8d2023-02-08 09:49:23.493root 11241100x8000000000000000284970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a9f1481d1737b72023-02-08 09:49:23.493root 11241100x8000000000000000284969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9777b256f33cc72023-02-08 09:49:23.493root 11241100x8000000000000000284968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c6dd96ce32e0b22023-02-08 09:49:23.493root 11241100x8000000000000000284985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52de82aefb97c2cd2023-02-08 09:49:23.494root 11241100x8000000000000000284984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8836ae6645da2d2023-02-08 09:49:23.494root 11241100x8000000000000000284983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7936ca0cc72dd92023-02-08 09:49:23.494root 11241100x8000000000000000284982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541f52ac8b27bd62023-02-08 09:49:23.494root 11241100x8000000000000000284981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cdd8392b2c217d2023-02-08 09:49:23.494root 11241100x8000000000000000284980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328a0c08b8f7305a2023-02-08 09:49:23.494root 11241100x8000000000000000284990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0816b89c2d26d57e2023-02-08 09:49:23.984root 11241100x8000000000000000284989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96e1267ac80e13c2023-02-08 09:49:23.984root 11241100x8000000000000000284988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44c44a4d81c85d2023-02-08 09:49:23.984root 11241100x8000000000000000284987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3514e90bda56522023-02-08 09:49:23.984root 11241100x8000000000000000284986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf54e353e2b7532023-02-08 09:49:23.984root 11241100x8000000000000000284999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee95cf20dcde613d2023-02-08 09:49:23.985root 11241100x8000000000000000284998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91466094485fee512023-02-08 09:49:23.985root 11241100x8000000000000000284997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc72a6134eb13f242023-02-08 09:49:23.985root 11241100x8000000000000000284996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aecc5648bbbf5472023-02-08 09:49:23.985root 11241100x8000000000000000284995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a61471439a715ea2023-02-08 09:49:23.985root 11241100x8000000000000000284994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf13f2052022c002023-02-08 09:49:23.985root 11241100x8000000000000000284993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63577a2c3530a1e22023-02-08 09:49:23.985root 11241100x8000000000000000284992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6835f4b97f6dd2023-02-08 09:49:23.985root 11241100x8000000000000000284991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2765c06d40aeac2b2023-02-08 09:49:23.985root 11241100x8000000000000000285008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9225e14e8e429a5b2023-02-08 09:49:23.986root 11241100x8000000000000000285007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38ee8d433490622023-02-08 09:49:23.986root 11241100x8000000000000000285006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ae41dd6d0de4132023-02-08 09:49:23.986root 11241100x8000000000000000285005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc60a2ebfcf60382023-02-08 09:49:23.986root 11241100x8000000000000000285004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf90e584f646ad02023-02-08 09:49:23.986root 11241100x8000000000000000285003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5be57cc631a0e702023-02-08 09:49:23.986root 11241100x8000000000000000285002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311eac4cac94544f2023-02-08 09:49:23.986root 11241100x8000000000000000285001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703219043e72eea82023-02-08 09:49:23.986root 11241100x8000000000000000285000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8edce1509fee1d2023-02-08 09:49:23.986root 11241100x8000000000000000285018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2805471c0925ab932023-02-08 09:49:23.987root 11241100x8000000000000000285017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7b64c4fa73d98c2023-02-08 09:49:23.987root 11241100x8000000000000000285016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eabbe2e10678f2023-02-08 09:49:23.987root 11241100x8000000000000000285015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4c4a6b5465ab52023-02-08 09:49:23.987root 11241100x8000000000000000285014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cb23926c69f1272023-02-08 09:49:23.987root 11241100x8000000000000000285013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4ac89e66d7f132023-02-08 09:49:23.987root 11241100x8000000000000000285012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2ca7641c81cb62023-02-08 09:49:23.987root 11241100x8000000000000000285011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb0df04ba2893ea2023-02-08 09:49:23.987root 11241100x8000000000000000285010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640b9fa03e51613f2023-02-08 09:49:23.987root 11241100x8000000000000000285009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381d68139c04f7282023-02-08 09:49:23.987root 11241100x8000000000000000285027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33dc7460392bfca2023-02-08 09:49:23.988root 11241100x8000000000000000285026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7203cd251af5b5cb2023-02-08 09:49:23.988root 11241100x8000000000000000285025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5e860f4eaa363a2023-02-08 09:49:23.988root 11241100x8000000000000000285024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dbb1294b79b10b2023-02-08 09:49:23.988root 11241100x8000000000000000285023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8355f892d29f43e12023-02-08 09:49:23.988root 11241100x8000000000000000285022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff9909af4f9f6c72023-02-08 09:49:23.988root 11241100x8000000000000000285021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d05829b2bd30e0e2023-02-08 09:49:23.988root 11241100x8000000000000000285020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570b141bcf825b622023-02-08 09:49:23.988root 11241100x8000000000000000285019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9631ecdff9137b2023-02-08 09:49:23.988root 11241100x8000000000000000285036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1468b5b037cc9b02023-02-08 09:49:23.989root 11241100x8000000000000000285035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d043b0bc10a452023-02-08 09:49:23.989root 11241100x8000000000000000285034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a14f3fc7ba8eee02023-02-08 09:49:23.989root 11241100x8000000000000000285033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175e69f1e9e5cdaa2023-02-08 09:49:23.989root 11241100x8000000000000000285032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dccc1074e64bf02023-02-08 09:49:23.989root 11241100x8000000000000000285031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6749d14e7d6dc02023-02-08 09:49:23.989root 11241100x8000000000000000285030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4192d930bf5baae2023-02-08 09:49:23.989root 11241100x8000000000000000285029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7b5622c6fcff6e2023-02-08 09:49:23.989root 11241100x8000000000000000285028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1128ae4c66ea92822023-02-08 09:49:23.989root 11241100x8000000000000000285038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30be7317c16fa422023-02-08 09:49:23.990root 11241100x8000000000000000285037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ecba54489cdcc32023-02-08 09:49:23.990root 11241100x8000000000000000285039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b428bbe9199bf232023-02-08 09:49:23.993root 11241100x8000000000000000285047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55ef1d1a96aa1ee2023-02-08 09:49:23.994root 11241100x8000000000000000285046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9f75908282d0502023-02-08 09:49:23.994root 11241100x8000000000000000285045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cd661b137801f02023-02-08 09:49:23.994root 11241100x8000000000000000285044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67415ad40d9a7dbb2023-02-08 09:49:23.994root 11241100x8000000000000000285043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c969497bdc2871fe2023-02-08 09:49:23.994root 11241100x8000000000000000285042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33722869f0c823b52023-02-08 09:49:23.994root 11241100x8000000000000000285041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d46da78b8d7920c2023-02-08 09:49:23.994root 11241100x8000000000000000285040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:23.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72963ee192fd7ad2023-02-08 09:49:23.994root 11241100x8000000000000000285048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436c1e6ddebbee7c2023-02-08 09:49:24.485root 11241100x8000000000000000285052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addd3ddc9a49bb992023-02-08 09:49:24.486root 11241100x8000000000000000285051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62cab25765fdc952023-02-08 09:49:24.486root 11241100x8000000000000000285050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf2768becf8c1262023-02-08 09:49:24.486root 11241100x8000000000000000285049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020eb80d87a047fe2023-02-08 09:49:24.486root 11241100x8000000000000000285057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5ed353e40d6ac2023-02-08 09:49:24.487root 11241100x8000000000000000285056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe6b155f54ce40f2023-02-08 09:49:24.487root 11241100x8000000000000000285055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78fc873697018992023-02-08 09:49:24.487root 11241100x8000000000000000285054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f05b85c5d9c9d2023-02-08 09:49:24.487root 11241100x8000000000000000285053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd6610c437e3292023-02-08 09:49:24.487root 11241100x8000000000000000285063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4543a56ae840e92023-02-08 09:49:24.488root 11241100x8000000000000000285062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b080ef7079f0f2023-02-08 09:49:24.488root 11241100x8000000000000000285061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17c4fff6baf7f682023-02-08 09:49:24.488root 11241100x8000000000000000285060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff7e123ec1c518b2023-02-08 09:49:24.488root 11241100x8000000000000000285059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc89fe87211578a2023-02-08 09:49:24.488root 11241100x8000000000000000285058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8e05e3fabec43b2023-02-08 09:49:24.488root 11241100x8000000000000000285070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a25f9bf7d124c42023-02-08 09:49:24.489root 11241100x8000000000000000285069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1a6a858e8aa8f2023-02-08 09:49:24.489root 11241100x8000000000000000285068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5739a48d6e9f87d2023-02-08 09:49:24.489root 11241100x8000000000000000285067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc12a1d1569cf20b2023-02-08 09:49:24.489root 11241100x8000000000000000285066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369e7bbf220780062023-02-08 09:49:24.489root 11241100x8000000000000000285065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5591fc40dc7e80502023-02-08 09:49:24.489root 11241100x8000000000000000285064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b81ce255fd448522023-02-08 09:49:24.489root 11241100x8000000000000000285076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab893069a35fecb2023-02-08 09:49:24.490root 11241100x8000000000000000285075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e57fdb3d1873b12023-02-08 09:49:24.490root 11241100x8000000000000000285074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64bc1ff56b917b2023-02-08 09:49:24.490root 11241100x8000000000000000285073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cca47048259ffa2023-02-08 09:49:24.490root 11241100x8000000000000000285072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6303dcf098ac782023-02-08 09:49:24.490root 11241100x8000000000000000285071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8545f6fb906cef242023-02-08 09:49:24.490root 11241100x8000000000000000285085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9929d03ce624e262023-02-08 09:49:24.491root 11241100x8000000000000000285084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ee83c8053ae682023-02-08 09:49:24.491root 11241100x8000000000000000285083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd43622bd6240702023-02-08 09:49:24.491root 11241100x8000000000000000285082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fefaf18202e406f2023-02-08 09:49:24.491root 11241100x8000000000000000285081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5108b60c783747422023-02-08 09:49:24.491root 11241100x8000000000000000285080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee401383547aae222023-02-08 09:49:24.491root 11241100x8000000000000000285079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289fbb516d671cb82023-02-08 09:49:24.491root 11241100x8000000000000000285078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422dd4ba47361a752023-02-08 09:49:24.491root 11241100x8000000000000000285077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd68d843ac511fe42023-02-08 09:49:24.491root 11241100x8000000000000000285095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146e1673e4d6c7b12023-02-08 09:49:24.492root 11241100x8000000000000000285094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627937983c1226b2023-02-08 09:49:24.492root 11241100x8000000000000000285093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da94b0089d0873692023-02-08 09:49:24.492root 11241100x8000000000000000285092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1467f41056e33c8b2023-02-08 09:49:24.492root 11241100x8000000000000000285091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17a5822aaf1f9d02023-02-08 09:49:24.492root 11241100x8000000000000000285090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188183edd8b93ded2023-02-08 09:49:24.492root 11241100x8000000000000000285089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5a1063b741052c2023-02-08 09:49:24.492root 11241100x8000000000000000285088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273565e82ac6ce82023-02-08 09:49:24.492root 11241100x8000000000000000285087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc160513a9cb9022023-02-08 09:49:24.492root 11241100x8000000000000000285086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5827d54fa5ff92c2023-02-08 09:49:24.492root 11241100x8000000000000000285108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ef02cc3e0fb9d52023-02-08 09:49:24.493root 11241100x8000000000000000285107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ceebdc06b9db2a2023-02-08 09:49:24.493root 11241100x8000000000000000285106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86badc1daefc6dc22023-02-08 09:49:24.493root 11241100x8000000000000000285105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb4daf7b345cc1e2023-02-08 09:49:24.493root 11241100x8000000000000000285104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2779deec30d1329b2023-02-08 09:49:24.493root 11241100x8000000000000000285103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5b46922edccfce2023-02-08 09:49:24.493root 11241100x8000000000000000285102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8129af477c31ee6f2023-02-08 09:49:24.493root 11241100x8000000000000000285101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da3728dd715392d2023-02-08 09:49:24.493root 11241100x8000000000000000285100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e51f4951963c292023-02-08 09:49:24.493root 11241100x8000000000000000285099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae51b8987baf7b712023-02-08 09:49:24.493root 11241100x8000000000000000285098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7a9f719a8dcdce2023-02-08 09:49:24.493root 11241100x8000000000000000285097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ed32874f5de6442023-02-08 09:49:24.493root 11241100x8000000000000000285096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541c8aa98eacb09b2023-02-08 09:49:24.493root 11241100x8000000000000000285121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f955ef110aaee1212023-02-08 09:49:24.494root 11241100x8000000000000000285120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb351801ca71709d2023-02-08 09:49:24.494root 11241100x8000000000000000285119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bad3f251f32a6592023-02-08 09:49:24.494root 11241100x8000000000000000285118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c687dc6e2d87f02023-02-08 09:49:24.494root 11241100x8000000000000000285117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cbdfb31c87bf1d2023-02-08 09:49:24.494root 11241100x8000000000000000285116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce12f41e04b52a542023-02-08 09:49:24.494root 11241100x8000000000000000285115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b46905d160baca2023-02-08 09:49:24.494root 11241100x8000000000000000285114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8014aa95427961fa2023-02-08 09:49:24.494root 11241100x8000000000000000285113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82005d84858227d2023-02-08 09:49:24.494root 11241100x8000000000000000285112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1ce90647c504fd2023-02-08 09:49:24.494root 11241100x8000000000000000285111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c40a46ea2ad4eb42023-02-08 09:49:24.494root 11241100x8000000000000000285110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf27b25ef24889c2023-02-08 09:49:24.494root 11241100x8000000000000000285109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a419852f242bd22b2023-02-08 09:49:24.494root 11241100x8000000000000000285129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1735cd221f36fc062023-02-08 09:49:24.495root 11241100x8000000000000000285128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cacaa944f52866f2023-02-08 09:49:24.495root 11241100x8000000000000000285127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabc9efef67f3602023-02-08 09:49:24.495root 11241100x8000000000000000285126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858f0ef00323c82b2023-02-08 09:49:24.495root 11241100x8000000000000000285125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0030cb9a48ebe22023-02-08 09:49:24.495root 11241100x8000000000000000285124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f1665307305ea32023-02-08 09:49:24.495root 11241100x8000000000000000285123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a840d43a6c5ff42023-02-08 09:49:24.495root 11241100x8000000000000000285122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a701db99b06de22023-02-08 09:49:24.495root 11241100x8000000000000000285137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59866098d8b30d2023-02-08 09:49:24.985root 11241100x8000000000000000285136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce9fae8cf218f32023-02-08 09:49:24.985root 11241100x8000000000000000285135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444260ac8e7a9cf92023-02-08 09:49:24.985root 11241100x8000000000000000285134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812503747f2773232023-02-08 09:49:24.985root 11241100x8000000000000000285133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70db028dd3fdcceb2023-02-08 09:49:24.985root 11241100x8000000000000000285132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4176ad59ae3fa3b62023-02-08 09:49:24.985root 11241100x8000000000000000285131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594778d6c27a576e2023-02-08 09:49:24.985root 11241100x8000000000000000285130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5e7c8cdd6b30dd2023-02-08 09:49:24.985root 11241100x8000000000000000285145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13043da05587eb012023-02-08 09:49:24.986root 11241100x8000000000000000285144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f1f8f0d29d573d2023-02-08 09:49:24.986root 11241100x8000000000000000285143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0baf68071923ee2023-02-08 09:49:24.986root 11241100x8000000000000000285142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007db7b590cbc41f2023-02-08 09:49:24.986root 11241100x8000000000000000285141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f44d363e5cb2362023-02-08 09:49:24.986root 11241100x8000000000000000285140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a6407d28a6e6072023-02-08 09:49:24.986root 11241100x8000000000000000285139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f499cdbe8b39d92023-02-08 09:49:24.986root 11241100x8000000000000000285138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9324aaa298822522023-02-08 09:49:24.986root 11241100x8000000000000000285153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b2a148944c081f2023-02-08 09:49:24.987root 11241100x8000000000000000285152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa57070c65322472023-02-08 09:49:24.987root 11241100x8000000000000000285151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d075640f7ec98cbd2023-02-08 09:49:24.987root 11241100x8000000000000000285150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f512570d5d3557b92023-02-08 09:49:24.987root 11241100x8000000000000000285149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b87724095811322023-02-08 09:49:24.987root 11241100x8000000000000000285148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16caa6b24e56917d2023-02-08 09:49:24.987root 11241100x8000000000000000285147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9ae76582d516b2023-02-08 09:49:24.987root 11241100x8000000000000000285146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d385348a1af782023-02-08 09:49:24.987root 11241100x8000000000000000285159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9662100022b86ab2023-02-08 09:49:24.988root 11241100x8000000000000000285158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4ee658ffe97fbe2023-02-08 09:49:24.988root 11241100x8000000000000000285157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a673ba08caeae2023-02-08 09:49:24.988root 11241100x8000000000000000285156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b8903162a011222023-02-08 09:49:24.988root 11241100x8000000000000000285155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa178448afd4ef32023-02-08 09:49:24.988root 11241100x8000000000000000285154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a2cdff82288e7e2023-02-08 09:49:24.988root 11241100x8000000000000000285163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ccd1ac127a23a22023-02-08 09:49:24.989root 11241100x8000000000000000285162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af9ebee9c6278fc2023-02-08 09:49:24.989root 11241100x8000000000000000285161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e516e6522702b2023-02-08 09:49:24.989root 11241100x8000000000000000285160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14128451dc1ef2702023-02-08 09:49:24.989root 11241100x8000000000000000285168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fa04c2d6a4d8382023-02-08 09:49:24.990root 11241100x8000000000000000285167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355faadddc1b9a742023-02-08 09:49:24.990root 11241100x8000000000000000285166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947603ab324c228b2023-02-08 09:49:24.990root 11241100x8000000000000000285165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba72c3db31ec7622023-02-08 09:49:24.990root 11241100x8000000000000000285164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24866ead46e2826a2023-02-08 09:49:24.990root 11241100x8000000000000000285174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b0fe6fde224d3f2023-02-08 09:49:24.991root 11241100x8000000000000000285173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85834b7ff6e884642023-02-08 09:49:24.991root 11241100x8000000000000000285172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973d5132dc159aa2023-02-08 09:49:24.991root 11241100x8000000000000000285171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a6110503ce30052023-02-08 09:49:24.991root 11241100x8000000000000000285170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30692e3851b03b62023-02-08 09:49:24.991root 11241100x8000000000000000285169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edb39ea94e163752023-02-08 09:49:24.991root 11241100x8000000000000000285178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd55ce9e7decc5552023-02-08 09:49:24.992root 11241100x8000000000000000285177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2991aa9467f36c6e2023-02-08 09:49:24.992root 11241100x8000000000000000285176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d98c4e21abe87a2023-02-08 09:49:24.992root 11241100x8000000000000000285175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152049de21a72dab2023-02-08 09:49:24.992root 11241100x8000000000000000285183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7405706c50c82032023-02-08 09:49:24.993root 11241100x8000000000000000285182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245c8f4f5eb2d50d2023-02-08 09:49:24.993root 11241100x8000000000000000285181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2e023d4b77a1922023-02-08 09:49:24.993root 11241100x8000000000000000285180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097f7759705c2dcc2023-02-08 09:49:24.993root 11241100x8000000000000000285179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fd1a2013c074392023-02-08 09:49:24.993root 11241100x8000000000000000285189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c9d322f178e35c2023-02-08 09:49:24.994root 11241100x8000000000000000285188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17a0a2ffcb034292023-02-08 09:49:24.994root 11241100x8000000000000000285187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324c6490ba3bb06a2023-02-08 09:49:24.994root 11241100x8000000000000000285186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4a57b8260ee4052023-02-08 09:49:24.994root 11241100x8000000000000000285185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1bed4a320a8de22023-02-08 09:49:24.994root 11241100x8000000000000000285184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73579132cbce9e32023-02-08 09:49:24.994root 11241100x8000000000000000285197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd36f70f6a7556752023-02-08 09:49:24.995root 11241100x8000000000000000285196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bea4d9b15e9abc72023-02-08 09:49:24.995root 11241100x8000000000000000285195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ea2c534b17c4832023-02-08 09:49:24.995root 11241100x8000000000000000285194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daa3c29b1b132152023-02-08 09:49:24.995root 11241100x8000000000000000285193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e432ef651a2315172023-02-08 09:49:24.995root 11241100x8000000000000000285192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcf281a85d9c3872023-02-08 09:49:24.995root 11241100x8000000000000000285191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89baf19cc2e63b8d2023-02-08 09:49:24.995root 11241100x8000000000000000285190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0633ed01db0d7e3f2023-02-08 09:49:24.995root 11241100x8000000000000000285207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b0f6e8379e98f82023-02-08 09:49:24.996root 11241100x8000000000000000285206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adde938e91e889072023-02-08 09:49:24.996root 11241100x8000000000000000285205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a450aa0c8cfbf1f2023-02-08 09:49:24.996root 11241100x8000000000000000285204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f7be59c75db39f2023-02-08 09:49:24.996root 11241100x8000000000000000285203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf15341b910b8e72023-02-08 09:49:24.996root 11241100x8000000000000000285202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9781cd1c468f39d2023-02-08 09:49:24.996root 11241100x8000000000000000285201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5114a350c8ba760b2023-02-08 09:49:24.996root 11241100x8000000000000000285200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5c27860eab5d22023-02-08 09:49:24.996root 11241100x8000000000000000285199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6772ac30672077312023-02-08 09:49:24.996root 11241100x8000000000000000285198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:24.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3529bfe645bfcb692023-02-08 09:49:24.996root 11241100x8000000000000000285208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a00d41e3b76af4c2023-02-08 09:49:25.484root 11241100x8000000000000000285217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6290d0f087f28f6d2023-02-08 09:49:25.485root 11241100x8000000000000000285216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828f393aab3348a2023-02-08 09:49:25.485root 11241100x8000000000000000285215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b24a165701dcaf92023-02-08 09:49:25.485root 11241100x8000000000000000285214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d86736784cf84ea2023-02-08 09:49:25.485root 11241100x8000000000000000285213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f698ca6489d1a2c02023-02-08 09:49:25.485root 11241100x8000000000000000285212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f78e767f3bd73f2023-02-08 09:49:25.485root 11241100x8000000000000000285211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682967a55706b6312023-02-08 09:49:25.485root 11241100x8000000000000000285210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c047b596be085172023-02-08 09:49:25.485root 11241100x8000000000000000285209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87cc63479fa688992023-02-08 09:49:25.485root 11241100x8000000000000000285227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4495a8fcfddb3aad2023-02-08 09:49:25.486root 11241100x8000000000000000285226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4418d287ba3bd0012023-02-08 09:49:25.486root 11241100x8000000000000000285225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8426a71a31da4ca2023-02-08 09:49:25.486root 11241100x8000000000000000285224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b7479ea20e72752023-02-08 09:49:25.486root 11241100x8000000000000000285223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fd6cced803cedf2023-02-08 09:49:25.486root 11241100x8000000000000000285222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217808f9a96220272023-02-08 09:49:25.486root 11241100x8000000000000000285221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5994a0289a60f2082023-02-08 09:49:25.486root 11241100x8000000000000000285220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecc434041f82172023-02-08 09:49:25.486root 11241100x8000000000000000285219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470261b7a33922f52023-02-08 09:49:25.486root 11241100x8000000000000000285218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4365ebf515f519392023-02-08 09:49:25.486root 11241100x8000000000000000285232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790de0b782aaf5602023-02-08 09:49:25.487root 11241100x8000000000000000285231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766eb1c21838e6bc2023-02-08 09:49:25.487root 11241100x8000000000000000285230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbae4da08c6cee1f2023-02-08 09:49:25.487root 11241100x8000000000000000285229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce849c8e83e6b0642023-02-08 09:49:25.487root 11241100x8000000000000000285228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53629e4b7daac22023-02-08 09:49:25.487root 11241100x8000000000000000285239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df0ac76cfe4a9212023-02-08 09:49:25.488root 11241100x8000000000000000285238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1617b0f7d699d0682023-02-08 09:49:25.488root 11241100x8000000000000000285237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20b3bd1c98aeb202023-02-08 09:49:25.488root 11241100x8000000000000000285236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bda15273de566702023-02-08 09:49:25.488root 11241100x8000000000000000285235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ff4994410fa652023-02-08 09:49:25.488root 11241100x8000000000000000285234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b5bdcfad7b0e8e2023-02-08 09:49:25.488root 11241100x8000000000000000285233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b62777ab9f4d70b2023-02-08 09:49:25.488root 11241100x8000000000000000285245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd801598d30aa6f2023-02-08 09:49:25.489root 11241100x8000000000000000285244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6557c12b85b08ca2023-02-08 09:49:25.489root 11241100x8000000000000000285243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49c9d7a099a85942023-02-08 09:49:25.489root 11241100x8000000000000000285242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6707874bd566192023-02-08 09:49:25.489root 11241100x8000000000000000285241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551146b30fd483ad2023-02-08 09:49:25.489root 11241100x8000000000000000285240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f940691212aa1052023-02-08 09:49:25.489root 11241100x8000000000000000285257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dae527f09b3da952023-02-08 09:49:25.490root 11241100x8000000000000000285256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4430719f762cb95f2023-02-08 09:49:25.490root 11241100x8000000000000000285255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67ea29ee43243e42023-02-08 09:49:25.490root 11241100x8000000000000000285254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8000fefa22d2702023-02-08 09:49:25.490root 11241100x8000000000000000285253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f54f3e84e87f812023-02-08 09:49:25.490root 11241100x8000000000000000285252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d93eb4087d30ef92023-02-08 09:49:25.490root 11241100x8000000000000000285251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8077fb1f2d50b042023-02-08 09:49:25.490root 11241100x8000000000000000285250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ffeb1126f1ef542023-02-08 09:49:25.490root 11241100x8000000000000000285249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62dbb2bf5fb4b682023-02-08 09:49:25.490root 11241100x8000000000000000285248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebea6687e4de3e02023-02-08 09:49:25.490root 11241100x8000000000000000285247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d473386e7d11b02023-02-08 09:49:25.490root 11241100x8000000000000000285246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cace076c2538b622023-02-08 09:49:25.490root 11241100x8000000000000000285270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c102bae72f126b2023-02-08 09:49:25.491root 11241100x8000000000000000285269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d20f0b7eda7e3d12023-02-08 09:49:25.491root 11241100x8000000000000000285268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485e13b4713534542023-02-08 09:49:25.491root 11241100x8000000000000000285267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d82f702de822612023-02-08 09:49:25.491root 11241100x8000000000000000285266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c749ab91d62d5c092023-02-08 09:49:25.491root 11241100x8000000000000000285265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c63acac78121932023-02-08 09:49:25.491root 11241100x8000000000000000285264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9b57b303ac4d4e2023-02-08 09:49:25.491root 11241100x8000000000000000285263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0350d935cb20f5fc2023-02-08 09:49:25.491root 11241100x8000000000000000285262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f5716c2079213a2023-02-08 09:49:25.491root 11241100x8000000000000000285261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d198c566daac0e02023-02-08 09:49:25.491root 11241100x8000000000000000285260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415188429aaa972c2023-02-08 09:49:25.491root 11241100x8000000000000000285259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d853882a4bfb812023-02-08 09:49:25.491root 11241100x8000000000000000285258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a634699078469b142023-02-08 09:49:25.491root 11241100x8000000000000000285278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6200932637d0f62023-02-08 09:49:25.492root 11241100x8000000000000000285277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae3102935004ced2023-02-08 09:49:25.492root 11241100x8000000000000000285276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07b23ce79148f4d2023-02-08 09:49:25.492root 11241100x8000000000000000285275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059057352e114dff2023-02-08 09:49:25.492root 11241100x8000000000000000285274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f12cbe6767063012023-02-08 09:49:25.492root 11241100x8000000000000000285273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695e9c1a44d84b382023-02-08 09:49:25.492root 11241100x8000000000000000285272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70b51c5d3fc7a182023-02-08 09:49:25.492root 11241100x8000000000000000285271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590bdbbd8a5067142023-02-08 09:49:25.492root 11241100x8000000000000000285290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9bf5ff4be34ac52023-02-08 09:49:25.493root 11241100x8000000000000000285289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f831f1a9ec913a102023-02-08 09:49:25.493root 11241100x8000000000000000285288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67a668e17612552023-02-08 09:49:25.493root 11241100x8000000000000000285287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a54539656d15e8a2023-02-08 09:49:25.493root 11241100x8000000000000000285286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1980b990bee402f22023-02-08 09:49:25.493root 11241100x8000000000000000285285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6d47ad74eda652023-02-08 09:49:25.493root 11241100x8000000000000000285284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79178a369e12427d2023-02-08 09:49:25.493root 11241100x8000000000000000285283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d7c8375e7fefd42023-02-08 09:49:25.493root 11241100x8000000000000000285282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ba8c300752bc7a2023-02-08 09:49:25.493root 11241100x8000000000000000285281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede4c6b6f5e373442023-02-08 09:49:25.493root 11241100x8000000000000000285280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f5a092ecb13a0a2023-02-08 09:49:25.493root 11241100x8000000000000000285279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2471bf6b9b0274492023-02-08 09:49:25.493root 11241100x8000000000000000285291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c3b8f0e45940cb2023-02-08 09:49:25.494root 11241100x8000000000000000285295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b78898897370052023-02-08 09:49:25.985root 11241100x8000000000000000285294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7442d1d7b568aa972023-02-08 09:49:25.985root 11241100x8000000000000000285293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d43691c2935ba302023-02-08 09:49:25.985root 11241100x8000000000000000285292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06840119e14b0b4a2023-02-08 09:49:25.985root 11241100x8000000000000000285298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af9de06da954312023-02-08 09:49:25.986root 11241100x8000000000000000285297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675c287286a722182023-02-08 09:49:25.986root 11241100x8000000000000000285296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977a6de9d04f5282023-02-08 09:49:25.986root 11241100x8000000000000000285303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e84d938ad9f919a2023-02-08 09:49:25.987root 11241100x8000000000000000285302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64257dd1e7443bb92023-02-08 09:49:25.987root 11241100x8000000000000000285301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6733922565912bbc2023-02-08 09:49:25.987root 11241100x8000000000000000285300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9c4e4e690fe6f42023-02-08 09:49:25.987root 11241100x8000000000000000285299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f08e0c94674f7242023-02-08 09:49:25.987root 11241100x8000000000000000285309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b689a5e0e31c7722023-02-08 09:49:25.988root 11241100x8000000000000000285308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fd15dc8fc58fab2023-02-08 09:49:25.988root 11241100x8000000000000000285307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8b1bda4051bcf2023-02-08 09:49:25.988root 11241100x8000000000000000285306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d32c19439570262023-02-08 09:49:25.988root 11241100x8000000000000000285305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ef1c4607297402023-02-08 09:49:25.988root 11241100x8000000000000000285304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da255e5aa9692e2023-02-08 09:49:25.988root 11241100x8000000000000000285315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09ee994288aaab02023-02-08 09:49:25.989root 11241100x8000000000000000285314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7521bc8080339b0f2023-02-08 09:49:25.989root 11241100x8000000000000000285313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a583b01f7bc2f2172023-02-08 09:49:25.989root 11241100x8000000000000000285312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8f8bd1b8dcdc782023-02-08 09:49:25.989root 11241100x8000000000000000285311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a39b2669eb04512023-02-08 09:49:25.989root 11241100x8000000000000000285310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1334c71fcacf26bf2023-02-08 09:49:25.989root 11241100x8000000000000000285322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b9a52c2f9b70092023-02-08 09:49:25.990root 11241100x8000000000000000285321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df89c42d10912d12023-02-08 09:49:25.990root 11241100x8000000000000000285320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ae0cae1ab7b242023-02-08 09:49:25.990root 11241100x8000000000000000285319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5658b8a62d69b9972023-02-08 09:49:25.990root 11241100x8000000000000000285318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53c2f08d328b6172023-02-08 09:49:25.990root 11241100x8000000000000000285317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746c53ffa80e1b802023-02-08 09:49:25.990root 11241100x8000000000000000285316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f4ce2ee1e10bb72023-02-08 09:49:25.990root 11241100x8000000000000000285329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daefe2514dd176272023-02-08 09:49:25.991root 11241100x8000000000000000285328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c4e323685877252023-02-08 09:49:25.991root 11241100x8000000000000000285327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01d378c793f50b32023-02-08 09:49:25.991root 11241100x8000000000000000285326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9789454131e505122023-02-08 09:49:25.991root 11241100x8000000000000000285325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06863214e37854aa2023-02-08 09:49:25.991root 11241100x8000000000000000285324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b359aed910ecced52023-02-08 09:49:25.991root 11241100x8000000000000000285323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec92d9002a9d9ac2023-02-08 09:49:25.991root 11241100x8000000000000000285337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20866a4ad0ebdff52023-02-08 09:49:25.992root 11241100x8000000000000000285336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5b7568ce1c0e3b2023-02-08 09:49:25.992root 11241100x8000000000000000285335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c056d1eff9cae62023-02-08 09:49:25.992root 11241100x8000000000000000285334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653b293ffdc7f31a2023-02-08 09:49:25.992root 11241100x8000000000000000285333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c89419529a71e02023-02-08 09:49:25.992root 11241100x8000000000000000285332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6735f0ff19e432023-02-08 09:49:25.992root 11241100x8000000000000000285331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3421187242aad32023-02-08 09:49:25.992root 11241100x8000000000000000285330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeb6677945b110b2023-02-08 09:49:25.992root 11241100x8000000000000000285344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b45bcd067d481c22023-02-08 09:49:25.993root 11241100x8000000000000000285343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e4ed8170af3202023-02-08 09:49:25.993root 11241100x8000000000000000285342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d233059b9276dbc2023-02-08 09:49:25.993root 11241100x8000000000000000285341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca954822cb5a562023-02-08 09:49:25.993root 11241100x8000000000000000285340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835c1241ff422e1d2023-02-08 09:49:25.993root 11241100x8000000000000000285339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bb8fc40c0f721d2023-02-08 09:49:25.993root 11241100x8000000000000000285338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec3641ce4094ef02023-02-08 09:49:25.993root 11241100x8000000000000000285350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a99b0263d77d0bd2023-02-08 09:49:25.994root 11241100x8000000000000000285349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496f5b1ab1c66f442023-02-08 09:49:25.994root 11241100x8000000000000000285348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46046006358f8aac2023-02-08 09:49:25.994root 11241100x8000000000000000285347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ee0d17754fb5932023-02-08 09:49:25.994root 11241100x8000000000000000285346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483c282863e381262023-02-08 09:49:25.994root 11241100x8000000000000000285345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ab2d84b886f7e2023-02-08 09:49:25.994root 11241100x8000000000000000285352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b391e36cee07310d2023-02-08 09:49:25.995root 11241100x8000000000000000285351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1979ec9cedeea2023-02-08 09:49:25.995root 11241100x8000000000000000285357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285ae07048bd27102023-02-08 09:49:25.996root 11241100x8000000000000000285356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a16e79c6ce8bd52023-02-08 09:49:25.996root 11241100x8000000000000000285355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e881a6346ebca0b2023-02-08 09:49:25.996root 11241100x8000000000000000285354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dce80e404a43732023-02-08 09:49:25.996root 11241100x8000000000000000285353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c5653737baa81b2023-02-08 09:49:25.996root 11241100x8000000000000000285362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923b857af4364b72023-02-08 09:49:25.997root 11241100x8000000000000000285361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56801a87b47f79142023-02-08 09:49:25.997root 11241100x8000000000000000285360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d76d00c2d5f6b52023-02-08 09:49:25.997root 11241100x8000000000000000285359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57148551fecbb3eb2023-02-08 09:49:25.997root 11241100x8000000000000000285358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.997{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86348531e2776ed52023-02-08 09:49:25.997root 11241100x8000000000000000285368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3008977f9bbc0b02023-02-08 09:49:25.998root 11241100x8000000000000000285367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cab028eccadf542023-02-08 09:49:25.998root 11241100x8000000000000000285366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0034b6df84cecf962023-02-08 09:49:25.998root 11241100x8000000000000000285365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135d0d93ccd2c0e72023-02-08 09:49:25.998root 11241100x8000000000000000285364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8624fe65023415c02023-02-08 09:49:25.998root 11241100x8000000000000000285363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.998{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a251655657aec12b2023-02-08 09:49:25.998root 11241100x8000000000000000285374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f421328f7220a2023-02-08 09:49:25.999root 11241100x8000000000000000285373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714ee36ce11301322023-02-08 09:49:25.999root 11241100x8000000000000000285372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3764e28cd525e832023-02-08 09:49:25.999root 11241100x8000000000000000285371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2c6e58112cfb532023-02-08 09:49:25.999root 11241100x8000000000000000285370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984e874b292fd5062023-02-08 09:49:25.999root 11241100x8000000000000000285369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:25.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abb7238f73b65982023-02-08 09:49:25.999root 11241100x8000000000000000285380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b40e462a1f6e69e2023-02-08 09:49:26.000root 11241100x8000000000000000285379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da29effda239f6c32023-02-08 09:49:26.000root 11241100x8000000000000000285378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa35551d1d68bfd2023-02-08 09:49:26.000root 11241100x8000000000000000285377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6c3d8f740ba0fa2023-02-08 09:49:26.000root 11241100x8000000000000000285376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7212408eb9edfcb62023-02-08 09:49:26.000root 11241100x8000000000000000285375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d05a95f68036cac2023-02-08 09:49:26.000root 11241100x8000000000000000285388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03463bf8aa3895fe2023-02-08 09:49:26.001root 11241100x8000000000000000285387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9390f91cda46c22023-02-08 09:49:26.001root 11241100x8000000000000000285386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12088b6694d2c4052023-02-08 09:49:26.001root 11241100x8000000000000000285385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26ec3641799cf762023-02-08 09:49:26.001root 11241100x8000000000000000285384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935cf746c6d55c222023-02-08 09:49:26.001root 11241100x8000000000000000285383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c7a5a55451b3412023-02-08 09:49:26.001root 11241100x8000000000000000285382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d284410d45f8592023-02-08 09:49:26.001root 11241100x8000000000000000285381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e77754aa4d2cbaf2023-02-08 09:49:26.001root 11241100x8000000000000000285396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9d440ac2f352de2023-02-08 09:49:26.002root 11241100x8000000000000000285395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7e74654819be3c2023-02-08 09:49:26.002root 11241100x8000000000000000285394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f6d306798ec5342023-02-08 09:49:26.002root 11241100x8000000000000000285393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390c577b6a8fd1692023-02-08 09:49:26.002root 11241100x8000000000000000285392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b8fa0805ce99622023-02-08 09:49:26.002root 11241100x8000000000000000285391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f4de32547706d62023-02-08 09:49:26.002root 11241100x8000000000000000285390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddc71acb2eb4c512023-02-08 09:49:26.002root 11241100x8000000000000000285389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9c58ac0fa1e4ae2023-02-08 09:49:26.002root 11241100x8000000000000000285403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142e8c51cfc2cb342023-02-08 09:49:26.003root 11241100x8000000000000000285402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887c288342ab69c82023-02-08 09:49:26.003root 11241100x8000000000000000285401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6758383dec71fc192023-02-08 09:49:26.003root 11241100x8000000000000000285400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6659645aa6c8398f2023-02-08 09:49:26.003root 11241100x8000000000000000285399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39546828579e5092023-02-08 09:49:26.003root 11241100x8000000000000000285398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec515a1b0d4fcd2023-02-08 09:49:26.003root 11241100x8000000000000000285397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.003{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c262c337b15d7fe2023-02-08 09:49:26.003root 11241100x8000000000000000285410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130dc3d285826f52023-02-08 09:49:26.004root 11241100x8000000000000000285409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0416c5ad37ff8a9d2023-02-08 09:49:26.004root 11241100x8000000000000000285408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a943d0a3da08f72023-02-08 09:49:26.004root 11241100x8000000000000000285407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7bf77ba7d227222023-02-08 09:49:26.004root 11241100x8000000000000000285406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140f193a9973f7ae2023-02-08 09:49:26.004root 11241100x8000000000000000285405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90c4abd50f43c762023-02-08 09:49:26.004root 11241100x8000000000000000285404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.004{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fa34b9d4ac88922023-02-08 09:49:26.004root 11241100x8000000000000000285419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba832a58204b62282023-02-08 09:49:26.005root 11241100x8000000000000000285418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a753d32726fccb42023-02-08 09:49:26.005root 11241100x8000000000000000285417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da45621516d14c8a2023-02-08 09:49:26.005root 11241100x8000000000000000285416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ec481ae025f8322023-02-08 09:49:26.005root 11241100x8000000000000000285415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed1afe4164577cb2023-02-08 09:49:26.005root 11241100x8000000000000000285414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c40ceedd16487ac2023-02-08 09:49:26.005root 11241100x8000000000000000285413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a712e3863c138bfb2023-02-08 09:49:26.005root 11241100x8000000000000000285412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f63855e868415902023-02-08 09:49:26.005root 11241100x8000000000000000285411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.005{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4c64fb702ec7de2023-02-08 09:49:26.005root 11241100x8000000000000000285431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14d042d915394502023-02-08 09:49:26.006root 11241100x8000000000000000285430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce47a6cbf47ba6462023-02-08 09:49:26.006root 11241100x8000000000000000285429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9feb1f4c602c162023-02-08 09:49:26.006root 11241100x8000000000000000285428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d014e1b1b222bf2a2023-02-08 09:49:26.006root 11241100x8000000000000000285427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf6af8ceb7006d82023-02-08 09:49:26.006root 11241100x8000000000000000285426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3088db2e7a6f3ca82023-02-08 09:49:26.006root 11241100x8000000000000000285425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09da44b7f296cb692023-02-08 09:49:26.006root 11241100x8000000000000000285424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5966ea80225b792023-02-08 09:49:26.006root 11241100x8000000000000000285423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52524a3902cff4dc2023-02-08 09:49:26.006root 11241100x8000000000000000285422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5758e4978b606942023-02-08 09:49:26.006root 11241100x8000000000000000285421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cc26002b0b43432023-02-08 09:49:26.006root 11241100x8000000000000000285420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.006{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338e8a65104fed82023-02-08 09:49:26.006root 11241100x8000000000000000285445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672987bd9d6fa6692023-02-08 09:49:26.007root 11241100x8000000000000000285444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebbd7cda308af8a2023-02-08 09:49:26.007root 11241100x8000000000000000285443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73107adb89acdb52023-02-08 09:49:26.007root 11241100x8000000000000000285442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70115c458ea75cd2023-02-08 09:49:26.007root 11241100x8000000000000000285441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba02f9aa619e03532023-02-08 09:49:26.007root 11241100x8000000000000000285440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215a18dbd540c8252023-02-08 09:49:26.007root 11241100x8000000000000000285439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cfac32ad10b01a2023-02-08 09:49:26.007root 11241100x8000000000000000285438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2342d971561bc0792023-02-08 09:49:26.007root 11241100x8000000000000000285437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6cec099fa81e6d2023-02-08 09:49:26.007root 11241100x8000000000000000285436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d8e9557a244e162023-02-08 09:49:26.007root 11241100x8000000000000000285435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae944d32fa456102023-02-08 09:49:26.007root 11241100x8000000000000000285434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbc1ece50d7ae542023-02-08 09:49:26.007root 11241100x8000000000000000285433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a700b4f724b5f22023-02-08 09:49:26.007root 11241100x8000000000000000285432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.007{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d083de01cd024b2023-02-08 09:49:26.007root 11241100x8000000000000000285457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55500b72b4436c62023-02-08 09:49:26.008root 11241100x8000000000000000285456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ee09d58cad6e7f2023-02-08 09:49:26.008root 11241100x8000000000000000285455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78af14b2c0c33a52023-02-08 09:49:26.008root 11241100x8000000000000000285454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae080da97b02cbaa2023-02-08 09:49:26.008root 11241100x8000000000000000285453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d9d9d55e35eccc2023-02-08 09:49:26.008root 11241100x8000000000000000285452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8445fd633b3e631b2023-02-08 09:49:26.008root 11241100x8000000000000000285451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac618a1ab71a999c2023-02-08 09:49:26.008root 11241100x8000000000000000285450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cdb8abdbb398fc2023-02-08 09:49:26.008root 11241100x8000000000000000285449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a514b973b10c4e2023-02-08 09:49:26.008root 11241100x8000000000000000285448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa9912dcb6eab2f2023-02-08 09:49:26.008root 11241100x8000000000000000285447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f061dd0b87c9c2023-02-08 09:49:26.008root 11241100x8000000000000000285446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.008{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf78ee37b01f0ca2023-02-08 09:49:26.008root 11241100x8000000000000000285463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf55a818b9cc6472023-02-08 09:49:26.009root 11241100x8000000000000000285462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdc5160945a14542023-02-08 09:49:26.009root 11241100x8000000000000000285461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453275ebd8ae4f452023-02-08 09:49:26.009root 11241100x8000000000000000285460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb1ceae2227c192023-02-08 09:49:26.009root 11241100x8000000000000000285459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a37415202547e72023-02-08 09:49:26.009root 11241100x8000000000000000285458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.009{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416ed63d89c681ca2023-02-08 09:49:26.009root 11241100x8000000000000000285466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5402ddc63ab650212023-02-08 09:49:26.484root 11241100x8000000000000000285465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae94fbf9e5e463852023-02-08 09:49:26.484root 11241100x8000000000000000285464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1c73dfaecd5dc2023-02-08 09:49:26.484root 11241100x8000000000000000285473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fc9ef889e583702023-02-08 09:49:26.485root 11241100x8000000000000000285472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4a971c1508a83c2023-02-08 09:49:26.485root 11241100x8000000000000000285471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b361b418c15dd13a2023-02-08 09:49:26.485root 11241100x8000000000000000285470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d786a8bfe1d1782023-02-08 09:49:26.485root 11241100x8000000000000000285469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d617ead9bedeac2023-02-08 09:49:26.485root 11241100x8000000000000000285468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ac2a4a0c5eaafa2023-02-08 09:49:26.485root 11241100x8000000000000000285467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b23bbc0e98537a2023-02-08 09:49:26.485root 11241100x8000000000000000285480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c102bd98c51fd52023-02-08 09:49:26.486root 11241100x8000000000000000285479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d080233bd7419a02023-02-08 09:49:26.486root 11241100x8000000000000000285478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da34fe9819b6fcce2023-02-08 09:49:26.486root 11241100x8000000000000000285477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbda89ff80a2e5c42023-02-08 09:49:26.486root 11241100x8000000000000000285476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a91c34839ebef512023-02-08 09:49:26.486root 11241100x8000000000000000285475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4bafcf00df977b2023-02-08 09:49:26.486root 11241100x8000000000000000285474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ca785e2bd9359b2023-02-08 09:49:26.486root 11241100x8000000000000000285486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb95814579c7ac02023-02-08 09:49:26.487root 11241100x8000000000000000285485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0bf206687622482023-02-08 09:49:26.487root 11241100x8000000000000000285484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269d84825adc617f2023-02-08 09:49:26.487root 11241100x8000000000000000285483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1602957e7ff8cb2e2023-02-08 09:49:26.487root 11241100x8000000000000000285482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ace658b42c79432023-02-08 09:49:26.487root 11241100x8000000000000000285481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca64ceb7d2f8c5342023-02-08 09:49:26.487root 11241100x8000000000000000285491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c3f9facaef95cf2023-02-08 09:49:26.488root 11241100x8000000000000000285490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99de9fed3142d31d2023-02-08 09:49:26.488root 11241100x8000000000000000285489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dafc84033a26a2e2023-02-08 09:49:26.488root 11241100x8000000000000000285488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b0d2997f60692a2023-02-08 09:49:26.488root 11241100x8000000000000000285487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dff09ddd4442352023-02-08 09:49:26.488root 11241100x8000000000000000285495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca1432cb1aa672c2023-02-08 09:49:26.489root 11241100x8000000000000000285494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac65ab11c4912b52023-02-08 09:49:26.489root 11241100x8000000000000000285493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb10fb104bdcf52023-02-08 09:49:26.489root 11241100x8000000000000000285492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5bb08aedcb5ef92023-02-08 09:49:26.489root 11241100x8000000000000000285503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94c246e5b76a0fb2023-02-08 09:49:26.490root 11241100x8000000000000000285502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5899e50973109262023-02-08 09:49:26.490root 11241100x8000000000000000285501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99c734d963a02f2023-02-08 09:49:26.490root 11241100x8000000000000000285500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05868d778f922562023-02-08 09:49:26.490root 11241100x8000000000000000285499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8a15c44cd4df942023-02-08 09:49:26.490root 11241100x8000000000000000285498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fcd76a81fe96a2023-02-08 09:49:26.490root 11241100x8000000000000000285497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecc9366523d41ba2023-02-08 09:49:26.490root 11241100x8000000000000000285496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed3f7d9e32af7472023-02-08 09:49:26.490root 11241100x8000000000000000285512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988b3826ea941c402023-02-08 09:49:26.491root 11241100x8000000000000000285511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a620183c41ee78122023-02-08 09:49:26.491root 11241100x8000000000000000285510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c4446033e532f22023-02-08 09:49:26.491root 11241100x8000000000000000285509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179876e3586cd0d92023-02-08 09:49:26.491root 11241100x8000000000000000285508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbfbdb7364dcbf32023-02-08 09:49:26.491root 11241100x8000000000000000285507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409288442540c9cc2023-02-08 09:49:26.491root 11241100x8000000000000000285506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5e95cc6d1d2ffa2023-02-08 09:49:26.491root 11241100x8000000000000000285505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9429143a4e29b8dc2023-02-08 09:49:26.491root 11241100x8000000000000000285504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2023014d5c683fc72023-02-08 09:49:26.491root 11241100x8000000000000000285522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad084126b81172862023-02-08 09:49:26.492root 11241100x8000000000000000285521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa31fe400c1033a2023-02-08 09:49:26.492root 11241100x8000000000000000285520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ab2446fc6602ad2023-02-08 09:49:26.492root 11241100x8000000000000000285519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a513ec7faeaa672023-02-08 09:49:26.492root 11241100x8000000000000000285518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d5ed794a7643b42023-02-08 09:49:26.492root 11241100x8000000000000000285517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a149a6fe4c1462023-02-08 09:49:26.492root 11241100x8000000000000000285516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e16376656cdb212023-02-08 09:49:26.492root 11241100x8000000000000000285515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83beb13f80f0fc42023-02-08 09:49:26.492root 11241100x8000000000000000285514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def6e645087b59ef2023-02-08 09:49:26.492root 11241100x8000000000000000285513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0310bbc9dcf31fe32023-02-08 09:49:26.492root 11241100x8000000000000000285528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2ab8446ec6a77d2023-02-08 09:49:26.493root 11241100x8000000000000000285527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6fcb04f6f09deb2023-02-08 09:49:26.493root 11241100x8000000000000000285526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4703bd79fa33e62023-02-08 09:49:26.493root 11241100x8000000000000000285525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ecf6ad5f51b8702023-02-08 09:49:26.493root 11241100x8000000000000000285524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe4f6108352d3062023-02-08 09:49:26.493root 11241100x8000000000000000285523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce40afcead503732023-02-08 09:49:26.493root 11241100x8000000000000000285536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fe4b65f89ab1d42023-02-08 09:49:26.494root 11241100x8000000000000000285535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742bb42543741d262023-02-08 09:49:26.494root 11241100x8000000000000000285534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73940e116cc8e3672023-02-08 09:49:26.494root 11241100x8000000000000000285533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad710f750f0d06cd2023-02-08 09:49:26.494root 11241100x8000000000000000285532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799d92b56a6559632023-02-08 09:49:26.494root 11241100x8000000000000000285531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe724d0022fa63292023-02-08 09:49:26.494root 11241100x8000000000000000285530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1c73454f1cecfd2023-02-08 09:49:26.494root 11241100x8000000000000000285529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ec2ddcaaa218762023-02-08 09:49:26.494root 11241100x8000000000000000285542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a29fbb07e59621a2023-02-08 09:49:26.495root 11241100x8000000000000000285541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c4ebc27d69b1f2023-02-08 09:49:26.495root 11241100x8000000000000000285540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4918db73c74ea17e2023-02-08 09:49:26.495root 11241100x8000000000000000285539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25753560ac77d7db2023-02-08 09:49:26.495root 11241100x8000000000000000285538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77e9caacf910fa32023-02-08 09:49:26.495root 11241100x8000000000000000285537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46311c29ac57c0492023-02-08 09:49:26.495root 11241100x8000000000000000285548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1223e6e326991692023-02-08 09:49:26.984root 11241100x8000000000000000285547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7f2ae7a8ac13f82023-02-08 09:49:26.984root 11241100x8000000000000000285546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f91aa589a92f84f2023-02-08 09:49:26.984root 11241100x8000000000000000285545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35d645242e7d4252023-02-08 09:49:26.984root 11241100x8000000000000000285544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4203188a95a1dd2023-02-08 09:49:26.984root 11241100x8000000000000000285543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e335085cb311da202023-02-08 09:49:26.984root 11241100x8000000000000000285556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6afe2f4736b79032023-02-08 09:49:26.985root 11241100x8000000000000000285555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b868ba4e769bdc2023-02-08 09:49:26.985root 11241100x8000000000000000285554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0ece13ccd5e6ff2023-02-08 09:49:26.985root 11241100x8000000000000000285553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352a22fa4889c7d2023-02-08 09:49:26.985root 11241100x8000000000000000285552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dc8365d05d63cf2023-02-08 09:49:26.985root 11241100x8000000000000000285551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b19ff254cd4af2023-02-08 09:49:26.985root 11241100x8000000000000000285550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36f5338aba5fd3d2023-02-08 09:49:26.985root 11241100x8000000000000000285549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaad20de224f11072023-02-08 09:49:26.985root 11241100x8000000000000000285568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991f9d8d651bb6442023-02-08 09:49:26.986root 11241100x8000000000000000285567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5831041c8b66bf7f2023-02-08 09:49:26.986root 11241100x8000000000000000285566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8fce879c687da2023-02-08 09:49:26.986root 11241100x8000000000000000285565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ef9a8e089c4b42023-02-08 09:49:26.986root 11241100x8000000000000000285564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93439e128b56d7852023-02-08 09:49:26.986root 11241100x8000000000000000285563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacd732ef58b35862023-02-08 09:49:26.986root 11241100x8000000000000000285562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec4f64c58adb9582023-02-08 09:49:26.986root 11241100x8000000000000000285561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0190f321b81cf92023-02-08 09:49:26.986root 11241100x8000000000000000285560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3413ba59425e72f2023-02-08 09:49:26.986root 11241100x8000000000000000285559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b1e8a51bc8efb2023-02-08 09:49:26.986root 11241100x8000000000000000285558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6402973a19c25432023-02-08 09:49:26.986root 11241100x8000000000000000285557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037e225f457c85202023-02-08 09:49:26.986root 11241100x8000000000000000285583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b50a17ea5c72cd2023-02-08 09:49:26.987root 11241100x8000000000000000285582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5569419eae5e5a3f2023-02-08 09:49:26.987root 11241100x8000000000000000285581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2597b4c53ededb2023-02-08 09:49:26.987root 11241100x8000000000000000285580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67126672041921a32023-02-08 09:49:26.987root 11241100x8000000000000000285579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55708bce48a2f4272023-02-08 09:49:26.987root 11241100x8000000000000000285578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2838640f0193fb2023-02-08 09:49:26.987root 11241100x8000000000000000285577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297ef714a135b9e92023-02-08 09:49:26.987root 11241100x8000000000000000285576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a86123c1a83d512023-02-08 09:49:26.987root 11241100x8000000000000000285575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b1d4cebd2cbbab2023-02-08 09:49:26.987root 11241100x8000000000000000285574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b298443f7f898d2023-02-08 09:49:26.987root 11241100x8000000000000000285573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56ffd474ebee7cc2023-02-08 09:49:26.987root 11241100x8000000000000000285572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6f177f38ae34762023-02-08 09:49:26.987root 11241100x8000000000000000285571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57047ff8959e0e1a2023-02-08 09:49:26.987root 11241100x8000000000000000285570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8198f1e03d3cfc2023-02-08 09:49:26.987root 11241100x8000000000000000285569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36f11b035c45aa22023-02-08 09:49:26.987root 11241100x8000000000000000285597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff0d0bc425e416e2023-02-08 09:49:26.988root 11241100x8000000000000000285596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14f9ca040f86ebb2023-02-08 09:49:26.988root 11241100x8000000000000000285595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3603464058ec3e2023-02-08 09:49:26.988root 11241100x8000000000000000285594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee45b62725b5bea2023-02-08 09:49:26.988root 11241100x8000000000000000285593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6ecbda7f4171072023-02-08 09:49:26.988root 11241100x8000000000000000285592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e88a0de3601c362023-02-08 09:49:26.988root 11241100x8000000000000000285591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9ad5e5028426022023-02-08 09:49:26.988root 11241100x8000000000000000285590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18b5e6139649322023-02-08 09:49:26.988root 11241100x8000000000000000285589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103d3a643433d5782023-02-08 09:49:26.988root 11241100x8000000000000000285588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b351c955a17b88cf2023-02-08 09:49:26.988root 11241100x8000000000000000285587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3615c776644936e2023-02-08 09:49:26.988root 11241100x8000000000000000285586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33227516bb11992d2023-02-08 09:49:26.988root 11241100x8000000000000000285585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3006f52006e121e2023-02-08 09:49:26.988root 11241100x8000000000000000285584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4fc0b34a7d6a892023-02-08 09:49:26.988root 534500x8000000000000000285598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.092{ec2a0601-5c38-63e3-c8ba-750834560000}466/lib/systemd/systemd-journaldroot 11241100x8000000000000000285601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4c5fb8f2323c222023-02-08 09:49:27.484root 11241100x8000000000000000285600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d52013428c1ccb2023-02-08 09:49:27.484root 11241100x8000000000000000285599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58aa02baf487fb62023-02-08 09:49:27.484root 11241100x8000000000000000285610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcdb0118dd5c97c2023-02-08 09:49:27.485root 11241100x8000000000000000285609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e12809409c874b2023-02-08 09:49:27.485root 11241100x8000000000000000285608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b40905c62c33f092023-02-08 09:49:27.485root 11241100x8000000000000000285607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01aeff6a739c5992023-02-08 09:49:27.485root 11241100x8000000000000000285606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595d8c81a175eab2023-02-08 09:49:27.485root 11241100x8000000000000000285605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daa7f194ef16a882023-02-08 09:49:27.485root 11241100x8000000000000000285604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e6d2d77338f3982023-02-08 09:49:27.485root 11241100x8000000000000000285603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35acf0ca0cd2c7cc2023-02-08 09:49:27.485root 11241100x8000000000000000285602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834ad56ca2cfe8eb2023-02-08 09:49:27.485root 11241100x8000000000000000285620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6fc0ea7d2066b2023-02-08 09:49:27.486root 11241100x8000000000000000285619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba5dc6759751de2023-02-08 09:49:27.486root 11241100x8000000000000000285618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828e784c6730009f2023-02-08 09:49:27.486root 11241100x8000000000000000285617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7ebe6edf9035382023-02-08 09:49:27.486root 11241100x8000000000000000285616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c323e49abb1f2d592023-02-08 09:49:27.486root 11241100x8000000000000000285615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eaa99ba21518412023-02-08 09:49:27.486root 11241100x8000000000000000285614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bd74b868a70a222023-02-08 09:49:27.486root 11241100x8000000000000000285613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374c2afb50cf67212023-02-08 09:49:27.486root 11241100x8000000000000000285612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd1f5a9a46cd652023-02-08 09:49:27.486root 11241100x8000000000000000285611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce564ce32ee6b64d2023-02-08 09:49:27.486root 11241100x8000000000000000285622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335fc305d56eedc62023-02-08 09:49:27.487root 11241100x8000000000000000285621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7b551bddc4ac502023-02-08 09:49:27.487root 11241100x8000000000000000285623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aacf2b3679e5f42023-02-08 09:49:27.488root 11241100x8000000000000000285633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978283496f7af4b92023-02-08 09:49:27.489root 11241100x8000000000000000285632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3098a5c9c2b87c2023-02-08 09:49:27.489root 11241100x8000000000000000285631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82df42e48fd07742023-02-08 09:49:27.489root 11241100x8000000000000000285630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7945c0fc93c3bbc2023-02-08 09:49:27.489root 11241100x8000000000000000285629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840d60ae61342e112023-02-08 09:49:27.489root 11241100x8000000000000000285628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7181997f41929f52023-02-08 09:49:27.489root 11241100x8000000000000000285627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3e51ce984166f2023-02-08 09:49:27.489root 11241100x8000000000000000285626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ed3a214a4fbfc42023-02-08 09:49:27.489root 11241100x8000000000000000285625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5285845639e6a782023-02-08 09:49:27.489root 11241100x8000000000000000285624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0504dd210d6edad2023-02-08 09:49:27.489root 11241100x8000000000000000285640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485435f46474774b2023-02-08 09:49:27.490root 11241100x8000000000000000285639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d0a1a45c7537712023-02-08 09:49:27.490root 11241100x8000000000000000285638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf818ea3467069972023-02-08 09:49:27.490root 11241100x8000000000000000285637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caea27cf011af0e72023-02-08 09:49:27.490root 11241100x8000000000000000285636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9237b1958a9cd62023-02-08 09:49:27.490root 11241100x8000000000000000285635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aefb0621c6a75de2023-02-08 09:49:27.490root 11241100x8000000000000000285634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8467030ccbe9814e2023-02-08 09:49:27.490root 11241100x8000000000000000285643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e1f1c911d775e82023-02-08 09:49:27.491root 11241100x8000000000000000285642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870786f7484049412023-02-08 09:49:27.491root 11241100x8000000000000000285641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a8a2c44f5439932023-02-08 09:49:27.491root 11241100x8000000000000000285648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef6f4a435ee79a72023-02-08 09:49:27.492root 11241100x8000000000000000285647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2010c08b44cd68ea2023-02-08 09:49:27.492root 11241100x8000000000000000285646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5f2e423b5807492023-02-08 09:49:27.492root 11241100x8000000000000000285645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5964274fef9c02023-02-08 09:49:27.492root 11241100x8000000000000000285644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aa3bd8e377eb482023-02-08 09:49:27.492root 11241100x8000000000000000285658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678757d329fb24172023-02-08 09:49:27.494root 11241100x8000000000000000285657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29cfd8f246ea4f02023-02-08 09:49:27.494root 11241100x8000000000000000285656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce5a2ad390232d52023-02-08 09:49:27.494root 11241100x8000000000000000285655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24aa4d64088788b72023-02-08 09:49:27.494root 11241100x8000000000000000285654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c645058eea64d1da2023-02-08 09:49:27.494root 11241100x8000000000000000285653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeea54f11d7f0212023-02-08 09:49:27.494root 11241100x8000000000000000285652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f8d89adaa404352023-02-08 09:49:27.494root 11241100x8000000000000000285651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012ba35d52ffe9142023-02-08 09:49:27.494root 11241100x8000000000000000285650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a1a92ef1e046c2023-02-08 09:49:27.494root 11241100x8000000000000000285649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd12ce79d41fed12023-02-08 09:49:27.494root 11241100x8000000000000000285662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627032aa407dc222023-02-08 09:49:27.496root 11241100x8000000000000000285661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0433274b35b84c5c2023-02-08 09:49:27.496root 11241100x8000000000000000285660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d323f3d94878f5772023-02-08 09:49:27.496root 11241100x8000000000000000285659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64de6703c3d36682023-02-08 09:49:27.496root 11241100x8000000000000000285669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b225e4e1497f4202023-02-08 09:49:27.497root 11241100x8000000000000000285668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13254d0e81fd88db2023-02-08 09:49:27.497root 11241100x8000000000000000285667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d2fecafe5f659c2023-02-08 09:49:27.497root 11241100x8000000000000000285666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ebbc44e0da3e5a2023-02-08 09:49:27.497root 11241100x8000000000000000285665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f075066edd99c3f52023-02-08 09:49:27.497root 11241100x8000000000000000285664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b93c9d363145e62023-02-08 09:49:27.497root 11241100x8000000000000000285663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187beb4e853e375a2023-02-08 09:49:27.497root 11241100x8000000000000000285676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cd5a5c8d7367a92023-02-08 09:49:27.498root 11241100x8000000000000000285675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adefaff697e1c9f92023-02-08 09:49:27.498root 11241100x8000000000000000285674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a267a03f8b3892023-02-08 09:49:27.498root 11241100x8000000000000000285673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae45f07a90a765c2023-02-08 09:49:27.498root 11241100x8000000000000000285672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d73992d0d1c852023-02-08 09:49:27.498root 11241100x8000000000000000285671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53eccf9b62bab3f2023-02-08 09:49:27.498root 11241100x8000000000000000285670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb12e897a20304432023-02-08 09:49:27.498root 11241100x8000000000000000285681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cb638d0afac2192023-02-08 09:49:27.499root 11241100x8000000000000000285680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5ec53a88bba2442023-02-08 09:49:27.499root 11241100x8000000000000000285679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee181032ad8a11f42023-02-08 09:49:27.499root 11241100x8000000000000000285678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7bd2a3bfef997f2023-02-08 09:49:27.499root 11241100x8000000000000000285677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36614ac9fc0516132023-02-08 09:49:27.499root 11241100x8000000000000000285686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b148a56e7bd282023-02-08 09:49:27.985root 11241100x8000000000000000285685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853b2a9b2be2dc792023-02-08 09:49:27.985root 11241100x8000000000000000285684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382283d8ff9ab03c2023-02-08 09:49:27.985root 11241100x8000000000000000285683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0934c14bf425ec2023-02-08 09:49:27.985root 11241100x8000000000000000285682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a344ab4e36d710502023-02-08 09:49:27.985root 11241100x8000000000000000285693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692126b280dd2462023-02-08 09:49:27.986root 11241100x8000000000000000285692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465532d93b7926ea2023-02-08 09:49:27.986root 11241100x8000000000000000285691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3db3b4da83dbde2023-02-08 09:49:27.986root 11241100x8000000000000000285690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325380ed647bcdd32023-02-08 09:49:27.986root 11241100x8000000000000000285689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec1a35b6e0c6fc22023-02-08 09:49:27.986root 11241100x8000000000000000285688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cf9a24978f97e72023-02-08 09:49:27.986root 11241100x8000000000000000285687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b9ed8ecdfe5c22023-02-08 09:49:27.986root 11241100x8000000000000000285702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089b01859ae6383b2023-02-08 09:49:27.987root 11241100x8000000000000000285701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c52fb26716b81d32023-02-08 09:49:27.987root 11241100x8000000000000000285700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84f183a4c013d182023-02-08 09:49:27.987root 11241100x8000000000000000285699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b33c323f75574b2023-02-08 09:49:27.987root 11241100x8000000000000000285698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e0b29c28db80ac2023-02-08 09:49:27.987root 11241100x8000000000000000285697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c2f599b074bd712023-02-08 09:49:27.987root 11241100x8000000000000000285696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dede48c45cfb9712023-02-08 09:49:27.987root 11241100x8000000000000000285695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232074b51adc5a942023-02-08 09:49:27.987root 11241100x8000000000000000285694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43583a38d6d3a8e92023-02-08 09:49:27.987root 11241100x8000000000000000285712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e37f5bfd7a243be2023-02-08 09:49:27.988root 11241100x8000000000000000285711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9919f0f4c9d5ab802023-02-08 09:49:27.988root 11241100x8000000000000000285710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39335ee6dbc9af4f2023-02-08 09:49:27.988root 11241100x8000000000000000285709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8886545a325862023-02-08 09:49:27.988root 11241100x8000000000000000285708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7331eba7434a35c82023-02-08 09:49:27.988root 11241100x8000000000000000285707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a62eb3fcec31442023-02-08 09:49:27.988root 11241100x8000000000000000285706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581a6583985433ca2023-02-08 09:49:27.988root 11241100x8000000000000000285705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775dfa28f24100752023-02-08 09:49:27.988root 11241100x8000000000000000285704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b8a9d54f60573c2023-02-08 09:49:27.988root 11241100x8000000000000000285703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8023d03b55cb3502023-02-08 09:49:27.988root 11241100x8000000000000000285723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a5d0b238a354542023-02-08 09:49:27.989root 11241100x8000000000000000285722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02db8af8d0de3fa02023-02-08 09:49:27.989root 11241100x8000000000000000285721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461084da0e8a11e2023-02-08 09:49:27.989root 11241100x8000000000000000285720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e6b73623a7a5812023-02-08 09:49:27.989root 11241100x8000000000000000285719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4079dcda7187082023-02-08 09:49:27.989root 11241100x8000000000000000285718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0be0d7fb14c452023-02-08 09:49:27.989root 11241100x8000000000000000285717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643a68a60fc5b0ed2023-02-08 09:49:27.989root 11241100x8000000000000000285716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703b7547fbd507de2023-02-08 09:49:27.989root 11241100x8000000000000000285715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25670b18e6039002023-02-08 09:49:27.989root 11241100x8000000000000000285714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743783903df2a8162023-02-08 09:49:27.989root 11241100x8000000000000000285713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3902069a5cc619682023-02-08 09:49:27.989root 11241100x8000000000000000285736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3b8b0020c4ad812023-02-08 09:49:27.990root 11241100x8000000000000000285735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663ad08548eec6b12023-02-08 09:49:27.990root 11241100x8000000000000000285734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57719f2d2356b0e12023-02-08 09:49:27.990root 11241100x8000000000000000285733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e1f65eff2ad38d2023-02-08 09:49:27.990root 11241100x8000000000000000285732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5aacc420ec144292023-02-08 09:49:27.990root 11241100x8000000000000000285731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf94b7b1b8893322023-02-08 09:49:27.990root 11241100x8000000000000000285730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c86608b2ffcd602023-02-08 09:49:27.990root 11241100x8000000000000000285729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75b2120091e1742023-02-08 09:49:27.990root 11241100x8000000000000000285728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32d665f1ea356962023-02-08 09:49:27.990root 11241100x8000000000000000285727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7a5d421bda6aa92023-02-08 09:49:27.990root 11241100x8000000000000000285726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd970cdf45fc5ae2023-02-08 09:49:27.990root 11241100x8000000000000000285725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a2c24b453d9cfe2023-02-08 09:49:27.990root 11241100x8000000000000000285724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe8888844574e12023-02-08 09:49:27.990root 11241100x8000000000000000285738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286808bb5f7188502023-02-08 09:49:27.991root 11241100x8000000000000000285737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:27.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67515b9830dc5a132023-02-08 09:49:27.991root 354300x8000000000000000285739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.026{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52190-false10.0.1.12-8000- 11241100x8000000000000000285743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126c9b2063f5df5f2023-02-08 09:49:28.484root 11241100x8000000000000000285742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fc507a0c331f512023-02-08 09:49:28.484root 11241100x8000000000000000285741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e122a84eaf910122023-02-08 09:49:28.484root 11241100x8000000000000000285740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb3e8130bef24c52023-02-08 09:49:28.484root 11241100x8000000000000000285748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c0122d9d23303b2023-02-08 09:49:28.485root 11241100x8000000000000000285747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e80f90aad52de22023-02-08 09:49:28.485root 11241100x8000000000000000285746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c2bddee5cab4ed2023-02-08 09:49:28.485root 11241100x8000000000000000285745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74aaabdce73226352023-02-08 09:49:28.485root 11241100x8000000000000000285744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e99e614f380fb72023-02-08 09:49:28.485root 11241100x8000000000000000285754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af381016878a64a2023-02-08 09:49:28.486root 11241100x8000000000000000285753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8626a5ce804f24f2023-02-08 09:49:28.486root 11241100x8000000000000000285752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d04f21b971af522023-02-08 09:49:28.486root 11241100x8000000000000000285751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fcc1afcc258e182023-02-08 09:49:28.486root 11241100x8000000000000000285750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63c877561f682672023-02-08 09:49:28.486root 11241100x8000000000000000285749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c87baa095d064d32023-02-08 09:49:28.486root 11241100x8000000000000000285757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02541d9b5b8c872023-02-08 09:49:28.487root 11241100x8000000000000000285756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53ae580954643372023-02-08 09:49:28.487root 11241100x8000000000000000285755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a6e302bcb1e422023-02-08 09:49:28.487root 11241100x8000000000000000285762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ed36fc3d5bed92023-02-08 09:49:28.488root 11241100x8000000000000000285761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21422c111702b6ac2023-02-08 09:49:28.488root 11241100x8000000000000000285760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803e206e0c8058f72023-02-08 09:49:28.488root 11241100x8000000000000000285759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ce8fbfa2fbfe7c2023-02-08 09:49:28.488root 11241100x8000000000000000285758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6522ad1cfff164b2023-02-08 09:49:28.488root 11241100x8000000000000000285765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89ca7f44abceeb52023-02-08 09:49:28.489root 11241100x8000000000000000285764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad13a8f44627e92023-02-08 09:49:28.489root 11241100x8000000000000000285763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1017bf39ebda2a2023-02-08 09:49:28.489root 11241100x8000000000000000285770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66e05a78a6396672023-02-08 09:49:28.490root 11241100x8000000000000000285769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21ea38edc3735362023-02-08 09:49:28.490root 11241100x8000000000000000285768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34b8ab30e08c83b2023-02-08 09:49:28.490root 11241100x8000000000000000285767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edd65dbc5a44c442023-02-08 09:49:28.490root 11241100x8000000000000000285766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64410a226d283a412023-02-08 09:49:28.490root 11241100x8000000000000000285774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb37fd0d3eb72b2023-02-08 09:49:28.491root 11241100x8000000000000000285773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c7dabd9a756312023-02-08 09:49:28.491root 11241100x8000000000000000285772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1084d56319bccdac2023-02-08 09:49:28.491root 11241100x8000000000000000285771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8636c0d2421249202023-02-08 09:49:28.491root 11241100x8000000000000000285779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ff091fe0bf6c02023-02-08 09:49:28.492root 11241100x8000000000000000285778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde95429741c65e82023-02-08 09:49:28.492root 11241100x8000000000000000285777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58072d26abb5a2f52023-02-08 09:49:28.492root 11241100x8000000000000000285776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c33afae9060c8d72023-02-08 09:49:28.492root 11241100x8000000000000000285775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f33890be0cfa0c2023-02-08 09:49:28.492root 11241100x8000000000000000285783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b43671ae09bdb92023-02-08 09:49:28.493root 11241100x8000000000000000285782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ca617ca782ea412023-02-08 09:49:28.493root 11241100x8000000000000000285781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc36dbe0c55e958d2023-02-08 09:49:28.493root 11241100x8000000000000000285780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a50e77a015e9ba72023-02-08 09:49:28.493root 11241100x8000000000000000285787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd4357ff8aa7eba2023-02-08 09:49:28.494root 11241100x8000000000000000285786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c6c41ae4dcf4932023-02-08 09:49:28.494root 11241100x8000000000000000285785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bccab3bd13fbc792023-02-08 09:49:28.494root 11241100x8000000000000000285784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c66b9f4403f4162023-02-08 09:49:28.494root 11241100x8000000000000000285795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd6863e6c13eb32023-02-08 09:49:28.495root 11241100x8000000000000000285794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ba038169891c622023-02-08 09:49:28.495root 11241100x8000000000000000285793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dea7888cb994a82023-02-08 09:49:28.495root 11241100x8000000000000000285792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce89b4bcb47c3122023-02-08 09:49:28.495root 11241100x8000000000000000285791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c4276139d8a6c32023-02-08 09:49:28.495root 11241100x8000000000000000285790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6d711d538b31c12023-02-08 09:49:28.495root 11241100x8000000000000000285789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4ea8715bcd4c842023-02-08 09:49:28.495root 11241100x8000000000000000285788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75555f327cb88eb42023-02-08 09:49:28.495root 11241100x8000000000000000285802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac4f40ec11eeecd2023-02-08 09:49:28.496root 11241100x8000000000000000285801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fcd885eb9542dc2023-02-08 09:49:28.496root 11241100x8000000000000000285800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42b8ca21e1a2d922023-02-08 09:49:28.496root 11241100x8000000000000000285799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b673c86365113d4b2023-02-08 09:49:28.496root 11241100x8000000000000000285798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b58eef3dd7a7c22023-02-08 09:49:28.496root 11241100x8000000000000000285797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911ea1e22cba919c2023-02-08 09:49:28.496root 11241100x8000000000000000285796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffea9f35af5c3e0a2023-02-08 09:49:28.496root 11241100x8000000000000000285810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd950e6ff32107f52023-02-08 09:49:28.497root 11241100x8000000000000000285809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04692ce9ca3858f2023-02-08 09:49:28.497root 11241100x8000000000000000285808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ba6f3a7515e9052023-02-08 09:49:28.497root 11241100x8000000000000000285807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa538ac94b92c182023-02-08 09:49:28.497root 11241100x8000000000000000285806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf98d1011dcb0652023-02-08 09:49:28.497root 11241100x8000000000000000285805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecb78c4ce5547162023-02-08 09:49:28.497root 11241100x8000000000000000285804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d70e8cf589233f62023-02-08 09:49:28.497root 11241100x8000000000000000285803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cdd5127d3e8fb42023-02-08 09:49:28.497root 11241100x8000000000000000285818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe83a45ea262c502023-02-08 09:49:28.498root 11241100x8000000000000000285817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3228ebec2fa7e7a62023-02-08 09:49:28.498root 11241100x8000000000000000285816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a5dba78601de4b2023-02-08 09:49:28.498root 11241100x8000000000000000285815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6538d3c5a83f0ff62023-02-08 09:49:28.498root 11241100x8000000000000000285814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da43a7ab832bcca2023-02-08 09:49:28.498root 11241100x8000000000000000285813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400de9db98031da42023-02-08 09:49:28.498root 11241100x8000000000000000285812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbab924fed143fb2023-02-08 09:49:28.498root 11241100x8000000000000000285811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e726d260b2e6ea22023-02-08 09:49:28.498root 11241100x8000000000000000285826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d787b40d6e9cf72023-02-08 09:49:28.499root 11241100x8000000000000000285825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cbafbbfd32f6762023-02-08 09:49:28.499root 11241100x8000000000000000285824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0328ac4c97c4c542023-02-08 09:49:28.499root 11241100x8000000000000000285823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26ac1c2fd6c19e02023-02-08 09:49:28.499root 11241100x8000000000000000285822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7420552ddbf470f12023-02-08 09:49:28.499root 11241100x8000000000000000285821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc864fdbe44acee2023-02-08 09:49:28.499root 11241100x8000000000000000285820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdf2e3b8ab5b882023-02-08 09:49:28.499root 11241100x8000000000000000285819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3686e9c2e94532023-02-08 09:49:28.499root 11241100x8000000000000000285833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f38f23f58f8ae022023-02-08 09:49:28.500root 11241100x8000000000000000285832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef15e396a21c27e2023-02-08 09:49:28.500root 11241100x8000000000000000285831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91eae7ace56b6152023-02-08 09:49:28.500root 11241100x8000000000000000285830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c867a3af5156672a2023-02-08 09:49:28.500root 11241100x8000000000000000285829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad559fa0f05d5c52023-02-08 09:49:28.500root 11241100x8000000000000000285828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488d1ae98bfe7822023-02-08 09:49:28.500root 11241100x8000000000000000285827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af81b5666bd937e2023-02-08 09:49:28.500root 11241100x8000000000000000285840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713a845413c5396d2023-02-08 09:49:28.501root 11241100x8000000000000000285839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067b8f5fb2a582d2023-02-08 09:49:28.501root 11241100x8000000000000000285838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cffc642aa24c3172023-02-08 09:49:28.501root 11241100x8000000000000000285837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd686132b471f5f2023-02-08 09:49:28.501root 11241100x8000000000000000285836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c5ab257e24fa802023-02-08 09:49:28.501root 11241100x8000000000000000285835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d88aff0d9aa1532023-02-08 09:49:28.501root 11241100x8000000000000000285834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba7b7c7d88d1e422023-02-08 09:49:28.501root 11241100x8000000000000000285849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf87fd80dbe5d342023-02-08 09:49:28.502root 11241100x8000000000000000285848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3404f78ae893e92023-02-08 09:49:28.502root 11241100x8000000000000000285847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab683b7e262f8d82023-02-08 09:49:28.502root 11241100x8000000000000000285846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead949693ef264652023-02-08 09:49:28.502root 11241100x8000000000000000285845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e124cf4283bbd2552023-02-08 09:49:28.502root 11241100x8000000000000000285844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe9bce18482bd782023-02-08 09:49:28.502root 11241100x8000000000000000285843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02d9ecbcd1c4cc62023-02-08 09:49:28.502root 11241100x8000000000000000285842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0113f5e8fced95e2023-02-08 09:49:28.502root 11241100x8000000000000000285841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b395c5435a26ce2023-02-08 09:49:28.502root 11241100x8000000000000000285858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7612d7b745f33dc62023-02-08 09:49:28.503root 11241100x8000000000000000285857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f988012067dd91822023-02-08 09:49:28.503root 11241100x8000000000000000285856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa123c39fd51c502023-02-08 09:49:28.503root 11241100x8000000000000000285855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44539fc0f00157ae2023-02-08 09:49:28.503root 11241100x8000000000000000285854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2e2309b90a815e2023-02-08 09:49:28.503root 11241100x8000000000000000285853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5efa42c7f817242023-02-08 09:49:28.503root 11241100x8000000000000000285852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2fae25795b67152023-02-08 09:49:28.503root 11241100x8000000000000000285851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37309d2fd530eb312023-02-08 09:49:28.503root 11241100x8000000000000000285850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40665d4ecfc12c02023-02-08 09:49:28.503root 11241100x8000000000000000285860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f88cb0a73edfe532023-02-08 09:49:28.504root 11241100x8000000000000000285859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:28.504{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d825ca862b5982002023-02-08 09:49:28.504root 354300x8000000000000000285920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:43.167{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-58316-false10.0.1.12-8000- 11241100x8000000000000000285921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1602e2749cfc76d2023-02-08 09:49:43.484root 11241100x8000000000000000285922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495bc6fe3bb4c5f82023-02-08 09:49:43.984root 11241100x8000000000000000285923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2d6246dc1de28f2023-02-08 09:49:44.484root 11241100x8000000000000000285924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2a68823cdfc852023-02-08 09:49:44.984root 11241100x8000000000000000285925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19267e0b68415f582023-02-08 09:49:45.484root 11241100x8000000000000000285926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fc72ffe66e4fd42023-02-08 09:49:45.984root 11241100x8000000000000000285927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3339117ef06e36682023-02-08 09:49:46.484root 11241100x8000000000000000285928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3c232aafac8c6a2023-02-08 09:49:46.984root 11241100x8000000000000000285929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28d01bd931319cd2023-02-08 09:49:47.484root 11241100x8000000000000000285930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c989f65f639c72023-02-08 09:49:47.984root 354300x8000000000000000285931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:48.220{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-57776-false10.0.1.12-8000- 11241100x8000000000000000285933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f2b97901a4f012023-02-08 09:49:48.484root 11241100x8000000000000000285932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a117d76892525c3d2023-02-08 09:49:48.484root 11241100x8000000000000000285935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926ba749ceab02052023-02-08 09:49:48.984root 11241100x8000000000000000285934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1be39db445cddda2023-02-08 09:49:48.984root 11241100x8000000000000000285937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769d30d42f82c3d52023-02-08 09:49:49.484root 11241100x8000000000000000285936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1abe9130cf90332023-02-08 09:49:49.484root 11241100x8000000000000000285939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bced2488e58e9e9c2023-02-08 09:49:49.984root 11241100x8000000000000000285938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6098e09bd6be4e2023-02-08 09:49:49.984root 11241100x8000000000000000285941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1822c8ca63b200432023-02-08 09:49:50.484root 11241100x8000000000000000285940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418a7a063ebc1a802023-02-08 09:49:50.484root 11241100x8000000000000000285943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a54f1dda6a1a562023-02-08 09:49:50.984root 11241100x8000000000000000285942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83529843fa5a99d2023-02-08 09:49:50.984root 11241100x8000000000000000285945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86228c0aba2e5f872023-02-08 09:49:51.484root 11241100x8000000000000000285944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b16151c2cfb3a32023-02-08 09:49:51.484root 11241100x8000000000000000285947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80afb10fd1d18eff2023-02-08 09:49:51.984root 11241100x8000000000000000285946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0846df949dc4e32023-02-08 09:49:51.984root 11241100x8000000000000000285949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09457a935d0855652023-02-08 09:49:52.484root 11241100x8000000000000000285948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ad2c081354cc762023-02-08 09:49:52.484root 11241100x8000000000000000285951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a93e19eafead4232023-02-08 09:49:52.984root 11241100x8000000000000000285950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986ff065de8be382023-02-08 09:49:52.984root 11241100x8000000000000000285953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec23fca87e5395df2023-02-08 09:49:53.484root 11241100x8000000000000000285952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20c06b0534210552023-02-08 09:49:53.484root 11241100x8000000000000000285955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a9577c38e9fdb32023-02-08 09:49:53.984root 11241100x8000000000000000285954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0392047173f070bd2023-02-08 09:49:53.984root 354300x8000000000000000285956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.003{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-57784-false10.0.1.12-8000- 11241100x8000000000000000285959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a291381b846491902023-02-08 09:49:54.484root 11241100x8000000000000000285958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec2a194622dbb852023-02-08 09:49:54.484root 11241100x8000000000000000285957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaab7c52f2b1ae12023-02-08 09:49:54.484root 11241100x8000000000000000285962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4eac4dbdc3189e32023-02-08 09:49:54.984root 11241100x8000000000000000285961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbbad4335121ec32023-02-08 09:49:54.984root 11241100x8000000000000000285960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8449d2320d1e3f12023-02-08 09:49:54.984root 11241100x8000000000000000285965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a738cd2b3c94815b2023-02-08 09:49:55.484root 11241100x8000000000000000285964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc195ef12949c52023-02-08 09:49:55.484root 11241100x8000000000000000285963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70e84f820153fb2023-02-08 09:49:55.484root 11241100x8000000000000000285968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b79cc6183b3bd342023-02-08 09:49:55.984root 11241100x8000000000000000285967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521ae0af03086b792023-02-08 09:49:55.984root 11241100x8000000000000000285966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855ffe5e8e3042392023-02-08 09:49:55.984root 11241100x8000000000000000285971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c1fd4d7be09e12023-02-08 09:49:56.484root 11241100x8000000000000000285970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c19a877d8934b312023-02-08 09:49:56.484root 11241100x8000000000000000285969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc5799c7a9ccd792023-02-08 09:49:56.484root 11241100x8000000000000000285974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941717324ce318802023-02-08 09:49:56.984root 11241100x8000000000000000285973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa02174e0f3d1992023-02-08 09:49:56.984root 11241100x8000000000000000285972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d7977cdb61dcf2023-02-08 09:49:56.984root 11241100x8000000000000000285977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e633ae022cc1d772023-02-08 09:49:57.484root 11241100x8000000000000000285976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e70e3928ff609142023-02-08 09:49:57.484root 11241100x8000000000000000285975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a019c33597c81cfc2023-02-08 09:49:57.484root 11241100x8000000000000000285980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6586b0dffbb5879f2023-02-08 09:49:57.984root 11241100x8000000000000000285979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ef6e1db93cb5f2023-02-08 09:49:57.984root 11241100x8000000000000000285978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269520c13fbd3fda2023-02-08 09:49:57.984root 11241100x8000000000000000285983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbe3081a94ed102023-02-08 09:49:58.484root 11241100x8000000000000000285982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105f652e475995612023-02-08 09:49:58.484root 11241100x8000000000000000285981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb5302ef2d642522023-02-08 09:49:58.484root 11241100x8000000000000000285986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf78f2d0b4eb042023-02-08 09:49:58.984root 11241100x8000000000000000285985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e8aa914bdce4b2023-02-08 09:49:58.984root 11241100x8000000000000000285984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e0c8afddb30eff2023-02-08 09:49:58.984root 354300x8000000000000000285987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.200{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45640-false10.0.1.12-8000- 11241100x8000000000000000285991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245ba2abdd01d1e02023-02-08 09:49:59.484root 11241100x8000000000000000285990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a412e05663dc2d32023-02-08 09:49:59.484root 11241100x8000000000000000285989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c4fab005f48e002023-02-08 09:49:59.484root 11241100x8000000000000000285988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91a6379db51ced32023-02-08 09:49:59.484root 11241100x8000000000000000285995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61683fca814482872023-02-08 09:49:59.984root 11241100x8000000000000000285994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e344d3e61ede7e2023-02-08 09:49:59.984root 11241100x8000000000000000285993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e8bc106a3f34b92023-02-08 09:49:59.984root 11241100x8000000000000000285992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:49:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909c477afa0ddaee2023-02-08 09:49:59.984root 11241100x8000000000000000285999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a6d461ad60d7ac2023-02-08 09:50:00.484root 11241100x8000000000000000285998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c964f22476de15d2023-02-08 09:50:00.484root 11241100x8000000000000000285997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fe5b05b5c3fd02023-02-08 09:50:00.484root 11241100x8000000000000000285996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66c0c8d027882eb2023-02-08 09:50:00.484root 11241100x8000000000000000286003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6524f8db91a2da272023-02-08 09:50:00.984root 11241100x8000000000000000286002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90e0a7dc69b34b2023-02-08 09:50:00.984root 11241100x8000000000000000286001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f7ef8ca2f72cfa2023-02-08 09:50:00.984root 11241100x8000000000000000286000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285b5cab353540992023-02-08 09:50:00.984root 11241100x8000000000000000286007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66df4cf1cc5899302023-02-08 09:50:01.484root 11241100x8000000000000000286006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042871b125243c302023-02-08 09:50:01.484root 11241100x8000000000000000286005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871c02ae4916d7b52023-02-08 09:50:01.484root 11241100x8000000000000000286004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d8545b15dc1e732023-02-08 09:50:01.484root 11241100x8000000000000000286011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af09691c02e6732023-02-08 09:50:01.984root 11241100x8000000000000000286010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a709c1cb07191bb82023-02-08 09:50:01.984root 11241100x8000000000000000286009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6ffb2f33c80ed42023-02-08 09:50:01.984root 11241100x8000000000000000286008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad888e3b5f587e52023-02-08 09:50:01.984root 11241100x8000000000000000286015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d209e692428697882023-02-08 09:50:02.484root 11241100x8000000000000000286014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b052d661fd9a312023-02-08 09:50:02.484root 11241100x8000000000000000286013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3cf9e2e810f0c92023-02-08 09:50:02.484root 11241100x8000000000000000286012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba40dfe6a877991c2023-02-08 09:50:02.484root 11241100x8000000000000000286019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9223150f4456822023-02-08 09:50:02.984root 11241100x8000000000000000286018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b780cf83c4491b2023-02-08 09:50:02.984root 11241100x8000000000000000286017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cd6b2e54c4d54e2023-02-08 09:50:02.984root 11241100x8000000000000000286016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07b3586e020ed852023-02-08 09:50:02.984root 11241100x8000000000000000286023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f39acf6f361f8e2023-02-08 09:50:03.484root 11241100x8000000000000000286022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ccc0026961e222023-02-08 09:50:03.484root 11241100x8000000000000000286021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28131758532ab5dd2023-02-08 09:50:03.484root 11241100x8000000000000000286020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d78a339bb30832023-02-08 09:50:03.484root 11241100x8000000000000000286027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552c4266223cbabc2023-02-08 09:50:03.984root 11241100x8000000000000000286026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2293112ecd457fd02023-02-08 09:50:03.984root 11241100x8000000000000000286025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62b8645c5b5656a2023-02-08 09:50:03.984root 11241100x8000000000000000286024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28db74bce04ffe332023-02-08 09:50:03.984root 11241100x8000000000000000286031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad098061010f9572023-02-08 09:50:04.484root 11241100x8000000000000000286030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7476c7126e0e8792023-02-08 09:50:04.484root 11241100x8000000000000000286029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f65d12455a16752023-02-08 09:50:04.484root 11241100x8000000000000000286028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6657e501c73422632023-02-08 09:50:04.484root 11241100x8000000000000000286035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba38b92d20aefa92023-02-08 09:50:04.984root 11241100x8000000000000000286034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a94010958ae39912023-02-08 09:50:04.984root 11241100x8000000000000000286033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa00de2de65b79262023-02-08 09:50:04.984root 11241100x8000000000000000286032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0500c98406982872023-02-08 09:50:04.984root 354300x8000000000000000286036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.189{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45650-false10.0.1.12-8000- 11241100x8000000000000000286040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf812c6a176096502023-02-08 09:50:05.484root 11241100x8000000000000000286039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c01308595e6cb12023-02-08 09:50:05.484root 11241100x8000000000000000286038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c82f6f0efaa60132023-02-08 09:50:05.484root 11241100x8000000000000000286037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe08fb76ba4683022023-02-08 09:50:05.484root 11241100x8000000000000000286041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4026ab66236aced2023-02-08 09:50:05.485root 11241100x8000000000000000286043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389510248e4e2f722023-02-08 09:50:05.984root 11241100x8000000000000000286042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2618f0999d77b94c2023-02-08 09:50:05.984root 11241100x8000000000000000286045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea33f37472a5d4f2023-02-08 09:50:05.985root 11241100x8000000000000000286044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a634f6f241fa9ce2023-02-08 09:50:05.985root 11241100x8000000000000000286046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96759460742196222023-02-08 09:50:05.986root 11241100x8000000000000000286047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:50:06.361root 11241100x8000000000000000286053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac20bd70de890bbe2023-02-08 09:50:06.362root 11241100x8000000000000000286052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28de3c411f09d9f2023-02-08 09:50:06.362root 11241100x8000000000000000286051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be0180c2dc34502023-02-08 09:50:06.362root 11241100x8000000000000000286050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e75f430d85ac12023-02-08 09:50:06.362root 11241100x8000000000000000286049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0b61acc7db499b2023-02-08 09:50:06.362root 11241100x8000000000000000286048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3ebe50f58e64d42023-02-08 09:50:06.362root 11241100x8000000000000000286059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8ecbb3a34d4752023-02-08 09:50:06.734root 11241100x8000000000000000286058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba9db9f506a53f32023-02-08 09:50:06.734root 11241100x8000000000000000286057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6204123324a924bc2023-02-08 09:50:06.734root 11241100x8000000000000000286056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5e9d24121a08f82023-02-08 09:50:06.734root 11241100x8000000000000000286055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f6b62ecd9ded772023-02-08 09:50:06.734root 11241100x8000000000000000286054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d463e78370db6002023-02-08 09:50:06.734root 354300x8000000000000000286060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:06.744{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-36158-false10.0.1.12-8089- 11241100x8000000000000000286066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9243de107f9aa692023-02-08 09:50:07.234root 11241100x8000000000000000286065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5ff293908b1d722023-02-08 09:50:07.234root 11241100x8000000000000000286064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413711f3c132172c2023-02-08 09:50:07.234root 11241100x8000000000000000286063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5dc106914fc8502023-02-08 09:50:07.234root 11241100x8000000000000000286062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0146f61b807f0e62023-02-08 09:50:07.234root 11241100x8000000000000000286061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e6045a95a468542023-02-08 09:50:07.234root 11241100x8000000000000000286067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b540f1ae34465a2023-02-08 09:50:07.235root 11241100x8000000000000000286073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05720b3ec310bde2023-02-08 09:50:07.734root 11241100x8000000000000000286072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41602df433e5c9b72023-02-08 09:50:07.734root 11241100x8000000000000000286071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d41228853bfc9bc2023-02-08 09:50:07.734root 11241100x8000000000000000286070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94731c6f24164ff2023-02-08 09:50:07.734root 11241100x8000000000000000286069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d347ea306fb86892023-02-08 09:50:07.734root 11241100x8000000000000000286068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa41186347b32a7d2023-02-08 09:50:07.734root 11241100x8000000000000000286074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff930bc3e6ea255d2023-02-08 09:50:07.735root 154100x8000000000000000286075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.169{ec2a0601-7050-63e3-6804-668d02560000}5941/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000286082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740597e12a8f23742023-02-08 09:50:08.171root 11241100x8000000000000000286081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fa00db2c0a967e2023-02-08 09:50:08.171root 11241100x8000000000000000286080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73cd20f3770f3282023-02-08 09:50:08.171root 11241100x8000000000000000286079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f235d56877c9f2023-02-08 09:50:08.171root 11241100x8000000000000000286078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e755d1fc6f5b7d2023-02-08 09:50:08.171root 11241100x8000000000000000286077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f310cc9df36e056f2023-02-08 09:50:08.171root 11241100x8000000000000000286076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.171{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e2d5e15b1f14612023-02-08 09:50:08.171root 11241100x8000000000000000286083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.172{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09791ffe9eb074a12023-02-08 09:50:08.172root 534500x8000000000000000286084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.181{ec2a0601-7050-63e3-6804-668d02560000}5941/bin/psroot 11241100x8000000000000000286088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bede5993c75209a2023-02-08 09:50:08.484root 11241100x8000000000000000286087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638e4c3085bb8152023-02-08 09:50:08.484root 11241100x8000000000000000286086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0ac7274da7dca22023-02-08 09:50:08.484root 11241100x8000000000000000286085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a360d603004fa22023-02-08 09:50:08.484root 11241100x8000000000000000286093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69558203e55059e2023-02-08 09:50:08.485root 11241100x8000000000000000286092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dec3a2fbb2e99e32023-02-08 09:50:08.485root 11241100x8000000000000000286091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11082880546d3b242023-02-08 09:50:08.485root 11241100x8000000000000000286090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae0e844785b46402023-02-08 09:50:08.485root 11241100x8000000000000000286089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9238d2a0b3536112023-02-08 09:50:08.485root 11241100x8000000000000000286099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d13453710955882023-02-08 09:50:08.984root 11241100x8000000000000000286098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff10f109401c83a2023-02-08 09:50:08.984root 11241100x8000000000000000286097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c4608e0f06fafd2023-02-08 09:50:08.984root 11241100x8000000000000000286096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1080bdbdd0566f532023-02-08 09:50:08.984root 11241100x8000000000000000286095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99873dd26c3da732023-02-08 09:50:08.984root 11241100x8000000000000000286094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f4c2923ac0dce22023-02-08 09:50:08.984root 11241100x8000000000000000286102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a50855cece5a882023-02-08 09:50:08.985root 11241100x8000000000000000286101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01edc3ab4106022023-02-08 09:50:08.985root 11241100x8000000000000000286100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3910a04f2dd43b2023-02-08 09:50:08.985root 23542300x8000000000000000286103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000286113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cdddeff9ad05e52023-02-08 09:50:09.364root 11241100x8000000000000000286112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d759c26cd653d5b82023-02-08 09:50:09.364root 11241100x8000000000000000286111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8840b4d3f6098b092023-02-08 09:50:09.364root 11241100x8000000000000000286110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916e6125d9a6d7822023-02-08 09:50:09.364root 11241100x8000000000000000286109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7af767d9b309932023-02-08 09:50:09.364root 11241100x8000000000000000286108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef7756d543ce4aa2023-02-08 09:50:09.364root 11241100x8000000000000000286107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23595459e3cfe1092023-02-08 09:50:09.364root 11241100x8000000000000000286106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b2dafa6c4700c2023-02-08 09:50:09.364root 11241100x8000000000000000286105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e367138cf7c9d2023-02-08 09:50:09.364root 11241100x8000000000000000286104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d97f6f268bbce72023-02-08 09:50:09.364root 11241100x8000000000000000286115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115f1ad185b929322023-02-08 09:50:09.734root 11241100x8000000000000000286114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e296e9cd81ff69832023-02-08 09:50:09.734root 11241100x8000000000000000286123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9762e8724d86cc4c2023-02-08 09:50:09.735root 11241100x8000000000000000286122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d54cf72869e8fd52023-02-08 09:50:09.735root 11241100x8000000000000000286121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dd2384c00239f12023-02-08 09:50:09.735root 11241100x8000000000000000286120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebdee9c24e9a90c2023-02-08 09:50:09.735root 11241100x8000000000000000286119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752c920379f6ee012023-02-08 09:50:09.735root 11241100x8000000000000000286118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a4c232acce5f8b2023-02-08 09:50:09.735root 11241100x8000000000000000286117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4186539ad6e6d32023-02-08 09:50:09.735root 11241100x8000000000000000286116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a380ec1991334c92023-02-08 09:50:09.735root 11241100x8000000000000000286127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c40282a25df7592023-02-08 09:50:10.234root 11241100x8000000000000000286126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18de08df87e49dfb2023-02-08 09:50:10.234root 11241100x8000000000000000286125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605b65869f9d41782023-02-08 09:50:10.234root 11241100x8000000000000000286124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b22d6b0bfa2f502023-02-08 09:50:10.234root 11241100x8000000000000000286133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cace055a5451062023-02-08 09:50:10.235root 11241100x8000000000000000286132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56944cc2a1c59272023-02-08 09:50:10.235root 11241100x8000000000000000286131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5084f66b80576e802023-02-08 09:50:10.235root 11241100x8000000000000000286130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c4655465599d232023-02-08 09:50:10.235root 11241100x8000000000000000286129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7550485003456d2023-02-08 09:50:10.235root 11241100x8000000000000000286128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6299672d91309cc52023-02-08 09:50:10.235root 11241100x8000000000000000286137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c127c71649145fc2023-02-08 09:50:10.734root 11241100x8000000000000000286136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61159651c3b3d0e2023-02-08 09:50:10.734root 11241100x8000000000000000286135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b51a79b1068cac2023-02-08 09:50:10.734root 11241100x8000000000000000286134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977efa85066ec42c2023-02-08 09:50:10.734root 11241100x8000000000000000286143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ef818c49c8ff9f2023-02-08 09:50:10.735root 11241100x8000000000000000286142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035514a5a93a0bd42023-02-08 09:50:10.735root 11241100x8000000000000000286141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce34c8dd92cc40842023-02-08 09:50:10.735root 11241100x8000000000000000286140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceca6d6c43e35d422023-02-08 09:50:10.735root 11241100x8000000000000000286139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e65d14d365905612023-02-08 09:50:10.735root 11241100x8000000000000000286138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475a226b398d23d22023-02-08 09:50:10.735root 354300x8000000000000000286144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.034{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41954-false10.0.1.12-8000- 11241100x8000000000000000286152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b33fa9c29437ab2023-02-08 09:50:11.035root 11241100x8000000000000000286151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8c83ce7f7cc6122023-02-08 09:50:11.035root 11241100x8000000000000000286150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d999a18c20ce9c702023-02-08 09:50:11.035root 11241100x8000000000000000286149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea54bf8723c376192023-02-08 09:50:11.035root 11241100x8000000000000000286148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568174e0d06cdf0f2023-02-08 09:50:11.035root 11241100x8000000000000000286147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca07b48f3b359a72023-02-08 09:50:11.035root 11241100x8000000000000000286146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d2b02e48fa27382023-02-08 09:50:11.035root 11241100x8000000000000000286145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.035{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faa1c65061094de2023-02-08 09:50:11.035root 11241100x8000000000000000286155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.036{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99edfa1f9a031ac42023-02-08 09:50:11.036root 11241100x8000000000000000286154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.036{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617bf12679ea2582023-02-08 09:50:11.036root 11241100x8000000000000000286153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.036{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146c3c533aaf73b32023-02-08 09:50:11.036root 11241100x8000000000000000286161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031cb126a7fbe1102023-02-08 09:50:11.484root 11241100x8000000000000000286160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3700ff1f93d286242023-02-08 09:50:11.484root 11241100x8000000000000000286159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22238b78897b8fb42023-02-08 09:50:11.484root 11241100x8000000000000000286158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a32b1dfec58ab62023-02-08 09:50:11.484root 11241100x8000000000000000286157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48de05bc3b739cde2023-02-08 09:50:11.484root 11241100x8000000000000000286156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e16a9812b4c1332023-02-08 09:50:11.484root 11241100x8000000000000000286166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac06260d9ff362272023-02-08 09:50:11.485root 11241100x8000000000000000286165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830ebdd78ff6cf162023-02-08 09:50:11.485root 11241100x8000000000000000286164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8fdd1a89478cf32023-02-08 09:50:11.485root 11241100x8000000000000000286163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe909ed0a001938a2023-02-08 09:50:11.485root 11241100x8000000000000000286162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a102b47988d7fe12023-02-08 09:50:11.485root 11241100x8000000000000000286171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4d6a0beafffa92023-02-08 09:50:11.984root 11241100x8000000000000000286170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71556c9d058a3222023-02-08 09:50:11.984root 11241100x8000000000000000286169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f15a4a483fae5a2023-02-08 09:50:11.984root 11241100x8000000000000000286168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d847e65eebb567802023-02-08 09:50:11.984root 11241100x8000000000000000286167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e9a175707b164c2023-02-08 09:50:11.984root 11241100x8000000000000000286177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6883218e327f7e92023-02-08 09:50:11.985root 11241100x8000000000000000286176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c414f59449d0c252023-02-08 09:50:11.985root 11241100x8000000000000000286175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ec8338d115b0f12023-02-08 09:50:11.985root 11241100x8000000000000000286174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8aa13de928ef3f82023-02-08 09:50:11.985root 11241100x8000000000000000286173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba3fcd5ef0b17962023-02-08 09:50:11.985root 11241100x8000000000000000286172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe0d5afdcb5b3eb2023-02-08 09:50:11.985root 11241100x8000000000000000286183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddd5b9626b426ff2023-02-08 09:50:12.484root 11241100x8000000000000000286182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc1cb5debe2f7652023-02-08 09:50:12.484root 11241100x8000000000000000286181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7137a4658b8ebc52023-02-08 09:50:12.484root 11241100x8000000000000000286180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3313aa482166022023-02-08 09:50:12.484root 11241100x8000000000000000286179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012d5261c954b632023-02-08 09:50:12.484root 11241100x8000000000000000286178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b350723f5ac3c4ed2023-02-08 09:50:12.484root 11241100x8000000000000000286188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a1c8a6aa84994f2023-02-08 09:50:12.485root 11241100x8000000000000000286187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4359c640c1632002023-02-08 09:50:12.485root 11241100x8000000000000000286186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca5ee5fa3f664f12023-02-08 09:50:12.485root 11241100x8000000000000000286185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c4fc662f945df2023-02-08 09:50:12.485root 11241100x8000000000000000286184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225b386d0557ce412023-02-08 09:50:12.485root 11241100x8000000000000000286194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e527bd4533fd22023-02-08 09:50:12.984root 11241100x8000000000000000286193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b99c254608e4db2023-02-08 09:50:12.984root 11241100x8000000000000000286192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723490e221d9858a2023-02-08 09:50:12.984root 11241100x8000000000000000286191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7393991950f8f9142023-02-08 09:50:12.984root 11241100x8000000000000000286190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f028e1cfd7fe6b52023-02-08 09:50:12.984root 11241100x8000000000000000286189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa718b2715acce222023-02-08 09:50:12.984root 11241100x8000000000000000286199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffbb5a60a78104a2023-02-08 09:50:12.985root 11241100x8000000000000000286198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac93cb14413464b2023-02-08 09:50:12.985root 11241100x8000000000000000286197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc8188f4c3092292023-02-08 09:50:12.985root 11241100x8000000000000000286196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6dbe0ba51476f2023-02-08 09:50:12.985root 11241100x8000000000000000286195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154448a79470c8572023-02-08 09:50:12.985root 11241100x8000000000000000286205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c270c44fd3d57b1f2023-02-08 09:50:13.484root 11241100x8000000000000000286204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eeacc9d096b9b12023-02-08 09:50:13.484root 11241100x8000000000000000286203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cde2f1c9a48d19f2023-02-08 09:50:13.484root 11241100x8000000000000000286202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844c208c005fd1532023-02-08 09:50:13.484root 11241100x8000000000000000286201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f6393d011fffe2023-02-08 09:50:13.484root 11241100x8000000000000000286200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a0a67be6db93d12023-02-08 09:50:13.484root 11241100x8000000000000000286210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225cc744247cb9122023-02-08 09:50:13.485root 11241100x8000000000000000286209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857d8aea421a06d12023-02-08 09:50:13.485root 11241100x8000000000000000286208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a5785e8b0f6882023-02-08 09:50:13.485root 11241100x8000000000000000286207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1a3b5472f1b6fc2023-02-08 09:50:13.485root 11241100x8000000000000000286206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a414d52481bebd162023-02-08 09:50:13.485root 11241100x8000000000000000286216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91fcdbc69046de62023-02-08 09:50:13.984root 11241100x8000000000000000286215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07266cc3818d98a92023-02-08 09:50:13.984root 11241100x8000000000000000286214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f52cd0455564eac2023-02-08 09:50:13.984root 11241100x8000000000000000286213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5098d6d4c0ed5e1c2023-02-08 09:50:13.984root 11241100x8000000000000000286212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126ee3069ace330c2023-02-08 09:50:13.984root 11241100x8000000000000000286211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2105ee93f38e220f2023-02-08 09:50:13.984root 11241100x8000000000000000286221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f087f1316cc302023-02-08 09:50:13.985root 11241100x8000000000000000286220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f94edaa9282b6db2023-02-08 09:50:13.985root 11241100x8000000000000000286219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b858bb85e8993372023-02-08 09:50:13.985root 11241100x8000000000000000286218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1839a64c33f3d42023-02-08 09:50:13.985root 11241100x8000000000000000286217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddf1329ce3240af2023-02-08 09:50:13.985root 11241100x8000000000000000286226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd88112cc3438b2023-02-08 09:50:14.484root 11241100x8000000000000000286225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a264494cb0ffaad32023-02-08 09:50:14.484root 11241100x8000000000000000286224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ca1c7bacecaf632023-02-08 09:50:14.484root 11241100x8000000000000000286223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8790c695e46708542023-02-08 09:50:14.484root 11241100x8000000000000000286222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76af0ca2caab8b632023-02-08 09:50:14.484root 11241100x8000000000000000286232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fb76915c2dc8192023-02-08 09:50:14.485root 11241100x8000000000000000286231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac47ac7ce9c1e4022023-02-08 09:50:14.485root 11241100x8000000000000000286230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2aecc717e93442023-02-08 09:50:14.485root 11241100x8000000000000000286229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c3acccc65537252023-02-08 09:50:14.485root 11241100x8000000000000000286228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daaaf945cb7d7bd2023-02-08 09:50:14.485root 11241100x8000000000000000286227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99ac5391f93e3aa2023-02-08 09:50:14.485root 11241100x8000000000000000286238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0224f6f81e657c122023-02-08 09:50:14.984root 11241100x8000000000000000286237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393fb1f6cbc5106b2023-02-08 09:50:14.984root 11241100x8000000000000000286236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7082117a5db0bd042023-02-08 09:50:14.984root 11241100x8000000000000000286235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3a447385ccf4782023-02-08 09:50:14.984root 11241100x8000000000000000286234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b3f6991169b8f82023-02-08 09:50:14.984root 11241100x8000000000000000286233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e127a66191b6b8a62023-02-08 09:50:14.984root 11241100x8000000000000000286243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4aae3730eaa3772023-02-08 09:50:14.985root 11241100x8000000000000000286242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5ceee52615de812023-02-08 09:50:14.985root 11241100x8000000000000000286241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403f54a3f83ae91a2023-02-08 09:50:14.985root 11241100x8000000000000000286240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72817b2d47277d132023-02-08 09:50:14.985root 11241100x8000000000000000286239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda932f3b362b46c2023-02-08 09:50:14.985root 11241100x8000000000000000286247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a37826db7f169b02023-02-08 09:50:15.484root 11241100x8000000000000000286246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364f335472b20e512023-02-08 09:50:15.484root 11241100x8000000000000000286245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd21ba263946d812023-02-08 09:50:15.484root 11241100x8000000000000000286244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813f035584ea00602023-02-08 09:50:15.484root 11241100x8000000000000000286252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e013896ad24a56e92023-02-08 09:50:15.485root 11241100x8000000000000000286251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d720b776a9f5d2f2023-02-08 09:50:15.485root 11241100x8000000000000000286250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfc541941a88eaf2023-02-08 09:50:15.485root 11241100x8000000000000000286249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce3f5063963e2ab2023-02-08 09:50:15.485root 11241100x8000000000000000286248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248c6332d7a5113f2023-02-08 09:50:15.485root 11241100x8000000000000000286254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51977771659923702023-02-08 09:50:15.486root 11241100x8000000000000000286253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e94a4f9ab1587512023-02-08 09:50:15.486root 11241100x8000000000000000286259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22323125528afe82023-02-08 09:50:15.984root 11241100x8000000000000000286258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65bcef89df2ea62023-02-08 09:50:15.984root 11241100x8000000000000000286257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a2c9a3c662ae42023-02-08 09:50:15.984root 11241100x8000000000000000286256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d985ae87dcde502023-02-08 09:50:15.984root 11241100x8000000000000000286255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b44bdcd0c4ccb62023-02-08 09:50:15.984root 11241100x8000000000000000286263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f07092a3f21e02023-02-08 09:50:15.985root 11241100x8000000000000000286262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a1afa8e7f106f72023-02-08 09:50:15.985root 11241100x8000000000000000286261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a3ff4182cbfc02023-02-08 09:50:15.985root 11241100x8000000000000000286260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1830b96514793a82023-02-08 09:50:15.985root 11241100x8000000000000000286265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fdc61bd58fb9de2023-02-08 09:50:15.986root 11241100x8000000000000000286264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c41e50a42dee312023-02-08 09:50:15.986root 11241100x8000000000000000286270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8512fe497b095532023-02-08 09:50:16.484root 11241100x8000000000000000286269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e6b2235ab27c8f2023-02-08 09:50:16.484root 11241100x8000000000000000286268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eadd294e8ec9b892023-02-08 09:50:16.484root 11241100x8000000000000000286267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d22be8528c5e12023-02-08 09:50:16.484root 11241100x8000000000000000286266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19628fb4a52027522023-02-08 09:50:16.484root 11241100x8000000000000000286276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb643f10cd216e52023-02-08 09:50:16.485root 11241100x8000000000000000286275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9a121435cc3762023-02-08 09:50:16.485root 11241100x8000000000000000286274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a68ec052906a7bf2023-02-08 09:50:16.485root 11241100x8000000000000000286273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f50e617263c2ed2023-02-08 09:50:16.485root 11241100x8000000000000000286272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d1f93b31c7f1d82023-02-08 09:50:16.485root 11241100x8000000000000000286271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e2cb59c9c85d242023-02-08 09:50:16.485root 11241100x8000000000000000286282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e8b2212e433bf82023-02-08 09:50:16.984root 11241100x8000000000000000286281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774c8cea4926c0a2023-02-08 09:50:16.984root 11241100x8000000000000000286280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4fac33262aa8d6b2023-02-08 09:50:16.984root 11241100x8000000000000000286279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55ed668ddf2f1022023-02-08 09:50:16.984root 11241100x8000000000000000286278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18fcff0b7180fd82023-02-08 09:50:16.984root 11241100x8000000000000000286277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d811f4d5d5fe11872023-02-08 09:50:16.984root 11241100x8000000000000000286287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8809ba53891e0c12023-02-08 09:50:16.985root 11241100x8000000000000000286286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755049d55b582a92023-02-08 09:50:16.985root 11241100x8000000000000000286285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f187d30b2fc8602023-02-08 09:50:16.985root 11241100x8000000000000000286284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f9bf9255407bf42023-02-08 09:50:16.985root 11241100x8000000000000000286283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccc20760d6afc552023-02-08 09:50:16.985root 354300x8000000000000000286288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.020{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41962-false10.0.1.12-8000- 11241100x8000000000000000286293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a790fc13d700d3f42023-02-08 09:50:17.484root 11241100x8000000000000000286292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1c38e79d9ee6352023-02-08 09:50:17.484root 11241100x8000000000000000286291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619df00b7a154372023-02-08 09:50:17.484root 11241100x8000000000000000286290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8a2f1432987d1b2023-02-08 09:50:17.484root 11241100x8000000000000000286289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ef199bb36e6432023-02-08 09:50:17.484root 11241100x8000000000000000286300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a147abfb91839d832023-02-08 09:50:17.485root 11241100x8000000000000000286299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e46038cfba58952023-02-08 09:50:17.485root 11241100x8000000000000000286298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ba4e520f3ec7d82023-02-08 09:50:17.485root 11241100x8000000000000000286297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa7610829f6d362023-02-08 09:50:17.485root 11241100x8000000000000000286296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52009361861fc7972023-02-08 09:50:17.485root 11241100x8000000000000000286295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0536f51e88b3c25e2023-02-08 09:50:17.485root 11241100x8000000000000000286294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a52184c2ce0eb92023-02-08 09:50:17.485root 11241100x8000000000000000286304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de91dd21e3ac91b2023-02-08 09:50:17.984root 11241100x8000000000000000286303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2070bc51bdb6844c2023-02-08 09:50:17.984root 11241100x8000000000000000286302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0506dda198cb6d402023-02-08 09:50:17.984root 11241100x8000000000000000286301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d777d877143fa5a52023-02-08 09:50:17.984root 11241100x8000000000000000286310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408dc7a9eca01f472023-02-08 09:50:17.985root 11241100x8000000000000000286309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d26aa744618c202023-02-08 09:50:17.985root 11241100x8000000000000000286308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f80b040174cd952023-02-08 09:50:17.985root 11241100x8000000000000000286307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5543cf3317f7b52023-02-08 09:50:17.985root 11241100x8000000000000000286306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c44e8e95fc384ca2023-02-08 09:50:17.985root 11241100x8000000000000000286305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d210a59d005739a2023-02-08 09:50:17.985root 11241100x8000000000000000286312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe9501e08fa680e2023-02-08 09:50:17.986root 11241100x8000000000000000286311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334d4d1a693f4a702023-02-08 09:50:17.986root 11241100x8000000000000000286316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b671dfe3354ac12023-02-08 09:50:18.484root 11241100x8000000000000000286315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7623cc008e59b82023-02-08 09:50:18.484root 11241100x8000000000000000286314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2beeb34b3df3492023-02-08 09:50:18.484root 11241100x8000000000000000286313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c70696b291aa832023-02-08 09:50:18.484root 11241100x8000000000000000286324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9a773c2fef1bb12023-02-08 09:50:18.485root 11241100x8000000000000000286323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b976c30f404a15e2023-02-08 09:50:18.485root 11241100x8000000000000000286322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a9b7a268c9787b2023-02-08 09:50:18.485root 11241100x8000000000000000286321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05756600eb5acf42023-02-08 09:50:18.485root 11241100x8000000000000000286320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc3769b447d6cc2023-02-08 09:50:18.485root 11241100x8000000000000000286319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582a52d78d27d1672023-02-08 09:50:18.485root 11241100x8000000000000000286318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0569e1f64f94a02023-02-08 09:50:18.485root 11241100x8000000000000000286317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d98359488d19a762023-02-08 09:50:18.485root 11241100x8000000000000000286328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccec3c7911d73c962023-02-08 09:50:18.984root 11241100x8000000000000000286327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6305dec30c83da542023-02-08 09:50:18.984root 11241100x8000000000000000286326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601dc2acbfc008c62023-02-08 09:50:18.984root 11241100x8000000000000000286325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd2e7178e2570592023-02-08 09:50:18.984root 11241100x8000000000000000286336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d027f59ab53195bf2023-02-08 09:50:18.985root 11241100x8000000000000000286335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a3af9133fd0e72023-02-08 09:50:18.985root 11241100x8000000000000000286334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80a9d0e047342e2023-02-08 09:50:18.985root 11241100x8000000000000000286333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5a636f97eb662d2023-02-08 09:50:18.985root 11241100x8000000000000000286332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a048a66e9113902023-02-08 09:50:18.985root 11241100x8000000000000000286331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb0e9323f780b872023-02-08 09:50:18.985root 11241100x8000000000000000286330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ee4ae4c0b4601c2023-02-08 09:50:18.985root 11241100x8000000000000000286329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd5281b3ad59d092023-02-08 09:50:18.985root 11241100x8000000000000000286339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23965ac5dc88db192023-02-08 09:50:19.484root 11241100x8000000000000000286338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7a76d54bcb973e2023-02-08 09:50:19.484root 11241100x8000000000000000286337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a892f445cc7124ff2023-02-08 09:50:19.484root 11241100x8000000000000000286348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50faabd8ca60bb2023-02-08 09:50:19.485root 11241100x8000000000000000286347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b024d4230ddb8bd2023-02-08 09:50:19.485root 11241100x8000000000000000286346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c53d6f1b99b32e32023-02-08 09:50:19.485root 11241100x8000000000000000286345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a55e0d3af606662023-02-08 09:50:19.485root 11241100x8000000000000000286344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bfed4f520a2e182023-02-08 09:50:19.485root 11241100x8000000000000000286343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcdb52bf4bf78a12023-02-08 09:50:19.485root 11241100x8000000000000000286342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bafa2e7e79a9842023-02-08 09:50:19.485root 11241100x8000000000000000286341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb940a235c388ca2023-02-08 09:50:19.485root 11241100x8000000000000000286340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4204ced9ec0d75322023-02-08 09:50:19.485root 11241100x8000000000000000286351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a20473df46205b2023-02-08 09:50:19.984root 11241100x8000000000000000286350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c5e5b7db7ef5322023-02-08 09:50:19.984root 11241100x8000000000000000286349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd5639a15f08ed2023-02-08 09:50:19.984root 11241100x8000000000000000286356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecfe8f561e78422023-02-08 09:50:19.985root 11241100x8000000000000000286355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66393b0eb320e6542023-02-08 09:50:19.985root 11241100x8000000000000000286354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0b0ffd15e7128e2023-02-08 09:50:19.985root 11241100x8000000000000000286353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569fd53787e9ace82023-02-08 09:50:19.985root 11241100x8000000000000000286352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31a504c981d525a2023-02-08 09:50:19.985root 11241100x8000000000000000286360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29f0d2d48f00c392023-02-08 09:50:19.986root 11241100x8000000000000000286359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c420d9f81f3f342023-02-08 09:50:19.986root 11241100x8000000000000000286358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b419f9f759e7bb6c2023-02-08 09:50:19.986root 11241100x8000000000000000286357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5226ed1ec861842023-02-08 09:50:19.986root 11241100x8000000000000000286362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd822e0177e1c77c2023-02-08 09:50:20.484root 11241100x8000000000000000286361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bd7a5139329f192023-02-08 09:50:20.484root 11241100x8000000000000000286369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a76e4227ed0af72023-02-08 09:50:20.485root 11241100x8000000000000000286368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1af729604a407fc2023-02-08 09:50:20.485root 11241100x8000000000000000286367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc78e2fd7e41b92023-02-08 09:50:20.485root 11241100x8000000000000000286366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453272c727eecbb32023-02-08 09:50:20.485root 11241100x8000000000000000286365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b9ef0f0c97eaae2023-02-08 09:50:20.485root 11241100x8000000000000000286364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024efbdb7f5114ae2023-02-08 09:50:20.485root 11241100x8000000000000000286363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc65d1211ea57b72023-02-08 09:50:20.485root 11241100x8000000000000000286372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136ba41b154bb6782023-02-08 09:50:20.486root 11241100x8000000000000000286371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6c2e29869e484f2023-02-08 09:50:20.486root 11241100x8000000000000000286370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790bee4dbd6b3fa12023-02-08 09:50:20.486root 11241100x8000000000000000286375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b685b6ee9229b32023-02-08 09:50:20.984root 11241100x8000000000000000286374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c314036b0ebb122023-02-08 09:50:20.984root 11241100x8000000000000000286373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526772ceec0bc4942023-02-08 09:50:20.984root 11241100x8000000000000000286383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0065ce421a1f29a2023-02-08 09:50:20.985root 11241100x8000000000000000286382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6725dd85fbb4a62023-02-08 09:50:20.985root 11241100x8000000000000000286381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf904ad154791b32023-02-08 09:50:20.985root 11241100x8000000000000000286380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2910bd0ff4876c622023-02-08 09:50:20.985root 11241100x8000000000000000286379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ccfcbaf619f23d2023-02-08 09:50:20.985root 11241100x8000000000000000286378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0862eab9120334362023-02-08 09:50:20.985root 11241100x8000000000000000286377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86298b44bd13bb92023-02-08 09:50:20.985root 11241100x8000000000000000286376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da12df8b92df56c52023-02-08 09:50:20.985root 11241100x8000000000000000286384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b5f34117656aad2023-02-08 09:50:20.986root 11241100x8000000000000000286388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf44986121fe7d32023-02-08 09:50:21.484root 11241100x8000000000000000286387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90b7b65cdb08512023-02-08 09:50:21.484root 11241100x8000000000000000286386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5394575e12711a6c2023-02-08 09:50:21.484root 11241100x8000000000000000286385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7236b95e7c7b26982023-02-08 09:50:21.484root 11241100x8000000000000000286396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eee75bf974289392023-02-08 09:50:21.485root 11241100x8000000000000000286395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d93c7e96774c9e52023-02-08 09:50:21.485root 11241100x8000000000000000286394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc4ae026fd302702023-02-08 09:50:21.485root 11241100x8000000000000000286393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d2a217828ad1a62023-02-08 09:50:21.485root 11241100x8000000000000000286392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6840a059685775972023-02-08 09:50:21.485root 11241100x8000000000000000286391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99033aa3c250b3f32023-02-08 09:50:21.485root 11241100x8000000000000000286390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bce1dfba1fe3cb2023-02-08 09:50:21.485root 11241100x8000000000000000286389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8879d9b9a648eb2023-02-08 09:50:21.485root 11241100x8000000000000000286399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c2521441987332023-02-08 09:50:21.984root 11241100x8000000000000000286398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef525417336fc1012023-02-08 09:50:21.984root 11241100x8000000000000000286397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fc34b10c6e14da2023-02-08 09:50:21.984root 11241100x8000000000000000286408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc01163fefdc73d2023-02-08 09:50:21.985root 11241100x8000000000000000286407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372639a5979c6c462023-02-08 09:50:21.985root 11241100x8000000000000000286406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204dc3d2890cb2f62023-02-08 09:50:21.985root 11241100x8000000000000000286405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60ea1a96ef9e6462023-02-08 09:50:21.985root 11241100x8000000000000000286404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3634bf20a702307d2023-02-08 09:50:21.985root 11241100x8000000000000000286403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ddd89f62c6dda2023-02-08 09:50:21.985root 11241100x8000000000000000286402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f647c8c74473dd32023-02-08 09:50:21.985root 11241100x8000000000000000286401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d3c4ec9c14586a2023-02-08 09:50:21.985root 11241100x8000000000000000286400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf68346a6c8194642023-02-08 09:50:21.985root 354300x8000000000000000286409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.071{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36578-false10.0.1.12-8000- 11241100x8000000000000000286411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a8c027a16e3d6d2023-02-08 09:50:22.484root 11241100x8000000000000000286410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903a002f69029712023-02-08 09:50:22.484root 11241100x8000000000000000286419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e936d0ed8468d05a2023-02-08 09:50:22.485root 11241100x8000000000000000286418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d175fb94d2265b2023-02-08 09:50:22.485root 11241100x8000000000000000286417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb14d2c57daa78f2023-02-08 09:50:22.485root 11241100x8000000000000000286416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b008c5ae6327c20e2023-02-08 09:50:22.485root 11241100x8000000000000000286415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0108624b74d64a8f2023-02-08 09:50:22.485root 11241100x8000000000000000286414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31080da375fa97462023-02-08 09:50:22.485root 11241100x8000000000000000286413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b843574224d1ce2023-02-08 09:50:22.485root 11241100x8000000000000000286412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0ebe9b696ba70e2023-02-08 09:50:22.485root 11241100x8000000000000000286422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d35fb80057fc0a2023-02-08 09:50:22.486root 11241100x8000000000000000286421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2caf1782c91e4062023-02-08 09:50:22.486root 11241100x8000000000000000286420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc0d32524c75dec2023-02-08 09:50:22.486root 11241100x8000000000000000286426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d355f0dcefc279e32023-02-08 09:50:22.984root 11241100x8000000000000000286425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcbdfca8ec82f3f2023-02-08 09:50:22.984root 11241100x8000000000000000286424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e107dffb3444c822023-02-08 09:50:22.984root 11241100x8000000000000000286423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616d34ab2d7469e72023-02-08 09:50:22.984root 11241100x8000000000000000286434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275b044513ab89872023-02-08 09:50:22.985root 11241100x8000000000000000286433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211144f6aaba47b2023-02-08 09:50:22.985root 11241100x8000000000000000286432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c1dca8e069bfa62023-02-08 09:50:22.985root 11241100x8000000000000000286431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d18f15718dbea2023-02-08 09:50:22.985root 11241100x8000000000000000286430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4601cae7ac59202023-02-08 09:50:22.985root 11241100x8000000000000000286429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1db56d531a74b52023-02-08 09:50:22.985root 11241100x8000000000000000286428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e1f26dfc2e5112023-02-08 09:50:22.985root 11241100x8000000000000000286427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64300908122d8a382023-02-08 09:50:22.985root 11241100x8000000000000000286435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1c31f9f62661a82023-02-08 09:50:22.986root 11241100x8000000000000000286439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d56e9bec17591272023-02-08 09:50:23.484root 11241100x8000000000000000286438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6e2efc3c6123952023-02-08 09:50:23.484root 11241100x8000000000000000286437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c5064d34193ef2023-02-08 09:50:23.484root 11241100x8000000000000000286436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf710f3aa67df6222023-02-08 09:50:23.484root 11241100x8000000000000000286447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b3586813c666352023-02-08 09:50:23.485root 11241100x8000000000000000286446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbe7043b5e6e8742023-02-08 09:50:23.485root 11241100x8000000000000000286445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c27647566ba3cb52023-02-08 09:50:23.485root 11241100x8000000000000000286444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5821278eda7cd4692023-02-08 09:50:23.485root 11241100x8000000000000000286443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d158547ff4d255382023-02-08 09:50:23.485root 11241100x8000000000000000286442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cee915974c57c2d2023-02-08 09:50:23.485root 11241100x8000000000000000286441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c72c66f60404f682023-02-08 09:50:23.485root 11241100x8000000000000000286440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759efb63e7ff2ad82023-02-08 09:50:23.485root 11241100x8000000000000000286448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee426e500da8b322023-02-08 09:50:23.486root 11241100x8000000000000000286453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b323e798d3bd85a72023-02-08 09:50:23.984root 11241100x8000000000000000286452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bf942adffdbb162023-02-08 09:50:23.984root 11241100x8000000000000000286451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8e6d6f5579d2f2023-02-08 09:50:23.984root 11241100x8000000000000000286450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e3b88cfd3b4c122023-02-08 09:50:23.984root 11241100x8000000000000000286449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af83eec09fdb2592023-02-08 09:50:23.984root 11241100x8000000000000000286461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506c4ebde57a16e12023-02-08 09:50:23.985root 11241100x8000000000000000286460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc220f4a3c14c4592023-02-08 09:50:23.985root 11241100x8000000000000000286459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50124473d77252162023-02-08 09:50:23.985root 11241100x8000000000000000286458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62689aac3ec282d42023-02-08 09:50:23.985root 11241100x8000000000000000286457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455824ab9bea11842023-02-08 09:50:23.985root 11241100x8000000000000000286456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b1056f311d4c072023-02-08 09:50:23.985root 11241100x8000000000000000286455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b7b75b46d6a1cf2023-02-08 09:50:23.985root 11241100x8000000000000000286454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137c557b78e61cf72023-02-08 09:50:23.985root 11241100x8000000000000000286466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc2eb764f69b3002023-02-08 09:50:24.484root 11241100x8000000000000000286465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db0c1bb11ddfba2023-02-08 09:50:24.484root 11241100x8000000000000000286464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1ae2752dae94ec2023-02-08 09:50:24.484root 11241100x8000000000000000286463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9718ac78e8c67982023-02-08 09:50:24.484root 11241100x8000000000000000286462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c4c733de6d88e62023-02-08 09:50:24.484root 11241100x8000000000000000286474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920e396aac7af0e12023-02-08 09:50:24.485root 11241100x8000000000000000286473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d5cdcaaaf8ff672023-02-08 09:50:24.485root 11241100x8000000000000000286472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f970dd9eeeeb4d02023-02-08 09:50:24.485root 11241100x8000000000000000286471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5117492e8271877a2023-02-08 09:50:24.485root 11241100x8000000000000000286470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176e8cd320ef34cc2023-02-08 09:50:24.485root 11241100x8000000000000000286469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da230df12497c9c72023-02-08 09:50:24.485root 11241100x8000000000000000286468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb4672537a37e42023-02-08 09:50:24.485root 11241100x8000000000000000286467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10e30a7c88cec222023-02-08 09:50:24.485root 11241100x8000000000000000286479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1fef81c5e50152023-02-08 09:50:24.984root 11241100x8000000000000000286478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645473dacdc130ee2023-02-08 09:50:24.984root 11241100x8000000000000000286477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c68de18da2e5ff2023-02-08 09:50:24.984root 11241100x8000000000000000286476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca591dbed7614722023-02-08 09:50:24.984root 11241100x8000000000000000286475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f9b4ad6e678ebf2023-02-08 09:50:24.984root 11241100x8000000000000000286487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfce150786b2de2023-02-08 09:50:24.985root 11241100x8000000000000000286486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa92204f61a0fb772023-02-08 09:50:24.985root 11241100x8000000000000000286485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27134c5d407b297b2023-02-08 09:50:24.985root 11241100x8000000000000000286484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12dd83da841410e32023-02-08 09:50:24.985root 11241100x8000000000000000286483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a565771ecc4122023-02-08 09:50:24.985root 11241100x8000000000000000286482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ddb225abd835ff2023-02-08 09:50:24.985root 11241100x8000000000000000286481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13b377f5faacd332023-02-08 09:50:24.985root 11241100x8000000000000000286480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3789498bc6d102023-02-08 09:50:24.985root 11241100x8000000000000000286492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ab7bf3545fa2052023-02-08 09:50:25.484root 11241100x8000000000000000286491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edde03d27ee84ce2023-02-08 09:50:25.484root 11241100x8000000000000000286490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822520bb45c5e1d2023-02-08 09:50:25.484root 11241100x8000000000000000286489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9484933d29987512023-02-08 09:50:25.484root 11241100x8000000000000000286488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f1fbe18c1b86aa2023-02-08 09:50:25.484root 11241100x8000000000000000286500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27059ec86fd76b732023-02-08 09:50:25.485root 11241100x8000000000000000286499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1acde6098f379302023-02-08 09:50:25.485root 11241100x8000000000000000286498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c715d0147b4d812d2023-02-08 09:50:25.485root 11241100x8000000000000000286497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38f13a847cb78b52023-02-08 09:50:25.485root 11241100x8000000000000000286496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1ebd8459b8cc382023-02-08 09:50:25.485root 11241100x8000000000000000286495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d87069ca3468c52023-02-08 09:50:25.485root 11241100x8000000000000000286494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d87c67b96c2221d2023-02-08 09:50:25.485root 11241100x8000000000000000286493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eb7001af8043ef2023-02-08 09:50:25.485root 11241100x8000000000000000286505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593da96479f477ec2023-02-08 09:50:25.984root 11241100x8000000000000000286504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf62feafa7f91d2023-02-08 09:50:25.984root 11241100x8000000000000000286503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ae022a6a95c8312023-02-08 09:50:25.984root 11241100x8000000000000000286502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a34fcf2ba2100b2023-02-08 09:50:25.984root 11241100x8000000000000000286501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8620a3fcecd4c2672023-02-08 09:50:25.984root 11241100x8000000000000000286513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20d2eee4d7cb1b52023-02-08 09:50:25.985root 11241100x8000000000000000286512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf2e868d60c84232023-02-08 09:50:25.985root 11241100x8000000000000000286511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895eaaf4c75388da2023-02-08 09:50:25.985root 11241100x8000000000000000286510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeeab9fc0ccc2132023-02-08 09:50:25.985root 11241100x8000000000000000286509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1ce9cf497b3c902023-02-08 09:50:25.985root 11241100x8000000000000000286508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a2ff29a39093e32023-02-08 09:50:25.985root 11241100x8000000000000000286507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035172753fd790502023-02-08 09:50:25.985root 11241100x8000000000000000286506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ef72157685fa12023-02-08 09:50:25.985root 11241100x8000000000000000286515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffbc6ee3e637a922023-02-08 09:50:26.484root 11241100x8000000000000000286514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e810cea71b57f32023-02-08 09:50:26.484root 11241100x8000000000000000286526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ec76ada75baab12023-02-08 09:50:26.485root 11241100x8000000000000000286525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b38b9a1fe72b0c2023-02-08 09:50:26.485root 11241100x8000000000000000286524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3f3f1917dc323a2023-02-08 09:50:26.485root 11241100x8000000000000000286523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f99b6028077bc72023-02-08 09:50:26.485root 11241100x8000000000000000286522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9703316e1617a2023-02-08 09:50:26.485root 11241100x8000000000000000286521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371752d7786630352023-02-08 09:50:26.485root 11241100x8000000000000000286520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c27fe6ea3c35412023-02-08 09:50:26.485root 11241100x8000000000000000286519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba9b419ddfe0d732023-02-08 09:50:26.485root 11241100x8000000000000000286518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc6560dea81843d2023-02-08 09:50:26.485root 11241100x8000000000000000286517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eca408e309c4a072023-02-08 09:50:26.485root 11241100x8000000000000000286516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c854ab05e1b99ad32023-02-08 09:50:26.485root 11241100x8000000000000000286530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bb4660bb5aa4272023-02-08 09:50:26.984root 11241100x8000000000000000286529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8510598aeefc5afd2023-02-08 09:50:26.984root 11241100x8000000000000000286528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e87ff67645245a2023-02-08 09:50:26.984root 11241100x8000000000000000286527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a20f13798a2a5172023-02-08 09:50:26.984root 11241100x8000000000000000286538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebc2394f34817372023-02-08 09:50:26.985root 11241100x8000000000000000286537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c9a50381b21f042023-02-08 09:50:26.985root 11241100x8000000000000000286536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bb512970cf60c2023-02-08 09:50:26.985root 11241100x8000000000000000286535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e193bbf64e9882023-02-08 09:50:26.985root 11241100x8000000000000000286534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f866d52d515d42023-02-08 09:50:26.985root 11241100x8000000000000000286533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca88d8b697768b8a2023-02-08 09:50:26.985root 11241100x8000000000000000286532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4881dc31ad197f122023-02-08 09:50:26.985root 11241100x8000000000000000286531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091d49d6d19a6d182023-02-08 09:50:26.985root 11241100x8000000000000000286539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c0794ab59920a52023-02-08 09:50:26.986root 354300x8000000000000000286540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.100{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36590-false10.0.1.12-8000- 11241100x8000000000000000286548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e752881bd1e9f8312023-02-08 09:50:27.485root 11241100x8000000000000000286547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e6f6bd704530f32023-02-08 09:50:27.485root 11241100x8000000000000000286546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a95560cc3279c82023-02-08 09:50:27.485root 11241100x8000000000000000286545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c1d215632e6c032023-02-08 09:50:27.485root 11241100x8000000000000000286544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fe9565a40506ce2023-02-08 09:50:27.485root 11241100x8000000000000000286543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf41daa888ce8be62023-02-08 09:50:27.485root 11241100x8000000000000000286542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d40523bb4caa7ed2023-02-08 09:50:27.485root 11241100x8000000000000000286541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31263f49c86a5d72023-02-08 09:50:27.485root 11241100x8000000000000000286554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40a766d0bfaf922023-02-08 09:50:27.486root 11241100x8000000000000000286553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e6e2ea23e7f6c52023-02-08 09:50:27.486root 11241100x8000000000000000286552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fa00467b572b862023-02-08 09:50:27.486root 11241100x8000000000000000286551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a71ec0fce391c822023-02-08 09:50:27.486root 11241100x8000000000000000286550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd71fbf427933502023-02-08 09:50:27.486root 11241100x8000000000000000286549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36e2e560f289f152023-02-08 09:50:27.486root 11241100x8000000000000000286555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19698250bb3df56d2023-02-08 09:50:27.984root 11241100x8000000000000000286566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32ef6450ca020a12023-02-08 09:50:27.985root 11241100x8000000000000000286565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d680b71c719d46e82023-02-08 09:50:27.985root 11241100x8000000000000000286564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0115e52d49bf72ff2023-02-08 09:50:27.985root 11241100x8000000000000000286563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7a28dd6b37d222023-02-08 09:50:27.985root 11241100x8000000000000000286562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35b79969ef681bf2023-02-08 09:50:27.985root 11241100x8000000000000000286561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed89511098544d92023-02-08 09:50:27.985root 11241100x8000000000000000286560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af17405078fdc5172023-02-08 09:50:27.985root 11241100x8000000000000000286559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d705871e61a65cde2023-02-08 09:50:27.985root 11241100x8000000000000000286558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e124e3e65339ad2023-02-08 09:50:27.985root 11241100x8000000000000000286557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b64a2429187e772023-02-08 09:50:27.985root 11241100x8000000000000000286556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97fbc2d1b09d8162023-02-08 09:50:27.985root 11241100x8000000000000000286568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9972a8d9ee2d4f92023-02-08 09:50:27.986root 11241100x8000000000000000286567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5fce512a4844a52023-02-08 09:50:27.986root 11241100x8000000000000000286572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2d52ec1294b9db2023-02-08 09:50:28.484root 11241100x8000000000000000286571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfa40d389dd1c2c2023-02-08 09:50:28.484root 11241100x8000000000000000286570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dacc55d3d094672023-02-08 09:50:28.484root 11241100x8000000000000000286569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7548fae1b571cb02023-02-08 09:50:28.484root 11241100x8000000000000000286581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34eaba573b5a12a62023-02-08 09:50:28.485root 11241100x8000000000000000286580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56d3baae7d93dbc2023-02-08 09:50:28.485root 11241100x8000000000000000286579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d69dfa6d2e3ac5c2023-02-08 09:50:28.485root 11241100x8000000000000000286578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23c2d33fb69b0782023-02-08 09:50:28.485root 11241100x8000000000000000286577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997febf86989bda12023-02-08 09:50:28.485root 11241100x8000000000000000286576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78d9d1e67f917862023-02-08 09:50:28.485root 11241100x8000000000000000286575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f329e01c22b8f02023-02-08 09:50:28.485root 11241100x8000000000000000286574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5968ccd54473a0752023-02-08 09:50:28.485root 11241100x8000000000000000286573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ecdc27041237232023-02-08 09:50:28.485root 11241100x8000000000000000286582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dfc8fa9b01c01c2023-02-08 09:50:28.486root 11241100x8000000000000000286586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f599ca9b2116689d2023-02-08 09:50:28.984root 11241100x8000000000000000286585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee412229ee771b882023-02-08 09:50:28.984root 11241100x8000000000000000286584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43636c23b2a486132023-02-08 09:50:28.984root 11241100x8000000000000000286583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee653f8375c9e8e2023-02-08 09:50:28.984root 11241100x8000000000000000286593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0d748d247791752023-02-08 09:50:28.985root 11241100x8000000000000000286592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d43c1435775d422023-02-08 09:50:28.985root 11241100x8000000000000000286591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7a08e8d679db6c2023-02-08 09:50:28.985root 11241100x8000000000000000286590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d83115904ce76b2023-02-08 09:50:28.985root 11241100x8000000000000000286589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659014143c92b2742023-02-08 09:50:28.985root 11241100x8000000000000000286588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae358fb49d82f02023-02-08 09:50:28.985root 11241100x8000000000000000286587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b421d4d34893722023-02-08 09:50:28.985root 11241100x8000000000000000286596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231e6993a8f24c012023-02-08 09:50:28.986root 11241100x8000000000000000286595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93479b095aaecfed2023-02-08 09:50:28.986root 11241100x8000000000000000286594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f9bd38752bf9dc2023-02-08 09:50:28.986root 11241100x8000000000000000286600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eabf84c2728495a2023-02-08 09:50:29.484root 11241100x8000000000000000286599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e9260165915f62023-02-08 09:50:29.484root 11241100x8000000000000000286598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dfadc3e8c474512023-02-08 09:50:29.484root 11241100x8000000000000000286597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d868e810169b92023-02-08 09:50:29.484root 11241100x8000000000000000286610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9302faca8ec238492023-02-08 09:50:29.485root 11241100x8000000000000000286609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eca723340062c272023-02-08 09:50:29.485root 11241100x8000000000000000286608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61e2eb381a97c0b2023-02-08 09:50:29.485root 11241100x8000000000000000286607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3f30a7b9ccf9d92023-02-08 09:50:29.485root 11241100x8000000000000000286606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b61c9cd3d0df6442023-02-08 09:50:29.485root 11241100x8000000000000000286605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf82cbbe7844e1212023-02-08 09:50:29.485root 11241100x8000000000000000286604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658db7c28c29619a2023-02-08 09:50:29.485root 11241100x8000000000000000286603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20561583bf511e6b2023-02-08 09:50:29.485root 11241100x8000000000000000286602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ab983cae799dba2023-02-08 09:50:29.485root 11241100x8000000000000000286601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b758b833484fc5e82023-02-08 09:50:29.485root 11241100x8000000000000000286614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf96f8fac02d212023-02-08 09:50:29.984root 11241100x8000000000000000286613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c9a4e338fd715c2023-02-08 09:50:29.984root 11241100x8000000000000000286612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920889a1273e44632023-02-08 09:50:29.984root 11241100x8000000000000000286611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8161050866cdfc1b2023-02-08 09:50:29.984root 11241100x8000000000000000286623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf2a4eaaf2fcfa92023-02-08 09:50:29.985root 11241100x8000000000000000286622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42c2e6efece9a182023-02-08 09:50:29.985root 11241100x8000000000000000286621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82e05af76216b322023-02-08 09:50:29.985root 11241100x8000000000000000286620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3114dd5c617e32023-02-08 09:50:29.985root 11241100x8000000000000000286619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03c8a62ded56ef32023-02-08 09:50:29.985root 11241100x8000000000000000286618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba8c01361b5ae692023-02-08 09:50:29.985root 11241100x8000000000000000286617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ea7cf7d5f812d42023-02-08 09:50:29.985root 11241100x8000000000000000286616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1bf7ad25f5cd432023-02-08 09:50:29.985root 11241100x8000000000000000286615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691920f881d4479b2023-02-08 09:50:29.985root 11241100x8000000000000000286624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b81ae05c94cd9e2023-02-08 09:50:29.986root 11241100x8000000000000000286627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3416ec48966d74b82023-02-08 09:50:30.484root 11241100x8000000000000000286626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e2bac6d74d8f392023-02-08 09:50:30.484root 11241100x8000000000000000286625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a91d0fee94639962023-02-08 09:50:30.484root 11241100x8000000000000000286636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5daf9a3ea3c1e92023-02-08 09:50:30.485root 11241100x8000000000000000286635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a607a3364b26dd2023-02-08 09:50:30.485root 11241100x8000000000000000286634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81161a667a8969f22023-02-08 09:50:30.485root 11241100x8000000000000000286633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcaa5d8192c251e2023-02-08 09:50:30.485root 11241100x8000000000000000286632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3e94fb4e4a550f2023-02-08 09:50:30.485root 11241100x8000000000000000286631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc82650a387383c2023-02-08 09:50:30.485root 11241100x8000000000000000286630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269ebfc596bab68f2023-02-08 09:50:30.485root 11241100x8000000000000000286629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cdb691fcbb363e2023-02-08 09:50:30.485root 11241100x8000000000000000286628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c79ee3e7e131942023-02-08 09:50:30.485root 11241100x8000000000000000286638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02828aeaf89e7a272023-02-08 09:50:30.486root 11241100x8000000000000000286637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0d47649dfc77bb2023-02-08 09:50:30.486root 11241100x8000000000000000286640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7c7d94a613b6db2023-02-08 09:50:30.984root 11241100x8000000000000000286639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63a610fe16b60bb2023-02-08 09:50:30.984root 11241100x8000000000000000286648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6431203e0f9fdd6a2023-02-08 09:50:30.985root 11241100x8000000000000000286647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8987ba2a9f88e4432023-02-08 09:50:30.985root 11241100x8000000000000000286646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8be61697b9e29b82023-02-08 09:50:30.985root 11241100x8000000000000000286645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a78ff948967def2023-02-08 09:50:30.985root 11241100x8000000000000000286644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c20d47f0ae9ebb62023-02-08 09:50:30.985root 11241100x8000000000000000286643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fac646550e95e262023-02-08 09:50:30.985root 11241100x8000000000000000286642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac4ebcbbce00ce42023-02-08 09:50:30.985root 11241100x8000000000000000286641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054eb2513b0982a2023-02-08 09:50:30.985root 11241100x8000000000000000286652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf18ca0974ce1b2023-02-08 09:50:30.986root 11241100x8000000000000000286651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35f6a27c37551522023-02-08 09:50:30.986root 11241100x8000000000000000286650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd4b34ead4cc74c2023-02-08 09:50:30.986root 11241100x8000000000000000286649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2b1c0aa1dcd12d2023-02-08 09:50:30.986root 11241100x8000000000000000286657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335040e34a006cad2023-02-08 09:50:31.484root 11241100x8000000000000000286656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41e55796fdecd722023-02-08 09:50:31.484root 11241100x8000000000000000286655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6a49023ff0caa42023-02-08 09:50:31.484root 11241100x8000000000000000286654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907a081db2f79eb2023-02-08 09:50:31.484root 11241100x8000000000000000286653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae5b6d6d8759d62023-02-08 09:50:31.484root 11241100x8000000000000000286666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10a01fd4bb8d00d2023-02-08 09:50:31.485root 11241100x8000000000000000286665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f405105b5f8aa12023-02-08 09:50:31.485root 11241100x8000000000000000286664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b922a3ffcd1452023-02-08 09:50:31.485root 11241100x8000000000000000286663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0401a9c7bfe0d2512023-02-08 09:50:31.485root 11241100x8000000000000000286662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ab4e4ebb5083482023-02-08 09:50:31.485root 11241100x8000000000000000286661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d44a7acbbfc6b2023-02-08 09:50:31.485root 11241100x8000000000000000286660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3c95281dd5b3bf2023-02-08 09:50:31.485root 11241100x8000000000000000286659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175f2c4e2bac3922023-02-08 09:50:31.485root 11241100x8000000000000000286658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d3329cdab5fa662023-02-08 09:50:31.485root 11241100x8000000000000000286671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1199d4ae6e8ea1a2023-02-08 09:50:31.984root 11241100x8000000000000000286670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87f51a61b562fb2023-02-08 09:50:31.984root 11241100x8000000000000000286669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5d455cd57b2f332023-02-08 09:50:31.984root 11241100x8000000000000000286668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778cf68cba3f52d32023-02-08 09:50:31.984root 11241100x8000000000000000286667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f958989e613d740d2023-02-08 09:50:31.984root 11241100x8000000000000000286680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731366114773b5892023-02-08 09:50:31.985root 11241100x8000000000000000286679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8cf53cb3baa1ed2023-02-08 09:50:31.985root 11241100x8000000000000000286678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0931865dee15b27b2023-02-08 09:50:31.985root 11241100x8000000000000000286677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d9c9b3622226b2023-02-08 09:50:31.985root 11241100x8000000000000000286676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e2de4a7ae19a82023-02-08 09:50:31.985root 11241100x8000000000000000286675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b7dc905602e8d62023-02-08 09:50:31.985root 11241100x8000000000000000286674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0a2c35f03a8ce92023-02-08 09:50:31.985root 11241100x8000000000000000286673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5d3a76690f20f12023-02-08 09:50:31.985root 11241100x8000000000000000286672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1de2d4aa9c2a392023-02-08 09:50:31.985root 354300x8000000000000000286681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.130{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43818-false10.0.1.12-8000- 11241100x8000000000000000286685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfd8862bb933b3d2023-02-08 09:50:32.484root 11241100x8000000000000000286684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a1f05ecd9e502d2023-02-08 09:50:32.484root 11241100x8000000000000000286683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759dfb4cbf9365982023-02-08 09:50:32.484root 11241100x8000000000000000286682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5599888c696203982023-02-08 09:50:32.484root 11241100x8000000000000000286695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc01cbcffffd2522023-02-08 09:50:32.485root 11241100x8000000000000000286694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d28436b9562e9b2023-02-08 09:50:32.485root 11241100x8000000000000000286693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c3dfa1eb06e282023-02-08 09:50:32.485root 11241100x8000000000000000286692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2911a9055cded18f2023-02-08 09:50:32.485root 11241100x8000000000000000286691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfa6257abf467dd2023-02-08 09:50:32.485root 11241100x8000000000000000286690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29fd4bbb50074fe2023-02-08 09:50:32.485root 11241100x8000000000000000286689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632463b510fb2efb2023-02-08 09:50:32.485root 11241100x8000000000000000286688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73070f7cf1b27f782023-02-08 09:50:32.485root 11241100x8000000000000000286687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51561f1b96c60242023-02-08 09:50:32.485root 11241100x8000000000000000286686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f1177b7d604572023-02-08 09:50:32.485root 11241100x8000000000000000286696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f5489a30c576262023-02-08 09:50:32.486root 11241100x8000000000000000286700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af789bf2804ab9192023-02-08 09:50:32.984root 11241100x8000000000000000286699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cde2b17392fd8b2023-02-08 09:50:32.984root 11241100x8000000000000000286698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a51f5cb684e6fa2023-02-08 09:50:32.984root 11241100x8000000000000000286697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431a25deeafb3092023-02-08 09:50:32.984root 11241100x8000000000000000286708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691bb355dc381a4c2023-02-08 09:50:32.985root 11241100x8000000000000000286707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820a9a2ef3319be32023-02-08 09:50:32.985root 11241100x8000000000000000286706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73af692de016cc102023-02-08 09:50:32.985root 11241100x8000000000000000286705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a320504d32356532023-02-08 09:50:32.985root 11241100x8000000000000000286704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc87d28c1cd8b552023-02-08 09:50:32.985root 11241100x8000000000000000286703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e14025b08f065b2023-02-08 09:50:32.985root 11241100x8000000000000000286702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d091f2029d1432023-02-08 09:50:32.985root 11241100x8000000000000000286701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6172daae981e65cb2023-02-08 09:50:32.985root 11241100x8000000000000000286711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b3eb944aed64e62023-02-08 09:50:32.986root 11241100x8000000000000000286710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da7014145a3930a2023-02-08 09:50:32.986root 11241100x8000000000000000286709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:32.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d032f11efea7c2023-02-08 09:50:32.986root 11241100x8000000000000000286715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba97e897c6915a52023-02-08 09:50:33.484root 11241100x8000000000000000286714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775b0490c0ed8e3d2023-02-08 09:50:33.484root 11241100x8000000000000000286713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618e1661ef0308ed2023-02-08 09:50:33.484root 11241100x8000000000000000286712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb91c26ec87004c2023-02-08 09:50:33.484root 11241100x8000000000000000286725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bf0b2cd9c12e12023-02-08 09:50:33.485root 11241100x8000000000000000286724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b18b33d0a4fb9b2023-02-08 09:50:33.485root 11241100x8000000000000000286723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50d67c5a03b026a2023-02-08 09:50:33.485root 11241100x8000000000000000286722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee5f64137ffd8c2023-02-08 09:50:33.485root 11241100x8000000000000000286721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b663e676ac14292023-02-08 09:50:33.485root 11241100x8000000000000000286720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ba84ad2fd557632023-02-08 09:50:33.485root 11241100x8000000000000000286719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c37191c97025a32023-02-08 09:50:33.485root 11241100x8000000000000000286718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd854d90bbd70fd82023-02-08 09:50:33.485root 11241100x8000000000000000286717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6abe0d0eebdc18d2023-02-08 09:50:33.485root 11241100x8000000000000000286716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030402b993a4aa1b2023-02-08 09:50:33.485root 11241100x8000000000000000286726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4089e44dad793a92023-02-08 09:50:33.486root 11241100x8000000000000000286727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4932a75da1f1ed952023-02-08 09:50:33.984root 11241100x8000000000000000286735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038daa4ff5451e82023-02-08 09:50:33.985root 11241100x8000000000000000286734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05f3847bca330422023-02-08 09:50:33.985root 11241100x8000000000000000286733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedbb1765406fe632023-02-08 09:50:33.985root 11241100x8000000000000000286732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11766da02ef2be612023-02-08 09:50:33.985root 11241100x8000000000000000286731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fca74558ac5353d2023-02-08 09:50:33.985root 11241100x8000000000000000286730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860419f55afc92f2023-02-08 09:50:33.985root 11241100x8000000000000000286729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561fe5484138a6ae2023-02-08 09:50:33.985root 11241100x8000000000000000286728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a8e9d2183753e2023-02-08 09:50:33.985root 11241100x8000000000000000286741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6368cc8ffbbcb9c2023-02-08 09:50:33.986root 11241100x8000000000000000286740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff444845ccdfe832023-02-08 09:50:33.986root 11241100x8000000000000000286739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04ed47a96c598ae2023-02-08 09:50:33.986root 11241100x8000000000000000286738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbf581035dc0e5b2023-02-08 09:50:33.986root 11241100x8000000000000000286737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0841c532b28cd7b72023-02-08 09:50:33.986root 11241100x8000000000000000286736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:33.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b3daa84ccf1fa62023-02-08 09:50:33.986root 11241100x8000000000000000286746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63207082976895132023-02-08 09:50:34.485root 11241100x8000000000000000286745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44e1d22d8538cc2023-02-08 09:50:34.485root 11241100x8000000000000000286744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606511eacf011302023-02-08 09:50:34.485root 11241100x8000000000000000286743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344540bfba1fb7db2023-02-08 09:50:34.485root 11241100x8000000000000000286742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cdf5865dfb79fd2023-02-08 09:50:34.485root 11241100x8000000000000000286748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f471974c548292023-02-08 09:50:34.486root 11241100x8000000000000000286747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0e3fc5c0f726f82023-02-08 09:50:34.486root 11241100x8000000000000000286750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417d12d79cb302f62023-02-08 09:50:34.487root 11241100x8000000000000000286749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c89ea85a758e6db2023-02-08 09:50:34.487root 11241100x8000000000000000286756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e758f677779bff2023-02-08 09:50:34.488root 11241100x8000000000000000286755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10170573977bad602023-02-08 09:50:34.488root 11241100x8000000000000000286754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4288838ccfa6082023-02-08 09:50:34.488root 11241100x8000000000000000286753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7f06ba3aba476a2023-02-08 09:50:34.488root 11241100x8000000000000000286752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ee149141139c272023-02-08 09:50:34.488root 11241100x8000000000000000286751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292069437cec59d52023-02-08 09:50:34.488root 11241100x8000000000000000286760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58771b3714727212023-02-08 09:50:34.984root 11241100x8000000000000000286759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916b4da1872c1dd22023-02-08 09:50:34.984root 11241100x8000000000000000286758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe14151bed1c8c2023-02-08 09:50:34.984root 11241100x8000000000000000286757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2865e77fcb93c32023-02-08 09:50:34.984root 11241100x8000000000000000286764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af785cc5c617c7592023-02-08 09:50:34.985root 11241100x8000000000000000286763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f6c81b51618b292023-02-08 09:50:34.985root 11241100x8000000000000000286762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5cb48b0c1ece3f2023-02-08 09:50:34.985root 11241100x8000000000000000286761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae76262495757312023-02-08 09:50:34.985root 11241100x8000000000000000286767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9792c7e19d632fff2023-02-08 09:50:34.986root 11241100x8000000000000000286766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da63f5ce42c7c40e2023-02-08 09:50:34.986root 11241100x8000000000000000286765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be930959e249d2392023-02-08 09:50:34.986root 11241100x8000000000000000286771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e087950e66f52252023-02-08 09:50:34.987root 11241100x8000000000000000286770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab8274544db65942023-02-08 09:50:34.987root 11241100x8000000000000000286769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd207f00c9411ea2023-02-08 09:50:34.987root 11241100x8000000000000000286768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:34.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757c03a7fe66a2142023-02-08 09:50:34.987root 11241100x8000000000000000286775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e8f2a2f655c3612023-02-08 09:50:35.484root 11241100x8000000000000000286774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85d2469e0404962023-02-08 09:50:35.484root 11241100x8000000000000000286773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458b55c4c4a4a4fc2023-02-08 09:50:35.484root 11241100x8000000000000000286772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9126cf9423c9b22023-02-08 09:50:35.484root 11241100x8000000000000000286784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe3d2d845404902023-02-08 09:50:35.485root 11241100x8000000000000000286783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9300d1c479cf59c2023-02-08 09:50:35.485root 11241100x8000000000000000286782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2412f09e56d802023-02-08 09:50:35.485root 11241100x8000000000000000286781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcd251ca33d724f2023-02-08 09:50:35.485root 11241100x8000000000000000286780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77b5868d9f7274a2023-02-08 09:50:35.485root 11241100x8000000000000000286779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1add88014722d2023-02-08 09:50:35.485root 11241100x8000000000000000286778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2139fa61f8b71c5d2023-02-08 09:50:35.485root 11241100x8000000000000000286777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836d5c7e5ec886192023-02-08 09:50:35.485root 11241100x8000000000000000286776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2968dd084a3fd5362023-02-08 09:50:35.485root 11241100x8000000000000000286786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5901807d4188118c2023-02-08 09:50:35.486root 11241100x8000000000000000286785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d847a94da855272023-02-08 09:50:35.486root 11241100x8000000000000000286790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb962560a8da412023-02-08 09:50:35.984root 11241100x8000000000000000286789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bcc9cbf60468cc2023-02-08 09:50:35.984root 11241100x8000000000000000286788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc0400fb61f50ba2023-02-08 09:50:35.984root 11241100x8000000000000000286787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a6901b820891d42023-02-08 09:50:35.984root 11241100x8000000000000000286797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448614e82e551bf2023-02-08 09:50:35.985root 11241100x8000000000000000286796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cae28af5a4bce52023-02-08 09:50:35.985root 11241100x8000000000000000286795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87611a2bbe8e92de2023-02-08 09:50:35.985root 11241100x8000000000000000286794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd9b86dd671dfb62023-02-08 09:50:35.985root 11241100x8000000000000000286793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51eb1821e8b4c4c82023-02-08 09:50:35.985root 11241100x8000000000000000286792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0340a07a710a559e2023-02-08 09:50:35.985root 11241100x8000000000000000286791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c773244055fe3d2023-02-08 09:50:35.985root 11241100x8000000000000000286801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4b7b6918c4d8ef2023-02-08 09:50:35.986root 11241100x8000000000000000286800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344a5bfd9dec95182023-02-08 09:50:35.986root 11241100x8000000000000000286799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcd13c3eab2d4b2023-02-08 09:50:35.986root 11241100x8000000000000000286798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:35.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f786a1dae27a712023-02-08 09:50:35.986root 11241100x8000000000000000286802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:50:36.361root 11241100x8000000000000000286804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a57a33f63274f072023-02-08 09:50:36.362root 11241100x8000000000000000286803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae1dd59f16c2b3e2023-02-08 09:50:36.362root 11241100x8000000000000000286814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff7b57c1b3279e62023-02-08 09:50:36.363root 11241100x8000000000000000286813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b7f797749297c52023-02-08 09:50:36.363root 11241100x8000000000000000286812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11d5a038095bf942023-02-08 09:50:36.363root 11241100x8000000000000000286811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e65db419160692023-02-08 09:50:36.363root 11241100x8000000000000000286810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10091c9a2fb4f9e52023-02-08 09:50:36.363root 11241100x8000000000000000286809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193488d670c3c5752023-02-08 09:50:36.363root 11241100x8000000000000000286808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba700e9a1f7142c62023-02-08 09:50:36.363root 11241100x8000000000000000286807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1c30a71c1322902023-02-08 09:50:36.363root 11241100x8000000000000000286806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f14566bde9179fb2023-02-08 09:50:36.363root 11241100x8000000000000000286805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1a44ab522eab9a2023-02-08 09:50:36.363root 11241100x8000000000000000286818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4068a36f1d404d2023-02-08 09:50:36.364root 11241100x8000000000000000286817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df296b0e2ce94052023-02-08 09:50:36.364root 11241100x8000000000000000286816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124d4243ec9fc9102023-02-08 09:50:36.364root 11241100x8000000000000000286815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61feabc32ede20362023-02-08 09:50:36.364root 11241100x8000000000000000286819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f808842d43f03082023-02-08 09:50:36.734root 11241100x8000000000000000286827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86b3fd0b7dc47562023-02-08 09:50:36.735root 11241100x8000000000000000286826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d79843cc28ecd8a2023-02-08 09:50:36.735root 11241100x8000000000000000286825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cb50fdf7849f192023-02-08 09:50:36.735root 11241100x8000000000000000286824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7cb7f9a56f15a22023-02-08 09:50:36.735root 11241100x8000000000000000286823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe303b8cdfafe4d22023-02-08 09:50:36.735root 11241100x8000000000000000286822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1312eed1e4c77312023-02-08 09:50:36.735root 11241100x8000000000000000286821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb18d5e458e7c7e2023-02-08 09:50:36.735root 11241100x8000000000000000286820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e0bc547774b5962023-02-08 09:50:36.735root 11241100x8000000000000000286833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dde1270918c63f2023-02-08 09:50:36.736root 11241100x8000000000000000286832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a60849ba6f1692023-02-08 09:50:36.736root 11241100x8000000000000000286831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad567e54d8f23712023-02-08 09:50:36.736root 11241100x8000000000000000286830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476135b90e2faf152023-02-08 09:50:36.736root 11241100x8000000000000000286829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0f10af8414dd262023-02-08 09:50:36.736root 11241100x8000000000000000286828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191548bcef30f8b72023-02-08 09:50:36.736root 11241100x8000000000000000286834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f88c50059dc1812023-02-08 09:50:36.737root 11241100x8000000000000000286837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f026189b94610262023-02-08 09:50:37.190root 11241100x8000000000000000286836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0343cf932338ba2e2023-02-08 09:50:37.190root 354300x8000000000000000286835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.190{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43822-false10.0.1.12-8000- 11241100x8000000000000000286851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0fcaf6da7049c72023-02-08 09:50:37.191root 11241100x8000000000000000286850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f300d6068f9bcec2023-02-08 09:50:37.191root 11241100x8000000000000000286849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7a98680bfc2a342023-02-08 09:50:37.191root 11241100x8000000000000000286848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6711188920adf5d2023-02-08 09:50:37.191root 11241100x8000000000000000286847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53495a0b9fa0b2dd2023-02-08 09:50:37.191root 11241100x8000000000000000286846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a738654aef535c852023-02-08 09:50:37.191root 11241100x8000000000000000286845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131333852b1cf1fb2023-02-08 09:50:37.191root 11241100x8000000000000000286844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcea80df31432272023-02-08 09:50:37.191root 11241100x8000000000000000286843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a3f14501895e972023-02-08 09:50:37.191root 11241100x8000000000000000286842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fae976353933c12023-02-08 09:50:37.191root 11241100x8000000000000000286841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616abbd43c1780e32023-02-08 09:50:37.191root 11241100x8000000000000000286840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0312184220fcf4c12023-02-08 09:50:37.191root 11241100x8000000000000000286839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a361343a66a315c22023-02-08 09:50:37.191root 11241100x8000000000000000286838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5ba1912bd570fc2023-02-08 09:50:37.191root 11241100x8000000000000000286852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06430ffae83f5b22023-02-08 09:50:37.192root 11241100x8000000000000000286858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3296772a29ef772023-02-08 09:50:37.485root 11241100x8000000000000000286857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6d88aa7e0ac4572023-02-08 09:50:37.485root 11241100x8000000000000000286856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2086fea5fc65f062023-02-08 09:50:37.485root 11241100x8000000000000000286855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa77e064dc487cc2023-02-08 09:50:37.485root 11241100x8000000000000000286854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b06ee8a151cd612023-02-08 09:50:37.485root 11241100x8000000000000000286853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f331ec9d1c27232023-02-08 09:50:37.485root 11241100x8000000000000000286869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ef92f1d9aae00e2023-02-08 09:50:37.486root 11241100x8000000000000000286868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eba415471edc0f2023-02-08 09:50:37.486root 11241100x8000000000000000286867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1df5b26afba7222023-02-08 09:50:37.486root 11241100x8000000000000000286866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969c0a3a3e4e6cc02023-02-08 09:50:37.486root 11241100x8000000000000000286865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9993577c8a13e192023-02-08 09:50:37.486root 11241100x8000000000000000286864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7af949f39e1d0a2023-02-08 09:50:37.486root 11241100x8000000000000000286863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18326e0ad2652e952023-02-08 09:50:37.486root 11241100x8000000000000000286862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e1ca10f07424d12023-02-08 09:50:37.486root 11241100x8000000000000000286861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5257b3bc8f4c8192023-02-08 09:50:37.486root 11241100x8000000000000000286860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17539877a23a4492023-02-08 09:50:37.486root 11241100x8000000000000000286859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0d696a114d95c72023-02-08 09:50:37.486root 11241100x8000000000000000286873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a28a2caef3a4792023-02-08 09:50:37.984root 11241100x8000000000000000286872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188d776ae323a2e72023-02-08 09:50:37.984root 11241100x8000000000000000286871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e19622cdbef5d02023-02-08 09:50:37.984root 11241100x8000000000000000286870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7f4d71acc1fc4d2023-02-08 09:50:37.984root 11241100x8000000000000000286878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1871c515ad507d7d2023-02-08 09:50:37.985root 11241100x8000000000000000286877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9f54abe0111402023-02-08 09:50:37.985root 11241100x8000000000000000286876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec770a269f0450472023-02-08 09:50:37.985root 11241100x8000000000000000286875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749aa1a8997e0d562023-02-08 09:50:37.985root 11241100x8000000000000000286874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9044b5ebfd04712023-02-08 09:50:37.985root 11241100x8000000000000000286883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da481dea6520a8442023-02-08 09:50:37.986root 11241100x8000000000000000286882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d752727f75bb2c552023-02-08 09:50:37.986root 11241100x8000000000000000286881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61853c716fee4182023-02-08 09:50:37.986root 11241100x8000000000000000286880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0947dd59953f85762023-02-08 09:50:37.986root 11241100x8000000000000000286879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41752ee816824a9d2023-02-08 09:50:37.986root 11241100x8000000000000000286886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690f2520659f87d72023-02-08 09:50:37.987root 11241100x8000000000000000286885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba98a66c671bfc2c2023-02-08 09:50:37.987root 11241100x8000000000000000286884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:37.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208fc2ac47156a682023-02-08 09:50:37.987root 11241100x8000000000000000286892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925fd131844ca0d72023-02-08 09:50:38.484root 11241100x8000000000000000286891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37b2de55d1a9c822023-02-08 09:50:38.484root 11241100x8000000000000000286890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875475ca63325c5c2023-02-08 09:50:38.484root 11241100x8000000000000000286889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f2fa0dbb5e989d2023-02-08 09:50:38.484root 11241100x8000000000000000286888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d003cc13f80b212023-02-08 09:50:38.484root 11241100x8000000000000000286887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf0ddb645a9707c2023-02-08 09:50:38.484root 11241100x8000000000000000286898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5af008428f67af52023-02-08 09:50:38.485root 11241100x8000000000000000286897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482e24f0e3df2f702023-02-08 09:50:38.485root 11241100x8000000000000000286896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a612d6558cf9fe612023-02-08 09:50:38.485root 11241100x8000000000000000286895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f818851654b4b542023-02-08 09:50:38.485root 11241100x8000000000000000286894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88a78fc3438201e2023-02-08 09:50:38.485root 11241100x8000000000000000286893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64edd864ec95e592023-02-08 09:50:38.485root 11241100x8000000000000000286903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96c39416cb088a2023-02-08 09:50:38.486root 11241100x8000000000000000286902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b89e8b13b3e9872023-02-08 09:50:38.486root 11241100x8000000000000000286901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4a24ca169cbb762023-02-08 09:50:38.486root 11241100x8000000000000000286900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba7e5468d1c29722023-02-08 09:50:38.486root 11241100x8000000000000000286899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192604589f3b28ef2023-02-08 09:50:38.486root 11241100x8000000000000000286906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32076997b60d0f392023-02-08 09:50:38.984root 11241100x8000000000000000286905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5bfa9c7e2029b2023-02-08 09:50:38.984root 11241100x8000000000000000286904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5ade13f3d9c14d2023-02-08 09:50:38.984root 11241100x8000000000000000286916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ccd94ceaa5126c2023-02-08 09:50:38.985root 11241100x8000000000000000286915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aaa488abc404352023-02-08 09:50:38.985root 11241100x8000000000000000286914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ccce7412e52042023-02-08 09:50:38.985root 11241100x8000000000000000286913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb4b50ac66131202023-02-08 09:50:38.985root 11241100x8000000000000000286912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38d32b4c65dd1942023-02-08 09:50:38.985root 11241100x8000000000000000286911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ec21584d7e37572023-02-08 09:50:38.985root 11241100x8000000000000000286910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f9c8955a32ccb2023-02-08 09:50:38.985root 11241100x8000000000000000286909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6738d30c408fcade2023-02-08 09:50:38.985root 11241100x8000000000000000286908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ecf73223b15f992023-02-08 09:50:38.985root 11241100x8000000000000000286907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc81bbb407132cc2023-02-08 09:50:38.985root 11241100x8000000000000000286920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b75695cd42e685d2023-02-08 09:50:38.986root 11241100x8000000000000000286919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09aa2e58d7335e42023-02-08 09:50:38.986root 11241100x8000000000000000286918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68c3697fe576932023-02-08 09:50:38.986root 11241100x8000000000000000286917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a819ef4bc3408eda2023-02-08 09:50:38.986root 23542300x8000000000000000286921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000286925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa12a9cf0f29c82023-02-08 09:50:39.363root 11241100x8000000000000000286924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229429230d79f0a2023-02-08 09:50:39.363root 11241100x8000000000000000286923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c420afc4899e8e42023-02-08 09:50:39.363root 11241100x8000000000000000286922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d7f642913e9b012023-02-08 09:50:39.363root 11241100x8000000000000000286934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5518c954001e99482023-02-08 09:50:39.364root 11241100x8000000000000000286933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfa20606003889d2023-02-08 09:50:39.364root 11241100x8000000000000000286932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26cf25ded6d05112023-02-08 09:50:39.364root 11241100x8000000000000000286931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571c4e8907a456712023-02-08 09:50:39.364root 11241100x8000000000000000286930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88131a28678a3b02023-02-08 09:50:39.364root 11241100x8000000000000000286929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72890787c5ac22c82023-02-08 09:50:39.364root 11241100x8000000000000000286928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1b5b376e34e4932023-02-08 09:50:39.364root 11241100x8000000000000000286927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fb5b45c695dc3e2023-02-08 09:50:39.364root 11241100x8000000000000000286926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf2cc5a17aac3a92023-02-08 09:50:39.364root 11241100x8000000000000000286939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d129feffdc17d8032023-02-08 09:50:39.365root 11241100x8000000000000000286938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5264f8f37f9229aa2023-02-08 09:50:39.365root 11241100x8000000000000000286937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2e526ba2122e4a2023-02-08 09:50:39.365root 11241100x8000000000000000286936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7b6a1cf97a74be2023-02-08 09:50:39.365root 11241100x8000000000000000286935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e96425e2a9e162023-02-08 09:50:39.365root 11241100x8000000000000000286942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f46606cedb04fb2023-02-08 09:50:39.366root 11241100x8000000000000000286941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf9a1200d6be3902023-02-08 09:50:39.366root 11241100x8000000000000000286940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae33af172e62512023-02-08 09:50:39.366root 11241100x8000000000000000286943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fa6f814043085b2023-02-08 09:50:39.367root 11241100x8000000000000000286944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbbc72c6474b2252023-02-08 09:50:39.734root 11241100x8000000000000000286957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf742468e25870152023-02-08 09:50:39.735root 11241100x8000000000000000286956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3558b15a60aae6d32023-02-08 09:50:39.735root 11241100x8000000000000000286955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463b20d0473986b82023-02-08 09:50:39.735root 11241100x8000000000000000286954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885ff85b2dabfbd32023-02-08 09:50:39.735root 11241100x8000000000000000286953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12137c38fd71d8c2023-02-08 09:50:39.735root 11241100x8000000000000000286952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bf4b997de1175b2023-02-08 09:50:39.735root 11241100x8000000000000000286951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc105a104741c4e22023-02-08 09:50:39.735root 11241100x8000000000000000286950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6882c0cc1c0919db2023-02-08 09:50:39.735root 11241100x8000000000000000286949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2366d6602f885e2023-02-08 09:50:39.735root 11241100x8000000000000000286948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91a38084a7db202023-02-08 09:50:39.735root 11241100x8000000000000000286947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6baf7f775499aa2023-02-08 09:50:39.735root 11241100x8000000000000000286946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c420f973603e9962023-02-08 09:50:39.735root 11241100x8000000000000000286945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa81deec6f552042023-02-08 09:50:39.735root 11241100x8000000000000000286961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c183baa4e87ecf2023-02-08 09:50:39.736root 11241100x8000000000000000286960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b851e2c52d8261762023-02-08 09:50:39.736root 11241100x8000000000000000286959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e67ecf5f4389a982023-02-08 09:50:39.736root 11241100x8000000000000000286958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2094fa07014c4c6f2023-02-08 09:50:39.736root 11241100x8000000000000000286963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a4cd2ae13b9aa2023-02-08 09:50:40.234root 11241100x8000000000000000286962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a676628e5ff8a202023-02-08 09:50:40.234root 11241100x8000000000000000286973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b2337bb377aab2023-02-08 09:50:40.235root 11241100x8000000000000000286972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b1861822cc187a2023-02-08 09:50:40.235root 11241100x8000000000000000286971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191cee6d622109d52023-02-08 09:50:40.235root 11241100x8000000000000000286970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4ef00f875bbca22023-02-08 09:50:40.235root 11241100x8000000000000000286969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f411567bcb0a282023-02-08 09:50:40.235root 11241100x8000000000000000286968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3bf2f5218963ef2023-02-08 09:50:40.235root 11241100x8000000000000000286967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f2b09bde167e112023-02-08 09:50:40.235root 11241100x8000000000000000286966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5217b1ad77f5ad472023-02-08 09:50:40.235root 11241100x8000000000000000286965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c38f8d8ab073e2023-02-08 09:50:40.235root 11241100x8000000000000000286964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc084f75eed233482023-02-08 09:50:40.235root 11241100x8000000000000000286977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a7d21a2ed66e0c2023-02-08 09:50:40.236root 11241100x8000000000000000286976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2bf26c8de9f49c2023-02-08 09:50:40.236root 11241100x8000000000000000286975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285fc0bb2d915e882023-02-08 09:50:40.236root 11241100x8000000000000000286974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e698914a12388e7b2023-02-08 09:50:40.236root 11241100x8000000000000000286979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f73f74066a569242023-02-08 09:50:40.237root 11241100x8000000000000000286978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee0bbe6ebda64f2023-02-08 09:50:40.237root 11241100x8000000000000000286981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3dfe2be1627b752023-02-08 09:50:40.734root 11241100x8000000000000000286980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d03a137103918162023-02-08 09:50:40.734root 11241100x8000000000000000286991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd98743d3401d78d2023-02-08 09:50:40.735root 11241100x8000000000000000286990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640501c7a66ebe452023-02-08 09:50:40.735root 11241100x8000000000000000286989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e7af45b83f0ba2023-02-08 09:50:40.735root 11241100x8000000000000000286988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e086c29385fb9c2023-02-08 09:50:40.735root 11241100x8000000000000000286987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dae7afe27e29ae02023-02-08 09:50:40.735root 11241100x8000000000000000286986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca483f22bfbb9e492023-02-08 09:50:40.735root 11241100x8000000000000000286985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce6d2272826bc3b2023-02-08 09:50:40.735root 11241100x8000000000000000286984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fc489de23de0cd2023-02-08 09:50:40.735root 11241100x8000000000000000286983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c8dd4e9f191f7f2023-02-08 09:50:40.735root 11241100x8000000000000000286982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c89d43c3439adb2023-02-08 09:50:40.735root 11241100x8000000000000000286995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec81597c81ab14b2023-02-08 09:50:40.736root 11241100x8000000000000000286994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cadff1e067b6b72023-02-08 09:50:40.736root 11241100x8000000000000000286993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6514613b3564ec442023-02-08 09:50:40.736root 11241100x8000000000000000286992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725931a0f95595622023-02-08 09:50:40.736root 11241100x8000000000000000286997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aded47833bc784772023-02-08 09:50:40.737root 11241100x8000000000000000286996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6ac607e99ebf9b2023-02-08 09:50:40.737root 11241100x8000000000000000286998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964972abf3570792023-02-08 09:50:41.234root 11241100x8000000000000000287002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef181f70cc43c692023-02-08 09:50:41.235root 11241100x8000000000000000287001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9b64d41e11b1272023-02-08 09:50:41.235root 11241100x8000000000000000287000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61927244c08773d2023-02-08 09:50:41.235root 11241100x8000000000000000286999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2154907b5aaebbd42023-02-08 09:50:41.235root 11241100x8000000000000000287015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258d8db0a6614ca42023-02-08 09:50:41.236root 11241100x8000000000000000287014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910289e759bd0e7f2023-02-08 09:50:41.236root 11241100x8000000000000000287013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61f60f40a77b83e2023-02-08 09:50:41.236root 11241100x8000000000000000287012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82dc252c40522bff2023-02-08 09:50:41.236root 11241100x8000000000000000287011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991d81feb636efc12023-02-08 09:50:41.236root 11241100x8000000000000000287010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c919abe7e9f72cda2023-02-08 09:50:41.236root 11241100x8000000000000000287009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df3e7bf984bb3502023-02-08 09:50:41.236root 11241100x8000000000000000287008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859b4200eb054f122023-02-08 09:50:41.236root 11241100x8000000000000000287007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2629b607687ab2023-02-08 09:50:41.236root 11241100x8000000000000000287006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea715d2df4bcde702023-02-08 09:50:41.236root 11241100x8000000000000000287005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ea7e5a35a0f5172023-02-08 09:50:41.236root 11241100x8000000000000000287004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e9cddd72f414ed2023-02-08 09:50:41.236root 11241100x8000000000000000287003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e718627f695e375d2023-02-08 09:50:41.236root 11241100x8000000000000000287017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf17d80defc9c022023-02-08 09:50:41.734root 11241100x8000000000000000287016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e853295ab5fb5aa72023-02-08 09:50:41.734root 11241100x8000000000000000287027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976ff7a1754b9a472023-02-08 09:50:41.735root 11241100x8000000000000000287026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1728e412b4410f3a2023-02-08 09:50:41.735root 11241100x8000000000000000287025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c41341e1f6a15972023-02-08 09:50:41.735root 11241100x8000000000000000287024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d56fc94f837d43d2023-02-08 09:50:41.735root 11241100x8000000000000000287023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d871594b26e06ff2023-02-08 09:50:41.735root 11241100x8000000000000000287022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4824af83e4b1f842023-02-08 09:50:41.735root 11241100x8000000000000000287021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edb568da1e1755e2023-02-08 09:50:41.735root 11241100x8000000000000000287020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fbe6c3759840a82023-02-08 09:50:41.735root 11241100x8000000000000000287019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f217f2d1616bb05d2023-02-08 09:50:41.735root 11241100x8000000000000000287018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab97e1b7207fd832023-02-08 09:50:41.735root 11241100x8000000000000000287033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4201cc380dce9af2023-02-08 09:50:41.736root 11241100x8000000000000000287032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9bca12dfafef062023-02-08 09:50:41.736root 11241100x8000000000000000287031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0757e1a6be8b5e2023-02-08 09:50:41.736root 11241100x8000000000000000287030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf03572d95f3402023-02-08 09:50:41.736root 11241100x8000000000000000287029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2879c4cf0780ddf2023-02-08 09:50:41.736root 11241100x8000000000000000287028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f923934a49cb8e02023-02-08 09:50:41.736root 354300x8000000000000000287034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.212{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-60432-false10.0.1.12-8000- 11241100x8000000000000000287036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e93578e314540402023-02-08 09:50:42.213root 11241100x8000000000000000287035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d500b5299fc12732023-02-08 09:50:42.213root 11241100x8000000000000000287044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3715c3747021512023-02-08 09:50:42.214root 11241100x8000000000000000287043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efc3873ed15d2e22023-02-08 09:50:42.214root 11241100x8000000000000000287042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4114ac4e8677fb42023-02-08 09:50:42.214root 11241100x8000000000000000287041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6794e2fab0366e922023-02-08 09:50:42.214root 11241100x8000000000000000287040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8856fbfd08740a2023-02-08 09:50:42.214root 11241100x8000000000000000287039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed09140da5e4e11f2023-02-08 09:50:42.214root 11241100x8000000000000000287038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4862255d18d59e282023-02-08 09:50:42.214root 11241100x8000000000000000287037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1961ff5c738482023-02-08 09:50:42.214root 11241100x8000000000000000287052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7698665126d9ceb52023-02-08 09:50:42.215root 11241100x8000000000000000287051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a24b089ed383d5f2023-02-08 09:50:42.215root 11241100x8000000000000000287050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff6d794a2f9c21f2023-02-08 09:50:42.215root 11241100x8000000000000000287049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae44f00a2ef616b2023-02-08 09:50:42.215root 11241100x8000000000000000287048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1755e87307d82c302023-02-08 09:50:42.215root 11241100x8000000000000000287047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f32b13a767d88c2023-02-08 09:50:42.215root 11241100x8000000000000000287046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619820ff43d7b54c2023-02-08 09:50:42.215root 11241100x8000000000000000287045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fc2af03edb34cb2023-02-08 09:50:42.215root 11241100x8000000000000000287053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56bb2fc0edee5fd2023-02-08 09:50:42.216root 11241100x8000000000000000287055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b3d1efcb930de32023-02-08 09:50:42.484root 11241100x8000000000000000287054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd86411b193c4262023-02-08 09:50:42.484root 11241100x8000000000000000287064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2708ebb2b91ba12023-02-08 09:50:42.485root 11241100x8000000000000000287063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485927ea317a79f12023-02-08 09:50:42.485root 11241100x8000000000000000287062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf06de95cc10e112023-02-08 09:50:42.485root 11241100x8000000000000000287061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae24b52121bf252023-02-08 09:50:42.485root 11241100x8000000000000000287060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d49504aa16295d32023-02-08 09:50:42.485root 11241100x8000000000000000287059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64098ac7b5064dd72023-02-08 09:50:42.485root 11241100x8000000000000000287058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d553ba15559772023-02-08 09:50:42.485root 11241100x8000000000000000287057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810397c5d64922232023-02-08 09:50:42.485root 11241100x8000000000000000287056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64616f13490d60de2023-02-08 09:50:42.485root 11241100x8000000000000000287072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d308e3e0a4cb6bf92023-02-08 09:50:42.486root 11241100x8000000000000000287071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764844a5f76816fb2023-02-08 09:50:42.486root 11241100x8000000000000000287070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e823803329e2cb2023-02-08 09:50:42.486root 11241100x8000000000000000287069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d160b95257e6122023-02-08 09:50:42.486root 11241100x8000000000000000287068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b958736e1bca8af2023-02-08 09:50:42.486root 11241100x8000000000000000287067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928596f49bc225da2023-02-08 09:50:42.486root 11241100x8000000000000000287066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d686226a3037265f2023-02-08 09:50:42.486root 11241100x8000000000000000287065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff0afeccf5a96b42023-02-08 09:50:42.486root 11241100x8000000000000000287079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bda4785021fd962023-02-08 09:50:42.984root 11241100x8000000000000000287078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7dbdc0882e02052023-02-08 09:50:42.984root 11241100x8000000000000000287077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e762f6722465a2023-02-08 09:50:42.984root 11241100x8000000000000000287076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e447523b31a7bc082023-02-08 09:50:42.984root 11241100x8000000000000000287075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1368494b31eb5b172023-02-08 09:50:42.984root 11241100x8000000000000000287074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2af63c083c01f9d2023-02-08 09:50:42.984root 11241100x8000000000000000287073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210f1f513f34272e2023-02-08 09:50:42.984root 11241100x8000000000000000287091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88994748d8a989822023-02-08 09:50:42.985root 11241100x8000000000000000287090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f6f8c97c77ab3e2023-02-08 09:50:42.985root 11241100x8000000000000000287089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00663de896d9d75b2023-02-08 09:50:42.985root 11241100x8000000000000000287088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362d359fcb3169f12023-02-08 09:50:42.985root 11241100x8000000000000000287087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93df3fe1d61d93e52023-02-08 09:50:42.985root 11241100x8000000000000000287086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbc0a4d923a59782023-02-08 09:50:42.985root 11241100x8000000000000000287085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152d89d2063942772023-02-08 09:50:42.985root 11241100x8000000000000000287084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876fdccae882910b2023-02-08 09:50:42.985root 11241100x8000000000000000287083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ab4d27728ce4b2023-02-08 09:50:42.985root 11241100x8000000000000000287082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc623d8dbac4f452023-02-08 09:50:42.985root 11241100x8000000000000000287081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f43c871720131f52023-02-08 09:50:42.985root 11241100x8000000000000000287080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:42.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd73e2f70034b832023-02-08 09:50:42.985root 11241100x8000000000000000287092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad2a9be73a2cd372023-02-08 09:50:43.484root 11241100x8000000000000000287104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ccc94da75c0be2023-02-08 09:50:43.485root 11241100x8000000000000000287103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e762f5699e2d7e32023-02-08 09:50:43.485root 11241100x8000000000000000287102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00153cf5ea975872023-02-08 09:50:43.485root 11241100x8000000000000000287101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d8aa72065a9fa62023-02-08 09:50:43.485root 11241100x8000000000000000287100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82a6f488f7cdce22023-02-08 09:50:43.485root 11241100x8000000000000000287099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d08008a51a1e3162023-02-08 09:50:43.485root 11241100x8000000000000000287098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2db970da458ecc2023-02-08 09:50:43.485root 11241100x8000000000000000287097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cccbd4a4bcea7282023-02-08 09:50:43.485root 11241100x8000000000000000287096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a558d7e66cf3d392023-02-08 09:50:43.485root 11241100x8000000000000000287095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9af4e3a0f88c8a2023-02-08 09:50:43.485root 11241100x8000000000000000287094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e12caca7de7a8eb2023-02-08 09:50:43.485root 11241100x8000000000000000287093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bba114bde8d51a2023-02-08 09:50:43.485root 11241100x8000000000000000287110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9991acfc6c25122023-02-08 09:50:43.486root 11241100x8000000000000000287109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72978c0f4bb425c2023-02-08 09:50:43.486root 11241100x8000000000000000287108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc5a066800b8472023-02-08 09:50:43.486root 11241100x8000000000000000287107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aadd8899c86dd0b2023-02-08 09:50:43.486root 11241100x8000000000000000287106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51dfddc28b467032023-02-08 09:50:43.486root 11241100x8000000000000000287105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698ba0774a7fc8d92023-02-08 09:50:43.486root 11241100x8000000000000000287112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da017c032852f6aa2023-02-08 09:50:43.984root 11241100x8000000000000000287111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2583829d728251ef2023-02-08 09:50:43.984root 11241100x8000000000000000287127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7067c6cd86fc982023-02-08 09:50:43.985root 11241100x8000000000000000287126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83122053a9af462023-02-08 09:50:43.985root 11241100x8000000000000000287125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3e1153ea3cfbf62023-02-08 09:50:43.985root 11241100x8000000000000000287124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c848fe4ce910e3b2023-02-08 09:50:43.985root 11241100x8000000000000000287123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f16a6d3385f41a2023-02-08 09:50:43.985root 11241100x8000000000000000287122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e35f8a5e88552552023-02-08 09:50:43.985root 11241100x8000000000000000287121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9debd07ae0cb7f152023-02-08 09:50:43.985root 11241100x8000000000000000287120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac213fff9f865d1f2023-02-08 09:50:43.985root 11241100x8000000000000000287119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b47393f2b0c1062023-02-08 09:50:43.985root 11241100x8000000000000000287118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c65768bda50f4762023-02-08 09:50:43.985root 11241100x8000000000000000287117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f012f75d1499b932023-02-08 09:50:43.985root 11241100x8000000000000000287116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f27df46849bfeb2023-02-08 09:50:43.985root 11241100x8000000000000000287115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be261a4b9a0273a2023-02-08 09:50:43.985root 11241100x8000000000000000287114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d222c0bba629d702023-02-08 09:50:43.985root 11241100x8000000000000000287113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410174ed2f78db702023-02-08 09:50:43.985root 11241100x8000000000000000287129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c272636390ff9dc2023-02-08 09:50:43.986root 11241100x8000000000000000287128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33b2a414bf4ff4e2023-02-08 09:50:43.986root 11241100x8000000000000000287137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4009d72d5cd8832023-02-08 09:50:44.484root 11241100x8000000000000000287136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268307c6e5a8c66b2023-02-08 09:50:44.484root 11241100x8000000000000000287135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30318c30687d85d62023-02-08 09:50:44.484root 11241100x8000000000000000287134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658da8de575f5d392023-02-08 09:50:44.484root 11241100x8000000000000000287133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931afee51272ea632023-02-08 09:50:44.484root 11241100x8000000000000000287132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c882f0edc2c6580b2023-02-08 09:50:44.484root 11241100x8000000000000000287131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060bfb945e874c5d2023-02-08 09:50:44.484root 11241100x8000000000000000287130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e45eea0c495e432023-02-08 09:50:44.484root 11241100x8000000000000000287147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b97f1b58a7c9162023-02-08 09:50:44.485root 11241100x8000000000000000287146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dbb11f90369a9c2023-02-08 09:50:44.485root 11241100x8000000000000000287145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf05d0a9458f2aa82023-02-08 09:50:44.485root 11241100x8000000000000000287144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5ad558ee5bea032023-02-08 09:50:44.485root 11241100x8000000000000000287143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8335c6d54fd17b2023-02-08 09:50:44.485root 11241100x8000000000000000287142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567fa935164ed9fe2023-02-08 09:50:44.485root 11241100x8000000000000000287141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31756a06caebc3862023-02-08 09:50:44.485root 11241100x8000000000000000287140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22f9a7b1c98e8a72023-02-08 09:50:44.485root 11241100x8000000000000000287139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7eeb64910f7b1162023-02-08 09:50:44.485root 11241100x8000000000000000287138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fc03939c7628cf2023-02-08 09:50:44.485root 11241100x8000000000000000287148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae584d5029cfbead2023-02-08 09:50:44.486root 11241100x8000000000000000287152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af22170b689dc5152023-02-08 09:50:44.984root 11241100x8000000000000000287151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee79ea10af7ab442023-02-08 09:50:44.984root 11241100x8000000000000000287150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90298508f8a3336d2023-02-08 09:50:44.984root 11241100x8000000000000000287149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b6b3733e05912a2023-02-08 09:50:44.984root 11241100x8000000000000000287162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874eee34ac856fe72023-02-08 09:50:44.985root 11241100x8000000000000000287161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb05cc7490e1c67a2023-02-08 09:50:44.985root 11241100x8000000000000000287160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d92323d5f6ffc5b2023-02-08 09:50:44.985root 11241100x8000000000000000287159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e255611f89af4e2023-02-08 09:50:44.985root 11241100x8000000000000000287158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f865ab8b61cd1a2023-02-08 09:50:44.985root 11241100x8000000000000000287157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecca8f9dcd10cc32023-02-08 09:50:44.985root 11241100x8000000000000000287156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dbf140beafe7062023-02-08 09:50:44.985root 11241100x8000000000000000287155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd3f80df10d350a2023-02-08 09:50:44.985root 11241100x8000000000000000287154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a700939d6fbd052023-02-08 09:50:44.985root 11241100x8000000000000000287153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c44fb3d1e0467ea2023-02-08 09:50:44.985root 11241100x8000000000000000287167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f509a00785972682023-02-08 09:50:44.986root 11241100x8000000000000000287166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75a6013c586d2d32023-02-08 09:50:44.986root 11241100x8000000000000000287165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1446f45d9cd1e8bb2023-02-08 09:50:44.986root 11241100x8000000000000000287164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b105ce3aa9156482023-02-08 09:50:44.986root 11241100x8000000000000000287163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd44d5fb051a2d802023-02-08 09:50:44.986root 11241100x8000000000000000287168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072a674e3c1dccff2023-02-08 09:50:45.484root 11241100x8000000000000000287178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d35529ac2a9512a2023-02-08 09:50:45.485root 11241100x8000000000000000287177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9733863802fc2ae32023-02-08 09:50:45.485root 11241100x8000000000000000287176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d008b63d87585a2023-02-08 09:50:45.485root 11241100x8000000000000000287175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1a0c84adc43c8f2023-02-08 09:50:45.485root 11241100x8000000000000000287174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76738f8156cbe6ac2023-02-08 09:50:45.485root 11241100x8000000000000000287173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179f2e6a8c49186d2023-02-08 09:50:45.485root 11241100x8000000000000000287172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0b08b20e080b932023-02-08 09:50:45.485root 11241100x8000000000000000287171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687b2ceb0b1b99412023-02-08 09:50:45.485root 11241100x8000000000000000287170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a278c5250577b42023-02-08 09:50:45.485root 11241100x8000000000000000287169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aeb6c4ee8c0f622023-02-08 09:50:45.485root 11241100x8000000000000000287186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3053ed8adff648352023-02-08 09:50:45.486root 11241100x8000000000000000287185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303db5dfa11ce302023-02-08 09:50:45.486root 11241100x8000000000000000287184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0685c16104c24bba2023-02-08 09:50:45.486root 11241100x8000000000000000287183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfef95e5d85918642023-02-08 09:50:45.486root 11241100x8000000000000000287182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a67347d09cacac2023-02-08 09:50:45.486root 11241100x8000000000000000287181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e535165f3f3e332023-02-08 09:50:45.486root 11241100x8000000000000000287180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b581b6840995e8a2023-02-08 09:50:45.486root 11241100x8000000000000000287179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4368ee02dc4d7d962023-02-08 09:50:45.486root 11241100x8000000000000000287188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80beeb7bf5527b102023-02-08 09:50:45.984root 11241100x8000000000000000287187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f2b419406ddd4c2023-02-08 09:50:45.984root 11241100x8000000000000000287202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84245a7d01ba28542023-02-08 09:50:45.985root 11241100x8000000000000000287201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ac770aa027bff2023-02-08 09:50:45.985root 11241100x8000000000000000287200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d15c0e1936c3f2023-02-08 09:50:45.985root 11241100x8000000000000000287199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5553f0e3bdd714522023-02-08 09:50:45.985root 11241100x8000000000000000287198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3870aa2afe8e3f72023-02-08 09:50:45.985root 11241100x8000000000000000287197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c329c50987cbd9572023-02-08 09:50:45.985root 11241100x8000000000000000287196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712a790a206662642023-02-08 09:50:45.985root 11241100x8000000000000000287195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db678ce42b6d7dd2023-02-08 09:50:45.985root 11241100x8000000000000000287194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d927d971c538a22023-02-08 09:50:45.985root 11241100x8000000000000000287193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e93aaecf0914882023-02-08 09:50:45.985root 11241100x8000000000000000287192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963b47fe19c29a3b2023-02-08 09:50:45.985root 11241100x8000000000000000287191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc4c002bfde05352023-02-08 09:50:45.985root 11241100x8000000000000000287190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301239f84d71da342023-02-08 09:50:45.985root 11241100x8000000000000000287189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74baa8915493d5c62023-02-08 09:50:45.985root 11241100x8000000000000000287205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc2cd406dad73df2023-02-08 09:50:45.986root 11241100x8000000000000000287204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658e2dc2ded8dfb32023-02-08 09:50:45.986root 11241100x8000000000000000287203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee585fa45cf0a622023-02-08 09:50:45.986root 11241100x8000000000000000287207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac874883f68d08562023-02-08 09:50:46.484root 11241100x8000000000000000287206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9d48677d94a7162023-02-08 09:50:46.484root 11241100x8000000000000000287222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43997375dbc916002023-02-08 09:50:46.485root 11241100x8000000000000000287221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe73a13214020f2023-02-08 09:50:46.485root 11241100x8000000000000000287220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6975f0273cde65a2023-02-08 09:50:46.485root 11241100x8000000000000000287219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac38953b254bf6422023-02-08 09:50:46.485root 11241100x8000000000000000287218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93bc5aceb27829b2023-02-08 09:50:46.485root 11241100x8000000000000000287217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6fe91c226f7b352023-02-08 09:50:46.485root 11241100x8000000000000000287216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a111f09d8142a3d32023-02-08 09:50:46.485root 11241100x8000000000000000287215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd809053b9f15c62023-02-08 09:50:46.485root 11241100x8000000000000000287214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fba5958dc9113282023-02-08 09:50:46.485root 11241100x8000000000000000287213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5be166e9a863b2023-02-08 09:50:46.485root 11241100x8000000000000000287212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd26bfcd5350ca92023-02-08 09:50:46.485root 11241100x8000000000000000287211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90c3139dd7f1d082023-02-08 09:50:46.485root 11241100x8000000000000000287210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694ac10e197a79e12023-02-08 09:50:46.485root 11241100x8000000000000000287209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3fef5913658592023-02-08 09:50:46.485root 11241100x8000000000000000287208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b2add36ae7a0cc2023-02-08 09:50:46.485root 11241100x8000000000000000287224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f3053ced9b00312023-02-08 09:50:46.486root 11241100x8000000000000000287223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c15cbe6a4bf8822023-02-08 09:50:46.486root 11241100x8000000000000000287229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7644bb5707d96392023-02-08 09:50:46.984root 11241100x8000000000000000287228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c70ad79db4c198f2023-02-08 09:50:46.984root 11241100x8000000000000000287227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3ff76dbbc092452023-02-08 09:50:46.984root 11241100x8000000000000000287226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ef92a1f4aee7ed2023-02-08 09:50:46.984root 11241100x8000000000000000287225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39334524045bd1c82023-02-08 09:50:46.984root 11241100x8000000000000000287237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7930085bf94a9c332023-02-08 09:50:46.985root 11241100x8000000000000000287236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4220e5c3b42752023-02-08 09:50:46.985root 11241100x8000000000000000287235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe915db01b11c52023-02-08 09:50:46.985root 11241100x8000000000000000287234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b278cf7d6063cfc62023-02-08 09:50:46.985root 11241100x8000000000000000287233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f826ccb1f6485822023-02-08 09:50:46.985root 11241100x8000000000000000287232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca3a71098564eda2023-02-08 09:50:46.985root 11241100x8000000000000000287231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24806c0a072e89062023-02-08 09:50:46.985root 11241100x8000000000000000287230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3c97c4c9bddf172023-02-08 09:50:46.985root 11241100x8000000000000000287243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827f23eab30be3cf2023-02-08 09:50:46.986root 11241100x8000000000000000287242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320afed76a2b5dc42023-02-08 09:50:46.986root 11241100x8000000000000000287241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13a56e3d7a2e6e02023-02-08 09:50:46.986root 11241100x8000000000000000287240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc39f2b37152baa2023-02-08 09:50:46.986root 11241100x8000000000000000287239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20967fbcb22fe3822023-02-08 09:50:46.986root 11241100x8000000000000000287238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993e4a2d6a90c29d2023-02-08 09:50:46.986root 11241100x8000000000000000287245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c797d1a0728be532023-02-08 09:50:47.484root 11241100x8000000000000000287244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe993c5ee65f7942023-02-08 09:50:47.484root 11241100x8000000000000000287257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a27611d0dfad5f2023-02-08 09:50:47.485root 11241100x8000000000000000287256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de5c5fa4875c5d52023-02-08 09:50:47.485root 11241100x8000000000000000287255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01712537a05b75b72023-02-08 09:50:47.485root 11241100x8000000000000000287254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc61f1fa565511d12023-02-08 09:50:47.485root 11241100x8000000000000000287253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07c87c4cf989ca62023-02-08 09:50:47.485root 11241100x8000000000000000287252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba2475a992e13142023-02-08 09:50:47.485root 11241100x8000000000000000287251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4e343267dd38f72023-02-08 09:50:47.485root 11241100x8000000000000000287250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f9d21867a61b1a2023-02-08 09:50:47.485root 11241100x8000000000000000287249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68691de78495ccde2023-02-08 09:50:47.485root 11241100x8000000000000000287248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ffc1a301a8f7952023-02-08 09:50:47.485root 11241100x8000000000000000287247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed39886034fe08f2023-02-08 09:50:47.485root 11241100x8000000000000000287246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34623452df95b9ac2023-02-08 09:50:47.485root 11241100x8000000000000000287262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1562929aab0240c72023-02-08 09:50:47.486root 11241100x8000000000000000287261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613ab74d6f8baabb2023-02-08 09:50:47.486root 11241100x8000000000000000287260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22d943940e359d2023-02-08 09:50:47.486root 11241100x8000000000000000287259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989be128feaba4f2023-02-08 09:50:47.486root 11241100x8000000000000000287258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb911658531f7392023-02-08 09:50:47.486root 11241100x8000000000000000287264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea9bf637b5c33db2023-02-08 09:50:47.984root 11241100x8000000000000000287263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e035bca736a24dc12023-02-08 09:50:47.984root 11241100x8000000000000000287278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8df5c60e26ed3112023-02-08 09:50:47.985root 11241100x8000000000000000287277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88621fdcdf311a1a2023-02-08 09:50:47.985root 11241100x8000000000000000287276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67202dd9267415292023-02-08 09:50:47.985root 11241100x8000000000000000287275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd382d35f97072282023-02-08 09:50:47.985root 11241100x8000000000000000287274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6f49ac2097836e2023-02-08 09:50:47.985root 11241100x8000000000000000287273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923421e933ed2032023-02-08 09:50:47.985root 11241100x8000000000000000287272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85620994babd1a72023-02-08 09:50:47.985root 11241100x8000000000000000287271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f6028c7b8496cb2023-02-08 09:50:47.985root 11241100x8000000000000000287270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a63ac069c5e99d2023-02-08 09:50:47.985root 11241100x8000000000000000287269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5696e5b48b3b9872023-02-08 09:50:47.985root 11241100x8000000000000000287268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2e3c75d6330b52023-02-08 09:50:47.985root 11241100x8000000000000000287267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c14124d024cfe12023-02-08 09:50:47.985root 11241100x8000000000000000287266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2543f8430c4929212023-02-08 09:50:47.985root 11241100x8000000000000000287265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8685553c003d1c2023-02-08 09:50:47.985root 11241100x8000000000000000287281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d06c52dd72beba82023-02-08 09:50:47.986root 11241100x8000000000000000287280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c166797fb516f2023-02-08 09:50:47.986root 11241100x8000000000000000287279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a8ce57a7524a282023-02-08 09:50:47.986root 354300x8000000000000000287282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.212{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36324-false10.0.1.12-8000- 11241100x8000000000000000287283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b1f40b5d9e66a22023-02-08 09:50:48.484root 11241100x8000000000000000287286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d936f31eaad897bb2023-02-08 09:50:48.485root 11241100x8000000000000000287285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfe5074f8f1da1a2023-02-08 09:50:48.485root 11241100x8000000000000000287284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797060f6c3f6617c2023-02-08 09:50:48.485root 11241100x8000000000000000287293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63f11243612ecd92023-02-08 09:50:48.486root 11241100x8000000000000000287292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a9f73946c15a92023-02-08 09:50:48.486root 11241100x8000000000000000287291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a88c46c13201e82023-02-08 09:50:48.486root 11241100x8000000000000000287290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d5703f7f753ee2023-02-08 09:50:48.486root 11241100x8000000000000000287289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d4a8b7a0248ce2023-02-08 09:50:48.486root 11241100x8000000000000000287288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4778579a4217e82023-02-08 09:50:48.486root 11241100x8000000000000000287287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5de3091b8289f72023-02-08 09:50:48.486root 11241100x8000000000000000287296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fea2bd935aaf9a2023-02-08 09:50:48.489root 11241100x8000000000000000287295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b144fa46224e7712023-02-08 09:50:48.489root 11241100x8000000000000000287294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860f0cad4743043e2023-02-08 09:50:48.489root 11241100x8000000000000000287302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98ac7b22f24a932023-02-08 09:50:48.490root 11241100x8000000000000000287301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c391be785ecf0592023-02-08 09:50:48.490root 11241100x8000000000000000287300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1760f797df354392023-02-08 09:50:48.490root 11241100x8000000000000000287299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5a86041decd6f42023-02-08 09:50:48.490root 11241100x8000000000000000287298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f90d9fd8e7d1fc52023-02-08 09:50:48.490root 11241100x8000000000000000287297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7899c751294b4ba2023-02-08 09:50:48.490root 11241100x8000000000000000287303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f4f878783f70bd2023-02-08 09:50:48.984root 11241100x8000000000000000287307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f51020d905fe7102023-02-08 09:50:48.985root 11241100x8000000000000000287306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589080cdb90325842023-02-08 09:50:48.985root 11241100x8000000000000000287305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57e9efd6fd0a8242023-02-08 09:50:48.985root 11241100x8000000000000000287304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6a265477070c02023-02-08 09:50:48.985root 11241100x8000000000000000287313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bba0f8df1716cb2023-02-08 09:50:48.986root 11241100x8000000000000000287312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b8e1be643a5ec52023-02-08 09:50:48.986root 11241100x8000000000000000287311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd97675c0312942023-02-08 09:50:48.986root 11241100x8000000000000000287310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daac87bc42f380d12023-02-08 09:50:48.986root 11241100x8000000000000000287309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4e50170fd899d02023-02-08 09:50:48.986root 11241100x8000000000000000287308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caa896ead503b5b2023-02-08 09:50:48.986root 11241100x8000000000000000287322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13d7640091280852023-02-08 09:50:48.987root 11241100x8000000000000000287321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30367572b0175a822023-02-08 09:50:48.987root 11241100x8000000000000000287320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0985ff2cab4504272023-02-08 09:50:48.987root 11241100x8000000000000000287319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9848bb361b91656e2023-02-08 09:50:48.987root 11241100x8000000000000000287318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8b7f6727e45d972023-02-08 09:50:48.987root 11241100x8000000000000000287317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170710ed3894f0c2023-02-08 09:50:48.987root 11241100x8000000000000000287316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795ffc54c973b8502023-02-08 09:50:48.987root 11241100x8000000000000000287315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d9889ddc08ed682023-02-08 09:50:48.987root 11241100x8000000000000000287314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8bf79359dc8e592023-02-08 09:50:48.987root 11241100x8000000000000000287323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b07d607ff3b2da2023-02-08 09:50:49.484root 11241100x8000000000000000287337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256b8c076781a1a42023-02-08 09:50:49.485root 11241100x8000000000000000287336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca05f8070fae80552023-02-08 09:50:49.485root 11241100x8000000000000000287335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d440570556d068152023-02-08 09:50:49.485root 11241100x8000000000000000287334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d608ed0cae27a62023-02-08 09:50:49.485root 11241100x8000000000000000287333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78df58ea72e46c522023-02-08 09:50:49.485root 11241100x8000000000000000287332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec748843dd3f0fe2023-02-08 09:50:49.485root 11241100x8000000000000000287331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1efa2fec7bce9f2023-02-08 09:50:49.485root 11241100x8000000000000000287330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02c48bb2a3c08a2023-02-08 09:50:49.485root 11241100x8000000000000000287329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a3285f5c03d7392023-02-08 09:50:49.485root 11241100x8000000000000000287328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99afe174614d9c272023-02-08 09:50:49.485root 11241100x8000000000000000287327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3a589ee1c416c02023-02-08 09:50:49.485root 11241100x8000000000000000287326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b700a6aa93ac80942023-02-08 09:50:49.485root 11241100x8000000000000000287325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a77ade03a992752023-02-08 09:50:49.485root 11241100x8000000000000000287324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0193bab8c57dfe8b2023-02-08 09:50:49.485root 11241100x8000000000000000287342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a368bad2ef308b2023-02-08 09:50:49.486root 11241100x8000000000000000287341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15356c7f81cce1b52023-02-08 09:50:49.486root 11241100x8000000000000000287340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10366c7d4868faf2023-02-08 09:50:49.486root 11241100x8000000000000000287339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e443ce1044113862023-02-08 09:50:49.486root 11241100x8000000000000000287338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cda0fb236605f02023-02-08 09:50:49.486root 11241100x8000000000000000287352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4e040d636c00e32023-02-08 09:50:49.985root 11241100x8000000000000000287351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1823a370adcba57d2023-02-08 09:50:49.985root 11241100x8000000000000000287350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186a74eb1163569d2023-02-08 09:50:49.985root 11241100x8000000000000000287349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa44d5aab48c0a112023-02-08 09:50:49.985root 11241100x8000000000000000287348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0927e3f32df912862023-02-08 09:50:49.985root 11241100x8000000000000000287347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8f2c0bc85298102023-02-08 09:50:49.985root 11241100x8000000000000000287346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156387ce18a617c72023-02-08 09:50:49.985root 11241100x8000000000000000287345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe370ed06487e0c2023-02-08 09:50:49.985root 11241100x8000000000000000287344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee7d98dec5e163a2023-02-08 09:50:49.985root 11241100x8000000000000000287343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2894fcfbac83352023-02-08 09:50:49.985root 11241100x8000000000000000287362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e55446696a2b822023-02-08 09:50:49.986root 11241100x8000000000000000287361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd04b7191d5de92023-02-08 09:50:49.986root 11241100x8000000000000000287360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b2d34b01773f482023-02-08 09:50:49.986root 11241100x8000000000000000287359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d3ab54893f588f2023-02-08 09:50:49.986root 11241100x8000000000000000287358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759c322e540794932023-02-08 09:50:49.986root 11241100x8000000000000000287357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5d53269440fb92023-02-08 09:50:49.986root 11241100x8000000000000000287356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb987e6317e2fe3b2023-02-08 09:50:49.986root 11241100x8000000000000000287355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49ff09cc6eb20152023-02-08 09:50:49.986root 11241100x8000000000000000287354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5f912fff74abbc2023-02-08 09:50:49.986root 11241100x8000000000000000287353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f589bae8652ea5a2023-02-08 09:50:49.986root 11241100x8000000000000000287363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552470d00ac058382023-02-08 09:50:50.484root 11241100x8000000000000000287374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7ea530a5a97212023-02-08 09:50:50.485root 11241100x8000000000000000287373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdf6ae8c053fc832023-02-08 09:50:50.485root 11241100x8000000000000000287372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b4b76dee38a7872023-02-08 09:50:50.485root 11241100x8000000000000000287371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f464f2a40c3756202023-02-08 09:50:50.485root 11241100x8000000000000000287370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941bc42b057795aa2023-02-08 09:50:50.485root 11241100x8000000000000000287369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf32c1991843b1042023-02-08 09:50:50.485root 11241100x8000000000000000287368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d131557a26330aef2023-02-08 09:50:50.485root 11241100x8000000000000000287367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da8fdec7552794e2023-02-08 09:50:50.485root 11241100x8000000000000000287366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc316ddd3bed7c42023-02-08 09:50:50.485root 11241100x8000000000000000287365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256ee6c6e76df6b12023-02-08 09:50:50.485root 11241100x8000000000000000287364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c335595f2973f692023-02-08 09:50:50.485root 11241100x8000000000000000287381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c4e67c53a1cd732023-02-08 09:50:50.486root 11241100x8000000000000000287380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9e5b21a9b380742023-02-08 09:50:50.486root 11241100x8000000000000000287379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4397467229db52f32023-02-08 09:50:50.486root 11241100x8000000000000000287378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6cc1990422deb62023-02-08 09:50:50.486root 11241100x8000000000000000287377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beed16e7bca719d2023-02-08 09:50:50.486root 11241100x8000000000000000287376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4504245952c4aa852023-02-08 09:50:50.486root 11241100x8000000000000000287375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a5b913fe17a7c12023-02-08 09:50:50.486root 11241100x8000000000000000287382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecdc1241ce817a52023-02-08 09:50:50.487root 11241100x8000000000000000287383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ef4d79ae352cb2023-02-08 09:50:50.984root 11241100x8000000000000000287395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d44aebb7177017e2023-02-08 09:50:50.985root 11241100x8000000000000000287394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085db78a64cfd8d82023-02-08 09:50:50.985root 11241100x8000000000000000287393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa23f31adeeeec92023-02-08 09:50:50.985root 11241100x8000000000000000287392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9be98696c58c822023-02-08 09:50:50.985root 11241100x8000000000000000287391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffd1b6c0f35cb2f2023-02-08 09:50:50.985root 11241100x8000000000000000287390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7143725cfec62b352023-02-08 09:50:50.985root 11241100x8000000000000000287389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e45f14e511c3ed32023-02-08 09:50:50.985root 11241100x8000000000000000287388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30225f5dcce2fbe2023-02-08 09:50:50.985root 11241100x8000000000000000287387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975c82c42a7ee1442023-02-08 09:50:50.985root 11241100x8000000000000000287386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5bde7e275d049b2023-02-08 09:50:50.985root 11241100x8000000000000000287385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb98583c60b1fdc2023-02-08 09:50:50.985root 11241100x8000000000000000287384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2b23e87f01a0062023-02-08 09:50:50.985root 11241100x8000000000000000287402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1726f79128385c2023-02-08 09:50:50.986root 11241100x8000000000000000287401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39832c37d5934e9b2023-02-08 09:50:50.986root 11241100x8000000000000000287400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2a93641a6c4ffd2023-02-08 09:50:50.986root 11241100x8000000000000000287399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc6dec37a3a596f2023-02-08 09:50:50.986root 11241100x8000000000000000287398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d292340fd821f5992023-02-08 09:50:50.986root 11241100x8000000000000000287397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c209eab316b194f42023-02-08 09:50:50.986root 11241100x8000000000000000287396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c231e0d133aa7c72023-02-08 09:50:50.986root 11241100x8000000000000000287403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c929b719973e8e2023-02-08 09:50:51.484root 11241100x8000000000000000287416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a613b3896fdc47a2023-02-08 09:50:51.485root 11241100x8000000000000000287415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd045d709b44357b2023-02-08 09:50:51.485root 11241100x8000000000000000287414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81354ad50be74572023-02-08 09:50:51.485root 11241100x8000000000000000287413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb27fe0bf8e81542023-02-08 09:50:51.485root 11241100x8000000000000000287412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17704b7a93c1b1172023-02-08 09:50:51.485root 11241100x8000000000000000287411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da688ea643df142023-02-08 09:50:51.485root 11241100x8000000000000000287410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8797f5584b28dc2023-02-08 09:50:51.485root 11241100x8000000000000000287409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269a0b50e5e70a7d2023-02-08 09:50:51.485root 11241100x8000000000000000287408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecaac569fee22452023-02-08 09:50:51.485root 11241100x8000000000000000287407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7580548c295071f2023-02-08 09:50:51.485root 11241100x8000000000000000287406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d91443f5052dc232023-02-08 09:50:51.485root 11241100x8000000000000000287405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dc636021126d3f2023-02-08 09:50:51.485root 11241100x8000000000000000287404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58ce1686e75c792023-02-08 09:50:51.485root 11241100x8000000000000000287420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd64fa557d8bea8c2023-02-08 09:50:51.486root 11241100x8000000000000000287419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc79d90b7916033d2023-02-08 09:50:51.486root 11241100x8000000000000000287418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b588d6ec4263c2023-02-08 09:50:51.486root 11241100x8000000000000000287417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1d98484878fe4d2023-02-08 09:50:51.486root 11241100x8000000000000000287422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f50eb234f500ba2023-02-08 09:50:51.487root 11241100x8000000000000000287421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5438e7dd1441e812023-02-08 09:50:51.487root 11241100x8000000000000000287423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c5e2b55fb0261a2023-02-08 09:50:51.984root 11241100x8000000000000000287429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c83a44d8759f2e2023-02-08 09:50:51.985root 11241100x8000000000000000287428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60614bcc0a74f5982023-02-08 09:50:51.985root 11241100x8000000000000000287427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73323b3cbd43b8442023-02-08 09:50:51.985root 11241100x8000000000000000287426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59699c9fc62854112023-02-08 09:50:51.985root 11241100x8000000000000000287425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb74a985fdde4112023-02-08 09:50:51.985root 11241100x8000000000000000287424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657420e81e84dea2023-02-08 09:50:51.985root 11241100x8000000000000000287437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a626777ce670d2023-02-08 09:50:51.986root 11241100x8000000000000000287436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc5aeff43ef63d92023-02-08 09:50:51.986root 11241100x8000000000000000287435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db588a093846a4f2023-02-08 09:50:51.986root 11241100x8000000000000000287434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14575ba3601732ba2023-02-08 09:50:51.986root 11241100x8000000000000000287433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73647ce05ce45c22023-02-08 09:50:51.986root 11241100x8000000000000000287432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fe432eb6619a5f2023-02-08 09:50:51.986root 11241100x8000000000000000287431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b04208f76704e2023-02-08 09:50:51.986root 11241100x8000000000000000287430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62bb9dac21c9af62023-02-08 09:50:51.986root 11241100x8000000000000000287441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54f71719915b5dc2023-02-08 09:50:51.987root 11241100x8000000000000000287440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dfc763a7754ed62023-02-08 09:50:51.987root 11241100x8000000000000000287439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e04cff0c9ccc2a2023-02-08 09:50:51.987root 11241100x8000000000000000287438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451df3d8736f57c2023-02-08 09:50:51.987root 11241100x8000000000000000287442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ebb3da1f296c6c2023-02-08 09:50:51.988root 11241100x8000000000000000287444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9351846554971012023-02-08 09:50:52.484root 11241100x8000000000000000287443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0883d4c2fec6dd802023-02-08 09:50:52.484root 11241100x8000000000000000287451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43019a3ade433de42023-02-08 09:50:52.485root 11241100x8000000000000000287450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb89337717cf28942023-02-08 09:50:52.485root 11241100x8000000000000000287449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4128f80f1ac7232023-02-08 09:50:52.485root 11241100x8000000000000000287448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8dd18075b26372023-02-08 09:50:52.485root 11241100x8000000000000000287447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396acaff6a34c7772023-02-08 09:50:52.485root 11241100x8000000000000000287446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26b15b230cc0aa52023-02-08 09:50:52.485root 11241100x8000000000000000287445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49a5f123be40fa32023-02-08 09:50:52.485root 11241100x8000000000000000287460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7dca5af74adac12023-02-08 09:50:52.486root 11241100x8000000000000000287459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5b679273813c8b2023-02-08 09:50:52.486root 11241100x8000000000000000287458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d34a58553309f3a2023-02-08 09:50:52.486root 11241100x8000000000000000287457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0292a4d3e7586ec02023-02-08 09:50:52.486root 11241100x8000000000000000287456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fe7e88451fcb772023-02-08 09:50:52.486root 11241100x8000000000000000287455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4242c5bc178a18952023-02-08 09:50:52.486root 11241100x8000000000000000287454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c598d4d3d464272023-02-08 09:50:52.486root 11241100x8000000000000000287453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb7b3b1b012fd3a2023-02-08 09:50:52.486root 11241100x8000000000000000287452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962344328be7be272023-02-08 09:50:52.486root 11241100x8000000000000000287462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e37e103a149ac12023-02-08 09:50:52.487root 11241100x8000000000000000287461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5191b4b2ec3f69d2023-02-08 09:50:52.487root 11241100x8000000000000000287463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ea01babb5947f92023-02-08 09:50:52.984root 11241100x8000000000000000287478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d10afe04065d142023-02-08 09:50:52.985root 11241100x8000000000000000287477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aeb86c980a5ac492023-02-08 09:50:52.985root 11241100x8000000000000000287476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a5c7e33e1a5a22023-02-08 09:50:52.985root 11241100x8000000000000000287475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bb2744c2edd3f32023-02-08 09:50:52.985root 11241100x8000000000000000287474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f168d1b906d848012023-02-08 09:50:52.985root 11241100x8000000000000000287473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491afdc7568436602023-02-08 09:50:52.985root 11241100x8000000000000000287472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2f83883765fb162023-02-08 09:50:52.985root 11241100x8000000000000000287471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327da0bc4950ea072023-02-08 09:50:52.985root 11241100x8000000000000000287470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beea2dca067297b2023-02-08 09:50:52.985root 11241100x8000000000000000287469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5fea34be572d692023-02-08 09:50:52.985root 11241100x8000000000000000287468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e517a3e16379cfb2023-02-08 09:50:52.985root 11241100x8000000000000000287467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e921b490383bf2023-02-08 09:50:52.985root 11241100x8000000000000000287466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9fe9928a5b26072023-02-08 09:50:52.985root 11241100x8000000000000000287465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833b63896b4e737d2023-02-08 09:50:52.985root 11241100x8000000000000000287464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2118d529486b01712023-02-08 09:50:52.985root 11241100x8000000000000000287482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d581b103519bf2023-02-08 09:50:52.986root 11241100x8000000000000000287481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81661b555094e82023-02-08 09:50:52.986root 11241100x8000000000000000287480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aea8d4079768362023-02-08 09:50:52.986root 11241100x8000000000000000287479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c00386cb34006292023-02-08 09:50:52.986root 11241100x8000000000000000287483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91759561595821f12023-02-08 09:50:53.484root 11241100x8000000000000000287494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22886f5b7c76af7d2023-02-08 09:50:53.485root 11241100x8000000000000000287493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e5a0d5552af3d2023-02-08 09:50:53.485root 11241100x8000000000000000287492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d288aa495ef698b2023-02-08 09:50:53.485root 11241100x8000000000000000287491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb897f9184d64d762023-02-08 09:50:53.485root 11241100x8000000000000000287490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f049b9a8b848c2d32023-02-08 09:50:53.485root 11241100x8000000000000000287489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7246ca4ce2ac282023-02-08 09:50:53.485root 11241100x8000000000000000287488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b794f744953530732023-02-08 09:50:53.485root 11241100x8000000000000000287487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690950ea9ec59b632023-02-08 09:50:53.485root 11241100x8000000000000000287486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a706e8670a454ef02023-02-08 09:50:53.485root 11241100x8000000000000000287485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217151e8e99f84d62023-02-08 09:50:53.485root 11241100x8000000000000000287484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18adb00dc848d3bf2023-02-08 09:50:53.485root 11241100x8000000000000000287502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d872b7ad40c83402023-02-08 09:50:53.486root 11241100x8000000000000000287501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c7a933139e3bdd2023-02-08 09:50:53.486root 11241100x8000000000000000287500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3f0cc3efa7d93a2023-02-08 09:50:53.486root 11241100x8000000000000000287499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a5bb3f2a8027d02023-02-08 09:50:53.486root 11241100x8000000000000000287498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9b768a06e4b8132023-02-08 09:50:53.486root 11241100x8000000000000000287497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf3371b4dc161a52023-02-08 09:50:53.486root 11241100x8000000000000000287496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f5c77bb89320bd2023-02-08 09:50:53.486root 11241100x8000000000000000287495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0215fe2de126072023-02-08 09:50:53.486root 11241100x8000000000000000287504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5097dd3a16b86e2023-02-08 09:50:53.984root 11241100x8000000000000000287503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a04f350e56bc872023-02-08 09:50:53.984root 11241100x8000000000000000287512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7536440763b8c7632023-02-08 09:50:53.985root 11241100x8000000000000000287511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5eedefa1332c1f02023-02-08 09:50:53.985root 11241100x8000000000000000287510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01774456a601bc022023-02-08 09:50:53.985root 11241100x8000000000000000287509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2057e10407fa562023-02-08 09:50:53.985root 11241100x8000000000000000287508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03a5c73f91b7b812023-02-08 09:50:53.985root 11241100x8000000000000000287507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd695fc2cb500c82023-02-08 09:50:53.985root 11241100x8000000000000000287506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f99d7337d082c92023-02-08 09:50:53.985root 11241100x8000000000000000287505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf0d778814d88a32023-02-08 09:50:53.985root 11241100x8000000000000000287522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05d72a09c5abdf42023-02-08 09:50:53.986root 11241100x8000000000000000287521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d2bee755ad1a552023-02-08 09:50:53.986root 11241100x8000000000000000287520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b11af7a29ed13c2023-02-08 09:50:53.986root 11241100x8000000000000000287519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc88c5f9e4a3f2c82023-02-08 09:50:53.986root 11241100x8000000000000000287518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc50a6ada46742ba2023-02-08 09:50:53.986root 11241100x8000000000000000287517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199d4e04db5a2acb2023-02-08 09:50:53.986root 11241100x8000000000000000287516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d34bba89586ba3f2023-02-08 09:50:53.986root 11241100x8000000000000000287515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643645b0032375fa2023-02-08 09:50:53.986root 11241100x8000000000000000287514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700dc6cbf01bbd682023-02-08 09:50:53.986root 11241100x8000000000000000287513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d20b349abac6f2d2023-02-08 09:50:53.986root 354300x8000000000000000287523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.025{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-36330-false10.0.1.12-8000- 11241100x8000000000000000287524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a99a6c70adafeaa2023-02-08 09:50:54.484root 11241100x8000000000000000287535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07d4ac2d82a03472023-02-08 09:50:54.485root 11241100x8000000000000000287534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc30c8594e9ea4b2023-02-08 09:50:54.485root 11241100x8000000000000000287533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eff7d5c28cbbf32023-02-08 09:50:54.485root 11241100x8000000000000000287532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79ad189855d3c9f2023-02-08 09:50:54.485root 11241100x8000000000000000287531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fec4bea876b3e42023-02-08 09:50:54.485root 11241100x8000000000000000287530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3910bd2d7b621412023-02-08 09:50:54.485root 11241100x8000000000000000287529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69e4392b33cf8bc2023-02-08 09:50:54.485root 11241100x8000000000000000287528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd386792da1e282023-02-08 09:50:54.485root 11241100x8000000000000000287527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729d24d1ae14d6d2023-02-08 09:50:54.485root 11241100x8000000000000000287526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9d7f262d20bdd52023-02-08 09:50:54.485root 11241100x8000000000000000287525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a3ae5778d727dd2023-02-08 09:50:54.485root 11241100x8000000000000000287544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99abb1ae57f19e192023-02-08 09:50:54.486root 11241100x8000000000000000287543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de05a25af6b306222023-02-08 09:50:54.486root 11241100x8000000000000000287542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647bf0d2d36b31c12023-02-08 09:50:54.486root 11241100x8000000000000000287541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328cdd20d484415a2023-02-08 09:50:54.486root 11241100x8000000000000000287540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30cf44e856302f02023-02-08 09:50:54.486root 11241100x8000000000000000287539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da7a04b3c2ab64b2023-02-08 09:50:54.486root 11241100x8000000000000000287538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff2d5783f3ca1a12023-02-08 09:50:54.486root 11241100x8000000000000000287537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff721ce56df71da72023-02-08 09:50:54.486root 11241100x8000000000000000287536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7ffbd4e12ed7892023-02-08 09:50:54.486root 11241100x8000000000000000287545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c47d65bf6158522023-02-08 09:50:54.984root 11241100x8000000000000000287554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2105d468f5cfa992023-02-08 09:50:54.985root 11241100x8000000000000000287553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1748bb71aae38a3f2023-02-08 09:50:54.985root 11241100x8000000000000000287552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0df56cbd95ef9f2023-02-08 09:50:54.985root 11241100x8000000000000000287551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342f41668ae41f182023-02-08 09:50:54.985root 11241100x8000000000000000287550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83637f64c97161b2023-02-08 09:50:54.985root 11241100x8000000000000000287549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0ea7dc2d490bf82023-02-08 09:50:54.985root 11241100x8000000000000000287548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7d21016edae76f2023-02-08 09:50:54.985root 11241100x8000000000000000287547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866ec5f9d425a7c2023-02-08 09:50:54.985root 11241100x8000000000000000287546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c06df703fee2fc2023-02-08 09:50:54.985root 11241100x8000000000000000287565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297f3451f12ee0e2023-02-08 09:50:54.986root 11241100x8000000000000000287564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01800f300f69fbd62023-02-08 09:50:54.986root 11241100x8000000000000000287563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc5d68802fd9a802023-02-08 09:50:54.986root 11241100x8000000000000000287562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abfa4cdf577b8b92023-02-08 09:50:54.986root 11241100x8000000000000000287561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a9d2b30fe0b4a2023-02-08 09:50:54.986root 11241100x8000000000000000287560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f924c6de3bdf9e32023-02-08 09:50:54.986root 11241100x8000000000000000287559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cea5b59bbff2f02023-02-08 09:50:54.986root 11241100x8000000000000000287558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724886a525ce85c92023-02-08 09:50:54.986root 11241100x8000000000000000287557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc42d6c7860ea232023-02-08 09:50:54.986root 11241100x8000000000000000287556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b290a79aac226cc2023-02-08 09:50:54.986root 11241100x8000000000000000287555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b4c12a9026dee72023-02-08 09:50:54.986root 11241100x8000000000000000287566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d096a5f36d1b62023-02-08 09:50:55.484root 11241100x8000000000000000287577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4203a91004db82272023-02-08 09:50:55.485root 11241100x8000000000000000287576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89967d874eda06d2023-02-08 09:50:55.485root 11241100x8000000000000000287575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc30e5421050478b2023-02-08 09:50:55.485root 11241100x8000000000000000287574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303bd13468fcd6472023-02-08 09:50:55.485root 11241100x8000000000000000287573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6b66789714f32b2023-02-08 09:50:55.485root 11241100x8000000000000000287572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6beaaacb25aeb2023-02-08 09:50:55.485root 11241100x8000000000000000287571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b4859fe4923992023-02-08 09:50:55.485root 11241100x8000000000000000287570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1abb5a11590042023-02-08 09:50:55.485root 11241100x8000000000000000287569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa0cd2da24856442023-02-08 09:50:55.485root 11241100x8000000000000000287568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56617e48066babe2023-02-08 09:50:55.485root 11241100x8000000000000000287567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d311529a6f4a82023-02-08 09:50:55.485root 11241100x8000000000000000287586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9e22035e52287f2023-02-08 09:50:55.486root 11241100x8000000000000000287585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3dd705baced0882023-02-08 09:50:55.486root 11241100x8000000000000000287584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13080623068f5a1f2023-02-08 09:50:55.486root 11241100x8000000000000000287583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f35e081991cac52023-02-08 09:50:55.486root 11241100x8000000000000000287582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee875758a8e781d2023-02-08 09:50:55.486root 11241100x8000000000000000287581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95abe48b106a0a52023-02-08 09:50:55.486root 11241100x8000000000000000287580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dcf77b12a456642023-02-08 09:50:55.486root 11241100x8000000000000000287579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32992bb89f6cb752023-02-08 09:50:55.486root 11241100x8000000000000000287578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0eb9fded49e5ec2023-02-08 09:50:55.486root 534500x8000000000000000287587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.853{00000000-0000-0000-0000-000000000000}5798<unknown process>root 11241100x8000000000000000287591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.854{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c7bea29b35d7692023-02-08 09:50:55.854root 11241100x8000000000000000287590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.854{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af70b811b7aacbf02023-02-08 09:50:55.854root 11241100x8000000000000000287589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.854{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008665d0e260a022023-02-08 09:50:55.854root 11241100x8000000000000000287588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.854{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc1509929d9e6af2023-02-08 09:50:55.854root 11241100x8000000000000000287599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785b7bc0a73a856c2023-02-08 09:50:55.855root 11241100x8000000000000000287598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf169aaa3b166a972023-02-08 09:50:55.855root 11241100x8000000000000000287597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45ce807111693802023-02-08 09:50:55.855root 11241100x8000000000000000287596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f086862ade512e682023-02-08 09:50:55.855root 11241100x8000000000000000287595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899db8c134408e9b2023-02-08 09:50:55.855root 11241100x8000000000000000287594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b730737611e3962023-02-08 09:50:55.855root 11241100x8000000000000000287593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab585f790dc66922023-02-08 09:50:55.855root 11241100x8000000000000000287592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.855{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be53cce31317544c2023-02-08 09:50:55.855root 11241100x8000000000000000287608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867f1446a5dc702d2023-02-08 09:50:55.856root 11241100x8000000000000000287607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9392a77099bbce2023-02-08 09:50:55.856root 11241100x8000000000000000287606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e8ac50ef3aa632023-02-08 09:50:55.856root 11241100x8000000000000000287605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa74b894f2936e82023-02-08 09:50:55.856root 11241100x8000000000000000287604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3fd05fbbc5c3df2023-02-08 09:50:55.856root 11241100x8000000000000000287603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aabe936ce956292023-02-08 09:50:55.856root 11241100x8000000000000000287602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a4e214424e3572023-02-08 09:50:55.856root 11241100x8000000000000000287601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f658ed82f785702023-02-08 09:50:55.856root 11241100x8000000000000000287600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.856{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7268f713009675822023-02-08 09:50:55.856root 11241100x8000000000000000287615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247168483688b0422023-02-08 09:50:55.857root 11241100x8000000000000000287614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05536aa2f2df484c2023-02-08 09:50:55.857root 11241100x8000000000000000287613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57fb4bdf53cbd192023-02-08 09:50:55.857root 11241100x8000000000000000287612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e67b1f3e4187b262023-02-08 09:50:55.857root 11241100x8000000000000000287611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab57108ae4a28ab12023-02-08 09:50:55.857root 11241100x8000000000000000287610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f828b12f794d2192023-02-08 09:50:55.857root 11241100x8000000000000000287609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:55.857{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2913f4f1bd395ae82023-02-08 09:50:55.857root 11241100x8000000000000000287624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7147872e1772e6f2023-02-08 09:50:56.235root 11241100x8000000000000000287623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e270e104645404262023-02-08 09:50:56.235root 11241100x8000000000000000287622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80e81645c365c062023-02-08 09:50:56.235root 11241100x8000000000000000287621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2a8d2c92244862023-02-08 09:50:56.235root 11241100x8000000000000000287620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17b4414ee8147b52023-02-08 09:50:56.235root 11241100x8000000000000000287619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b95047b3bb9cf412023-02-08 09:50:56.235root 11241100x8000000000000000287618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c113743c28953822023-02-08 09:50:56.235root 11241100x8000000000000000287617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1950e5ab3a6531872023-02-08 09:50:56.235root 11241100x8000000000000000287616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8e16b35d53105e2023-02-08 09:50:56.235root 11241100x8000000000000000287637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fdbfe6b5e4a3e62023-02-08 09:50:56.236root 11241100x8000000000000000287636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0e9997d64c909c2023-02-08 09:50:56.236root 11241100x8000000000000000287635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4555f5d6640bcc62023-02-08 09:50:56.236root 11241100x8000000000000000287634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffa8e7af15f3e322023-02-08 09:50:56.236root 11241100x8000000000000000287633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9158629051d9efc2023-02-08 09:50:56.236root 11241100x8000000000000000287632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ca67fa18fb87b2023-02-08 09:50:56.236root 11241100x8000000000000000287631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c8a480e52ebfbf2023-02-08 09:50:56.236root 11241100x8000000000000000287630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71a778a0ad7be72023-02-08 09:50:56.236root 11241100x8000000000000000287629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1557b605c85065822023-02-08 09:50:56.236root 11241100x8000000000000000287628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7b0c3fda34ca182023-02-08 09:50:56.236root 11241100x8000000000000000287627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a32700246d7ff0a2023-02-08 09:50:56.236root 11241100x8000000000000000287626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4257ce279846eb8a2023-02-08 09:50:56.236root 11241100x8000000000000000287625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fbb5c4b205000d2023-02-08 09:50:56.236root 11241100x8000000000000000287638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba0fc9ae33e9bb2023-02-08 09:50:56.734root 11241100x8000000000000000287651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9a3b5d6613f8742023-02-08 09:50:56.735root 11241100x8000000000000000287650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25425f94e7242d662023-02-08 09:50:56.735root 11241100x8000000000000000287649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b35833615ac7c1b2023-02-08 09:50:56.735root 11241100x8000000000000000287648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec483b52bd6b8ad2023-02-08 09:50:56.735root 11241100x8000000000000000287647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f715a71c5e94a9582023-02-08 09:50:56.735root 11241100x8000000000000000287646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df550311355aac52023-02-08 09:50:56.735root 11241100x8000000000000000287645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d4b3117171a48c2023-02-08 09:50:56.735root 11241100x8000000000000000287644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107bb637eba2c3af2023-02-08 09:50:56.735root 11241100x8000000000000000287643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452312e35c74b2f62023-02-08 09:50:56.735root 11241100x8000000000000000287642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbf97f98488b10d2023-02-08 09:50:56.735root 11241100x8000000000000000287641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f7e01c6fea5ef2023-02-08 09:50:56.735root 11241100x8000000000000000287640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c68229a50b640622023-02-08 09:50:56.735root 11241100x8000000000000000287639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b512209edb3bcae12023-02-08 09:50:56.735root 11241100x8000000000000000287659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7a040bdc607c722023-02-08 09:50:56.736root 11241100x8000000000000000287658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2595ed64218b15e52023-02-08 09:50:56.736root 11241100x8000000000000000287657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a151cc890e1e14bc2023-02-08 09:50:56.736root 11241100x8000000000000000287656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b55e9f8f0a0a902023-02-08 09:50:56.736root 11241100x8000000000000000287655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90920bf17d2dd3d72023-02-08 09:50:56.736root 11241100x8000000000000000287654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97188641dcb27a052023-02-08 09:50:56.736root 11241100x8000000000000000287653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9701d93f3f8802023-02-08 09:50:56.736root 11241100x8000000000000000287652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833d13188dd3622c2023-02-08 09:50:56.736root 11241100x8000000000000000287672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbbdca5701c9ee992023-02-08 09:50:57.235root 11241100x8000000000000000287671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8c73d8fa6cff542023-02-08 09:50:57.235root 11241100x8000000000000000287670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f337c90c260052023-02-08 09:50:57.235root 11241100x8000000000000000287669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc771f3df56cc42023-02-08 09:50:57.235root 11241100x8000000000000000287668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca2e34932cccb032023-02-08 09:50:57.235root 11241100x8000000000000000287667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d65f2155978fc1c2023-02-08 09:50:57.235root 11241100x8000000000000000287666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47270f47006435062023-02-08 09:50:57.235root 11241100x8000000000000000287665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c924b04524048c22023-02-08 09:50:57.235root 11241100x8000000000000000287664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e39f9df99ddaa52023-02-08 09:50:57.235root 11241100x8000000000000000287663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ee0efb788b6fd2023-02-08 09:50:57.235root 11241100x8000000000000000287662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8fa32e779371142023-02-08 09:50:57.235root 11241100x8000000000000000287661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118e389d30dc363f2023-02-08 09:50:57.235root 11241100x8000000000000000287660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7881b90b3f6226a82023-02-08 09:50:57.235root 11241100x8000000000000000287681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b468a4257d34906f2023-02-08 09:50:57.236root 11241100x8000000000000000287680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ab6ce89ee9d572023-02-08 09:50:57.236root 11241100x8000000000000000287679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb61670be7826f82023-02-08 09:50:57.236root 11241100x8000000000000000287678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36ed205afc78cb22023-02-08 09:50:57.236root 11241100x8000000000000000287677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca084267180d702d2023-02-08 09:50:57.236root 11241100x8000000000000000287676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8336a097c0c8b1912023-02-08 09:50:57.236root 11241100x8000000000000000287675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9ff19c58b7f8b62023-02-08 09:50:57.236root 11241100x8000000000000000287674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d679b7fd0f1e92023-02-08 09:50:57.236root 11241100x8000000000000000287673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8b0ec38cc35e9b2023-02-08 09:50:57.236root 11241100x8000000000000000287691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95700883c7f4c5a2023-02-08 09:50:57.735root 11241100x8000000000000000287690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec5b8369a9d11742023-02-08 09:50:57.735root 11241100x8000000000000000287689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59500a014112b3442023-02-08 09:50:57.735root 11241100x8000000000000000287688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b508b4d7bd7a87f2023-02-08 09:50:57.735root 11241100x8000000000000000287687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db946c65d30793622023-02-08 09:50:57.735root 11241100x8000000000000000287686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fc87bff77209142023-02-08 09:50:57.735root 11241100x8000000000000000287685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87a4756b2612e182023-02-08 09:50:57.735root 11241100x8000000000000000287684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58864e73d14ba4ee2023-02-08 09:50:57.735root 11241100x8000000000000000287683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354b6537c2007b52023-02-08 09:50:57.735root 11241100x8000000000000000287682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf2c42bbf7377e02023-02-08 09:50:57.735root 11241100x8000000000000000287698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da104d904cfed152023-02-08 09:50:57.736root 11241100x8000000000000000287697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173dd2f8f490b032023-02-08 09:50:57.736root 11241100x8000000000000000287696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fc02e94a62dc672023-02-08 09:50:57.736root 11241100x8000000000000000287695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30190a2507f62062023-02-08 09:50:57.736root 11241100x8000000000000000287694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3505afa6451b9382023-02-08 09:50:57.736root 11241100x8000000000000000287693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6fe1026bf30b572023-02-08 09:50:57.736root 11241100x8000000000000000287692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8bdb98c55f50052023-02-08 09:50:57.736root 11241100x8000000000000000287699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f9350f94db168e2023-02-08 09:50:57.737root 11241100x8000000000000000287703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c939af08b25249b2023-02-08 09:50:57.738root 11241100x8000000000000000287702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2d5acec1e8952a2023-02-08 09:50:57.738root 11241100x8000000000000000287701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86650b248740db52023-02-08 09:50:57.738root 11241100x8000000000000000287700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:57.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc2c1e2dfe920e2023-02-08 09:50:57.738root 11241100x8000000000000000287712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495d12806c2f10902023-02-08 09:50:58.235root 11241100x8000000000000000287711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fbafd9563549282023-02-08 09:50:58.235root 11241100x8000000000000000287710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96e427d30b4f3be2023-02-08 09:50:58.235root 11241100x8000000000000000287709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef48401946d22252023-02-08 09:50:58.235root 11241100x8000000000000000287708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5f32e825d922332023-02-08 09:50:58.235root 11241100x8000000000000000287707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e2cb80e8174f92023-02-08 09:50:58.235root 11241100x8000000000000000287706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f86fa8c02c125d2023-02-08 09:50:58.235root 11241100x8000000000000000287705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c66cdf7d4a7883e2023-02-08 09:50:58.235root 11241100x8000000000000000287704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76017d98229179ad2023-02-08 09:50:58.235root 11241100x8000000000000000287721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088ff42d75402b312023-02-08 09:50:58.236root 11241100x8000000000000000287720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a32a08adf918fda2023-02-08 09:50:58.236root 11241100x8000000000000000287719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ac4657c60787f92023-02-08 09:50:58.236root 11241100x8000000000000000287718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e378a1b6bc3ee92023-02-08 09:50:58.236root 11241100x8000000000000000287717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac3020d6dd09ce42023-02-08 09:50:58.236root 11241100x8000000000000000287716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5366efe90262cc1a2023-02-08 09:50:58.236root 11241100x8000000000000000287715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7d1cac33f54da02023-02-08 09:50:58.236root 11241100x8000000000000000287714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848b60a9afe820e32023-02-08 09:50:58.236root 11241100x8000000000000000287713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e358c44c03345f72023-02-08 09:50:58.236root 11241100x8000000000000000287725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6edc3233e864c53c2023-02-08 09:50:58.237root 11241100x8000000000000000287724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbcef36d3f993c752023-02-08 09:50:58.237root 11241100x8000000000000000287723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae05acaa84588512023-02-08 09:50:58.237root 11241100x8000000000000000287722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db84c435fd172c0d2023-02-08 09:50:58.237root 11241100x8000000000000000287726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa839f4c83221322023-02-08 09:50:58.734root 11241100x8000000000000000287734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1d77f71c75c6982023-02-08 09:50:58.735root 11241100x8000000000000000287733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4c72b9b7314a952023-02-08 09:50:58.735root 11241100x8000000000000000287732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710ba90aff4f0e2c2023-02-08 09:50:58.735root 11241100x8000000000000000287731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130f7e3a6f4bbbc02023-02-08 09:50:58.735root 11241100x8000000000000000287730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff0724c6cca7c2f2023-02-08 09:50:58.735root 11241100x8000000000000000287729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5caac55a06cdada2023-02-08 09:50:58.735root 11241100x8000000000000000287728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574c5e8d69acf1502023-02-08 09:50:58.735root 11241100x8000000000000000287727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38970031a9099e2e2023-02-08 09:50:58.735root 11241100x8000000000000000287743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ae12c40c7d9fb2023-02-08 09:50:58.736root 11241100x8000000000000000287742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9a6099660d11942023-02-08 09:50:58.736root 11241100x8000000000000000287741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1339f6f126f0122023-02-08 09:50:58.736root 11241100x8000000000000000287740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114728fa4fac49cc2023-02-08 09:50:58.736root 11241100x8000000000000000287739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98dd7d1c47f04b2023-02-08 09:50:58.736root 11241100x8000000000000000287738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ce9e36310744a82023-02-08 09:50:58.736root 11241100x8000000000000000287737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e2455a2da71992023-02-08 09:50:58.736root 11241100x8000000000000000287736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c929905dc6ba2932023-02-08 09:50:58.736root 11241100x8000000000000000287735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1c6d19c80ba2722023-02-08 09:50:58.736root 11241100x8000000000000000287747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e782935820420c32023-02-08 09:50:58.737root 11241100x8000000000000000287746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee3e7de8d9e25712023-02-08 09:50:58.737root 11241100x8000000000000000287745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ab316f8979fa7b2023-02-08 09:50:58.737root 11241100x8000000000000000287744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:58.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d456a94ecc40d122023-02-08 09:50:58.737root 11241100x8000000000000000287757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee1cf126a0c812d2023-02-08 09:50:59.235root 11241100x8000000000000000287756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d2bcc1de7149302023-02-08 09:50:59.235root 11241100x8000000000000000287755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1896bf3743efc22023-02-08 09:50:59.235root 11241100x8000000000000000287754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096e5c97e8b5a6b22023-02-08 09:50:59.235root 11241100x8000000000000000287753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6d324c3c2e2992023-02-08 09:50:59.235root 11241100x8000000000000000287752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216b8e09ecf766a82023-02-08 09:50:59.235root 11241100x8000000000000000287751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6e98f009f7ca22023-02-08 09:50:59.235root 11241100x8000000000000000287750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d8204e2a3edb12023-02-08 09:50:59.235root 11241100x8000000000000000287749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c06d14b80262b52023-02-08 09:50:59.235root 11241100x8000000000000000287748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcede599510a51a82023-02-08 09:50:59.235root 11241100x8000000000000000287769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777b8c2d81ec39282023-02-08 09:50:59.236root 11241100x8000000000000000287768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a52dbce4905a712023-02-08 09:50:59.236root 11241100x8000000000000000287767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcf574d55b435d62023-02-08 09:50:59.236root 11241100x8000000000000000287766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb51f99ad92d0812023-02-08 09:50:59.236root 11241100x8000000000000000287765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c9d26a20885342023-02-08 09:50:59.236root 11241100x8000000000000000287764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344fa79a96b9bc8a2023-02-08 09:50:59.236root 11241100x8000000000000000287763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43d57440088de432023-02-08 09:50:59.236root 11241100x8000000000000000287762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b311c46b32d24c2023-02-08 09:50:59.236root 11241100x8000000000000000287761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2248ab439668882023-02-08 09:50:59.236root 11241100x8000000000000000287760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a76f0b1e20050c22023-02-08 09:50:59.236root 11241100x8000000000000000287759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225fccc2401460852023-02-08 09:50:59.236root 11241100x8000000000000000287758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978d0ba8bf051372023-02-08 09:50:59.236root 354300x8000000000000000287770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.243{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53948-false10.0.1.12-8000- 11241100x8000000000000000287778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052ca51a90682e892023-02-08 09:50:59.735root 11241100x8000000000000000287777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff33853eea5c8982023-02-08 09:50:59.735root 11241100x8000000000000000287776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537a2b4940a742252023-02-08 09:50:59.735root 11241100x8000000000000000287775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990f60d770c2c4bb2023-02-08 09:50:59.735root 11241100x8000000000000000287774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10ed74ed64915132023-02-08 09:50:59.735root 11241100x8000000000000000287773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d16134b455c7a62023-02-08 09:50:59.735root 11241100x8000000000000000287772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1f09760ae351702023-02-08 09:50:59.735root 11241100x8000000000000000287771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022b9074e14cb0ea2023-02-08 09:50:59.735root 11241100x8000000000000000287790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845fedf410730d572023-02-08 09:50:59.736root 11241100x8000000000000000287789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a532b509efc8d42023-02-08 09:50:59.736root 11241100x8000000000000000287788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4392600b5291e732023-02-08 09:50:59.736root 11241100x8000000000000000287787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22b8cac3126a6d2023-02-08 09:50:59.736root 11241100x8000000000000000287786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d638e82a54a6f3112023-02-08 09:50:59.736root 11241100x8000000000000000287785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2803728ac20b17502023-02-08 09:50:59.736root 11241100x8000000000000000287784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377410fd0a2b4e032023-02-08 09:50:59.736root 11241100x8000000000000000287783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfa9a8c0a049992023-02-08 09:50:59.736root 11241100x8000000000000000287782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db0237d660cfba2023-02-08 09:50:59.736root 11241100x8000000000000000287781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9550213a922bd49b2023-02-08 09:50:59.736root 11241100x8000000000000000287780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02042d34c1faf1462023-02-08 09:50:59.736root 11241100x8000000000000000287779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73d02ba644859a32023-02-08 09:50:59.736root 11241100x8000000000000000287793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5140b66ab1b255c2023-02-08 09:50:59.737root 11241100x8000000000000000287792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6688871978f059022023-02-08 09:50:59.737root 11241100x8000000000000000287791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:50:59.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494aee1fb830ee912023-02-08 09:50:59.737root 11241100x8000000000000000287800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dd6b6984e9c3bd2023-02-08 09:51:00.235root 11241100x8000000000000000287799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d03cfcf43f2c3d2023-02-08 09:51:00.235root 11241100x8000000000000000287798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35c5933b889b6cb2023-02-08 09:51:00.235root 11241100x8000000000000000287797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dc000b45e4eaee2023-02-08 09:51:00.235root 11241100x8000000000000000287796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09fbf2cd05fa0fa2023-02-08 09:51:00.235root 11241100x8000000000000000287795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72ce6b9962198512023-02-08 09:51:00.235root 11241100x8000000000000000287794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40357d4904c0ae822023-02-08 09:51:00.235root 11241100x8000000000000000287810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987a1c77c8bc20812023-02-08 09:51:00.236root 11241100x8000000000000000287809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2915f75a9ec782b12023-02-08 09:51:00.236root 11241100x8000000000000000287808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96c13248e0a6342023-02-08 09:51:00.236root 11241100x8000000000000000287807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dd222067be084e2023-02-08 09:51:00.236root 11241100x8000000000000000287806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3374e091e57cc52023-02-08 09:51:00.236root 11241100x8000000000000000287805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01239d0c8e94cc62023-02-08 09:51:00.236root 11241100x8000000000000000287804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97be3b34fd6061242023-02-08 09:51:00.236root 11241100x8000000000000000287803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660117791fff93f42023-02-08 09:51:00.236root 11241100x8000000000000000287802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00e27c479cde0e52023-02-08 09:51:00.236root 11241100x8000000000000000287801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1876454fc31c7e7e2023-02-08 09:51:00.236root 11241100x8000000000000000287816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2342c7e41988a352023-02-08 09:51:00.237root 11241100x8000000000000000287815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729440b3220fd1f72023-02-08 09:51:00.237root 11241100x8000000000000000287814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09cdca361fcb8382023-02-08 09:51:00.237root 11241100x8000000000000000287813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68da006153e009662023-02-08 09:51:00.237root 11241100x8000000000000000287812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b608be41c7886962023-02-08 09:51:00.237root 11241100x8000000000000000287811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29d0b4ff38195b02023-02-08 09:51:00.237root 11241100x8000000000000000287825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3778f21a4f1472023-02-08 09:51:00.735root 11241100x8000000000000000287824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6748a48d72d652023-02-08 09:51:00.735root 11241100x8000000000000000287823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd045ad76f4ed3e2023-02-08 09:51:00.735root 11241100x8000000000000000287822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0371ecf10360b64b2023-02-08 09:51:00.735root 11241100x8000000000000000287821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4172154110f48572023-02-08 09:51:00.735root 11241100x8000000000000000287820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f46cab60fa552002023-02-08 09:51:00.735root 11241100x8000000000000000287819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d9bdc4be0da5382023-02-08 09:51:00.735root 11241100x8000000000000000287818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861fbf311123cf92023-02-08 09:51:00.735root 11241100x8000000000000000287817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d3a7cb363998992023-02-08 09:51:00.735root 11241100x8000000000000000287836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e74995ccc05701b2023-02-08 09:51:00.736root 11241100x8000000000000000287835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ef881e83cf51a2023-02-08 09:51:00.736root 11241100x8000000000000000287834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae179cb0f5cfa6712023-02-08 09:51:00.736root 11241100x8000000000000000287833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab7cf18caa0d9f22023-02-08 09:51:00.736root 11241100x8000000000000000287832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62520d2c9bafb7af2023-02-08 09:51:00.736root 11241100x8000000000000000287831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff4b42818d14f8e2023-02-08 09:51:00.736root 11241100x8000000000000000287830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a110275aed7dc70b2023-02-08 09:51:00.736root 11241100x8000000000000000287829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8a85be2231e4d82023-02-08 09:51:00.736root 11241100x8000000000000000287828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3623cc5d940e4ac92023-02-08 09:51:00.736root 11241100x8000000000000000287827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfd8654abf746442023-02-08 09:51:00.736root 11241100x8000000000000000287826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fbd750706971b22023-02-08 09:51:00.736root 11241100x8000000000000000287839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7edff96714e07d2023-02-08 09:51:00.737root 11241100x8000000000000000287838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e73e6db7aa50b5d2023-02-08 09:51:00.737root 11241100x8000000000000000287837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:00.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd1eb5125ca0ece2023-02-08 09:51:00.737root 11241100x8000000000000000287840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6ece7618b1b4322023-02-08 09:51:01.234root 11241100x8000000000000000287853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0404b2c5d557642023-02-08 09:51:01.235root 11241100x8000000000000000287852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e7064edb74633b2023-02-08 09:51:01.235root 11241100x8000000000000000287851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27436328a62380b72023-02-08 09:51:01.235root 11241100x8000000000000000287850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b491ca6908cbf42023-02-08 09:51:01.235root 11241100x8000000000000000287849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b579ccd018f4c5432023-02-08 09:51:01.235root 11241100x8000000000000000287848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664e9709c936d0e12023-02-08 09:51:01.235root 11241100x8000000000000000287847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805dfea89142d65a2023-02-08 09:51:01.235root 11241100x8000000000000000287846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d595eb620bfe97782023-02-08 09:51:01.235root 11241100x8000000000000000287845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e735566ef67d308d2023-02-08 09:51:01.235root 11241100x8000000000000000287844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8ecabe9639a21e2023-02-08 09:51:01.235root 11241100x8000000000000000287843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bf3a8a7c1c0462023-02-08 09:51:01.235root 11241100x8000000000000000287842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543469d58cf26272023-02-08 09:51:01.235root 11241100x8000000000000000287841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f28f55c1fb8b0ab2023-02-08 09:51:01.235root 11241100x8000000000000000287862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7dd96dc3baaa9c2023-02-08 09:51:01.236root 11241100x8000000000000000287861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274ed853d72259b72023-02-08 09:51:01.236root 11241100x8000000000000000287860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07dd88ad54a04ae2023-02-08 09:51:01.236root 11241100x8000000000000000287859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7769278be220b8ea2023-02-08 09:51:01.236root 11241100x8000000000000000287858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a57fed149b53ad2023-02-08 09:51:01.236root 11241100x8000000000000000287857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a73bec7c5bc74562023-02-08 09:51:01.236root 11241100x8000000000000000287856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1588f7b0a0ad7ae82023-02-08 09:51:01.236root 11241100x8000000000000000287855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67086c31b21742a62023-02-08 09:51:01.236root 11241100x8000000000000000287854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddbd4b1e9e349772023-02-08 09:51:01.236root 11241100x8000000000000000287876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e91a47c09d91bd2023-02-08 09:51:01.735root 11241100x8000000000000000287875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc390615e430e122023-02-08 09:51:01.735root 11241100x8000000000000000287874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f25c360c4ab112023-02-08 09:51:01.735root 11241100x8000000000000000287873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4262371e6315038f2023-02-08 09:51:01.735root 11241100x8000000000000000287872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d835ae9274ed8d2023-02-08 09:51:01.735root 11241100x8000000000000000287871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c495c0e3af0d8902023-02-08 09:51:01.735root 11241100x8000000000000000287870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ba6fdca1aa2d272023-02-08 09:51:01.735root 11241100x8000000000000000287869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8747239d7b44ba2023-02-08 09:51:01.735root 11241100x8000000000000000287868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cd9f2cf1ed22bb2023-02-08 09:51:01.735root 11241100x8000000000000000287867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7efa3be233c8f642023-02-08 09:51:01.735root 11241100x8000000000000000287866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb0719d1014ba52023-02-08 09:51:01.735root 11241100x8000000000000000287865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3621810d308d32a2023-02-08 09:51:01.735root 11241100x8000000000000000287864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794e27e378ff26542023-02-08 09:51:01.735root 11241100x8000000000000000287863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ed768824dfe52b2023-02-08 09:51:01.735root 11241100x8000000000000000287885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5e879eb697af1f2023-02-08 09:51:01.736root 11241100x8000000000000000287884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758cac3c7af739a42023-02-08 09:51:01.736root 11241100x8000000000000000287883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20710197f6e3479a2023-02-08 09:51:01.736root 11241100x8000000000000000287882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff826f4fb2fe520a2023-02-08 09:51:01.736root 11241100x8000000000000000287881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b86c9662f8c4642023-02-08 09:51:01.736root 11241100x8000000000000000287880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f8e468fe1a43ae2023-02-08 09:51:01.736root 11241100x8000000000000000287879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017864a762a19f7d2023-02-08 09:51:01.736root 11241100x8000000000000000287878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f7a30375c165192023-02-08 09:51:01.736root 11241100x8000000000000000287877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:01.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb13d84c060df722023-02-08 09:51:01.736root 11241100x8000000000000000287895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11e2b95b1acdf342023-02-08 09:51:02.235root 11241100x8000000000000000287894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5b79404b8b17952023-02-08 09:51:02.235root 11241100x8000000000000000287893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a886e8d774c7b1eb2023-02-08 09:51:02.235root 11241100x8000000000000000287892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95ba32e9774fe682023-02-08 09:51:02.235root 11241100x8000000000000000287891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097912b28a57f9a72023-02-08 09:51:02.235root 11241100x8000000000000000287890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9402ce30a3b3eca02023-02-08 09:51:02.235root 11241100x8000000000000000287889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52e93756e60a8f62023-02-08 09:51:02.235root 11241100x8000000000000000287888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bbbc999962d5592023-02-08 09:51:02.235root 11241100x8000000000000000287887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06669cdbbb4b445a2023-02-08 09:51:02.235root 11241100x8000000000000000287886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3abfae248b58a02023-02-08 09:51:02.235root 11241100x8000000000000000287905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e27cadb09d90ed02023-02-08 09:51:02.236root 11241100x8000000000000000287904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18ef4045e3eccd2023-02-08 09:51:02.236root 11241100x8000000000000000287903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c8940f81ace4c2023-02-08 09:51:02.236root 11241100x8000000000000000287902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c6c3919b0c36652023-02-08 09:51:02.236root 11241100x8000000000000000287901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a39f0cf47acbbb2023-02-08 09:51:02.236root 11241100x8000000000000000287900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d799169de94e83e22023-02-08 09:51:02.236root 11241100x8000000000000000287899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41ef6b297c62af2023-02-08 09:51:02.236root 11241100x8000000000000000287898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5132cb0cfc0459c82023-02-08 09:51:02.236root 11241100x8000000000000000287897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95ec72348dcddc22023-02-08 09:51:02.236root 11241100x8000000000000000287896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a3b98d34cb6fe92023-02-08 09:51:02.236root 11241100x8000000000000000287908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3459463df57c3f2023-02-08 09:51:02.237root 11241100x8000000000000000287907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93e95bc9a1665042023-02-08 09:51:02.237root 11241100x8000000000000000287906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f14af407ea82e5d2023-02-08 09:51:02.237root 11241100x8000000000000000287910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7254f19257d5aa32023-02-08 09:51:02.735root 11241100x8000000000000000287909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aaf9af7f3691542023-02-08 09:51:02.735root 11241100x8000000000000000287912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cc204873fac4ec2023-02-08 09:51:02.736root 11241100x8000000000000000287911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a288e02874bc91562023-02-08 09:51:02.736root 11241100x8000000000000000287917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3d3ed319129c362023-02-08 09:51:02.737root 11241100x8000000000000000287916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584ecfe8efc4ce562023-02-08 09:51:02.737root 11241100x8000000000000000287915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8433e9fbea69b32023-02-08 09:51:02.737root 11241100x8000000000000000287914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398a921cfadf33f52023-02-08 09:51:02.737root 11241100x8000000000000000287913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a5ba0a488d21772023-02-08 09:51:02.737root 11241100x8000000000000000287920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44991f49158c40042023-02-08 09:51:02.738root 11241100x8000000000000000287919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00ca4786fe6cfb12023-02-08 09:51:02.738root 11241100x8000000000000000287918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd279608a68595692023-02-08 09:51:02.738root 11241100x8000000000000000287930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bfd096cd679d122023-02-08 09:51:02.739root 11241100x8000000000000000287929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c14b48b7a6a4312023-02-08 09:51:02.739root 11241100x8000000000000000287928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06f78ab77781232023-02-08 09:51:02.739root 11241100x8000000000000000287927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71630b1998e46ab2023-02-08 09:51:02.739root 11241100x8000000000000000287926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdcd138b25f2d062023-02-08 09:51:02.739root 11241100x8000000000000000287925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c72eab01890f6c2023-02-08 09:51:02.739root 11241100x8000000000000000287924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a06e128cf1b4452023-02-08 09:51:02.739root 11241100x8000000000000000287923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b28df4d6ad4ebf2023-02-08 09:51:02.739root 11241100x8000000000000000287922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3a18bd733d36b2023-02-08 09:51:02.739root 11241100x8000000000000000287921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db37fd6b79f623792023-02-08 09:51:02.739root 11241100x8000000000000000287931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:02.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae31b1d144f15be2023-02-08 09:51:02.740root 11241100x8000000000000000287945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c38c81e36c49d92023-02-08 09:51:03.235root 11241100x8000000000000000287944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1308ddff73b49ec2023-02-08 09:51:03.235root 11241100x8000000000000000287943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899c5a82ed7319282023-02-08 09:51:03.235root 11241100x8000000000000000287942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85878b3771a48842023-02-08 09:51:03.235root 11241100x8000000000000000287941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea5821b74605dc82023-02-08 09:51:03.235root 11241100x8000000000000000287940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ff59d98dd45c32023-02-08 09:51:03.235root 11241100x8000000000000000287939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459965330c06bffe2023-02-08 09:51:03.235root 11241100x8000000000000000287938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f06130757442c2023-02-08 09:51:03.235root 11241100x8000000000000000287937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba4fae86d061bc72023-02-08 09:51:03.235root 11241100x8000000000000000287936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c8c3cf4df46b22023-02-08 09:51:03.235root 11241100x8000000000000000287935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9203f26aef7ea2023-02-08 09:51:03.235root 11241100x8000000000000000287934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d27809a61cc25c2023-02-08 09:51:03.235root 11241100x8000000000000000287933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee507ba860ee9852023-02-08 09:51:03.235root 11241100x8000000000000000287932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472140315d4e2622023-02-08 09:51:03.235root 11241100x8000000000000000287954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcc083babeaedf72023-02-08 09:51:03.236root 11241100x8000000000000000287953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51780e579dbd80742023-02-08 09:51:03.236root 11241100x8000000000000000287952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb19142ece706cbb2023-02-08 09:51:03.236root 11241100x8000000000000000287951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d833cb27aeadd99d2023-02-08 09:51:03.236root 11241100x8000000000000000287950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780c3f1af2f3603e2023-02-08 09:51:03.236root 11241100x8000000000000000287949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedceaf6cad07ecc2023-02-08 09:51:03.236root 11241100x8000000000000000287948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4c1e09d5deb792023-02-08 09:51:03.236root 11241100x8000000000000000287947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e13213817162ee2023-02-08 09:51:03.236root 11241100x8000000000000000287946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06add9efed07a8a72023-02-08 09:51:03.236root 11241100x8000000000000000287968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8dd0bbed6de291a2023-02-08 09:51:03.735root 11241100x8000000000000000287967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49500ecceb893deb2023-02-08 09:51:03.735root 11241100x8000000000000000287966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3476eaf9fb3e42023-02-08 09:51:03.735root 11241100x8000000000000000287965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecac88d1eac58c52023-02-08 09:51:03.735root 11241100x8000000000000000287964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533c20b0810ef54d2023-02-08 09:51:03.735root 11241100x8000000000000000287963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3d4507cfeea8762023-02-08 09:51:03.735root 11241100x8000000000000000287962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220d362f2bcd3ccf2023-02-08 09:51:03.735root 11241100x8000000000000000287961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f0a69ea32d07e52023-02-08 09:51:03.735root 11241100x8000000000000000287960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37337be9550fda102023-02-08 09:51:03.735root 11241100x8000000000000000287959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7621b4273b6715d2023-02-08 09:51:03.735root 11241100x8000000000000000287958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d1ba5eb65b34542023-02-08 09:51:03.735root 11241100x8000000000000000287957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d960f703703d942023-02-08 09:51:03.735root 11241100x8000000000000000287956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1753a748c980af282023-02-08 09:51:03.735root 11241100x8000000000000000287955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd8f8c4121e3a92023-02-08 09:51:03.735root 11241100x8000000000000000287977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0347541a11ac2b2023-02-08 09:51:03.736root 11241100x8000000000000000287976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f08c569e5ef58e2023-02-08 09:51:03.736root 11241100x8000000000000000287975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18f31c208a18eab2023-02-08 09:51:03.736root 11241100x8000000000000000287974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bf0f6fb32c47ba2023-02-08 09:51:03.736root 11241100x8000000000000000287973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f9dc23cd243b772023-02-08 09:51:03.736root 11241100x8000000000000000287972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25e6e98b6f060672023-02-08 09:51:03.736root 11241100x8000000000000000287971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8308e475ebb55202023-02-08 09:51:03.736root 11241100x8000000000000000287970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121a0bdd4e129432023-02-08 09:51:03.736root 11241100x8000000000000000287969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:03.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc1e6077243e532023-02-08 09:51:03.736root 11241100x8000000000000000287991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fcc417297d30b22023-02-08 09:51:04.235root 11241100x8000000000000000287990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b89aafdf07b752023-02-08 09:51:04.235root 11241100x8000000000000000287989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5e612a1d79e08f2023-02-08 09:51:04.235root 11241100x8000000000000000287988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ddf5a689c1ef182023-02-08 09:51:04.235root 11241100x8000000000000000287987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c216e102f863412023-02-08 09:51:04.235root 11241100x8000000000000000287986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88051794c8ca4e0e2023-02-08 09:51:04.235root 11241100x8000000000000000287985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c826075c2b32102023-02-08 09:51:04.235root 11241100x8000000000000000287984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ee9ac39a169da2023-02-08 09:51:04.235root 11241100x8000000000000000287983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd7e04d800502d72023-02-08 09:51:04.235root 11241100x8000000000000000287982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7853ef6518be9c1a2023-02-08 09:51:04.235root 11241100x8000000000000000287981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a49b8e6d3ce4cd92023-02-08 09:51:04.235root 11241100x8000000000000000287980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c1a924308a39282023-02-08 09:51:04.235root 11241100x8000000000000000287979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b5de8479ab1b772023-02-08 09:51:04.235root 11241100x8000000000000000287978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb3450f59af00f92023-02-08 09:51:04.235root 11241100x8000000000000000288000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f2d7a8b27e2ae2023-02-08 09:51:04.236root 11241100x8000000000000000287999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb529b2d9c07a4c2023-02-08 09:51:04.236root 11241100x8000000000000000287998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67df24bf2f8d81a2023-02-08 09:51:04.236root 11241100x8000000000000000287997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bfa450d945ceb2023-02-08 09:51:04.236root 11241100x8000000000000000287996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ef516df4f37d32023-02-08 09:51:04.236root 11241100x8000000000000000287995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6046ac31caae63ad2023-02-08 09:51:04.236root 11241100x8000000000000000287994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87e45556588a962023-02-08 09:51:04.236root 11241100x8000000000000000287993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5ba3fcdcb446ab2023-02-08 09:51:04.236root 11241100x8000000000000000287992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8661d3687f2cd5522023-02-08 09:51:04.236root 11241100x8000000000000000288013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98af1c4be8c82b9d2023-02-08 09:51:04.735root 11241100x8000000000000000288012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58490b73c109fec42023-02-08 09:51:04.735root 11241100x8000000000000000288011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc139335dba413962023-02-08 09:51:04.735root 11241100x8000000000000000288010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d6141440a320e2023-02-08 09:51:04.735root 11241100x8000000000000000288009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31efc4f6ae2f9dd42023-02-08 09:51:04.735root 11241100x8000000000000000288008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970db636dab6a4cf2023-02-08 09:51:04.735root 11241100x8000000000000000288007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bede6194d175392023-02-08 09:51:04.735root 11241100x8000000000000000288006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d6f1c7a207cbd72023-02-08 09:51:04.735root 11241100x8000000000000000288005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a71d3a18f1fe50c2023-02-08 09:51:04.735root 11241100x8000000000000000288004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc14c04402e95222023-02-08 09:51:04.735root 11241100x8000000000000000288003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be42e28ef4fe737b2023-02-08 09:51:04.735root 11241100x8000000000000000288002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc16052847072bd52023-02-08 09:51:04.735root 11241100x8000000000000000288001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38800625a9e66eb92023-02-08 09:51:04.735root 11241100x8000000000000000288023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376a150079b99a202023-02-08 09:51:04.736root 11241100x8000000000000000288022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4328d578dc3825c62023-02-08 09:51:04.736root 11241100x8000000000000000288021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa70829990115f282023-02-08 09:51:04.736root 11241100x8000000000000000288020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205bdc427cc9256a2023-02-08 09:51:04.736root 11241100x8000000000000000288019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709481ee03e54f612023-02-08 09:51:04.736root 11241100x8000000000000000288018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bdd2e5c7732ee32023-02-08 09:51:04.736root 11241100x8000000000000000288017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db4c016a6fa081f2023-02-08 09:51:04.736root 11241100x8000000000000000288016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296b9f9c4cb5b0d82023-02-08 09:51:04.736root 11241100x8000000000000000288015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d735f0bec9d1acd12023-02-08 09:51:04.736root 11241100x8000000000000000288014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:04.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ccb46edc6affe32023-02-08 09:51:04.736root 11241100x8000000000000000288025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6690a2d1da24142023-02-08 09:51:05.213root 354300x8000000000000000288024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.213{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-53964-false10.0.1.12-8000- 11241100x8000000000000000288030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd2615b3c31993c2023-02-08 09:51:05.214root 11241100x8000000000000000288029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02afccbd7a115f52023-02-08 09:51:05.214root 11241100x8000000000000000288028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89cc55c73b8b132023-02-08 09:51:05.214root 11241100x8000000000000000288027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6ac558e41521882023-02-08 09:51:05.214root 11241100x8000000000000000288026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980a250c8c127e252023-02-08 09:51:05.214root 11241100x8000000000000000288041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041e8c4e491ea06f2023-02-08 09:51:05.215root 11241100x8000000000000000288040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794ff7b4f2ab5f052023-02-08 09:51:05.215root 11241100x8000000000000000288039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e065d4847112ebf02023-02-08 09:51:05.215root 11241100x8000000000000000288038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0f70414c2797fb2023-02-08 09:51:05.215root 11241100x8000000000000000288037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfebd2956c28d782023-02-08 09:51:05.215root 11241100x8000000000000000288036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270188b11bd770652023-02-08 09:51:05.215root 11241100x8000000000000000288035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8836e8f1f23c9bba2023-02-08 09:51:05.215root 11241100x8000000000000000288034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bffb8de94ab871a2023-02-08 09:51:05.215root 11241100x8000000000000000288033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b713ea8b375d12023-02-08 09:51:05.215root 11241100x8000000000000000288032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf492ff65209bad2023-02-08 09:51:05.215root 11241100x8000000000000000288031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21adfae0e9b6e782023-02-08 09:51:05.215root 11241100x8000000000000000288048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cfb317b6b73dc52023-02-08 09:51:05.216root 11241100x8000000000000000288047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5255085cf41004922023-02-08 09:51:05.216root 11241100x8000000000000000288046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecc65f550037d692023-02-08 09:51:05.216root 11241100x8000000000000000288045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d2bcb54d9e2992023-02-08 09:51:05.216root 11241100x8000000000000000288044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069d80c8808aa5442023-02-08 09:51:05.216root 11241100x8000000000000000288043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38feade5965118e02023-02-08 09:51:05.216root 11241100x8000000000000000288042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3539f553a8772762023-02-08 09:51:05.216root 11241100x8000000000000000288055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a49d7d17c6070252023-02-08 09:51:05.485root 11241100x8000000000000000288054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5dc3dd538620782023-02-08 09:51:05.485root 11241100x8000000000000000288053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472c440c4df3784e2023-02-08 09:51:05.485root 11241100x8000000000000000288052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197f01ab9fb52ff72023-02-08 09:51:05.485root 11241100x8000000000000000288051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da6f82ef2090a232023-02-08 09:51:05.485root 11241100x8000000000000000288050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c447cd7115a8342023-02-08 09:51:05.485root 11241100x8000000000000000288049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e9770c1fede62b2023-02-08 09:51:05.485root 11241100x8000000000000000288068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77ba2e70be815712023-02-08 09:51:05.486root 11241100x8000000000000000288067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104156b28dd51102023-02-08 09:51:05.486root 11241100x8000000000000000288066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2636fbd1b1791532023-02-08 09:51:05.486root 11241100x8000000000000000288065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc76c9bc9ee5b452023-02-08 09:51:05.486root 11241100x8000000000000000288064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5845909607c8277b2023-02-08 09:51:05.486root 11241100x8000000000000000288063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75508052801a2bd82023-02-08 09:51:05.486root 11241100x8000000000000000288062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9519380c40a491482023-02-08 09:51:05.486root 11241100x8000000000000000288061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdfa05efa4085a72023-02-08 09:51:05.486root 11241100x8000000000000000288060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b76ad2f07cb0f92023-02-08 09:51:05.486root 11241100x8000000000000000288059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db6825e2c727d6c2023-02-08 09:51:05.486root 11241100x8000000000000000288058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6924927ab8440f2b2023-02-08 09:51:05.486root 11241100x8000000000000000288057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c97c51950cc9a72023-02-08 09:51:05.486root 11241100x8000000000000000288056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8938093af3faa22023-02-08 09:51:05.486root 11241100x8000000000000000288072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94bc31857dc22b42023-02-08 09:51:05.487root 11241100x8000000000000000288071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f0769fc3f8c372023-02-08 09:51:05.487root 11241100x8000000000000000288070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16860c4c93ffae2a2023-02-08 09:51:05.487root 11241100x8000000000000000288069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c28ba6d16c383b2023-02-08 09:51:05.487root 11241100x8000000000000000288082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad42a3397b828be2023-02-08 09:51:05.985root 11241100x8000000000000000288081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326914ef170333b12023-02-08 09:51:05.985root 11241100x8000000000000000288080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c79b30f4887bc1a2023-02-08 09:51:05.985root 11241100x8000000000000000288079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366cd5b76c1eb46c2023-02-08 09:51:05.985root 11241100x8000000000000000288078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169f33fe659093452023-02-08 09:51:05.985root 11241100x8000000000000000288077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a248d0600f966bc72023-02-08 09:51:05.985root 11241100x8000000000000000288076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb04309223b1b0232023-02-08 09:51:05.985root 11241100x8000000000000000288075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f9471fafdcc3212023-02-08 09:51:05.985root 11241100x8000000000000000288074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed645c1339c47e52023-02-08 09:51:05.985root 11241100x8000000000000000288073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb02c4fc88f67e2023-02-08 09:51:05.985root 11241100x8000000000000000288092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0619c4163f2fd32023-02-08 09:51:05.986root 11241100x8000000000000000288091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22436eb6f921e80b2023-02-08 09:51:05.986root 11241100x8000000000000000288090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906a4158aa467562023-02-08 09:51:05.986root 11241100x8000000000000000288089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f38276c20125d4d2023-02-08 09:51:05.986root 11241100x8000000000000000288088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302743595b6eb19a2023-02-08 09:51:05.986root 11241100x8000000000000000288087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b727845feeb79082023-02-08 09:51:05.986root 11241100x8000000000000000288086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185491a7d7445fbf2023-02-08 09:51:05.986root 11241100x8000000000000000288085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cac53ced73785c2023-02-08 09:51:05.986root 11241100x8000000000000000288084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a49cea11b5cd062023-02-08 09:51:05.986root 11241100x8000000000000000288083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b046ad088cb3562023-02-08 09:51:05.986root 11241100x8000000000000000288096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f1bc022e0dc9db2023-02-08 09:51:05.987root 11241100x8000000000000000288095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cbb736c91cd7f12023-02-08 09:51:05.987root 11241100x8000000000000000288094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3714c652ad77bc2023-02-08 09:51:05.987root 11241100x8000000000000000288093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acd8b9720e6c28f2023-02-08 09:51:05.987root 11241100x8000000000000000288097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:51:06.361root 11241100x8000000000000000288104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb942d92105893942023-02-08 09:51:06.362root 11241100x8000000000000000288103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7b0f60bfa35b42023-02-08 09:51:06.362root 11241100x8000000000000000288102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d524703a61c6212023-02-08 09:51:06.362root 11241100x8000000000000000288101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0df903b29d52d4e2023-02-08 09:51:06.362root 11241100x8000000000000000288100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975bd1dc80735b82023-02-08 09:51:06.362root 11241100x8000000000000000288099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ef0fbfc0e3c462023-02-08 09:51:06.362root 11241100x8000000000000000288098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329f18116c7001192023-02-08 09:51:06.362root 11241100x8000000000000000288119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b363d058daab57a2023-02-08 09:51:06.363root 11241100x8000000000000000288118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ba4f8fe892e9832023-02-08 09:51:06.363root 11241100x8000000000000000288117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2a9dac48378ee02023-02-08 09:51:06.363root 11241100x8000000000000000288116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c800df78184e372023-02-08 09:51:06.363root 11241100x8000000000000000288115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb903e3b824c30fe2023-02-08 09:51:06.363root 11241100x8000000000000000288114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ecfb4299a513b22023-02-08 09:51:06.363root 11241100x8000000000000000288113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27017765bfc4ee162023-02-08 09:51:06.363root 11241100x8000000000000000288112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354139e0296f66ee2023-02-08 09:51:06.363root 11241100x8000000000000000288111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78ce4e44c2253492023-02-08 09:51:06.363root 11241100x8000000000000000288110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c61d3b815a942452023-02-08 09:51:06.363root 11241100x8000000000000000288109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd5db40f3f9cfd12023-02-08 09:51:06.363root 11241100x8000000000000000288108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fa1e2ee79d9dce2023-02-08 09:51:06.363root 11241100x8000000000000000288107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe93a9896647a042023-02-08 09:51:06.363root 11241100x8000000000000000288106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc42c2b1f0eb3ca2023-02-08 09:51:06.363root 11241100x8000000000000000288105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28a2778596e92c42023-02-08 09:51:06.363root 11241100x8000000000000000288126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc20eff4130b66c82023-02-08 09:51:06.364root 11241100x8000000000000000288125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18e544290827e482023-02-08 09:51:06.364root 11241100x8000000000000000288124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58758b81b2f13f912023-02-08 09:51:06.364root 11241100x8000000000000000288123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb61bb0293038a442023-02-08 09:51:06.364root 11241100x8000000000000000288122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717b09439b956e9d2023-02-08 09:51:06.364root 11241100x8000000000000000288121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494eeda0c6e017602023-02-08 09:51:06.364root 11241100x8000000000000000288120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3824d082157f62023-02-08 09:51:06.364root 11241100x8000000000000000288130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cbd09f617747ca2023-02-08 09:51:06.734root 11241100x8000000000000000288129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f124579f6d8fc2023-02-08 09:51:06.734root 11241100x8000000000000000288128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da574d53af2421b92023-02-08 09:51:06.734root 11241100x8000000000000000288127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237d95552df3994a2023-02-08 09:51:06.734root 11241100x8000000000000000288142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc1988c8359f22f2023-02-08 09:51:06.735root 11241100x8000000000000000288141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3007a079237a675e2023-02-08 09:51:06.735root 11241100x8000000000000000288140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c7abbb1f4de112023-02-08 09:51:06.735root 11241100x8000000000000000288139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5eeed6bd0dc4302023-02-08 09:51:06.735root 11241100x8000000000000000288138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c0515191d400612023-02-08 09:51:06.735root 11241100x8000000000000000288137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6d4039c6c2c6192023-02-08 09:51:06.735root 11241100x8000000000000000288136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fb75fd8ae247f32023-02-08 09:51:06.735root 11241100x8000000000000000288135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3591fd22559be9d62023-02-08 09:51:06.735root 11241100x8000000000000000288134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83968e8f6d0ffd2c2023-02-08 09:51:06.735root 11241100x8000000000000000288133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be97f5426c0213f12023-02-08 09:51:06.735root 11241100x8000000000000000288132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5d532e3d23c7d12023-02-08 09:51:06.735root 11241100x8000000000000000288131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7978e08ed00447cc2023-02-08 09:51:06.735root 11241100x8000000000000000288150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aec993bdd16ba82023-02-08 09:51:06.736root 11241100x8000000000000000288149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c174a5626b1bb82023-02-08 09:51:06.736root 11241100x8000000000000000288148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08ec96b14beec3b2023-02-08 09:51:06.736root 11241100x8000000000000000288147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d33d421bb00d82023-02-08 09:51:06.736root 11241100x8000000000000000288146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e26f04e17bab322023-02-08 09:51:06.736root 11241100x8000000000000000288145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0547d88be9b7f81b2023-02-08 09:51:06.736root 11241100x8000000000000000288144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7233f66b41aa52023-02-08 09:51:06.736root 11241100x8000000000000000288143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2364f812d131b4462023-02-08 09:51:06.736root 11241100x8000000000000000288153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814f67c5dd3e79e72023-02-08 09:51:06.737root 11241100x8000000000000000288152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41d471186a811b2023-02-08 09:51:06.737root 11241100x8000000000000000288151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c02938194bc7a792023-02-08 09:51:06.737root 354300x8000000000000000288154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:06.749{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-55038-false10.0.1.12-8089- 11241100x8000000000000000288155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf939349eca6f402023-02-08 09:51:07.234root 11241100x8000000000000000288159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88871e203dc950562023-02-08 09:51:07.235root 11241100x8000000000000000288158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90f43b0d0cdbebc2023-02-08 09:51:07.235root 11241100x8000000000000000288157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8b793c1833c4ed2023-02-08 09:51:07.235root 11241100x8000000000000000288156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc586f65323cae22023-02-08 09:51:07.235root 11241100x8000000000000000288165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47675f669116af0e2023-02-08 09:51:07.236root 11241100x8000000000000000288164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b654be6cceadf8162023-02-08 09:51:07.236root 11241100x8000000000000000288163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b290c9d1428ceca82023-02-08 09:51:07.236root 11241100x8000000000000000288162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cfea83cb9873b32023-02-08 09:51:07.236root 11241100x8000000000000000288161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4554cea49bab78b52023-02-08 09:51:07.236root 11241100x8000000000000000288160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affde9a1528d55592023-02-08 09:51:07.236root 11241100x8000000000000000288176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccecfc6ae3a069742023-02-08 09:51:07.237root 11241100x8000000000000000288175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b8dbdc2ff9ed4b2023-02-08 09:51:07.237root 11241100x8000000000000000288174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c09b0b8fe249d32023-02-08 09:51:07.237root 11241100x8000000000000000288173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be45037433bea9972023-02-08 09:51:07.237root 11241100x8000000000000000288172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d022171774ee22e2023-02-08 09:51:07.237root 11241100x8000000000000000288171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d4bfac214652d02023-02-08 09:51:07.237root 11241100x8000000000000000288170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96629ff85bd355422023-02-08 09:51:07.237root 11241100x8000000000000000288169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac74a43c8dffa72023-02-08 09:51:07.237root 11241100x8000000000000000288168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32af77da5b685db2023-02-08 09:51:07.237root 11241100x8000000000000000288167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b07abc4c3d6b92023-02-08 09:51:07.237root 11241100x8000000000000000288166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef533aaef7d4a1c2023-02-08 09:51:07.237root 11241100x8000000000000000288180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dec2edd3ac471842023-02-08 09:51:07.238root 11241100x8000000000000000288179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c57a38ab86a40902023-02-08 09:51:07.238root 11241100x8000000000000000288178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2597d6642363f612023-02-08 09:51:07.238root 11241100x8000000000000000288177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572e84d0f32ffbb52023-02-08 09:51:07.238root 11241100x8000000000000000288192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4ba8dd573a8b962023-02-08 09:51:07.735root 11241100x8000000000000000288191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76466acfd1cc3c262023-02-08 09:51:07.735root 11241100x8000000000000000288190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5e5b8a11349b3e2023-02-08 09:51:07.735root 11241100x8000000000000000288189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f760ca7e269a9cdc2023-02-08 09:51:07.735root 11241100x8000000000000000288188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c941bda4f7e8e702023-02-08 09:51:07.735root 11241100x8000000000000000288187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d551e51a96594c0b2023-02-08 09:51:07.735root 11241100x8000000000000000288186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae8d626fed0ea3c2023-02-08 09:51:07.735root 11241100x8000000000000000288185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47e7503e6ec819d2023-02-08 09:51:07.735root 11241100x8000000000000000288184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25b781e22b8e2652023-02-08 09:51:07.735root 11241100x8000000000000000288183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1259ab7443881f2023-02-08 09:51:07.735root 11241100x8000000000000000288182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e0dda88dad74c92023-02-08 09:51:07.735root 11241100x8000000000000000288181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e21e90468ffaf972023-02-08 09:51:07.735root 11241100x8000000000000000288206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d1f976357eb66b2023-02-08 09:51:07.736root 11241100x8000000000000000288205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ed51393f164e832023-02-08 09:51:07.736root 11241100x8000000000000000288204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2480545471d9a52023-02-08 09:51:07.736root 11241100x8000000000000000288203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683a2c62588c222b2023-02-08 09:51:07.736root 11241100x8000000000000000288202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b2229be3633e62023-02-08 09:51:07.736root 11241100x8000000000000000288201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a101c1e5ab22b52023-02-08 09:51:07.736root 11241100x8000000000000000288200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331e022b0fbe21082023-02-08 09:51:07.736root 11241100x8000000000000000288199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20629860e18343f42023-02-08 09:51:07.736root 11241100x8000000000000000288198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a11c4afb2a0cba2023-02-08 09:51:07.736root 11241100x8000000000000000288197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5429a8813668bc682023-02-08 09:51:07.736root 11241100x8000000000000000288196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a332e61bc046f0c2023-02-08 09:51:07.736root 11241100x8000000000000000288195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aafc77604204152023-02-08 09:51:07.736root 11241100x8000000000000000288194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fef206e7d14d942023-02-08 09:51:07.736root 11241100x8000000000000000288193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50d4db0a9ba362b2023-02-08 09:51:07.736root 11241100x8000000000000000288210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ce9d5a0887acf92023-02-08 09:51:08.234root 11241100x8000000000000000288209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5a50db53a616ef2023-02-08 09:51:08.234root 11241100x8000000000000000288208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd76ad61d5c63e62023-02-08 09:51:08.234root 11241100x8000000000000000288207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e686f348ddd55b2023-02-08 09:51:08.234root 11241100x8000000000000000288225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eaf5911c0bff622023-02-08 09:51:08.235root 11241100x8000000000000000288224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f73bda846b453022023-02-08 09:51:08.235root 11241100x8000000000000000288223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1364731db191cf0d2023-02-08 09:51:08.235root 11241100x8000000000000000288222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec494be23b41b0d2023-02-08 09:51:08.235root 11241100x8000000000000000288221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549eea938c0d69262023-02-08 09:51:08.235root 11241100x8000000000000000288220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0169cd51e637fd12023-02-08 09:51:08.235root 11241100x8000000000000000288219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53290c7dfe5314d2023-02-08 09:51:08.235root 11241100x8000000000000000288218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd38ae7603f3042023-02-08 09:51:08.235root 11241100x8000000000000000288217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b29ab03bc9587f2023-02-08 09:51:08.235root 11241100x8000000000000000288216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1510a8bce3c6d82023-02-08 09:51:08.235root 11241100x8000000000000000288215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575e42c5a8d349a12023-02-08 09:51:08.235root 11241100x8000000000000000288214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf71de1f5e74bf2023-02-08 09:51:08.235root 11241100x8000000000000000288213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a3debf68c58ab12023-02-08 09:51:08.235root 11241100x8000000000000000288212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a78b767d41c4e2023-02-08 09:51:08.235root 11241100x8000000000000000288211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a112227dc4b671ce2023-02-08 09:51:08.235root 11241100x8000000000000000288232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d7923f9981e20c2023-02-08 09:51:08.236root 11241100x8000000000000000288231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb5bd12afa51aa2023-02-08 09:51:08.236root 11241100x8000000000000000288230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6138281129be450c2023-02-08 09:51:08.236root 11241100x8000000000000000288229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3ca10ceaf0f2042023-02-08 09:51:08.236root 11241100x8000000000000000288228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8125fe1ca85977fa2023-02-08 09:51:08.236root 11241100x8000000000000000288227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc6cf2cab613c8f2023-02-08 09:51:08.236root 11241100x8000000000000000288226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9df45623386a6c2023-02-08 09:51:08.236root 11241100x8000000000000000288233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814ff64af726b3862023-02-08 09:51:08.734root 11241100x8000000000000000288241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b91b1ee31136012023-02-08 09:51:08.735root 11241100x8000000000000000288240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cec82f00e2d09df2023-02-08 09:51:08.735root 11241100x8000000000000000288239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468a0b3d2caeae92023-02-08 09:51:08.735root 11241100x8000000000000000288238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca2c72b87317aa42023-02-08 09:51:08.735root 11241100x8000000000000000288237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc4669b26cb6bd72023-02-08 09:51:08.735root 11241100x8000000000000000288236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cf1fe4797fa02c2023-02-08 09:51:08.735root 11241100x8000000000000000288235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28b61c75e4348092023-02-08 09:51:08.735root 11241100x8000000000000000288234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a828555a6a0492023-02-08 09:51:08.735root 11241100x8000000000000000288254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d68269cc61763832023-02-08 09:51:08.736root 11241100x8000000000000000288253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ca0b497528b0e2023-02-08 09:51:08.736root 11241100x8000000000000000288252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5ada6bde2d60422023-02-08 09:51:08.736root 11241100x8000000000000000288251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30141491728f1792023-02-08 09:51:08.736root 11241100x8000000000000000288250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ac07b5b7ab2e602023-02-08 09:51:08.736root 11241100x8000000000000000288249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60ec16f92ddd1872023-02-08 09:51:08.736root 11241100x8000000000000000288248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0516b5af0c7b772023-02-08 09:51:08.736root 11241100x8000000000000000288247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b0fa34cb7069d72023-02-08 09:51:08.736root 11241100x8000000000000000288246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912e5dad03ade572023-02-08 09:51:08.736root 11241100x8000000000000000288245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d17784c170dbf562023-02-08 09:51:08.736root 11241100x8000000000000000288244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e8d56079f75b972023-02-08 09:51:08.736root 11241100x8000000000000000288243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b26cba6a95b38b2023-02-08 09:51:08.736root 11241100x8000000000000000288242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5f99f756c478992023-02-08 09:51:08.736root 11241100x8000000000000000288258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dae819786411e42023-02-08 09:51:08.737root 11241100x8000000000000000288257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb497c0cca884a72023-02-08 09:51:08.737root 11241100x8000000000000000288256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec678cf8536c7892023-02-08 09:51:08.737root 11241100x8000000000000000288255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d68757ba20845b2023-02-08 09:51:08.737root 11241100x8000000000000000288268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44229ccd69d5ef92023-02-08 09:51:09.234root 11241100x8000000000000000288267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f85cbe8016577802023-02-08 09:51:09.234root 11241100x8000000000000000288266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd12051025207122023-02-08 09:51:09.234root 11241100x8000000000000000288265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abddfe9410fc3fd2023-02-08 09:51:09.234root 11241100x8000000000000000288264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958f2f2116c98ca02023-02-08 09:51:09.234root 11241100x8000000000000000288263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f419deea0a764f2023-02-08 09:51:09.234root 11241100x8000000000000000288262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f955b1a845cdac592023-02-08 09:51:09.234root 11241100x8000000000000000288261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35deccd4002043ef2023-02-08 09:51:09.234root 11241100x8000000000000000288260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f4da4aec2de8fa2023-02-08 09:51:09.234root 11241100x8000000000000000288259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a47ca47baa9e292023-02-08 09:51:09.234root 11241100x8000000000000000288278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93bcc45bd3b918c2023-02-08 09:51:09.235root 11241100x8000000000000000288277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dabe311ff78fe32023-02-08 09:51:09.235root 11241100x8000000000000000288276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2777d883b94efbd62023-02-08 09:51:09.235root 11241100x8000000000000000288275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d66e005c563f4f82023-02-08 09:51:09.235root 11241100x8000000000000000288274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c594eac99516bd812023-02-08 09:51:09.235root 11241100x8000000000000000288273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff014c4d4e3fa952023-02-08 09:51:09.235root 11241100x8000000000000000288272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44afb460170247c2023-02-08 09:51:09.235root 11241100x8000000000000000288271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2acb72a65da4b2023-02-08 09:51:09.235root 11241100x8000000000000000288270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db1a98d226e93a02023-02-08 09:51:09.235root 11241100x8000000000000000288269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb00342ce38f5e482023-02-08 09:51:09.235root 11241100x8000000000000000288284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7702eb809d784d72023-02-08 09:51:09.236root 11241100x8000000000000000288283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f8650d28c3a1fb2023-02-08 09:51:09.236root 11241100x8000000000000000288282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e128451cced0212023-02-08 09:51:09.236root 11241100x8000000000000000288281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a68503af4ed4c2c2023-02-08 09:51:09.236root 11241100x8000000000000000288280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a146f1aeb1626dc02023-02-08 09:51:09.236root 11241100x8000000000000000288279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1807303c9e4d52d42023-02-08 09:51:09.236root 11241100x8000000000000000288288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719e0dba1984abf82023-02-08 09:51:09.237root 11241100x8000000000000000288287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414f40c4b719839a2023-02-08 09:51:09.237root 11241100x8000000000000000288286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c2cd89abbf09702023-02-08 09:51:09.237root 11241100x8000000000000000288285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0df2c79f4ae9e162023-02-08 09:51:09.237root 154100x8000000000000000288289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.238{ec2a0601-708d-63e3-6804-897a6f550000}5942/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 534500x8000000000000000288290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.250{ec2a0601-708d-63e3-6804-897a6f550000}5942/bin/psroot 23542300x8000000000000000288291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000288303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad50261e7c1ff662023-02-08 09:51:09.735root 11241100x8000000000000000288302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bcf0f28136fde82023-02-08 09:51:09.735root 11241100x8000000000000000288301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8bc97f5abeae7c2023-02-08 09:51:09.735root 11241100x8000000000000000288300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4e3d99c41221a62023-02-08 09:51:09.735root 11241100x8000000000000000288299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5db3716e6b59832023-02-08 09:51:09.735root 11241100x8000000000000000288298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097dd572c113dab32023-02-08 09:51:09.735root 11241100x8000000000000000288297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cdde1da4aac7ee2023-02-08 09:51:09.735root 11241100x8000000000000000288296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284351ff0373e262023-02-08 09:51:09.735root 11241100x8000000000000000288295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed550d7f3a849082023-02-08 09:51:09.735root 11241100x8000000000000000288294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d312a31f1379212023-02-08 09:51:09.735root 11241100x8000000000000000288293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd63e7e08de7a5632023-02-08 09:51:09.735root 11241100x8000000000000000288292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c688e5ff09cee12023-02-08 09:51:09.735root 11241100x8000000000000000288311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010811136292d4442023-02-08 09:51:09.736root 11241100x8000000000000000288310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ad0b96ca8a5a5d2023-02-08 09:51:09.736root 11241100x8000000000000000288309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1a228d8da61a42023-02-08 09:51:09.736root 11241100x8000000000000000288308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9f55f64aae7d12023-02-08 09:51:09.736root 11241100x8000000000000000288307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8422788fa3e4cb12023-02-08 09:51:09.736root 11241100x8000000000000000288306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd58bea58c73a742023-02-08 09:51:09.736root 11241100x8000000000000000288305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fa241c9de670c82023-02-08 09:51:09.736root 11241100x8000000000000000288304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d079a59fe3d62acf2023-02-08 09:51:09.736root 11241100x8000000000000000288320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa30632e5db8503e2023-02-08 09:51:09.737root 11241100x8000000000000000288319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c3d2d330865fa42023-02-08 09:51:09.737root 11241100x8000000000000000288318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06238a0ea94ee5a92023-02-08 09:51:09.737root 11241100x8000000000000000288317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e6538dd50b12a2023-02-08 09:51:09.737root 11241100x8000000000000000288316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02840a54de3affa2023-02-08 09:51:09.737root 11241100x8000000000000000288315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27fa9bcd3ddaf442023-02-08 09:51:09.737root 11241100x8000000000000000288314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf04e23fbb1365e32023-02-08 09:51:09.737root 11241100x8000000000000000288313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1345f20559265a4b2023-02-08 09:51:09.737root 11241100x8000000000000000288312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:09.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb691734a124b7632023-02-08 09:51:09.737root 11241100x8000000000000000288326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884aa9dec69d1b262023-02-08 09:51:10.234root 11241100x8000000000000000288325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c845a2b46cdb932023-02-08 09:51:10.234root 11241100x8000000000000000288324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdca09e2dd88877e2023-02-08 09:51:10.234root 11241100x8000000000000000288323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80088fea1186f1222023-02-08 09:51:10.234root 11241100x8000000000000000288322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a986cb41c4d68a32023-02-08 09:51:10.234root 11241100x8000000000000000288321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8556029bb9f2fbda2023-02-08 09:51:10.234root 11241100x8000000000000000288337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba624624e00e7a122023-02-08 09:51:10.235root 11241100x8000000000000000288336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a8d8ec37fa0fc2023-02-08 09:51:10.235root 11241100x8000000000000000288335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0692b8272bc452023-02-08 09:51:10.235root 11241100x8000000000000000288334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09230a74f519d2bb2023-02-08 09:51:10.235root 11241100x8000000000000000288333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e013b2b8d0e9331d2023-02-08 09:51:10.235root 11241100x8000000000000000288332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114929f2a10b56682023-02-08 09:51:10.235root 11241100x8000000000000000288331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3a77231182ebb2023-02-08 09:51:10.235root 11241100x8000000000000000288330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1a06482abafc852023-02-08 09:51:10.235root 11241100x8000000000000000288329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e260c2d01e53909f2023-02-08 09:51:10.235root 11241100x8000000000000000288328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d574ef527d831f22023-02-08 09:51:10.235root 11241100x8000000000000000288327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d357645c903238d2023-02-08 09:51:10.235root 11241100x8000000000000000288350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e205d3afa823ee2023-02-08 09:51:10.236root 11241100x8000000000000000288349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76117abf4776c3562023-02-08 09:51:10.236root 11241100x8000000000000000288348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30325d219b5e50f2023-02-08 09:51:10.236root 11241100x8000000000000000288347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d230b10fed44e782023-02-08 09:51:10.236root 11241100x8000000000000000288346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c88faee9ea60ee2023-02-08 09:51:10.236root 11241100x8000000000000000288345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4912bc1bf3e2292023-02-08 09:51:10.236root 11241100x8000000000000000288344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0844a17b6ab6742023-02-08 09:51:10.236root 11241100x8000000000000000288343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda3b0559b4262f82023-02-08 09:51:10.236root 11241100x8000000000000000288342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca1af4b6a2e37e2023-02-08 09:51:10.236root 11241100x8000000000000000288341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1e972afa4374d2023-02-08 09:51:10.236root 11241100x8000000000000000288340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b72c84285b501c52023-02-08 09:51:10.236root 11241100x8000000000000000288339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966f178f30ef5cdd2023-02-08 09:51:10.236root 11241100x8000000000000000288338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be23e3a761f0c1582023-02-08 09:51:10.236root 11241100x8000000000000000288351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5283d3f6f7a78e3f2023-02-08 09:51:10.237root 11241100x8000000000000000288358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4654556f2d78b5022023-02-08 09:51:10.734root 11241100x8000000000000000288357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ce5d6da7017b4c2023-02-08 09:51:10.734root 11241100x8000000000000000288356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de96b5ef5c64f272023-02-08 09:51:10.734root 11241100x8000000000000000288355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5fa8ac2e50082f2023-02-08 09:51:10.734root 11241100x8000000000000000288354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e781d2e95c8fab2023-02-08 09:51:10.734root 11241100x8000000000000000288353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5883845218e8e5242023-02-08 09:51:10.734root 11241100x8000000000000000288352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2934a2d2d7cfaae52023-02-08 09:51:10.734root 11241100x8000000000000000288366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7390a893e6ccd0e2023-02-08 09:51:10.735root 11241100x8000000000000000288365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97bc4c1419445d22023-02-08 09:51:10.735root 11241100x8000000000000000288364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa166310795f71a2023-02-08 09:51:10.735root 11241100x8000000000000000288363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2379e61a2b52deeb2023-02-08 09:51:10.735root 11241100x8000000000000000288362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbf022cbeab016d2023-02-08 09:51:10.735root 11241100x8000000000000000288361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0243879cca312b2023-02-08 09:51:10.735root 11241100x8000000000000000288360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6504993d097736602023-02-08 09:51:10.735root 11241100x8000000000000000288359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d74c42d1631cd62023-02-08 09:51:10.735root 11241100x8000000000000000288377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d7cab24aa953892023-02-08 09:51:10.736root 11241100x8000000000000000288376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdb960e2268ad1e2023-02-08 09:51:10.736root 11241100x8000000000000000288375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60367698d41e36e2023-02-08 09:51:10.736root 11241100x8000000000000000288374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc538396bd0e6b32023-02-08 09:51:10.736root 11241100x8000000000000000288373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a024ed08a3c9802023-02-08 09:51:10.736root 11241100x8000000000000000288372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba8cc8ad8e1aa02023-02-08 09:51:10.736root 11241100x8000000000000000288371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e9a7eccc9fbfb2023-02-08 09:51:10.736root 11241100x8000000000000000288370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10d915dabf5a70b2023-02-08 09:51:10.736root 11241100x8000000000000000288369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0db7ba56c5828d2023-02-08 09:51:10.736root 11241100x8000000000000000288368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f57d86de3837562023-02-08 09:51:10.736root 11241100x8000000000000000288367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e8da7da22c1e1d2023-02-08 09:51:10.736root 11241100x8000000000000000288384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51785a3f02b8c8582023-02-08 09:51:10.737root 11241100x8000000000000000288383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab856a93bdec3e7a2023-02-08 09:51:10.737root 11241100x8000000000000000288382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205b3e40fef7bea92023-02-08 09:51:10.737root 11241100x8000000000000000288381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1938abd64cec7a212023-02-08 09:51:10.737root 11241100x8000000000000000288380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb7867fe1cf4f4a2023-02-08 09:51:10.737root 11241100x8000000000000000288379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3401c7bdb5f7cc322023-02-08 09:51:10.737root 11241100x8000000000000000288378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2061450a56e5562023-02-08 09:51:10.737root 11241100x8000000000000000288386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.211{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c005f501b6072682023-02-08 09:51:11.211root 354300x8000000000000000288385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.211{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56284-false10.0.1.12-8000- 11241100x8000000000000000288396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6544ea14b331a8942023-02-08 09:51:11.212root 11241100x8000000000000000288395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fb32bed20088732023-02-08 09:51:11.212root 11241100x8000000000000000288394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31be5d5ff7a287162023-02-08 09:51:11.212root 11241100x8000000000000000288393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d42cfaacdf473882023-02-08 09:51:11.212root 11241100x8000000000000000288392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbe48b1a3c6b0f62023-02-08 09:51:11.212root 11241100x8000000000000000288391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f5093244f69f42023-02-08 09:51:11.212root 11241100x8000000000000000288390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481c96e3b30a38882023-02-08 09:51:11.212root 11241100x8000000000000000288389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c566e56f72d77bae2023-02-08 09:51:11.212root 11241100x8000000000000000288388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c009f42eb8997d002023-02-08 09:51:11.212root 11241100x8000000000000000288387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.212{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96797ad5903e58a2023-02-08 09:51:11.212root 11241100x8000000000000000288405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a47f266709fc9f2023-02-08 09:51:11.213root 11241100x8000000000000000288404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158c73de65274abe2023-02-08 09:51:11.213root 11241100x8000000000000000288403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cc7e0a4af224372023-02-08 09:51:11.213root 11241100x8000000000000000288402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adef85e3278d1d52023-02-08 09:51:11.213root 11241100x8000000000000000288401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2914b69eb04271f22023-02-08 09:51:11.213root 11241100x8000000000000000288400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c67bbe60c54ffc2023-02-08 09:51:11.213root 11241100x8000000000000000288399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78733983a264927d2023-02-08 09:51:11.213root 11241100x8000000000000000288398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce41005841ce9bb82023-02-08 09:51:11.213root 11241100x8000000000000000288397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.213{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a72f702f3f6f52023-02-08 09:51:11.213root 11241100x8000000000000000288414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86231fde45ef8812023-02-08 09:51:11.214root 11241100x8000000000000000288413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84f55bb5ff3721f2023-02-08 09:51:11.214root 11241100x8000000000000000288412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0840c73a401fd972023-02-08 09:51:11.214root 11241100x8000000000000000288411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793d8d34dcfbf3622023-02-08 09:51:11.214root 11241100x8000000000000000288410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdc60bac82321d92023-02-08 09:51:11.214root 11241100x8000000000000000288409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1517a2b9bab675ca2023-02-08 09:51:11.214root 11241100x8000000000000000288408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906a78072f05b022023-02-08 09:51:11.214root 11241100x8000000000000000288407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009f2e1fff02147d2023-02-08 09:51:11.214root 11241100x8000000000000000288406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.214{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b690d495c35c2152023-02-08 09:51:11.214root 11241100x8000000000000000288426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc19bdd5322da6e2023-02-08 09:51:11.215root 11241100x8000000000000000288425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4753d2e0b38482eb2023-02-08 09:51:11.215root 11241100x8000000000000000288424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b48d64556c8aa82023-02-08 09:51:11.215root 11241100x8000000000000000288423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a658bfbcdf2e130a2023-02-08 09:51:11.215root 11241100x8000000000000000288422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9ca49c081fbd52023-02-08 09:51:11.215root 11241100x8000000000000000288421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db945420a4e086152023-02-08 09:51:11.215root 11241100x8000000000000000288420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1518036c2cdbebfe2023-02-08 09:51:11.215root 11241100x8000000000000000288419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaadfa9c24b8b8a32023-02-08 09:51:11.215root 11241100x8000000000000000288418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de2cc09d5444042023-02-08 09:51:11.215root 11241100x8000000000000000288417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ebb0b8a04f36662023-02-08 09:51:11.215root 11241100x8000000000000000288416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc341a263d8cfaa2023-02-08 09:51:11.215root 11241100x8000000000000000288415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.215{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41990292d99ecf42023-02-08 09:51:11.215root 11241100x8000000000000000288438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f6692c58c6a6172023-02-08 09:51:11.216root 11241100x8000000000000000288437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942279287ede24682023-02-08 09:51:11.216root 11241100x8000000000000000288436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb5a0fa91a56d292023-02-08 09:51:11.216root 11241100x8000000000000000288435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849483f1dfae7d6d2023-02-08 09:51:11.216root 11241100x8000000000000000288434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610d2c96329d6d802023-02-08 09:51:11.216root 11241100x8000000000000000288433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6850bef1f332e32023-02-08 09:51:11.216root 11241100x8000000000000000288432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad0c0af2f259602023-02-08 09:51:11.216root 11241100x8000000000000000288431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e27a2511e0a69872023-02-08 09:51:11.216root 11241100x8000000000000000288430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f614ae6f3b505f152023-02-08 09:51:11.216root 11241100x8000000000000000288429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215df2a6c15b08b32023-02-08 09:51:11.216root 11241100x8000000000000000288428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b67106fd41bad82023-02-08 09:51:11.216root 11241100x8000000000000000288427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.216{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fbf1d079bd2ae62023-02-08 09:51:11.216root 11241100x8000000000000000288442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.217{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9c3491aa1cc7762023-02-08 09:51:11.217root 11241100x8000000000000000288441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.217{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f5ca1692923c932023-02-08 09:51:11.217root 11241100x8000000000000000288440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.217{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29ae2a2481aef82023-02-08 09:51:11.217root 11241100x8000000000000000288439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.217{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621ef06e422e668b2023-02-08 09:51:11.217root 11241100x8000000000000000288450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc778dc8c87c8972023-02-08 09:51:11.484root 11241100x8000000000000000288449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14e2bcd893295022023-02-08 09:51:11.484root 11241100x8000000000000000288448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64af9647e8c7ba12023-02-08 09:51:11.484root 11241100x8000000000000000288447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3420f69d461e352023-02-08 09:51:11.484root 11241100x8000000000000000288446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b05ae18a42c2eb2023-02-08 09:51:11.484root 11241100x8000000000000000288445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4652863be75ecf2023-02-08 09:51:11.484root 11241100x8000000000000000288444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdb6d8a003c2f7b2023-02-08 09:51:11.484root 11241100x8000000000000000288443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614fe7c4e910f0f52023-02-08 09:51:11.484root 11241100x8000000000000000288463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd7614318f65ba02023-02-08 09:51:11.485root 11241100x8000000000000000288462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81704173bbb264752023-02-08 09:51:11.485root 11241100x8000000000000000288461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27010c41daa9098d2023-02-08 09:51:11.485root 11241100x8000000000000000288460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab513d6d0b014d72023-02-08 09:51:11.485root 11241100x8000000000000000288459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d557b1e649859a8e2023-02-08 09:51:11.485root 11241100x8000000000000000288458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f02bf785685552023-02-08 09:51:11.485root 11241100x8000000000000000288457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b23b4ef6108c372023-02-08 09:51:11.485root 11241100x8000000000000000288456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b399cfd704a25a102023-02-08 09:51:11.485root 11241100x8000000000000000288455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35268d597913f6e2023-02-08 09:51:11.485root 11241100x8000000000000000288454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893696895fd3b6df2023-02-08 09:51:11.485root 11241100x8000000000000000288453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4bb6794b5745802023-02-08 09:51:11.485root 11241100x8000000000000000288452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897cfedf3fe80fa32023-02-08 09:51:11.485root 11241100x8000000000000000288451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6ed195aafeb612023-02-08 09:51:11.485root 11241100x8000000000000000288474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ae48eff2869c832023-02-08 09:51:11.486root 11241100x8000000000000000288473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a805b4715eb2d522023-02-08 09:51:11.486root 11241100x8000000000000000288472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cffd54e2daf9902023-02-08 09:51:11.486root 11241100x8000000000000000288471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bdca412968a3892023-02-08 09:51:11.486root 11241100x8000000000000000288470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53193eade6f30b892023-02-08 09:51:11.486root 11241100x8000000000000000288469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ec25564330eae2023-02-08 09:51:11.486root 11241100x8000000000000000288468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21a93cfd1a84d672023-02-08 09:51:11.486root 11241100x8000000000000000288467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2ec2810640fbf82023-02-08 09:51:11.486root 11241100x8000000000000000288466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a384aa6eeb15eb42023-02-08 09:51:11.486root 11241100x8000000000000000288465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a5585e9bbbae72023-02-08 09:51:11.486root 11241100x8000000000000000288464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17d0225cc40e0172023-02-08 09:51:11.486root 11241100x8000000000000000288475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74b63809483276c2023-02-08 09:51:11.984root 11241100x8000000000000000288480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672df69c1b89e34c2023-02-08 09:51:11.985root 11241100x8000000000000000288479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0891c36b10e4072023-02-08 09:51:11.985root 11241100x8000000000000000288478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36738972bf933c8b2023-02-08 09:51:11.985root 11241100x8000000000000000288477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070d5e6a004f70aa2023-02-08 09:51:11.985root 11241100x8000000000000000288476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544b2ca5d1b3873a2023-02-08 09:51:11.985root 11241100x8000000000000000288491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ecc8a3912377a02023-02-08 09:51:11.986root 11241100x8000000000000000288490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262a3e50c586d4b62023-02-08 09:51:11.986root 11241100x8000000000000000288489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5abf5c9dd908512023-02-08 09:51:11.986root 11241100x8000000000000000288488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d43f67598ca0762023-02-08 09:51:11.986root 11241100x8000000000000000288487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c44f4598d980cd2023-02-08 09:51:11.986root 11241100x8000000000000000288486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa499f7032333892023-02-08 09:51:11.986root 11241100x8000000000000000288485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc42f1bb31449c32023-02-08 09:51:11.986root 11241100x8000000000000000288484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311285a062dc74a72023-02-08 09:51:11.986root 11241100x8000000000000000288483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757a432cf15772ef2023-02-08 09:51:11.986root 11241100x8000000000000000288482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0de3e1d4766e4262023-02-08 09:51:11.986root 11241100x8000000000000000288481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc93ab508ec6b4732023-02-08 09:51:11.986root 11241100x8000000000000000288504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880af3021a4439f72023-02-08 09:51:11.987root 11241100x8000000000000000288503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e14e968a2eb404e2023-02-08 09:51:11.987root 11241100x8000000000000000288502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9965d7334765a3782023-02-08 09:51:11.987root 11241100x8000000000000000288501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef656709d6fd05c2023-02-08 09:51:11.987root 11241100x8000000000000000288500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c486cb72809b7f2023-02-08 09:51:11.987root 11241100x8000000000000000288499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34837e49b7a4b2c22023-02-08 09:51:11.987root 11241100x8000000000000000288498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d0c8179cbc4ae2023-02-08 09:51:11.987root 11241100x8000000000000000288497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5696289d823e475a2023-02-08 09:51:11.987root 11241100x8000000000000000288496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0709a2cd7b464932023-02-08 09:51:11.987root 11241100x8000000000000000288495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edc1c33c995d1262023-02-08 09:51:11.987root 11241100x8000000000000000288494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af8c490c7cf354f2023-02-08 09:51:11.987root 11241100x8000000000000000288493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1d5cdb1169c36a2023-02-08 09:51:11.987root 11241100x8000000000000000288492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:11.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85a7376a62eb99c2023-02-08 09:51:11.987root 11241100x8000000000000000288506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674d46339da17f992023-02-08 09:51:12.484root 11241100x8000000000000000288505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300d750d127d6daf2023-02-08 09:51:12.484root 11241100x8000000000000000288511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f35e8c5e9c95a7a2023-02-08 09:51:12.485root 11241100x8000000000000000288510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c42bebfd38484052023-02-08 09:51:12.485root 11241100x8000000000000000288509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2654a5cf4b35f9b72023-02-08 09:51:12.485root 11241100x8000000000000000288508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26967a1206277392023-02-08 09:51:12.485root 11241100x8000000000000000288507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8297a7adaa183432023-02-08 09:51:12.485root 11241100x8000000000000000288520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208e144bb337bab92023-02-08 09:51:12.486root 11241100x8000000000000000288519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d3499c6b2fcd5e2023-02-08 09:51:12.486root 11241100x8000000000000000288518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8250fe3a47cb9a62023-02-08 09:51:12.486root 11241100x8000000000000000288517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a76757e44363bd2023-02-08 09:51:12.486root 11241100x8000000000000000288516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defbae19a7e40db42023-02-08 09:51:12.486root 11241100x8000000000000000288515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9e3f3a78a00162023-02-08 09:51:12.486root 11241100x8000000000000000288514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b949b0228dc068f2023-02-08 09:51:12.486root 11241100x8000000000000000288513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76af8cc6599973082023-02-08 09:51:12.486root 11241100x8000000000000000288512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4515b88c660d8382023-02-08 09:51:12.486root 11241100x8000000000000000288529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837651946462ee312023-02-08 09:51:12.487root 11241100x8000000000000000288528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d56c34e035ebc62023-02-08 09:51:12.487root 11241100x8000000000000000288527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc0142c92779f92023-02-08 09:51:12.487root 11241100x8000000000000000288526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a4cc2c56e48c942023-02-08 09:51:12.487root 11241100x8000000000000000288525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8b77f767cdb37f2023-02-08 09:51:12.487root 11241100x8000000000000000288524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1592b36d9ec7b132023-02-08 09:51:12.487root 11241100x8000000000000000288523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ceeacfcd9c31c72023-02-08 09:51:12.487root 11241100x8000000000000000288522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c223850e3dbc725a2023-02-08 09:51:12.487root 11241100x8000000000000000288521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd203f1dec208c62023-02-08 09:51:12.487root 11241100x8000000000000000288534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a34f2b93dbb5152023-02-08 09:51:12.488root 11241100x8000000000000000288533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b4473365017e1e2023-02-08 09:51:12.488root 11241100x8000000000000000288532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2172170b7d606a12023-02-08 09:51:12.488root 11241100x8000000000000000288531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae85135942f1522d2023-02-08 09:51:12.488root 11241100x8000000000000000288530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d9f037ed8f4da22023-02-08 09:51:12.488root 11241100x8000000000000000288535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13fcae246f23fe62023-02-08 09:51:12.984root 11241100x8000000000000000288541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a229a1913f985a2023-02-08 09:51:12.985root 11241100x8000000000000000288540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60727b1425e410f2023-02-08 09:51:12.985root 11241100x8000000000000000288539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ceac5a55a2711a2023-02-08 09:51:12.985root 11241100x8000000000000000288538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1212f74e14e582023-02-08 09:51:12.985root 11241100x8000000000000000288537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134c24fd42b464f62023-02-08 09:51:12.985root 11241100x8000000000000000288536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c6ae3c064eb6a02023-02-08 09:51:12.985root 11241100x8000000000000000288550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057e37fbd47f8ead2023-02-08 09:51:12.986root 11241100x8000000000000000288549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09ff9f6b8ecde062023-02-08 09:51:12.986root 11241100x8000000000000000288548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b526fef95ce66f32023-02-08 09:51:12.986root 11241100x8000000000000000288547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbea10819124e0c2023-02-08 09:51:12.986root 11241100x8000000000000000288546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57841c258dcfa5832023-02-08 09:51:12.986root 11241100x8000000000000000288545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf86321ccac6b56a2023-02-08 09:51:12.986root 11241100x8000000000000000288544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d95076c32a8df12023-02-08 09:51:12.986root 11241100x8000000000000000288543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0dc89e7a23bd7e2023-02-08 09:51:12.986root 11241100x8000000000000000288542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88ecd96998a31e22023-02-08 09:51:12.986root 11241100x8000000000000000288554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe25cd8b274e2082023-02-08 09:51:12.987root 11241100x8000000000000000288553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61acbfd7c668e1682023-02-08 09:51:12.987root 11241100x8000000000000000288552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bb80f2fa6a24c82023-02-08 09:51:12.987root 11241100x8000000000000000288551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4b05961974d9222023-02-08 09:51:12.987root 11241100x8000000000000000288560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc61a44a79d91242023-02-08 09:51:12.988root 11241100x8000000000000000288559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e4b0025054675c2023-02-08 09:51:12.988root 11241100x8000000000000000288558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85af8fe692b31692023-02-08 09:51:12.988root 11241100x8000000000000000288557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad08f1260ff4c172023-02-08 09:51:12.988root 11241100x8000000000000000288556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac3697abfe0fcf52023-02-08 09:51:12.988root 11241100x8000000000000000288555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7fdea533b0c6e12023-02-08 09:51:12.988root 11241100x8000000000000000288565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bddb7f784cc48df2023-02-08 09:51:12.989root 11241100x8000000000000000288564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebebe3492a5322b72023-02-08 09:51:12.989root 11241100x8000000000000000288563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf0193854780a802023-02-08 09:51:12.989root 11241100x8000000000000000288562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d73b0c92cc2d052023-02-08 09:51:12.989root 11241100x8000000000000000288561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:12.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f379063fd79e44fb2023-02-08 09:51:12.989root 11241100x8000000000000000288567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d743098331a59d2023-02-08 09:51:13.484root 11241100x8000000000000000288566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79ec1b165b243162023-02-08 09:51:13.484root 11241100x8000000000000000288576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e3366e3a64cc6e2023-02-08 09:51:13.485root 11241100x8000000000000000288575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2814f46c4d23982023-02-08 09:51:13.485root 11241100x8000000000000000288574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fc3f48517a8fe42023-02-08 09:51:13.485root 11241100x8000000000000000288573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4547c03d5fd0692023-02-08 09:51:13.485root 11241100x8000000000000000288572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1674983ee653245b2023-02-08 09:51:13.485root 11241100x8000000000000000288571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49b659a461a8a42023-02-08 09:51:13.485root 11241100x8000000000000000288570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b121aa8afef1202d2023-02-08 09:51:13.485root 11241100x8000000000000000288569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b256f802a54a84482023-02-08 09:51:13.485root 11241100x8000000000000000288568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b97892ebd0653aa2023-02-08 09:51:13.485root 11241100x8000000000000000288590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcae4586495859ae2023-02-08 09:51:13.486root 11241100x8000000000000000288589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f64033f8f2aba9e2023-02-08 09:51:13.486root 11241100x8000000000000000288588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd6f6f2e133d71f2023-02-08 09:51:13.486root 11241100x8000000000000000288587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2149e4cf58dec22023-02-08 09:51:13.486root 11241100x8000000000000000288586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf21768c676403bf2023-02-08 09:51:13.486root 11241100x8000000000000000288585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0420423e9c30295a2023-02-08 09:51:13.486root 11241100x8000000000000000288584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbf13fb5f4b68c92023-02-08 09:51:13.486root 11241100x8000000000000000288583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1242e46509b82c32023-02-08 09:51:13.486root 11241100x8000000000000000288582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6b94984cf85d52023-02-08 09:51:13.486root 11241100x8000000000000000288581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2904af6edc86f32023-02-08 09:51:13.486root 11241100x8000000000000000288580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5380a4d496f4f392023-02-08 09:51:13.486root 11241100x8000000000000000288579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb528e023859c822023-02-08 09:51:13.486root 11241100x8000000000000000288578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a354131222f0f5f02023-02-08 09:51:13.486root 11241100x8000000000000000288577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bd68da4b0ccfde2023-02-08 09:51:13.486root 11241100x8000000000000000288595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9539723cb18f4532023-02-08 09:51:13.487root 11241100x8000000000000000288594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bda0ac26bce4a1c2023-02-08 09:51:13.487root 11241100x8000000000000000288593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b013414caef0e26c2023-02-08 09:51:13.487root 11241100x8000000000000000288592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66274129203f01f92023-02-08 09:51:13.487root 11241100x8000000000000000288591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba3f4742be4d7cb2023-02-08 09:51:13.487root 11241100x8000000000000000288596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f2a986790205d42023-02-08 09:51:13.984root 11241100x8000000000000000288609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7291efe78f2679af2023-02-08 09:51:13.985root 11241100x8000000000000000288608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde0a8419e7c7ac92023-02-08 09:51:13.985root 11241100x8000000000000000288607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cfb0672d271eb42023-02-08 09:51:13.985root 11241100x8000000000000000288606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3098054a74dcd52023-02-08 09:51:13.985root 11241100x8000000000000000288605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6a13d3f7f210742023-02-08 09:51:13.985root 11241100x8000000000000000288604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9889a8b2a2ab57752023-02-08 09:51:13.985root 11241100x8000000000000000288603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2af67bc2403802023-02-08 09:51:13.985root 11241100x8000000000000000288602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32924e15184afb572023-02-08 09:51:13.985root 11241100x8000000000000000288601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b448c2d3249d2b722023-02-08 09:51:13.985root 11241100x8000000000000000288600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a863c070b5f90cd2023-02-08 09:51:13.985root 11241100x8000000000000000288599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7576482cd4aefb42023-02-08 09:51:13.985root 11241100x8000000000000000288598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4b8c6adfa24e052023-02-08 09:51:13.985root 11241100x8000000000000000288597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ce8d10ec33689a2023-02-08 09:51:13.985root 11241100x8000000000000000288620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54988c38fa613e232023-02-08 09:51:13.986root 11241100x8000000000000000288619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d0bcef8e4f03432023-02-08 09:51:13.986root 11241100x8000000000000000288618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08a75c74bdae5342023-02-08 09:51:13.986root 11241100x8000000000000000288617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a766ba39ae2188a32023-02-08 09:51:13.986root 11241100x8000000000000000288616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd9513d3e75f8112023-02-08 09:51:13.986root 11241100x8000000000000000288615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d608524ece5c4f6a2023-02-08 09:51:13.986root 11241100x8000000000000000288614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b811afa9a4b6e7692023-02-08 09:51:13.986root 11241100x8000000000000000288613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc672c4e3191ff22023-02-08 09:51:13.986root 11241100x8000000000000000288612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde34202892cc8632023-02-08 09:51:13.986root 11241100x8000000000000000288611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a710bcf879ce56492023-02-08 09:51:13.986root 11241100x8000000000000000288610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85617275d619bef02023-02-08 09:51:13.986root 11241100x8000000000000000288625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3502de7b56a87642023-02-08 09:51:13.987root 11241100x8000000000000000288624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22b5181017503712023-02-08 09:51:13.987root 11241100x8000000000000000288623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcf2ce79d8a26c52023-02-08 09:51:13.987root 11241100x8000000000000000288622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958cc25920747ef42023-02-08 09:51:13.987root 11241100x8000000000000000288621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:13.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac35a49a1657dd192023-02-08 09:51:13.987root 11241100x8000000000000000288634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b826a9ffbeb799e2023-02-08 09:51:14.484root 11241100x8000000000000000288633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdaf55dbf2ddd3f2023-02-08 09:51:14.484root 11241100x8000000000000000288632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4428a1a5c5183e22023-02-08 09:51:14.484root 11241100x8000000000000000288631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac7e900d662ad332023-02-08 09:51:14.484root 11241100x8000000000000000288630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d1278ef11ba9ba2023-02-08 09:51:14.484root 11241100x8000000000000000288629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376620c3d4991ea02023-02-08 09:51:14.484root 11241100x8000000000000000288628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5e16b0561f6df42023-02-08 09:51:14.484root 11241100x8000000000000000288627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c94b913cfedc12023-02-08 09:51:14.484root 11241100x8000000000000000288626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df1e832194e4ad2023-02-08 09:51:14.484root 11241100x8000000000000000288640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f3c8af7b0d0c262023-02-08 09:51:14.485root 11241100x8000000000000000288639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff0fdc26e6304c2023-02-08 09:51:14.485root 11241100x8000000000000000288638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4356b4d9cf2b7e6c2023-02-08 09:51:14.485root 11241100x8000000000000000288637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044832c0689080322023-02-08 09:51:14.485root 11241100x8000000000000000288636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12e6bf26138ac782023-02-08 09:51:14.485root 11241100x8000000000000000288635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362e72e29410d4be2023-02-08 09:51:14.485root 11241100x8000000000000000288647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943b9b4900cb6a1c2023-02-08 09:51:14.486root 11241100x8000000000000000288646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60af307634e16592023-02-08 09:51:14.486root 11241100x8000000000000000288645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb7573f2f65d2f82023-02-08 09:51:14.486root 11241100x8000000000000000288644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d868069b7513422023-02-08 09:51:14.486root 11241100x8000000000000000288643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b026f32ec148a72023-02-08 09:51:14.486root 11241100x8000000000000000288642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8ce8fc982807882023-02-08 09:51:14.486root 11241100x8000000000000000288641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e77ca149adfa702023-02-08 09:51:14.486root 11241100x8000000000000000288656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74626558fbd1270a2023-02-08 09:51:14.487root 11241100x8000000000000000288655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdd458582cd065b2023-02-08 09:51:14.487root 11241100x8000000000000000288654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05db0ed54f31474c2023-02-08 09:51:14.487root 11241100x8000000000000000288653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d30c0107be663842023-02-08 09:51:14.487root 11241100x8000000000000000288652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a954809ea3a0dbf2023-02-08 09:51:14.487root 11241100x8000000000000000288651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1586b5e6573290862023-02-08 09:51:14.487root 11241100x8000000000000000288650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae388c07fed46a9e2023-02-08 09:51:14.487root 11241100x8000000000000000288649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f40cbae4eb84702023-02-08 09:51:14.487root 11241100x8000000000000000288648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805212b536841d02023-02-08 09:51:14.487root 11241100x8000000000000000288666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5475208c59232b2023-02-08 09:51:14.488root 11241100x8000000000000000288665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6576f3dcfb3a24382023-02-08 09:51:14.488root 11241100x8000000000000000288664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0458dd0ea4874d802023-02-08 09:51:14.488root 11241100x8000000000000000288663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d7df1361853dc62023-02-08 09:51:14.488root 11241100x8000000000000000288662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b1cd66604d0a42023-02-08 09:51:14.488root 11241100x8000000000000000288661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a676b66da290969f2023-02-08 09:51:14.488root 11241100x8000000000000000288660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3bc95d26e039e32023-02-08 09:51:14.488root 11241100x8000000000000000288659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eacfdd338bee7672023-02-08 09:51:14.488root 11241100x8000000000000000288658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336a7299a70009142023-02-08 09:51:14.488root 11241100x8000000000000000288657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d95033704c7b5a52023-02-08 09:51:14.488root 11241100x8000000000000000288672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bac6a179a88f23d2023-02-08 09:51:14.489root 11241100x8000000000000000288671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7a9958e78061492023-02-08 09:51:14.489root 11241100x8000000000000000288670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd1f2eedf78b7c72023-02-08 09:51:14.489root 11241100x8000000000000000288669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfecf9035f3df3fc2023-02-08 09:51:14.489root 11241100x8000000000000000288668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83280eb1368461872023-02-08 09:51:14.489root 11241100x8000000000000000288667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60eb94aa3b8902b2023-02-08 09:51:14.489root 11241100x8000000000000000288675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee049a9b9f975c0b2023-02-08 09:51:14.984root 11241100x8000000000000000288674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03c25f6da12aec2023-02-08 09:51:14.984root 11241100x8000000000000000288673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4386ffe631a18c2023-02-08 09:51:14.984root 11241100x8000000000000000288682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa646cf4b6cdaa32023-02-08 09:51:14.985root 11241100x8000000000000000288681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1664d82a9dfa26d2023-02-08 09:51:14.985root 11241100x8000000000000000288680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f1c30faab88572023-02-08 09:51:14.985root 11241100x8000000000000000288679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b56fdd4e7c1db42023-02-08 09:51:14.985root 11241100x8000000000000000288678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd94a30e2d964c2023-02-08 09:51:14.985root 11241100x8000000000000000288677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da11b9b5d9a4d2d92023-02-08 09:51:14.985root 11241100x8000000000000000288676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44d4a48a96b39282023-02-08 09:51:14.985root 11241100x8000000000000000288689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17614ae9c34c0c8e2023-02-08 09:51:14.986root 11241100x8000000000000000288688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e8fabcc7b63a222023-02-08 09:51:14.986root 11241100x8000000000000000288687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf4e551cc974dfd2023-02-08 09:51:14.986root 11241100x8000000000000000288686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ec612f266723d62023-02-08 09:51:14.986root 11241100x8000000000000000288685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507a34fc94a2c4682023-02-08 09:51:14.986root 11241100x8000000000000000288684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d20f27060c15422023-02-08 09:51:14.986root 11241100x8000000000000000288683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc2b95f3ce6e8ea2023-02-08 09:51:14.986root 11241100x8000000000000000288692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7e9000e28c15142023-02-08 09:51:14.987root 11241100x8000000000000000288691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50586b2a87b21e532023-02-08 09:51:14.987root 11241100x8000000000000000288690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5324a918b9e27ade2023-02-08 09:51:14.987root 11241100x8000000000000000288697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587162e8b211a58f2023-02-08 09:51:14.988root 11241100x8000000000000000288696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95023d849e3d42f92023-02-08 09:51:14.988root 11241100x8000000000000000288695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a0fdc46b1556732023-02-08 09:51:14.988root 11241100x8000000000000000288694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73466c89cdcb7d572023-02-08 09:51:14.988root 11241100x8000000000000000288693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b1b1baea8b7d4c2023-02-08 09:51:14.988root 11241100x8000000000000000288702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f6b9487a966f52023-02-08 09:51:14.989root 11241100x8000000000000000288701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc6d29d47c31fc2023-02-08 09:51:14.989root 11241100x8000000000000000288700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0234563462bf5ded2023-02-08 09:51:14.989root 11241100x8000000000000000288699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a687a92d5e2361a2023-02-08 09:51:14.989root 11241100x8000000000000000288698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bad9a4cc46d21762023-02-08 09:51:14.989root 11241100x8000000000000000288705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2cf6a2c74dd7072023-02-08 09:51:14.990root 11241100x8000000000000000288704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a212d9e802dd4612023-02-08 09:51:14.990root 11241100x8000000000000000288703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:14.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc277e4200a0fc82023-02-08 09:51:14.990root 11241100x8000000000000000288706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb617a368374d692023-02-08 09:51:15.484root 11241100x8000000000000000288709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbb3cfde12162f62023-02-08 09:51:15.485root 11241100x8000000000000000288708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c79ef76629229202023-02-08 09:51:15.485root 11241100x8000000000000000288707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfee5f86ee3e3c02023-02-08 09:51:15.485root 11241100x8000000000000000288716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a3714add6a8182023-02-08 09:51:15.486root 11241100x8000000000000000288715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a344badf8e026c2023-02-08 09:51:15.486root 11241100x8000000000000000288714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40db25cebcad0a482023-02-08 09:51:15.486root 11241100x8000000000000000288713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c572edaacea2e02023-02-08 09:51:15.486root 11241100x8000000000000000288712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9292f127fd78a8672023-02-08 09:51:15.486root 11241100x8000000000000000288711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5e5f3c7f364ca52023-02-08 09:51:15.486root 11241100x8000000000000000288710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22c2f57b9e846e02023-02-08 09:51:15.486root 11241100x8000000000000000288724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d0c1fd88443c742023-02-08 09:51:15.487root 11241100x8000000000000000288723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30d6bb2bec98fa62023-02-08 09:51:15.487root 11241100x8000000000000000288722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bdd75653dc94182023-02-08 09:51:15.487root 11241100x8000000000000000288721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4243e9d9649152023-02-08 09:51:15.487root 11241100x8000000000000000288720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3dd20e6ff0fe7e2023-02-08 09:51:15.487root 11241100x8000000000000000288719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6983ec5ae75cbefd2023-02-08 09:51:15.487root 11241100x8000000000000000288718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0c3618209594bb2023-02-08 09:51:15.487root 11241100x8000000000000000288717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d85a7c863048e2023-02-08 09:51:15.487root 11241100x8000000000000000288730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a7f72a44230c262023-02-08 09:51:15.488root 11241100x8000000000000000288729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6d4d683eb4343b2023-02-08 09:51:15.488root 11241100x8000000000000000288728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de812daac610770d2023-02-08 09:51:15.488root 11241100x8000000000000000288727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd8b8d3604d04952023-02-08 09:51:15.488root 11241100x8000000000000000288726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c4963107a5250d2023-02-08 09:51:15.488root 11241100x8000000000000000288725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461ab1e228a646d32023-02-08 09:51:15.488root 11241100x8000000000000000288735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3b3c0602e9a172023-02-08 09:51:15.489root 11241100x8000000000000000288734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e8be7c0263b66d2023-02-08 09:51:15.489root 11241100x8000000000000000288733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cb18b956d371742023-02-08 09:51:15.489root 11241100x8000000000000000288732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02da1fd6ac4a7c12023-02-08 09:51:15.489root 11241100x8000000000000000288731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf9fae8a4b7d7e2023-02-08 09:51:15.489root 11241100x8000000000000000288744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b311dfdb1589242023-02-08 09:51:15.985root 11241100x8000000000000000288743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b4856d83f4d732023-02-08 09:51:15.985root 11241100x8000000000000000288742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028b8a9998a6c4102023-02-08 09:51:15.985root 11241100x8000000000000000288741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75819cf586a777a32023-02-08 09:51:15.985root 11241100x8000000000000000288740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9de43a2feaa9502023-02-08 09:51:15.985root 11241100x8000000000000000288739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc4b307633a11c72023-02-08 09:51:15.985root 11241100x8000000000000000288738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5838dddc772653eb2023-02-08 09:51:15.985root 11241100x8000000000000000288737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bdc6d2c4c316e42023-02-08 09:51:15.985root 11241100x8000000000000000288736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bacd47ab499961d2023-02-08 09:51:15.985root 11241100x8000000000000000288756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc36dc227bfad522023-02-08 09:51:15.986root 11241100x8000000000000000288755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d729999f04bac1be2023-02-08 09:51:15.986root 11241100x8000000000000000288754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1b98f8acd09a9c2023-02-08 09:51:15.986root 11241100x8000000000000000288753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64111443965453292023-02-08 09:51:15.986root 11241100x8000000000000000288752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f1a581b1b40412023-02-08 09:51:15.986root 11241100x8000000000000000288751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55977409516c4f392023-02-08 09:51:15.986root 11241100x8000000000000000288750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732aaaf78dc5b062023-02-08 09:51:15.986root 11241100x8000000000000000288749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f924ad72a15e952023-02-08 09:51:15.986root 11241100x8000000000000000288748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474f2a18e56b975e2023-02-08 09:51:15.986root 11241100x8000000000000000288747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9285f7c2ba52e6d92023-02-08 09:51:15.986root 11241100x8000000000000000288746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa83c97976c64e8d2023-02-08 09:51:15.986root 11241100x8000000000000000288745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baf5663bc73eee62023-02-08 09:51:15.986root 11241100x8000000000000000288765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa7596a06dc49342023-02-08 09:51:15.987root 11241100x8000000000000000288764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc5e61e9b98918a2023-02-08 09:51:15.987root 11241100x8000000000000000288763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030176466ee206cf2023-02-08 09:51:15.987root 11241100x8000000000000000288762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb902a0498be392023-02-08 09:51:15.987root 11241100x8000000000000000288761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931d5bfe9cea40182023-02-08 09:51:15.987root 11241100x8000000000000000288760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafb25c846ec30d82023-02-08 09:51:15.987root 11241100x8000000000000000288759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f056cc6cb62a806c2023-02-08 09:51:15.987root 11241100x8000000000000000288758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f26a4a2caafa632023-02-08 09:51:15.987root 11241100x8000000000000000288757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:15.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f342769e2ceb5e422023-02-08 09:51:15.987root 354300x8000000000000000288766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.222{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56296-false10.0.1.12-8000- 11241100x8000000000000000288774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d383dc82c905b6c2023-02-08 09:51:16.484root 11241100x8000000000000000288773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcd50e50ba3e0082023-02-08 09:51:16.484root 11241100x8000000000000000288772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74cb4f3510534242023-02-08 09:51:16.484root 11241100x8000000000000000288771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c6db7ae1abbfd2023-02-08 09:51:16.484root 11241100x8000000000000000288770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394f5b71d343df192023-02-08 09:51:16.484root 11241100x8000000000000000288769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4d78c0746eb6ee2023-02-08 09:51:16.484root 11241100x8000000000000000288768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31e62c2f39314d72023-02-08 09:51:16.484root 11241100x8000000000000000288767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c5aaf4350b1c762023-02-08 09:51:16.484root 11241100x8000000000000000288787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ecab87a41ace1b2023-02-08 09:51:16.485root 11241100x8000000000000000288786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d1e807d5f943e2023-02-08 09:51:16.485root 11241100x8000000000000000288785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2c672779a619692023-02-08 09:51:16.485root 11241100x8000000000000000288784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c90bae9194c17bb2023-02-08 09:51:16.485root 11241100x8000000000000000288783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6641052a8edcd4572023-02-08 09:51:16.485root 11241100x8000000000000000288782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b995978c399d322023-02-08 09:51:16.485root 11241100x8000000000000000288781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca29d8f0a637e02023-02-08 09:51:16.485root 11241100x8000000000000000288780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14315a1fb6935c72023-02-08 09:51:16.485root 11241100x8000000000000000288779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbf0ece2578ff732023-02-08 09:51:16.485root 11241100x8000000000000000288778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf43534d4c76d302023-02-08 09:51:16.485root 11241100x8000000000000000288777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0c7095f96759832023-02-08 09:51:16.485root 11241100x8000000000000000288776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47366a58b169cee82023-02-08 09:51:16.485root 11241100x8000000000000000288775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317016b28bab283f2023-02-08 09:51:16.485root 11241100x8000000000000000288798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4407135a3681482023-02-08 09:51:16.486root 11241100x8000000000000000288797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ba0f26f5c332622023-02-08 09:51:16.486root 11241100x8000000000000000288796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46a955659cf03da2023-02-08 09:51:16.486root 11241100x8000000000000000288795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc388b6a21bd7c42023-02-08 09:51:16.486root 11241100x8000000000000000288794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d1b5c5343a6d792023-02-08 09:51:16.486root 11241100x8000000000000000288793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e72c918f8ad595a2023-02-08 09:51:16.486root 11241100x8000000000000000288792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49db1e52f804d7702023-02-08 09:51:16.486root 11241100x8000000000000000288791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ee9da70492eb792023-02-08 09:51:16.486root 11241100x8000000000000000288790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de75b61ec1c4271b2023-02-08 09:51:16.486root 11241100x8000000000000000288789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4033d6d143c2684d2023-02-08 09:51:16.486root 11241100x8000000000000000288788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba71a0b1b9e7b6752023-02-08 09:51:16.486root 11241100x8000000000000000288803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0885e3953264a1e52023-02-08 09:51:16.487root 11241100x8000000000000000288802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dd187adfc1243d2023-02-08 09:51:16.487root 11241100x8000000000000000288801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc90fae91a750c2c2023-02-08 09:51:16.487root 11241100x8000000000000000288800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecd16d3bd38ec902023-02-08 09:51:16.487root 11241100x8000000000000000288799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16edd32035c1637a2023-02-08 09:51:16.487root 11241100x8000000000000000288804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee5a555914ea0642023-02-08 09:51:16.984root 11241100x8000000000000000288808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8a085b242a5bfd2023-02-08 09:51:16.985root 11241100x8000000000000000288807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31aaabcc334fd8802023-02-08 09:51:16.985root 11241100x8000000000000000288806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be63a79ceaebbecc2023-02-08 09:51:16.985root 11241100x8000000000000000288805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f838cfeaf263a2023-02-08 09:51:16.985root 11241100x8000000000000000288812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d9be67812b2cf82023-02-08 09:51:16.986root 11241100x8000000000000000288811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb361bd10d4e0562023-02-08 09:51:16.986root 11241100x8000000000000000288810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdff8d57f7aff3da2023-02-08 09:51:16.986root 11241100x8000000000000000288809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7d946cd36979252023-02-08 09:51:16.986root 11241100x8000000000000000288818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4729bdbf03beb8d62023-02-08 09:51:16.987root 11241100x8000000000000000288817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1763379f0b77d6662023-02-08 09:51:16.987root 11241100x8000000000000000288816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505ade49425714352023-02-08 09:51:16.987root 11241100x8000000000000000288815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b68bbcce2679642023-02-08 09:51:16.987root 11241100x8000000000000000288814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4feee93752b5f0162023-02-08 09:51:16.987root 11241100x8000000000000000288813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50490822898bec5e2023-02-08 09:51:16.987root 11241100x8000000000000000288823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1439d36485b0d82023-02-08 09:51:16.988root 11241100x8000000000000000288822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98d341e6cd844ca2023-02-08 09:51:16.988root 11241100x8000000000000000288821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065be112d0bfee5f2023-02-08 09:51:16.988root 11241100x8000000000000000288820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a65e57ab75ecdfd2023-02-08 09:51:16.988root 11241100x8000000000000000288819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4064bcc4ceebf50f2023-02-08 09:51:16.988root 11241100x8000000000000000288832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d0727f261290f2023-02-08 09:51:16.989root 11241100x8000000000000000288831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd4df031c2c22fd2023-02-08 09:51:16.989root 11241100x8000000000000000288830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1e0fd842e6bdf32023-02-08 09:51:16.989root 11241100x8000000000000000288829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339fe33f8cde2d512023-02-08 09:51:16.989root 11241100x8000000000000000288828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b8f8167d24f6c52023-02-08 09:51:16.989root 11241100x8000000000000000288827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a533d44fc250962023-02-08 09:51:16.989root 11241100x8000000000000000288826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce0814410dc7c8b2023-02-08 09:51:16.989root 11241100x8000000000000000288825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125372ea686e0e212023-02-08 09:51:16.989root 11241100x8000000000000000288824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe06f87fccc8781c2023-02-08 09:51:16.989root 11241100x8000000000000000288834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2aae6e79bd0f762023-02-08 09:51:16.990root 11241100x8000000000000000288833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:16.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365a187872f330962023-02-08 09:51:16.990root 11241100x8000000000000000288844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b17be610449954c2023-02-08 09:51:17.484root 11241100x8000000000000000288843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16af5b1d17362962023-02-08 09:51:17.484root 11241100x8000000000000000288842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c4e99f675aad12023-02-08 09:51:17.484root 11241100x8000000000000000288841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795dd2d1a5ec486b2023-02-08 09:51:17.484root 11241100x8000000000000000288840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679b4ab52ffbf30e2023-02-08 09:51:17.484root 11241100x8000000000000000288839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89699f44236c41cc2023-02-08 09:51:17.484root 11241100x8000000000000000288838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8a7f84b1bf11ef2023-02-08 09:51:17.484root 11241100x8000000000000000288837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c0decbc415bf72023-02-08 09:51:17.484root 11241100x8000000000000000288836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccbcb62c8ffd4692023-02-08 09:51:17.484root 11241100x8000000000000000288835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61252a15a2fb82e02023-02-08 09:51:17.484root 11241100x8000000000000000288859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72a9f157afaf0bd2023-02-08 09:51:17.485root 11241100x8000000000000000288858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d0649ae105d092023-02-08 09:51:17.485root 11241100x8000000000000000288857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd87afe01f1bc872023-02-08 09:51:17.485root 11241100x8000000000000000288856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189be33331aa0b572023-02-08 09:51:17.485root 11241100x8000000000000000288855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c6b78efd2189ee2023-02-08 09:51:17.485root 11241100x8000000000000000288854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5c9634d93f15712023-02-08 09:51:17.485root 11241100x8000000000000000288853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88459f3ea0fd85862023-02-08 09:51:17.485root 11241100x8000000000000000288852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe411f2b59d16612023-02-08 09:51:17.485root 11241100x8000000000000000288851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710e310ce9f624e42023-02-08 09:51:17.485root 11241100x8000000000000000288850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759fd9f6f73f95e92023-02-08 09:51:17.485root 11241100x8000000000000000288849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfef8d5b93ab3162023-02-08 09:51:17.485root 11241100x8000000000000000288848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082b63d090baeb762023-02-08 09:51:17.485root 11241100x8000000000000000288847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa05610e19b9a7302023-02-08 09:51:17.485root 11241100x8000000000000000288846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51a7b6b24711f342023-02-08 09:51:17.485root 11241100x8000000000000000288845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ed4262166e310c2023-02-08 09:51:17.485root 11241100x8000000000000000288873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75be0e04d8a33e582023-02-08 09:51:17.486root 11241100x8000000000000000288872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a9e3b8d17b4af42023-02-08 09:51:17.486root 11241100x8000000000000000288871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca0af0af8908b672023-02-08 09:51:17.486root 11241100x8000000000000000288870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8c18c2788897552023-02-08 09:51:17.486root 11241100x8000000000000000288869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0740917198d2ffe92023-02-08 09:51:17.486root 11241100x8000000000000000288868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa065c87ec63f96e2023-02-08 09:51:17.486root 11241100x8000000000000000288867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b61b4ed29a3142023-02-08 09:51:17.486root 11241100x8000000000000000288866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da0806a1ee69f02023-02-08 09:51:17.486root 11241100x8000000000000000288865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f284dbe2fd28822023-02-08 09:51:17.486root 11241100x8000000000000000288864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8dff77fb8d0eaa2023-02-08 09:51:17.486root 11241100x8000000000000000288863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33720fd509d7f2142023-02-08 09:51:17.486root 11241100x8000000000000000288862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdccff7e95ad9b22023-02-08 09:51:17.486root 11241100x8000000000000000288861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78daaaec006f79a82023-02-08 09:51:17.486root 11241100x8000000000000000288860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de154127d00969f2023-02-08 09:51:17.486root 11241100x8000000000000000288881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d455cec672342ed02023-02-08 09:51:17.487root 11241100x8000000000000000288880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1938568f53b6de712023-02-08 09:51:17.487root 11241100x8000000000000000288879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684e5cbdd9aa62b82023-02-08 09:51:17.487root 11241100x8000000000000000288878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b172cb9f5e4aa5d02023-02-08 09:51:17.487root 11241100x8000000000000000288877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b49659a3c8b98ea2023-02-08 09:51:17.487root 11241100x8000000000000000288876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b10507dfdeefd52023-02-08 09:51:17.487root 11241100x8000000000000000288875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb11a0b386e0e5b2023-02-08 09:51:17.487root 11241100x8000000000000000288874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919ecb198aa29f072023-02-08 09:51:17.487root 11241100x8000000000000000288888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23069a3a1fe7ea22023-02-08 09:51:17.984root 11241100x8000000000000000288887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ee834049459252023-02-08 09:51:17.984root 11241100x8000000000000000288886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ec747ae58c5ca2023-02-08 09:51:17.984root 11241100x8000000000000000288885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febeea3b25c34ef52023-02-08 09:51:17.984root 11241100x8000000000000000288884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff52be15cc584432023-02-08 09:51:17.984root 11241100x8000000000000000288883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f9f98109777bd92023-02-08 09:51:17.984root 11241100x8000000000000000288882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad27e6e42ddcecdb2023-02-08 09:51:17.984root 11241100x8000000000000000288896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e168283de90780532023-02-08 09:51:17.985root 11241100x8000000000000000288895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4d34f5e9cd94b12023-02-08 09:51:17.985root 11241100x8000000000000000288894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45adf108cd881892023-02-08 09:51:17.985root 11241100x8000000000000000288893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca84912e9a667152023-02-08 09:51:17.985root 11241100x8000000000000000288892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f5851f2862f6652023-02-08 09:51:17.985root 11241100x8000000000000000288891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab49eacb3fe5784d2023-02-08 09:51:17.985root 11241100x8000000000000000288890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8ee564aa9a30ac2023-02-08 09:51:17.985root 11241100x8000000000000000288889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117b304f2895a2252023-02-08 09:51:17.985root 11241100x8000000000000000288906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfb6c1b1b8a7242023-02-08 09:51:17.986root 11241100x8000000000000000288905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c01a267377489232023-02-08 09:51:17.986root 11241100x8000000000000000288904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35ab9271d71b0592023-02-08 09:51:17.986root 11241100x8000000000000000288903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e08cad14793315f2023-02-08 09:51:17.986root 11241100x8000000000000000288902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee03040063880172023-02-08 09:51:17.986root 11241100x8000000000000000288901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f0d74df1edd38d2023-02-08 09:51:17.986root 11241100x8000000000000000288900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a76de19558f8db2023-02-08 09:51:17.986root 11241100x8000000000000000288899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93056d6126ec69912023-02-08 09:51:17.986root 11241100x8000000000000000288898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305f4560058063b22023-02-08 09:51:17.986root 11241100x8000000000000000288897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787faa483780140d2023-02-08 09:51:17.986root 11241100x8000000000000000288915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6566ba0aa8d8f2023-02-08 09:51:17.987root 11241100x8000000000000000288914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d514b58bd059262023-02-08 09:51:17.987root 11241100x8000000000000000288913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d544becfbc4b23162023-02-08 09:51:17.987root 11241100x8000000000000000288912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a587997f2cfd11d52023-02-08 09:51:17.987root 11241100x8000000000000000288911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c5eab8ef1345ac2023-02-08 09:51:17.987root 11241100x8000000000000000288910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0b2b2a1f78410b2023-02-08 09:51:17.987root 11241100x8000000000000000288909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a1c929857b255b2023-02-08 09:51:17.987root 11241100x8000000000000000288908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d324d859956e01b2023-02-08 09:51:17.987root 11241100x8000000000000000288907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b1dba2fb4833ff2023-02-08 09:51:17.987root 11241100x8000000000000000288925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17218832a7fd029c2023-02-08 09:51:17.988root 11241100x8000000000000000288924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4139ca14e5738e72023-02-08 09:51:17.988root 11241100x8000000000000000288923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6944deac0765ad2023-02-08 09:51:17.988root 11241100x8000000000000000288922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ad87415cb572e82023-02-08 09:51:17.988root 11241100x8000000000000000288921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2782cc0365889612023-02-08 09:51:17.988root 11241100x8000000000000000288920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8733363fa7da4992023-02-08 09:51:17.988root 11241100x8000000000000000288919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4deed381b54f06742023-02-08 09:51:17.988root 11241100x8000000000000000288918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5465ef1e2722412023-02-08 09:51:17.988root 11241100x8000000000000000288917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a15f3f0798bb9e2023-02-08 09:51:17.988root 11241100x8000000000000000288916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768faa3e0205b18a2023-02-08 09:51:17.988root 11241100x8000000000000000288931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58381224ac9570a22023-02-08 09:51:17.989root 11241100x8000000000000000288930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9970b956be734a2023-02-08 09:51:17.989root 11241100x8000000000000000288929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef630b8d7b766b032023-02-08 09:51:17.989root 11241100x8000000000000000288928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a8d1742bed7002023-02-08 09:51:17.989root 11241100x8000000000000000288927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d11b058eab0262023-02-08 09:51:17.989root 11241100x8000000000000000288926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:17.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3d0e0e7ab4661b2023-02-08 09:51:17.989root 11241100x8000000000000000288936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b9dc5b2a7e0112023-02-08 09:51:18.484root 11241100x8000000000000000288935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5196941996c73a2023-02-08 09:51:18.484root 11241100x8000000000000000288934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1643980a56239f432023-02-08 09:51:18.484root 11241100x8000000000000000288933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567eb4880a320a162023-02-08 09:51:18.484root 11241100x8000000000000000288932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1885544b7f2795ff2023-02-08 09:51:18.484root 11241100x8000000000000000288945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c5e8cc878168672023-02-08 09:51:18.485root 11241100x8000000000000000288944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b4c2eb0401b1ea2023-02-08 09:51:18.485root 11241100x8000000000000000288943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa953a2803f59542023-02-08 09:51:18.485root 11241100x8000000000000000288942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a45cea2eb255a02023-02-08 09:51:18.485root 11241100x8000000000000000288941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cee7c3168a59a612023-02-08 09:51:18.485root 11241100x8000000000000000288940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7361dd28863307d32023-02-08 09:51:18.485root 11241100x8000000000000000288939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303ae838efc6f252023-02-08 09:51:18.485root 11241100x8000000000000000288938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d8822e6c5587a42023-02-08 09:51:18.485root 11241100x8000000000000000288937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381b69d2e0be85e32023-02-08 09:51:18.485root 11241100x8000000000000000288955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c2d13bb39b4ad52023-02-08 09:51:18.486root 11241100x8000000000000000288954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24455e478b97db512023-02-08 09:51:18.486root 11241100x8000000000000000288953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018d2c152dff58822023-02-08 09:51:18.486root 11241100x8000000000000000288952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38266ea45db2e242023-02-08 09:51:18.486root 11241100x8000000000000000288951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e1b6a70693cf5d2023-02-08 09:51:18.486root 11241100x8000000000000000288950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a49465683ff76b42023-02-08 09:51:18.486root 11241100x8000000000000000288949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f98f926045d6b92023-02-08 09:51:18.486root 11241100x8000000000000000288948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad87cebcae3128462023-02-08 09:51:18.486root 11241100x8000000000000000288947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd9c06448bac5712023-02-08 09:51:18.486root 11241100x8000000000000000288946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216290be6fd193fa2023-02-08 09:51:18.486root 11241100x8000000000000000288965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd0762b558ed1ad2023-02-08 09:51:18.487root 11241100x8000000000000000288964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a25181cccd47bb32023-02-08 09:51:18.487root 11241100x8000000000000000288963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dccca0b14515fc2023-02-08 09:51:18.487root 11241100x8000000000000000288962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9a83b24b53711e2023-02-08 09:51:18.487root 11241100x8000000000000000288961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954be0c38128aaec2023-02-08 09:51:18.487root 11241100x8000000000000000288960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4d5526802a4aa52023-02-08 09:51:18.487root 11241100x8000000000000000288959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9536a67788aeb69a2023-02-08 09:51:18.487root 11241100x8000000000000000288958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269c6b7f114516ea2023-02-08 09:51:18.487root 11241100x8000000000000000288957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dbe1f65f5d7abe2023-02-08 09:51:18.487root 11241100x8000000000000000288956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffb9e10b035702c2023-02-08 09:51:18.487root 11241100x8000000000000000288972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96079752d6da17cd2023-02-08 09:51:18.488root 11241100x8000000000000000288971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62d9c2d832ea0432023-02-08 09:51:18.488root 11241100x8000000000000000288970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab6e35eee90a00e2023-02-08 09:51:18.488root 11241100x8000000000000000288969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad44e877e82e13652023-02-08 09:51:18.488root 11241100x8000000000000000288968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c1ac0d4ff827c2023-02-08 09:51:18.488root 11241100x8000000000000000288967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c512ee98182ed72023-02-08 09:51:18.488root 11241100x8000000000000000288966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b113a569bec941b92023-02-08 09:51:18.488root 11241100x8000000000000000288975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25858d2202f935ff2023-02-08 09:51:18.489root 11241100x8000000000000000288974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523ba300db70bf232023-02-08 09:51:18.489root 11241100x8000000000000000288973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6d70fdeb6287ab2023-02-08 09:51:18.489root 11241100x8000000000000000288977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c9d34715c37e172023-02-08 09:51:18.984root 11241100x8000000000000000288976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9bd6bebc2c6c882023-02-08 09:51:18.984root 11241100x8000000000000000288988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b420363f8a0d2e02023-02-08 09:51:18.985root 11241100x8000000000000000288987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d9614f1fc432d62023-02-08 09:51:18.985root 11241100x8000000000000000288986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e213232fc25844232023-02-08 09:51:18.985root 11241100x8000000000000000288985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dc65bf3127376a2023-02-08 09:51:18.985root 11241100x8000000000000000288984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3af1c48b5b65272023-02-08 09:51:18.985root 11241100x8000000000000000288983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3309db349aa8ac752023-02-08 09:51:18.985root 11241100x8000000000000000288982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9c84ca1cf69712023-02-08 09:51:18.985root 11241100x8000000000000000288981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd8aa02c7a470f2023-02-08 09:51:18.985root 11241100x8000000000000000288980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0dc20f3158cae532023-02-08 09:51:18.985root 11241100x8000000000000000288979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9840b71b06346a792023-02-08 09:51:18.985root 11241100x8000000000000000288978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0329e2d38eca7bfd2023-02-08 09:51:18.985root 11241100x8000000000000000288997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ba13d2ca35376c2023-02-08 09:51:18.986root 11241100x8000000000000000288996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64a19bc8964d45e2023-02-08 09:51:18.986root 11241100x8000000000000000288995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bed176393573292023-02-08 09:51:18.986root 11241100x8000000000000000288994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c962899fd769a0292023-02-08 09:51:18.986root 11241100x8000000000000000288993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a67441aa148ff42023-02-08 09:51:18.986root 11241100x8000000000000000288992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eaec0e9e51ca3892023-02-08 09:51:18.986root 11241100x8000000000000000288991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0531e9717d13109d2023-02-08 09:51:18.986root 11241100x8000000000000000288990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092d37f9075daf202023-02-08 09:51:18.986root 11241100x8000000000000000288989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7ffb539f121302023-02-08 09:51:18.986root 11241100x8000000000000000289005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2198b20502ff49e42023-02-08 09:51:18.987root 11241100x8000000000000000289004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1577890fa4635f62023-02-08 09:51:18.987root 11241100x8000000000000000289003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f38d5e097aff822023-02-08 09:51:18.987root 11241100x8000000000000000289002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db2deaeb0ab56102023-02-08 09:51:18.987root 11241100x8000000000000000289001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9989bc19a9662d2023-02-08 09:51:18.987root 11241100x8000000000000000289000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8381094b8efde422023-02-08 09:51:18.987root 11241100x8000000000000000288999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62aa6420eecfa8a2023-02-08 09:51:18.987root 11241100x8000000000000000288998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89e4a8c76ee08e62023-02-08 09:51:18.987root 11241100x8000000000000000289010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f20d19edf141cd62023-02-08 09:51:18.988root 11241100x8000000000000000289009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d483e7596e87812023-02-08 09:51:18.988root 11241100x8000000000000000289008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9163172cc057d02023-02-08 09:51:18.988root 11241100x8000000000000000289007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c14816df20b0b2023-02-08 09:51:18.988root 11241100x8000000000000000289006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:18.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cd5d7371f672202023-02-08 09:51:18.988root 11241100x8000000000000000289017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeec97d5b5939702023-02-08 09:51:19.484root 11241100x8000000000000000289016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a30dc3d2a8178f2023-02-08 09:51:19.484root 11241100x8000000000000000289015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b940767b4ff3e672023-02-08 09:51:19.484root 11241100x8000000000000000289014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ac5dd485bc3ece2023-02-08 09:51:19.484root 11241100x8000000000000000289013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e6204b7aa985922023-02-08 09:51:19.484root 11241100x8000000000000000289012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad3d489facc53d12023-02-08 09:51:19.484root 11241100x8000000000000000289011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0951207d393b602023-02-08 09:51:19.484root 11241100x8000000000000000289025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a002243a4b2e51992023-02-08 09:51:19.485root 11241100x8000000000000000289024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8842995ad2a4302023-02-08 09:51:19.485root 11241100x8000000000000000289023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8433702c3a3db2842023-02-08 09:51:19.485root 11241100x8000000000000000289022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8552ea90cfc65e92023-02-08 09:51:19.485root 11241100x8000000000000000289021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97effb5e41c40c32023-02-08 09:51:19.485root 11241100x8000000000000000289020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bfd70fd612eec22023-02-08 09:51:19.485root 11241100x8000000000000000289019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a47eb09e29d33a42023-02-08 09:51:19.485root 11241100x8000000000000000289018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aec6584230907672023-02-08 09:51:19.485root 11241100x8000000000000000289038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d244069b6fc5352023-02-08 09:51:19.486root 11241100x8000000000000000289037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0948b2240f8152f72023-02-08 09:51:19.486root 11241100x8000000000000000289036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dbe16924809eff2023-02-08 09:51:19.486root 11241100x8000000000000000289035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f0e29a80356c82023-02-08 09:51:19.486root 11241100x8000000000000000289034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caebbd83f8bbedc2023-02-08 09:51:19.486root 11241100x8000000000000000289033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb67fc4e94158142023-02-08 09:51:19.486root 11241100x8000000000000000289032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79930dfef3daf8f82023-02-08 09:51:19.486root 11241100x8000000000000000289031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7724c9353b9f67b02023-02-08 09:51:19.486root 11241100x8000000000000000289030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983808a5bf8a25092023-02-08 09:51:19.486root 11241100x8000000000000000289029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2988af017f9c8732023-02-08 09:51:19.486root 11241100x8000000000000000289028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569d7c1d17f9c86b2023-02-08 09:51:19.486root 11241100x8000000000000000289027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929a01a61eb0b45f2023-02-08 09:51:19.486root 11241100x8000000000000000289026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682136e7128750b52023-02-08 09:51:19.486root 11241100x8000000000000000289047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690cc4ecf1df2c3d2023-02-08 09:51:19.487root 11241100x8000000000000000289046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36265e976c76a5d72023-02-08 09:51:19.487root 11241100x8000000000000000289045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c0c29d9bb80eed2023-02-08 09:51:19.487root 11241100x8000000000000000289044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0bec2b3de891de32023-02-08 09:51:19.487root 11241100x8000000000000000289043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113eb3d018da6df72023-02-08 09:51:19.487root 11241100x8000000000000000289042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2ddc9e97d1c53f2023-02-08 09:51:19.487root 11241100x8000000000000000289041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53815d765e81ef312023-02-08 09:51:19.487root 11241100x8000000000000000289040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bd91f9a6c1ac8b2023-02-08 09:51:19.487root 11241100x8000000000000000289039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad28e5594054eea22023-02-08 09:51:19.487root 11241100x8000000000000000289048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac76eb32854fd1502023-02-08 09:51:19.488root 11241100x8000000000000000289050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef455315d1c459962023-02-08 09:51:19.984root 11241100x8000000000000000289049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066cf0a79b7af9342023-02-08 09:51:19.984root 11241100x8000000000000000289063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0564bb670d41cb2023-02-08 09:51:19.985root 11241100x8000000000000000289062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1635d4ec834ca1d02023-02-08 09:51:19.985root 11241100x8000000000000000289061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822364febe3b1f32023-02-08 09:51:19.985root 11241100x8000000000000000289060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40d7d99da1724d22023-02-08 09:51:19.985root 11241100x8000000000000000289059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a067c7e50a58db92023-02-08 09:51:19.985root 11241100x8000000000000000289058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1849a84779dda9e2023-02-08 09:51:19.985root 11241100x8000000000000000289057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f26004fb8b58372023-02-08 09:51:19.985root 11241100x8000000000000000289056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555eae0d7fce82b92023-02-08 09:51:19.985root 11241100x8000000000000000289055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0614ce893bfee332023-02-08 09:51:19.985root 11241100x8000000000000000289054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be81122ef940022023-02-08 09:51:19.985root 11241100x8000000000000000289053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4caebbd16f99b42023-02-08 09:51:19.985root 11241100x8000000000000000289052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db01e8a74d7b678a2023-02-08 09:51:19.985root 11241100x8000000000000000289051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b810a466e2cf40b82023-02-08 09:51:19.985root 11241100x8000000000000000289073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39d2e7dafa993ac2023-02-08 09:51:19.986root 11241100x8000000000000000289072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f95218d718b6c2e2023-02-08 09:51:19.986root 11241100x8000000000000000289071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d551f17915a7e40c2023-02-08 09:51:19.986root 11241100x8000000000000000289070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0735f9f94160942023-02-08 09:51:19.986root 11241100x8000000000000000289069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614f8a5db400c9112023-02-08 09:51:19.986root 11241100x8000000000000000289068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f6eb671c1ea5452023-02-08 09:51:19.986root 11241100x8000000000000000289067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0660c1514fe336b2023-02-08 09:51:19.986root 11241100x8000000000000000289066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a73b8b07aac3a952023-02-08 09:51:19.986root 11241100x8000000000000000289065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67deb31f7da1d2612023-02-08 09:51:19.986root 11241100x8000000000000000289064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3555c8c1de5faa22023-02-08 09:51:19.986root 11241100x8000000000000000289079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e34916fa1f1a32023-02-08 09:51:19.987root 11241100x8000000000000000289078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4030ca71a527af2023-02-08 09:51:19.987root 11241100x8000000000000000289077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e2bc93f3dd80752023-02-08 09:51:19.987root 11241100x8000000000000000289076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc8c608fa9a2202023-02-08 09:51:19.987root 11241100x8000000000000000289075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e0bd30008fa0202023-02-08 09:51:19.987root 11241100x8000000000000000289074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:19.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c671b9022a40dac72023-02-08 09:51:19.987root 11241100x8000000000000000289088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f49b30931226c892023-02-08 09:51:20.485root 11241100x8000000000000000289087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73db9b39623bce5f2023-02-08 09:51:20.485root 11241100x8000000000000000289086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83e63de30f8de452023-02-08 09:51:20.485root 11241100x8000000000000000289085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a7a87bc727d4052023-02-08 09:51:20.485root 11241100x8000000000000000289084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b0e197d687d18e2023-02-08 09:51:20.485root 11241100x8000000000000000289083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b60cda15a1724932023-02-08 09:51:20.485root 11241100x8000000000000000289082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446e3c60813c45df2023-02-08 09:51:20.485root 11241100x8000000000000000289081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f4b92eda9383062023-02-08 09:51:20.485root 11241100x8000000000000000289080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5b5c59bda4c4622023-02-08 09:51:20.485root 11241100x8000000000000000289104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e038dbb85b69492023-02-08 09:51:20.486root 11241100x8000000000000000289103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33903fb79e4f1e912023-02-08 09:51:20.486root 11241100x8000000000000000289102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae508c48a712aa02023-02-08 09:51:20.486root 11241100x8000000000000000289101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc10399ef1962a692023-02-08 09:51:20.486root 11241100x8000000000000000289100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48b25915254c5e22023-02-08 09:51:20.486root 11241100x8000000000000000289099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ada32e7f2826a52023-02-08 09:51:20.486root 11241100x8000000000000000289098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55749efb74f2561c2023-02-08 09:51:20.486root 11241100x8000000000000000289097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0827f4af55627ae2023-02-08 09:51:20.486root 11241100x8000000000000000289096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300b2ce715510d92023-02-08 09:51:20.486root 11241100x8000000000000000289095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981693b167dd5e632023-02-08 09:51:20.486root 11241100x8000000000000000289094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c1846220c97df2023-02-08 09:51:20.486root 11241100x8000000000000000289093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5c63e9856039e62023-02-08 09:51:20.486root 11241100x8000000000000000289092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce13ed170d8c3f212023-02-08 09:51:20.486root 11241100x8000000000000000289091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f09d31acf7392b12023-02-08 09:51:20.486root 11241100x8000000000000000289090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1344eb77a493d2023-02-08 09:51:20.486root 11241100x8000000000000000289089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e708985c5ebec612023-02-08 09:51:20.486root 11241100x8000000000000000289110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9755dd76872a7bc2023-02-08 09:51:20.487root 11241100x8000000000000000289109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134dd4c4d091ffd2023-02-08 09:51:20.487root 11241100x8000000000000000289108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce1c27b625542ec2023-02-08 09:51:20.487root 11241100x8000000000000000289107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61978a20b4df42832023-02-08 09:51:20.487root 11241100x8000000000000000289106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8af3e3e4014afd12023-02-08 09:51:20.487root 11241100x8000000000000000289105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b35dd6f99994fa2023-02-08 09:51:20.487root 11241100x8000000000000000289119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2f7eae86bd4f72023-02-08 09:51:20.985root 11241100x8000000000000000289118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c466f490d33f92da2023-02-08 09:51:20.985root 11241100x8000000000000000289117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694b8e3f67cff9b22023-02-08 09:51:20.985root 11241100x8000000000000000289116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce390d3f6fb23c12023-02-08 09:51:20.985root 11241100x8000000000000000289115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe4630c11ae7ba72023-02-08 09:51:20.985root 11241100x8000000000000000289114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb191b0ff5a099b62023-02-08 09:51:20.985root 11241100x8000000000000000289113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c00d6ee48b2142023-02-08 09:51:20.985root 11241100x8000000000000000289112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb53f29cac7d8f5b2023-02-08 09:51:20.985root 11241100x8000000000000000289111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3db6d3a3f96582023-02-08 09:51:20.985root 11241100x8000000000000000289130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99efbed8d138d5b12023-02-08 09:51:20.986root 11241100x8000000000000000289129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed42a07c576ee42023-02-08 09:51:20.986root 11241100x8000000000000000289128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade352e67ac44d402023-02-08 09:51:20.986root 11241100x8000000000000000289127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015ab95f52b59ffb2023-02-08 09:51:20.986root 11241100x8000000000000000289126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0e35158bf181fc2023-02-08 09:51:20.986root 11241100x8000000000000000289125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a642bca730598002023-02-08 09:51:20.986root 11241100x8000000000000000289124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb79cf8fb99b3452023-02-08 09:51:20.986root 11241100x8000000000000000289123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75ebf9e8a7c7a522023-02-08 09:51:20.986root 11241100x8000000000000000289122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b300c44853f3f912023-02-08 09:51:20.986root 11241100x8000000000000000289121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096906c6a060ddd72023-02-08 09:51:20.986root 11241100x8000000000000000289120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f42333c05507f022023-02-08 09:51:20.986root 11241100x8000000000000000289138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ca4912d1576d3a2023-02-08 09:51:20.987root 11241100x8000000000000000289137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431af589a575abfc2023-02-08 09:51:20.987root 11241100x8000000000000000289136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42acb4e98d2f126a2023-02-08 09:51:20.987root 11241100x8000000000000000289135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3d8b27922883b2023-02-08 09:51:20.987root 11241100x8000000000000000289134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacae39a0207ad722023-02-08 09:51:20.987root 11241100x8000000000000000289133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b8f1ae03c5f4e32023-02-08 09:51:20.987root 11241100x8000000000000000289132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8173a83f6d97382023-02-08 09:51:20.987root 11241100x8000000000000000289131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecca405919d090d2023-02-08 09:51:20.987root 11241100x8000000000000000289147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc60ebe4f899cb32023-02-08 09:51:20.988root 11241100x8000000000000000289146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2f848997eba4122023-02-08 09:51:20.988root 11241100x8000000000000000289145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a6b0cb12e4a7532023-02-08 09:51:20.988root 11241100x8000000000000000289144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f5e4b7edb703642023-02-08 09:51:20.988root 11241100x8000000000000000289143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07306cd482e849402023-02-08 09:51:20.988root 11241100x8000000000000000289142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebf7a3b3a94e7a82023-02-08 09:51:20.988root 11241100x8000000000000000289141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af505704ebade9e02023-02-08 09:51:20.988root 11241100x8000000000000000289140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04b4eaa0c47609f2023-02-08 09:51:20.988root 11241100x8000000000000000289139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872e33b4d1b798042023-02-08 09:51:20.988root 11241100x8000000000000000289153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684d617d05489de02023-02-08 09:51:20.989root 11241100x8000000000000000289152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3df2d2e1c8b1a812023-02-08 09:51:20.989root 11241100x8000000000000000289151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644328f60f553deb2023-02-08 09:51:20.989root 11241100x8000000000000000289150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62731d97c8217a442023-02-08 09:51:20.989root 11241100x8000000000000000289149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24c4b9ca9ee10122023-02-08 09:51:20.989root 11241100x8000000000000000289148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:20.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1f033743fa952a2023-02-08 09:51:20.989root 11241100x8000000000000000289157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e7662f94d50572023-02-08 09:51:21.484root 11241100x8000000000000000289156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871f1be3d4c248762023-02-08 09:51:21.484root 11241100x8000000000000000289155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227523c0ed0256992023-02-08 09:51:21.484root 11241100x8000000000000000289154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46274c31102d0822023-02-08 09:51:21.484root 11241100x8000000000000000289166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b3f59e796c8f02023-02-08 09:51:21.485root 11241100x8000000000000000289165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f00294444f0c2f2023-02-08 09:51:21.485root 11241100x8000000000000000289164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b489a06605250ac92023-02-08 09:51:21.485root 11241100x8000000000000000289163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca83de30fdc9c3092023-02-08 09:51:21.485root 11241100x8000000000000000289162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dd7a16281ab8d92023-02-08 09:51:21.485root 11241100x8000000000000000289161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614db93fa8ecdcfd2023-02-08 09:51:21.485root 11241100x8000000000000000289160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc967f5d7764f22023-02-08 09:51:21.485root 11241100x8000000000000000289159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415ae7d2bf069162023-02-08 09:51:21.485root 11241100x8000000000000000289158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82909ffcf68c8822023-02-08 09:51:21.485root 11241100x8000000000000000289176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cae0abfc837c542023-02-08 09:51:21.486root 11241100x8000000000000000289175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe91447178802b72023-02-08 09:51:21.486root 11241100x8000000000000000289174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cbb2fecccbfa962023-02-08 09:51:21.486root 11241100x8000000000000000289173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab71699b5ebcb7a2023-02-08 09:51:21.486root 11241100x8000000000000000289172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2f498bd3c780552023-02-08 09:51:21.486root 11241100x8000000000000000289171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dbabe1c7677e782023-02-08 09:51:21.486root 11241100x8000000000000000289170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9175983cb2505efa2023-02-08 09:51:21.486root 11241100x8000000000000000289169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3ad6c6e7678dca2023-02-08 09:51:21.486root 11241100x8000000000000000289168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512ca642bb60a8f2023-02-08 09:51:21.486root 11241100x8000000000000000289167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57357f288ed3c2d72023-02-08 09:51:21.486root 11241100x8000000000000000289180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba06737eb1562f0b2023-02-08 09:51:21.487root 11241100x8000000000000000289179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b5d44ee695e6d52023-02-08 09:51:21.487root 11241100x8000000000000000289178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe587ae67345beb2023-02-08 09:51:21.487root 11241100x8000000000000000289177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3c69ef128292032023-02-08 09:51:21.487root 11241100x8000000000000000289183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aaec6a68349cf222023-02-08 09:51:21.488root 11241100x8000000000000000289182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a035e07345ef78cf2023-02-08 09:51:21.488root 11241100x8000000000000000289181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcbf1cec9b1b8bf2023-02-08 09:51:21.488root 11241100x8000000000000000289185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0668e42e163a3b272023-02-08 09:51:21.489root 11241100x8000000000000000289184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dbb409269620422023-02-08 09:51:21.489root 11241100x8000000000000000289186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b65000c267fe242023-02-08 09:51:21.984root 11241100x8000000000000000289189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020055a69db1257d2023-02-08 09:51:21.985root 11241100x8000000000000000289188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a239a14b366b28f52023-02-08 09:51:21.985root 11241100x8000000000000000289187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461ea6c34fb7b0142023-02-08 09:51:21.985root 11241100x8000000000000000289199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205c1af9fd3c69d92023-02-08 09:51:21.986root 11241100x8000000000000000289198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fa3d330321f3782023-02-08 09:51:21.986root 11241100x8000000000000000289197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97f4d325c9277302023-02-08 09:51:21.986root 11241100x8000000000000000289196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d21e4cb97b1a0d2023-02-08 09:51:21.986root 11241100x8000000000000000289195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff117852040a1b4d2023-02-08 09:51:21.986root 11241100x8000000000000000289194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04672496bc58de1f2023-02-08 09:51:21.986root 11241100x8000000000000000289193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d748e4fe8bf94e2023-02-08 09:51:21.986root 11241100x8000000000000000289192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8da085d6054f482023-02-08 09:51:21.986root 11241100x8000000000000000289191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00e7affb595f2a42023-02-08 09:51:21.986root 11241100x8000000000000000289190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a243f9a5adad5df2023-02-08 09:51:21.986root 11241100x8000000000000000289209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0f9ec543ebf94f2023-02-08 09:51:21.987root 11241100x8000000000000000289208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47fced34f3301132023-02-08 09:51:21.987root 11241100x8000000000000000289207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95008fd5df18b872023-02-08 09:51:21.987root 11241100x8000000000000000289206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999d3c55f887ed162023-02-08 09:51:21.987root 11241100x8000000000000000289205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a6e53856ee5f112023-02-08 09:51:21.987root 11241100x8000000000000000289204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8753973282f25e232023-02-08 09:51:21.987root 11241100x8000000000000000289203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a88b443b477c42023-02-08 09:51:21.987root 11241100x8000000000000000289202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0808a044798a4ef42023-02-08 09:51:21.987root 11241100x8000000000000000289201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ca856df9c3b1942023-02-08 09:51:21.987root 11241100x8000000000000000289200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47c457eeb508a7e2023-02-08 09:51:21.987root 11241100x8000000000000000289215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b8b70749d27a92023-02-08 09:51:21.988root 11241100x8000000000000000289214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a318e46acd30b7132023-02-08 09:51:21.988root 11241100x8000000000000000289213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccc8ad82a3267092023-02-08 09:51:21.988root 11241100x8000000000000000289212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1438cd620239f58d2023-02-08 09:51:21.988root 11241100x8000000000000000289211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b92ac4258ed2d2023-02-08 09:51:21.988root 11241100x8000000000000000289210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c48360d75c7d2e2023-02-08 09:51:21.988root 11241100x8000000000000000289216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:21.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578869fd6854975d2023-02-08 09:51:21.989root 354300x8000000000000000289217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.005{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35938-false10.0.1.12-8000- 11241100x8000000000000000289224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac8161448640cd32023-02-08 09:51:22.484root 11241100x8000000000000000289223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d39ab5842c287c2023-02-08 09:51:22.484root 11241100x8000000000000000289222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e694e3f72d10cd2023-02-08 09:51:22.484root 11241100x8000000000000000289221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc9041e456f40fe2023-02-08 09:51:22.484root 11241100x8000000000000000289220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0421b21ac3263e642023-02-08 09:51:22.484root 11241100x8000000000000000289219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac85c88301dd532023-02-08 09:51:22.484root 11241100x8000000000000000289218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346aa8bdbdd497aa2023-02-08 09:51:22.484root 11241100x8000000000000000289229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a2cc08f60d61e932023-02-08 09:51:22.485root 11241100x8000000000000000289228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846c6f3c11652db32023-02-08 09:51:22.485root 11241100x8000000000000000289227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada77ce3b1967beb2023-02-08 09:51:22.485root 11241100x8000000000000000289226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98646cde0a7d942023-02-08 09:51:22.485root 11241100x8000000000000000289225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289a712a8b4192732023-02-08 09:51:22.485root 11241100x8000000000000000289241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a828edddf90d002023-02-08 09:51:22.486root 11241100x8000000000000000289240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fcac47f956ff6a2023-02-08 09:51:22.486root 11241100x8000000000000000289239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e39ed6bb4bafc02023-02-08 09:51:22.486root 11241100x8000000000000000289238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ef158e85bb4b902023-02-08 09:51:22.486root 11241100x8000000000000000289237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e797b896e95644b2023-02-08 09:51:22.486root 11241100x8000000000000000289236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc45a0c5728963702023-02-08 09:51:22.486root 11241100x8000000000000000289235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43300b4de700f532023-02-08 09:51:22.486root 11241100x8000000000000000289234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30677b472b710e792023-02-08 09:51:22.486root 11241100x8000000000000000289233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e73f76c12e2622023-02-08 09:51:22.486root 11241100x8000000000000000289232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130c064a893ff9c42023-02-08 09:51:22.486root 11241100x8000000000000000289231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66453176dd230f642023-02-08 09:51:22.486root 11241100x8000000000000000289230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df28be35e8c995ca2023-02-08 09:51:22.486root 11241100x8000000000000000289249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c08e79137bb89022023-02-08 09:51:22.487root 11241100x8000000000000000289248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c80185303dd8cc2023-02-08 09:51:22.487root 11241100x8000000000000000289247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2a0614f0c2618b2023-02-08 09:51:22.487root 11241100x8000000000000000289246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab1c1c9fc3970332023-02-08 09:51:22.487root 11241100x8000000000000000289245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8bba5c46e1f832023-02-08 09:51:22.487root 11241100x8000000000000000289244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719ce84533c852ff2023-02-08 09:51:22.487root 11241100x8000000000000000289243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26044256dfb2201d2023-02-08 09:51:22.487root 11241100x8000000000000000289242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca55e972099e9e02023-02-08 09:51:22.487root 11241100x8000000000000000289257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b156aa8cf235d7d2023-02-08 09:51:22.488root 11241100x8000000000000000289256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622219258d4e78822023-02-08 09:51:22.488root 11241100x8000000000000000289255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dac1ae18fa551692023-02-08 09:51:22.488root 11241100x8000000000000000289254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f25a9a80991bc32023-02-08 09:51:22.488root 11241100x8000000000000000289253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1bccc6d633e1062023-02-08 09:51:22.488root 11241100x8000000000000000289252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90a504b1b3388c2023-02-08 09:51:22.488root 11241100x8000000000000000289251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee8bdbdee5878522023-02-08 09:51:22.488root 11241100x8000000000000000289250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071dd85315804172023-02-08 09:51:22.488root 11241100x8000000000000000289263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd220b695146ffd62023-02-08 09:51:22.489root 11241100x8000000000000000289262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9825f9b2eb69792c2023-02-08 09:51:22.489root 11241100x8000000000000000289261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8556b77e05094b2023-02-08 09:51:22.489root 11241100x8000000000000000289260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83425e1e94abb3c12023-02-08 09:51:22.489root 11241100x8000000000000000289259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f300dfeac95e0d9c2023-02-08 09:51:22.489root 11241100x8000000000000000289258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66ea114521da1352023-02-08 09:51:22.489root 11241100x8000000000000000289266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75554b0ff1945ea62023-02-08 09:51:22.984root 11241100x8000000000000000289265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e00bbf23701dc0c2023-02-08 09:51:22.984root 11241100x8000000000000000289264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef78ebd6da92d2e2023-02-08 09:51:22.984root 11241100x8000000000000000289271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59c9a1f58626e072023-02-08 09:51:22.985root 11241100x8000000000000000289270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2815c8686d9940282023-02-08 09:51:22.985root 11241100x8000000000000000289269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a093467785b0802023-02-08 09:51:22.985root 11241100x8000000000000000289268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a57d3f9c0158c2023-02-08 09:51:22.985root 11241100x8000000000000000289267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c59e85e43c30a32023-02-08 09:51:22.985root 11241100x8000000000000000289280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4c1ea69654bc362023-02-08 09:51:22.986root 11241100x8000000000000000289279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a13887135dbf3b2023-02-08 09:51:22.986root 11241100x8000000000000000289278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d004830a2e5c39a52023-02-08 09:51:22.986root 11241100x8000000000000000289277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19264791f7ebc342023-02-08 09:51:22.986root 11241100x8000000000000000289276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ee4ad1db5c6e672023-02-08 09:51:22.986root 11241100x8000000000000000289275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287245cb31f5dcec2023-02-08 09:51:22.986root 11241100x8000000000000000289274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442e253711d0793c2023-02-08 09:51:22.986root 11241100x8000000000000000289273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b47275b671d0002023-02-08 09:51:22.986root 11241100x8000000000000000289272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9e6cbe0e23252e2023-02-08 09:51:22.986root 11241100x8000000000000000289295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49b04ce19c2c8982023-02-08 09:51:22.987root 11241100x8000000000000000289294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71afa31ac4cdb302023-02-08 09:51:22.987root 11241100x8000000000000000289293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592b95d742ed94982023-02-08 09:51:22.987root 11241100x8000000000000000289292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0133377ba96e196b2023-02-08 09:51:22.987root 11241100x8000000000000000289291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6e7e55205d690d2023-02-08 09:51:22.987root 11241100x8000000000000000289290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66fcdb0e83e05fb2023-02-08 09:51:22.987root 11241100x8000000000000000289289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87577044c0e07e602023-02-08 09:51:22.987root 11241100x8000000000000000289288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80d72f0fdd46132023-02-08 09:51:22.987root 11241100x8000000000000000289287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264e2817a9ff866b2023-02-08 09:51:22.987root 11241100x8000000000000000289286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c146668ed77a3e872023-02-08 09:51:22.987root 11241100x8000000000000000289285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bbe03ab73159e22023-02-08 09:51:22.987root 11241100x8000000000000000289284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564d637488487d0b2023-02-08 09:51:22.987root 11241100x8000000000000000289283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10da564ae3371b9e2023-02-08 09:51:22.987root 11241100x8000000000000000289282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0dc6c4c9fd91692023-02-08 09:51:22.987root 11241100x8000000000000000289281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25787630af1fb82023-02-08 09:51:22.987root 11241100x8000000000000000289299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5f67582b0b17b32023-02-08 09:51:22.988root 11241100x8000000000000000289298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93874412ac3fbc8f2023-02-08 09:51:22.988root 11241100x8000000000000000289297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24152995c5cd17222023-02-08 09:51:22.988root 11241100x8000000000000000289296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:22.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d06e4637176012023-02-08 09:51:22.988root 11241100x8000000000000000289301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e8626afafaeb72023-02-08 09:51:23.484root 11241100x8000000000000000289300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce67ace67c96af92023-02-08 09:51:23.484root 11241100x8000000000000000289315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b08f199eedc7af2023-02-08 09:51:23.485root 11241100x8000000000000000289314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d7fc1147c568712023-02-08 09:51:23.485root 11241100x8000000000000000289313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a5fae3eb6d1302023-02-08 09:51:23.485root 11241100x8000000000000000289312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1409f18dcbc09e2023-02-08 09:51:23.485root 11241100x8000000000000000289311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01efdf5aa990af192023-02-08 09:51:23.485root 11241100x8000000000000000289310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4400f9fbd19a13c2023-02-08 09:51:23.485root 11241100x8000000000000000289309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd9719a785a8202023-02-08 09:51:23.485root 11241100x8000000000000000289308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151e7ff3a9fef2e22023-02-08 09:51:23.485root 11241100x8000000000000000289307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04eb82ce4524b0812023-02-08 09:51:23.485root 11241100x8000000000000000289306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb92464d01cc04f2023-02-08 09:51:23.485root 11241100x8000000000000000289305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0588f0fa888521f52023-02-08 09:51:23.485root 11241100x8000000000000000289304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c69fb7a671648ed2023-02-08 09:51:23.485root 11241100x8000000000000000289303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1f77e124c87902023-02-08 09:51:23.485root 11241100x8000000000000000289302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb60603f33deb1e2023-02-08 09:51:23.485root 11241100x8000000000000000289320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4b780517cd934b2023-02-08 09:51:23.486root 11241100x8000000000000000289319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187b7b7cfa7564142023-02-08 09:51:23.486root 11241100x8000000000000000289318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444498e1942daba42023-02-08 09:51:23.486root 11241100x8000000000000000289317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db375f0bc9e0b462023-02-08 09:51:23.486root 11241100x8000000000000000289316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a3eda0e86227222023-02-08 09:51:23.486root 11241100x8000000000000000289332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28954e59ac7ba2cf2023-02-08 09:51:23.487root 11241100x8000000000000000289331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f276c0e38e7e263e2023-02-08 09:51:23.487root 11241100x8000000000000000289330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c849a472fb99783d2023-02-08 09:51:23.487root 11241100x8000000000000000289329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040d19fd62b2a79b2023-02-08 09:51:23.487root 11241100x8000000000000000289328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3571d9c68bf14e432023-02-08 09:51:23.487root 11241100x8000000000000000289327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7407a76ad776ae302023-02-08 09:51:23.487root 11241100x8000000000000000289326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28542a1a5dba95a2023-02-08 09:51:23.487root 11241100x8000000000000000289325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454d1d3ebdd61fda2023-02-08 09:51:23.487root 11241100x8000000000000000289324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f667e9b490cd33c02023-02-08 09:51:23.487root 11241100x8000000000000000289323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce28c641810d3972023-02-08 09:51:23.487root 11241100x8000000000000000289322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a756290321d453a12023-02-08 09:51:23.487root 11241100x8000000000000000289321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474eeda564af8f22023-02-08 09:51:23.487root 11241100x8000000000000000289342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ffc2dfead6f6fc2023-02-08 09:51:23.984root 11241100x8000000000000000289341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef84a4f3ae87ae152023-02-08 09:51:23.984root 11241100x8000000000000000289340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd0e7eb33269672023-02-08 09:51:23.984root 11241100x8000000000000000289339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3e06f74270b13a2023-02-08 09:51:23.984root 11241100x8000000000000000289338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4121eb8281b1ef2023-02-08 09:51:23.984root 11241100x8000000000000000289337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b46f38322547e02023-02-08 09:51:23.984root 11241100x8000000000000000289336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a219d69098c24ee2023-02-08 09:51:23.984root 11241100x8000000000000000289335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3c8679737cdd12023-02-08 09:51:23.984root 11241100x8000000000000000289334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619496966f4209d12023-02-08 09:51:23.984root 11241100x8000000000000000289333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7772f61a9fbe88022023-02-08 09:51:23.984root 11241100x8000000000000000289351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb9858d4548f9002023-02-08 09:51:23.985root 11241100x8000000000000000289350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede684f4f40485f52023-02-08 09:51:23.985root 11241100x8000000000000000289349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317d8fcbfb702feb2023-02-08 09:51:23.985root 11241100x8000000000000000289348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f400b4b457706dcb2023-02-08 09:51:23.985root 11241100x8000000000000000289347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b1e196c2d95972023-02-08 09:51:23.985root 11241100x8000000000000000289346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636c108466e184fa2023-02-08 09:51:23.985root 11241100x8000000000000000289345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47344bb41b054aa82023-02-08 09:51:23.985root 11241100x8000000000000000289344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5f7d8c2ff5f6142023-02-08 09:51:23.985root 11241100x8000000000000000289343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2803acb50ddd55e82023-02-08 09:51:23.985root 11241100x8000000000000000289364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0be1ee12dde2d12023-02-08 09:51:23.986root 11241100x8000000000000000289363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b37ca77ddf9a88e2023-02-08 09:51:23.986root 11241100x8000000000000000289362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583c2ffe50b62c162023-02-08 09:51:23.986root 11241100x8000000000000000289361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48dbed842e98cecc2023-02-08 09:51:23.986root 11241100x8000000000000000289360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f030d22f17638b02023-02-08 09:51:23.986root 11241100x8000000000000000289359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b293422885e4238d2023-02-08 09:51:23.986root 11241100x8000000000000000289358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866c0e2b07bb12502023-02-08 09:51:23.986root 11241100x8000000000000000289357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74203e43f93cab22023-02-08 09:51:23.986root 11241100x8000000000000000289356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06415c02be5dd2a42023-02-08 09:51:23.986root 11241100x8000000000000000289355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb34f276103acfe52023-02-08 09:51:23.986root 11241100x8000000000000000289354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c56148a7196a5002023-02-08 09:51:23.986root 11241100x8000000000000000289353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d46c716402bfe12023-02-08 09:51:23.986root 11241100x8000000000000000289352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c037a5b16b99d802023-02-08 09:51:23.986root 11241100x8000000000000000289374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5303b6406966eb92023-02-08 09:51:23.987root 11241100x8000000000000000289373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af583ccacb4eff4d2023-02-08 09:51:23.987root 11241100x8000000000000000289372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21295c93b1aafde52023-02-08 09:51:23.987root 11241100x8000000000000000289371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fda4c97b18644022023-02-08 09:51:23.987root 11241100x8000000000000000289370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353f89eed0556dc72023-02-08 09:51:23.987root 11241100x8000000000000000289369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca073c67545f77db2023-02-08 09:51:23.987root 11241100x8000000000000000289368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87c0e01cc57d0472023-02-08 09:51:23.987root 11241100x8000000000000000289367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912ac053357447af2023-02-08 09:51:23.987root 11241100x8000000000000000289366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3f40d1eeb65f62023-02-08 09:51:23.987root 11241100x8000000000000000289365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:23.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed3dac268b2008f2023-02-08 09:51:23.987root 11241100x8000000000000000289376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39224f16b0a0be72023-02-08 09:51:24.484root 11241100x8000000000000000289375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f1001b2df58ca2023-02-08 09:51:24.484root 11241100x8000000000000000289384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc47c04ae7ef44d2023-02-08 09:51:24.485root 11241100x8000000000000000289383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feccec6b9764b86d2023-02-08 09:51:24.485root 11241100x8000000000000000289382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8685f974d62c2b7d2023-02-08 09:51:24.485root 11241100x8000000000000000289381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520456f85763909d2023-02-08 09:51:24.485root 11241100x8000000000000000289380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40619f248376da572023-02-08 09:51:24.485root 11241100x8000000000000000289379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c468aa8df76326bb2023-02-08 09:51:24.485root 11241100x8000000000000000289378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6097223c299acdcf2023-02-08 09:51:24.485root 11241100x8000000000000000289377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03932ccea12250a2023-02-08 09:51:24.485root 11241100x8000000000000000289397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55c3089f0d57ec32023-02-08 09:51:24.486root 11241100x8000000000000000289396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14babbfea88f5532023-02-08 09:51:24.486root 11241100x8000000000000000289395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd764908543ba132023-02-08 09:51:24.486root 11241100x8000000000000000289394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0a75717b2e924f2023-02-08 09:51:24.486root 11241100x8000000000000000289393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecb1a62a9623cac2023-02-08 09:51:24.486root 11241100x8000000000000000289392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fce282a47baeb82023-02-08 09:51:24.486root 11241100x8000000000000000289391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232d272722652e312023-02-08 09:51:24.486root 11241100x8000000000000000289390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cf89f0e4991b232023-02-08 09:51:24.486root 11241100x8000000000000000289389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff88930fca4e6542023-02-08 09:51:24.486root 11241100x8000000000000000289388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c21148b4edc27f02023-02-08 09:51:24.486root 11241100x8000000000000000289387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa7d8d53df478692023-02-08 09:51:24.486root 11241100x8000000000000000289386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee25405d99742d2023-02-08 09:51:24.486root 11241100x8000000000000000289385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4c6cbb927f8952023-02-08 09:51:24.486root 11241100x8000000000000000289404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b648306972922242023-02-08 09:51:24.487root 11241100x8000000000000000289403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50403e8bab67ed902023-02-08 09:51:24.487root 11241100x8000000000000000289402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e422698aa62aa872023-02-08 09:51:24.487root 11241100x8000000000000000289401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c577ec4eb2eee0722023-02-08 09:51:24.487root 11241100x8000000000000000289400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f863dcbc7b836222023-02-08 09:51:24.487root 11241100x8000000000000000289399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38a3d0db5aaed562023-02-08 09:51:24.487root 11241100x8000000000000000289398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd0759a5bd5c512023-02-08 09:51:24.487root 11241100x8000000000000000289406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5b4341c0854f0b2023-02-08 09:51:24.488root 11241100x8000000000000000289405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df0b921be162fa32023-02-08 09:51:24.488root 11241100x8000000000000000289413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8abb26358cf87272023-02-08 09:51:24.984root 11241100x8000000000000000289412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9f628ae05f88692023-02-08 09:51:24.984root 11241100x8000000000000000289411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1a1a4e948c29872023-02-08 09:51:24.984root 11241100x8000000000000000289410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d2dfef097ddd2b2023-02-08 09:51:24.984root 11241100x8000000000000000289409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fde38604c8897e2023-02-08 09:51:24.984root 11241100x8000000000000000289408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f822341dbeb892a42023-02-08 09:51:24.984root 11241100x8000000000000000289407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1463e262c7a6e2102023-02-08 09:51:24.984root 11241100x8000000000000000289422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209299d8019683822023-02-08 09:51:24.985root 11241100x8000000000000000289421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf3b7413334ecb92023-02-08 09:51:24.985root 11241100x8000000000000000289420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee8802a1850120f2023-02-08 09:51:24.985root 11241100x8000000000000000289419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9cb0a72fd8f70c2023-02-08 09:51:24.985root 11241100x8000000000000000289418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e699a9977f8132452023-02-08 09:51:24.985root 11241100x8000000000000000289417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148896318ad170952023-02-08 09:51:24.985root 11241100x8000000000000000289416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f581f48c1c4a3f2023-02-08 09:51:24.985root 11241100x8000000000000000289415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b657592a096a45492023-02-08 09:51:24.985root 11241100x8000000000000000289414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822ec6ba2b17acf92023-02-08 09:51:24.985root 11241100x8000000000000000289434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7679c2fa5ade3e2023-02-08 09:51:24.986root 11241100x8000000000000000289433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8917e9b706b1541c2023-02-08 09:51:24.986root 11241100x8000000000000000289432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65488636c2944102023-02-08 09:51:24.986root 11241100x8000000000000000289431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeb857de5f2f8d22023-02-08 09:51:24.986root 11241100x8000000000000000289430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1b4034d2529d042023-02-08 09:51:24.986root 11241100x8000000000000000289429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561fe06aac0b964f2023-02-08 09:51:24.986root 11241100x8000000000000000289428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f95a2ec1b8394532023-02-08 09:51:24.986root 11241100x8000000000000000289427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a66df11400d05c2023-02-08 09:51:24.986root 11241100x8000000000000000289426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c172625dc5bd95e2023-02-08 09:51:24.986root 11241100x8000000000000000289425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc66fca7e5bd9112023-02-08 09:51:24.986root 11241100x8000000000000000289424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbaab4497096d5e2023-02-08 09:51:24.986root 11241100x8000000000000000289423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d21203cc106dbb2023-02-08 09:51:24.986root 11241100x8000000000000000289439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8fdf64468737482023-02-08 09:51:24.987root 11241100x8000000000000000289438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9351092dfd9aef2023-02-08 09:51:24.987root 11241100x8000000000000000289437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5115c643c7136e22023-02-08 09:51:24.987root 11241100x8000000000000000289436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac256ca46c7b15f2023-02-08 09:51:24.987root 11241100x8000000000000000289435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d0f17c078b59712023-02-08 09:51:24.987root 11241100x8000000000000000289444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3664efa02e5abf92023-02-08 09:51:24.988root 11241100x8000000000000000289443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b326cd8f7bd8dad02023-02-08 09:51:24.988root 11241100x8000000000000000289442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b344eec4cc2e033c2023-02-08 09:51:24.988root 11241100x8000000000000000289441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57847c9fb1a5247c2023-02-08 09:51:24.988root 11241100x8000000000000000289440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ab500d542d0cb32023-02-08 09:51:24.988root 11241100x8000000000000000289458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040187ae4fd3ee222023-02-08 09:51:24.989root 11241100x8000000000000000289457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28173d440352213b2023-02-08 09:51:24.989root 11241100x8000000000000000289456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e8e89736ddbf432023-02-08 09:51:24.989root 11241100x8000000000000000289455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ea6ce703cb60d12023-02-08 09:51:24.989root 11241100x8000000000000000289454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f932b48c68b632023-02-08 09:51:24.989root 11241100x8000000000000000289453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d766b5e6c78e0b2023-02-08 09:51:24.989root 11241100x8000000000000000289452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f185330949facb502023-02-08 09:51:24.989root 11241100x8000000000000000289451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2573f588073068a82023-02-08 09:51:24.989root 11241100x8000000000000000289450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0fb257de98fe742023-02-08 09:51:24.989root 11241100x8000000000000000289449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b483af4c102e23362023-02-08 09:51:24.989root 11241100x8000000000000000289448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5189e26d3eb08332023-02-08 09:51:24.989root 11241100x8000000000000000289447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807735058d7b6bcc2023-02-08 09:51:24.989root 11241100x8000000000000000289446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96920e48e82ff982023-02-08 09:51:24.989root 11241100x8000000000000000289445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafa1b341b31b2ec2023-02-08 09:51:24.989root 11241100x8000000000000000289467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2276fb8525f084332023-02-08 09:51:24.990root 11241100x8000000000000000289466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f8ca382d0852852023-02-08 09:51:24.990root 11241100x8000000000000000289465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb8242cd45094572023-02-08 09:51:24.990root 11241100x8000000000000000289464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed837c2444475eb22023-02-08 09:51:24.990root 11241100x8000000000000000289463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0650d5d55dba10f42023-02-08 09:51:24.990root 11241100x8000000000000000289462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e307a7773a7271ea2023-02-08 09:51:24.990root 11241100x8000000000000000289461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb3f7ef73fd15f2023-02-08 09:51:24.990root 11241100x8000000000000000289460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c17bd607d95ee82023-02-08 09:51:24.990root 11241100x8000000000000000289459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:24.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea9395a07c015132023-02-08 09:51:24.990root 11241100x8000000000000000289479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47010e3be46f21af2023-02-08 09:51:25.485root 11241100x8000000000000000289478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ae76e2a137f2dd2023-02-08 09:51:25.485root 11241100x8000000000000000289477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff0e364b4fe065a2023-02-08 09:51:25.485root 11241100x8000000000000000289476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1865a470c446ec452023-02-08 09:51:25.485root 11241100x8000000000000000289475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c46d318678412672023-02-08 09:51:25.485root 11241100x8000000000000000289474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b203bae8d5643c2023-02-08 09:51:25.485root 11241100x8000000000000000289473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878e1978651d40e62023-02-08 09:51:25.485root 11241100x8000000000000000289472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420c79119e90d9d52023-02-08 09:51:25.485root 11241100x8000000000000000289471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792593bb59dcdb22023-02-08 09:51:25.485root 11241100x8000000000000000289470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5e59b2d1f085542023-02-08 09:51:25.485root 11241100x8000000000000000289469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4641c905dbb9079d2023-02-08 09:51:25.485root 11241100x8000000000000000289468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d65dfc0d6335cbe2023-02-08 09:51:25.485root 11241100x8000000000000000289488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2d83cf928808062023-02-08 09:51:25.486root 11241100x8000000000000000289487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fd360353a5a9a42023-02-08 09:51:25.486root 11241100x8000000000000000289486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7a13ffa880a022023-02-08 09:51:25.486root 11241100x8000000000000000289485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bcc7876d1bfa862023-02-08 09:51:25.486root 11241100x8000000000000000289484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5384b57d3640c15b2023-02-08 09:51:25.486root 11241100x8000000000000000289483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e64bdbed353d8ad2023-02-08 09:51:25.486root 11241100x8000000000000000289482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d75567c702f8cfc2023-02-08 09:51:25.486root 11241100x8000000000000000289481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed54a309d1280eac2023-02-08 09:51:25.486root 11241100x8000000000000000289480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e3885e8c60bd792023-02-08 09:51:25.486root 11241100x8000000000000000289497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27932b3a4f5aefd12023-02-08 09:51:25.487root 11241100x8000000000000000289496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e84b43c193664f2023-02-08 09:51:25.487root 11241100x8000000000000000289495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366f148b2c806e032023-02-08 09:51:25.487root 11241100x8000000000000000289494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d77ee0abf4ec5b2023-02-08 09:51:25.487root 11241100x8000000000000000289493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71654d5bac54f472023-02-08 09:51:25.487root 11241100x8000000000000000289492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b290e0c97d97c4672023-02-08 09:51:25.487root 11241100x8000000000000000289491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af69a9a6448c4af82023-02-08 09:51:25.487root 11241100x8000000000000000289490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575fdfb52f9070572023-02-08 09:51:25.487root 11241100x8000000000000000289489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412426840f1754302023-02-08 09:51:25.487root 11241100x8000000000000000289499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3233c1229c9d57f2023-02-08 09:51:25.488root 11241100x8000000000000000289498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95622369adb434592023-02-08 09:51:25.488root 11241100x8000000000000000289501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd865cd2fdedbbd22023-02-08 09:51:25.984root 11241100x8000000000000000289500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c6b0f5e85075c2023-02-08 09:51:25.984root 11241100x8000000000000000289509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6913bef5cad3ba12023-02-08 09:51:25.985root 11241100x8000000000000000289508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275e627521cbc8ed2023-02-08 09:51:25.985root 11241100x8000000000000000289507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0eba5363e8e0de62023-02-08 09:51:25.985root 11241100x8000000000000000289506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48081fdaf634e0952023-02-08 09:51:25.985root 11241100x8000000000000000289505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900c691cecfd96ab2023-02-08 09:51:25.985root 11241100x8000000000000000289504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7c1edd4f6a8f702023-02-08 09:51:25.985root 11241100x8000000000000000289503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a854d9afd792c2e2023-02-08 09:51:25.985root 11241100x8000000000000000289502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cc92ca1828353f2023-02-08 09:51:25.985root 11241100x8000000000000000289518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4bfa9db6705c2a2023-02-08 09:51:25.986root 11241100x8000000000000000289517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84607a8f3e19aadd2023-02-08 09:51:25.986root 11241100x8000000000000000289516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d717030346e2f22023-02-08 09:51:25.986root 11241100x8000000000000000289515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7d5a7491cc58dd2023-02-08 09:51:25.986root 11241100x8000000000000000289514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108ff716b3dccbeb2023-02-08 09:51:25.986root 11241100x8000000000000000289513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9263dae69c158e272023-02-08 09:51:25.986root 11241100x8000000000000000289512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca6fa409b0b3ba72023-02-08 09:51:25.986root 11241100x8000000000000000289511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d60569c8a8bfa12023-02-08 09:51:25.986root 11241100x8000000000000000289510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9a766eea8f9ad32023-02-08 09:51:25.986root 11241100x8000000000000000289525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88215c5b65cd05f12023-02-08 09:51:25.987root 11241100x8000000000000000289524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19906f9a235329af2023-02-08 09:51:25.987root 11241100x8000000000000000289523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbe2635ce722db12023-02-08 09:51:25.987root 11241100x8000000000000000289522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a3e9c164689ff2023-02-08 09:51:25.987root 11241100x8000000000000000289521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d02baa5257155b2023-02-08 09:51:25.987root 11241100x8000000000000000289520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8f609c6594a0882023-02-08 09:51:25.987root 11241100x8000000000000000289519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5408067aa1fd11c12023-02-08 09:51:25.987root 11241100x8000000000000000289531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932b46f628e07ef92023-02-08 09:51:25.988root 11241100x8000000000000000289530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a25f1916e5b942023-02-08 09:51:25.988root 11241100x8000000000000000289529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259ca5ecdca398e52023-02-08 09:51:25.988root 11241100x8000000000000000289528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4f83b45e2964d82023-02-08 09:51:25.988root 11241100x8000000000000000289527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b2ef50c3eac4152023-02-08 09:51:25.988root 11241100x8000000000000000289526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:25.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568245309adbeba92023-02-08 09:51:25.988root 11241100x8000000000000000289532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5642626fdd1695e2023-02-08 09:51:26.484root 11241100x8000000000000000289541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188124561487da282023-02-08 09:51:26.485root 11241100x8000000000000000289540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031c30c1b09028a12023-02-08 09:51:26.485root 11241100x8000000000000000289539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef894c88e2ea70102023-02-08 09:51:26.485root 11241100x8000000000000000289538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485fbd86f69b9c02023-02-08 09:51:26.485root 11241100x8000000000000000289537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091b8c893083a6252023-02-08 09:51:26.485root 11241100x8000000000000000289536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4decd3036d1a18c82023-02-08 09:51:26.485root 11241100x8000000000000000289535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9709147dd78f972023-02-08 09:51:26.485root 11241100x8000000000000000289534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e123a04862c812023-02-08 09:51:26.485root 11241100x8000000000000000289533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc5740ec4b91512023-02-08 09:51:26.485root 11241100x8000000000000000289549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173c3acf18ac7f72023-02-08 09:51:26.486root 11241100x8000000000000000289548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c21a4511f2a122023-02-08 09:51:26.486root 11241100x8000000000000000289547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5e63fe5e2f75102023-02-08 09:51:26.486root 11241100x8000000000000000289546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b79fef5eba56a72023-02-08 09:51:26.486root 11241100x8000000000000000289545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c942aba6d7c2f6b2023-02-08 09:51:26.486root 11241100x8000000000000000289544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20b2ed9c4ec680f2023-02-08 09:51:26.486root 11241100x8000000000000000289543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8865a15dab44ed602023-02-08 09:51:26.486root 11241100x8000000000000000289542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7b53328bd559962023-02-08 09:51:26.486root 11241100x8000000000000000289559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f16b153a492112023-02-08 09:51:26.487root 11241100x8000000000000000289558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a11333fb0b7cb2023-02-08 09:51:26.487root 11241100x8000000000000000289557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafe7264fc4c894f2023-02-08 09:51:26.487root 11241100x8000000000000000289556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41601e616bd2c0632023-02-08 09:51:26.487root 11241100x8000000000000000289555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ad9d6b72bfa5e12023-02-08 09:51:26.487root 11241100x8000000000000000289554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b8bf1296aa63562023-02-08 09:51:26.487root 11241100x8000000000000000289553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55344e05c1faf90d2023-02-08 09:51:26.487root 11241100x8000000000000000289552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe68de291ef03302023-02-08 09:51:26.487root 11241100x8000000000000000289551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554776d5b2bc31182023-02-08 09:51:26.487root 11241100x8000000000000000289550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7581540f02d59962023-02-08 09:51:26.487root 11241100x8000000000000000289563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2539c68c4195018b2023-02-08 09:51:26.488root 11241100x8000000000000000289562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6844f139dce59b672023-02-08 09:51:26.488root 11241100x8000000000000000289561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf8ceacecfcc46d2023-02-08 09:51:26.488root 11241100x8000000000000000289560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10e158bdae79bcf2023-02-08 09:51:26.488root 11241100x8000000000000000289565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b8d51e5594580c2023-02-08 09:51:26.984root 11241100x8000000000000000289564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c58c5845e0d92a2023-02-08 09:51:26.984root 11241100x8000000000000000289575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f769889b04a7602023-02-08 09:51:26.985root 11241100x8000000000000000289574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c8ae34f59d9f8c2023-02-08 09:51:26.985root 11241100x8000000000000000289573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcd7493a64e98742023-02-08 09:51:26.985root 11241100x8000000000000000289572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c5f5b18a0fa252023-02-08 09:51:26.985root 11241100x8000000000000000289571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3389918ea8e32fe32023-02-08 09:51:26.985root 11241100x8000000000000000289570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123df50443189c892023-02-08 09:51:26.985root 11241100x8000000000000000289569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094f66f45c9f35c02023-02-08 09:51:26.985root 11241100x8000000000000000289568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d4841104bd3eb2023-02-08 09:51:26.985root 11241100x8000000000000000289567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f0d5978ea475b22023-02-08 09:51:26.985root 11241100x8000000000000000289566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a3fe19f4e481bf2023-02-08 09:51:26.985root 11241100x8000000000000000289585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4e3cd34b44e2e62023-02-08 09:51:26.986root 11241100x8000000000000000289584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74618ad36ac165202023-02-08 09:51:26.986root 11241100x8000000000000000289583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3233e02814b7c062023-02-08 09:51:26.986root 11241100x8000000000000000289582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebecfd3619de20f22023-02-08 09:51:26.986root 11241100x8000000000000000289581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d230bfd993d552023-02-08 09:51:26.986root 11241100x8000000000000000289580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a474b4b46a31892023-02-08 09:51:26.986root 11241100x8000000000000000289579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaaf5f5b5ce7bc92023-02-08 09:51:26.986root 11241100x8000000000000000289578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac5bf08c391186d2023-02-08 09:51:26.986root 11241100x8000000000000000289577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7ade86a22175082023-02-08 09:51:26.986root 11241100x8000000000000000289576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1f0ea050b4fc52023-02-08 09:51:26.986root 11241100x8000000000000000289595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbe26f9aff704bd2023-02-08 09:51:26.987root 11241100x8000000000000000289594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b289410193ae26232023-02-08 09:51:26.987root 11241100x8000000000000000289593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358781879392d82c2023-02-08 09:51:26.987root 11241100x8000000000000000289592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e373a62d7576702023-02-08 09:51:26.987root 11241100x8000000000000000289591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc81a5d408be371b2023-02-08 09:51:26.987root 11241100x8000000000000000289590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c58ca316a49ca62023-02-08 09:51:26.987root 11241100x8000000000000000289589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15daf0df46a029b32023-02-08 09:51:26.987root 11241100x8000000000000000289588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e16efe92730f5d22023-02-08 09:51:26.987root 11241100x8000000000000000289587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7e90936ee35e582023-02-08 09:51:26.987root 11241100x8000000000000000289586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52095b737b8ab5332023-02-08 09:51:26.987root 11241100x8000000000000000289599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363f64c2f5f99c482023-02-08 09:51:26.988root 11241100x8000000000000000289598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa510bb488318f852023-02-08 09:51:26.988root 11241100x8000000000000000289597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3ba7cf7b41bf292023-02-08 09:51:26.988root 11241100x8000000000000000289596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:26.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e3589f797259f22023-02-08 09:51:26.988root 354300x8000000000000000289600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.107{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35950-false10.0.1.12-8000- 11241100x8000000000000000289608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27921373a888add2023-02-08 09:51:27.485root 11241100x8000000000000000289607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df198bd7ff1c771d2023-02-08 09:51:27.485root 11241100x8000000000000000289606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ab216a3c6a38872023-02-08 09:51:27.485root 11241100x8000000000000000289605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6529ca8da496a8c12023-02-08 09:51:27.485root 11241100x8000000000000000289604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590cf0d106884a142023-02-08 09:51:27.485root 11241100x8000000000000000289603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2ff0dea8c4f3d2023-02-08 09:51:27.485root 11241100x8000000000000000289602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6650414a5710b42023-02-08 09:51:27.485root 11241100x8000000000000000289601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336a26f3700ce0c52023-02-08 09:51:27.485root 11241100x8000000000000000289617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037a7746f143d0082023-02-08 09:51:27.486root 11241100x8000000000000000289616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b865ce6a4436387e2023-02-08 09:51:27.486root 11241100x8000000000000000289615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81f1c9a9b4a13222023-02-08 09:51:27.486root 11241100x8000000000000000289614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93c7b512661d3902023-02-08 09:51:27.486root 11241100x8000000000000000289613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34b78e1ebc5279b2023-02-08 09:51:27.486root 11241100x8000000000000000289612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f08bc776b610fa72023-02-08 09:51:27.486root 11241100x8000000000000000289611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ecf5314da759502023-02-08 09:51:27.486root 11241100x8000000000000000289610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eac05b71a69a512023-02-08 09:51:27.486root 11241100x8000000000000000289609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bae7a503eb72d62023-02-08 09:51:27.486root 11241100x8000000000000000289622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e02f66bdc520a2023-02-08 09:51:27.487root 11241100x8000000000000000289621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e974f1da8dad72023-02-08 09:51:27.487root 11241100x8000000000000000289620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe4cc5c191ed8752023-02-08 09:51:27.487root 11241100x8000000000000000289619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c238965d904b142023-02-08 09:51:27.487root 11241100x8000000000000000289618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f471e91f58fc2f052023-02-08 09:51:27.487root 11241100x8000000000000000289627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff555afe70b87fc2023-02-08 09:51:27.488root 11241100x8000000000000000289626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f6af5ebe0fd3b82023-02-08 09:51:27.488root 11241100x8000000000000000289625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e899960681c5e72023-02-08 09:51:27.488root 11241100x8000000000000000289624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1854b3399bf5b3f72023-02-08 09:51:27.488root 11241100x8000000000000000289623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9273a8e99f4e3302023-02-08 09:51:27.488root 11241100x8000000000000000289631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a65555cdd533992023-02-08 09:51:27.489root 11241100x8000000000000000289630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e72562fcdf2f44e2023-02-08 09:51:27.489root 11241100x8000000000000000289629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f47fc651c759e62023-02-08 09:51:27.489root 11241100x8000000000000000289628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b768082bae8aa812023-02-08 09:51:27.489root 11241100x8000000000000000289633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f58053d877bbfca2023-02-08 09:51:27.490root 11241100x8000000000000000289632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7116dfcb23d58602023-02-08 09:51:27.490root 11241100x8000000000000000289634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dd8530f830f5db2023-02-08 09:51:27.984root 11241100x8000000000000000289641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc24dfeb84cbec432023-02-08 09:51:27.985root 11241100x8000000000000000289640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54073b560f0010f52023-02-08 09:51:27.985root 11241100x8000000000000000289639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ea8bb7f4930632023-02-08 09:51:27.985root 11241100x8000000000000000289638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae633640531a126b2023-02-08 09:51:27.985root 11241100x8000000000000000289637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702960f40001ce812023-02-08 09:51:27.985root 11241100x8000000000000000289636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159f3108d572483f2023-02-08 09:51:27.985root 11241100x8000000000000000289635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a6bdaa6269e8e12023-02-08 09:51:27.985root 11241100x8000000000000000289648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b92b2d32f4b0d2023-02-08 09:51:27.986root 11241100x8000000000000000289647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eb9401d5e5857e2023-02-08 09:51:27.986root 11241100x8000000000000000289646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeff0ca398ea93012023-02-08 09:51:27.986root 11241100x8000000000000000289645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d474ab725451670c2023-02-08 09:51:27.986root 11241100x8000000000000000289644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8b55b5c62f7a9d2023-02-08 09:51:27.986root 11241100x8000000000000000289643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8435ad111795b12023-02-08 09:51:27.986root 11241100x8000000000000000289642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f02fb39fec0864a2023-02-08 09:51:27.986root 11241100x8000000000000000289656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5771124ddf541eb32023-02-08 09:51:27.987root 11241100x8000000000000000289655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fc379b7be9d0292023-02-08 09:51:27.987root 11241100x8000000000000000289654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523cc931b7fdbc112023-02-08 09:51:27.987root 11241100x8000000000000000289653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74a266e08ffa3b72023-02-08 09:51:27.987root 11241100x8000000000000000289652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf94a2469039ae012023-02-08 09:51:27.987root 11241100x8000000000000000289651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b740197f7997dfe92023-02-08 09:51:27.987root 11241100x8000000000000000289650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a3d083c7985fac2023-02-08 09:51:27.987root 11241100x8000000000000000289649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045809fe869646c2023-02-08 09:51:27.987root 11241100x8000000000000000289663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d47900bb6bfe932023-02-08 09:51:27.988root 11241100x8000000000000000289662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af07b17aefb7fce02023-02-08 09:51:27.988root 11241100x8000000000000000289661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e27fb388222eb0b2023-02-08 09:51:27.988root 11241100x8000000000000000289660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408f7d152143aa592023-02-08 09:51:27.988root 11241100x8000000000000000289659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a74ed2873d69442023-02-08 09:51:27.988root 11241100x8000000000000000289658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062e770888b823812023-02-08 09:51:27.988root 11241100x8000000000000000289657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6012ba6420d9bfd12023-02-08 09:51:27.988root 11241100x8000000000000000289666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397cf5998a2f31382023-02-08 09:51:27.989root 11241100x8000000000000000289665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be60d3cf1bd95212023-02-08 09:51:27.989root 11241100x8000000000000000289664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:27.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a12ee53bba3f72023-02-08 09:51:27.989root 11241100x8000000000000000289673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e03546f116bf5402023-02-08 09:51:28.485root 11241100x8000000000000000289672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32380359aa7f8722023-02-08 09:51:28.485root 11241100x8000000000000000289671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbfc1fc2b3d91142023-02-08 09:51:28.485root 11241100x8000000000000000289670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750d56739920ec7d2023-02-08 09:51:28.485root 11241100x8000000000000000289669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368733fd38ed4f712023-02-08 09:51:28.485root 11241100x8000000000000000289668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8d75c099e2fd42023-02-08 09:51:28.485root 11241100x8000000000000000289667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2ea553f4eb69192023-02-08 09:51:28.485root 11241100x8000000000000000289682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89c230c5223aa92023-02-08 09:51:28.486root 11241100x8000000000000000289681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638b0af320633ea72023-02-08 09:51:28.486root 11241100x8000000000000000289680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572dd7bcca7bdbc2023-02-08 09:51:28.486root 11241100x8000000000000000289679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9175fe51228ba2562023-02-08 09:51:28.486root 11241100x8000000000000000289678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417eb5b8aaad45c62023-02-08 09:51:28.486root 11241100x8000000000000000289677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ed01e2795ce43e2023-02-08 09:51:28.486root 11241100x8000000000000000289676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd2397d58076fb2023-02-08 09:51:28.486root 11241100x8000000000000000289675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae35b750dcf28e4e2023-02-08 09:51:28.486root 11241100x8000000000000000289674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ecb93aca4b15ab2023-02-08 09:51:28.486root 11241100x8000000000000000289692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b19cf164737577c2023-02-08 09:51:28.487root 11241100x8000000000000000289691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c29bcb08def89f2023-02-08 09:51:28.487root 11241100x8000000000000000289690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6b55b5c9f6e942023-02-08 09:51:28.487root 11241100x8000000000000000289689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ded7c57cdc408692023-02-08 09:51:28.487root 11241100x8000000000000000289688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3dcf7597a7597ce2023-02-08 09:51:28.487root 11241100x8000000000000000289687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9745587a3d73e7b72023-02-08 09:51:28.487root 11241100x8000000000000000289686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a8e7b2e1ea8052023-02-08 09:51:28.487root 11241100x8000000000000000289685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c2439fed8b436a2023-02-08 09:51:28.487root 11241100x8000000000000000289684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7ffbefeedc3a52023-02-08 09:51:28.487root 11241100x8000000000000000289683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c34bb09886fc8332023-02-08 09:51:28.487root 11241100x8000000000000000289699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348baad05a7cdba72023-02-08 09:51:28.488root 11241100x8000000000000000289698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d87558d7dd3e7b82023-02-08 09:51:28.488root 11241100x8000000000000000289697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f95d20d0c70832023-02-08 09:51:28.488root 11241100x8000000000000000289696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20d0f2de7b54862023-02-08 09:51:28.488root 11241100x8000000000000000289695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd933ce325ed88682023-02-08 09:51:28.488root 11241100x8000000000000000289694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47acd49b957832082023-02-08 09:51:28.488root 11241100x8000000000000000289693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a53685133a40bc72023-02-08 09:51:28.488root 11241100x8000000000000000289710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b17e6e1e080182023-02-08 09:51:28.984root 11241100x8000000000000000289709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee62b7b258e8e02023-02-08 09:51:28.984root 11241100x8000000000000000289708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c8ad049c1683482023-02-08 09:51:28.984root 11241100x8000000000000000289707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b9083e73d891f52023-02-08 09:51:28.984root 11241100x8000000000000000289706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c168cf7fc9b9d382023-02-08 09:51:28.984root 11241100x8000000000000000289705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3383d3d9f98286b2023-02-08 09:51:28.984root 11241100x8000000000000000289704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767817c9e90550452023-02-08 09:51:28.984root 11241100x8000000000000000289703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd32c48e6f84692023-02-08 09:51:28.984root 11241100x8000000000000000289702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ce7d2dbc8c32e12023-02-08 09:51:28.984root 11241100x8000000000000000289701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e34e1c43aa5492023-02-08 09:51:28.984root 11241100x8000000000000000289700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95203756333a7e9f2023-02-08 09:51:28.984root 11241100x8000000000000000289713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd46bd937999fcde2023-02-08 09:51:28.985root 11241100x8000000000000000289712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46350e19c4e82d942023-02-08 09:51:28.985root 11241100x8000000000000000289711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d993893a76b7d2023-02-08 09:51:28.985root 11241100x8000000000000000289721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df914660f9e1b6d2023-02-08 09:51:28.986root 11241100x8000000000000000289720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46192b09c8d08272023-02-08 09:51:28.986root 11241100x8000000000000000289719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0641d2d2aa61a8482023-02-08 09:51:28.986root 11241100x8000000000000000289718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9577bd45719f25c2023-02-08 09:51:28.986root 11241100x8000000000000000289717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0224d2d6a9903482023-02-08 09:51:28.986root 11241100x8000000000000000289716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee01920b23d285312023-02-08 09:51:28.986root 11241100x8000000000000000289715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afbe85dd455eb4b2023-02-08 09:51:28.986root 11241100x8000000000000000289714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411f7aba6e1c40982023-02-08 09:51:28.986root 11241100x8000000000000000289731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de685074d67eca522023-02-08 09:51:28.987root 11241100x8000000000000000289730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e327fc182b6772023-02-08 09:51:28.987root 11241100x8000000000000000289729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010669345f4e65fd2023-02-08 09:51:28.987root 11241100x8000000000000000289728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5cf2cf46496e442023-02-08 09:51:28.987root 11241100x8000000000000000289727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1721ce069a53852023-02-08 09:51:28.987root 11241100x8000000000000000289726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763e19ca81085e532023-02-08 09:51:28.987root 11241100x8000000000000000289725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4156a1641f55cd2023-02-08 09:51:28.987root 11241100x8000000000000000289724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec99778c9d1b4272023-02-08 09:51:28.987root 11241100x8000000000000000289723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2b4cf22908e1cd2023-02-08 09:51:28.987root 11241100x8000000000000000289722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfc19bccfab0a4c2023-02-08 09:51:28.987root 11241100x8000000000000000289741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee7a933b614b0b22023-02-08 09:51:28.988root 11241100x8000000000000000289740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a660a3a2e79d162023-02-08 09:51:28.988root 11241100x8000000000000000289739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f8704d20dbc93e2023-02-08 09:51:28.988root 11241100x8000000000000000289738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06629e63e78d2e572023-02-08 09:51:28.988root 11241100x8000000000000000289737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e93b5235df9a992023-02-08 09:51:28.988root 11241100x8000000000000000289736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968da57736e9c80d2023-02-08 09:51:28.988root 11241100x8000000000000000289735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd851776b5f07c62023-02-08 09:51:28.988root 11241100x8000000000000000289734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7559c7c47f74c62023-02-08 09:51:28.988root 11241100x8000000000000000289733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51121e27501f38a42023-02-08 09:51:28.988root 11241100x8000000000000000289732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37132855a8a11dc2023-02-08 09:51:28.988root 11241100x8000000000000000289746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be95810268174552023-02-08 09:51:28.989root 11241100x8000000000000000289745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd599934ee21e22023-02-08 09:51:28.989root 11241100x8000000000000000289744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2853e49cb46d95302023-02-08 09:51:28.989root 11241100x8000000000000000289743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c21e7decfd30fd2023-02-08 09:51:28.989root 11241100x8000000000000000289742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:28.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9993fce95154e0742023-02-08 09:51:28.989root 11241100x8000000000000000289749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fabb9b9031d96f2023-02-08 09:51:29.485root 11241100x8000000000000000289748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fa978927c90afe2023-02-08 09:51:29.485root 11241100x8000000000000000289747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4790579437066c2023-02-08 09:51:29.485root 11241100x8000000000000000289753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1135841b525a895c2023-02-08 09:51:29.486root 11241100x8000000000000000289752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f677fd5308ad4f32023-02-08 09:51:29.486root 11241100x8000000000000000289751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14ccbdabde5f8b12023-02-08 09:51:29.486root 11241100x8000000000000000289750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdeda7433f8e3b42023-02-08 09:51:29.486root 11241100x8000000000000000289758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5bf6eb0a46e3b92023-02-08 09:51:29.487root 11241100x8000000000000000289757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e921c2f2df02e0d22023-02-08 09:51:29.487root 11241100x8000000000000000289756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2b32e0e9c554852023-02-08 09:51:29.487root 11241100x8000000000000000289755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92316929cba698f12023-02-08 09:51:29.487root 11241100x8000000000000000289754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22123b713de841302023-02-08 09:51:29.487root 11241100x8000000000000000289763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4bffee56f1514f2023-02-08 09:51:29.488root 11241100x8000000000000000289762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cf4664beb7bc0a2023-02-08 09:51:29.488root 11241100x8000000000000000289761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e28f727474d1f2023-02-08 09:51:29.488root 11241100x8000000000000000289760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177b34ec9f0d4032023-02-08 09:51:29.488root 11241100x8000000000000000289759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236acd0445ecc37c2023-02-08 09:51:29.488root 11241100x8000000000000000289774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342d0b6a0d56c5332023-02-08 09:51:29.489root 11241100x8000000000000000289773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d36a2f780e444922023-02-08 09:51:29.489root 11241100x8000000000000000289772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7bb0a56c3a1682023-02-08 09:51:29.489root 11241100x8000000000000000289771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2d79d69e825f902023-02-08 09:51:29.489root 11241100x8000000000000000289770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4e2ff37262b8b32023-02-08 09:51:29.489root 11241100x8000000000000000289769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be84f048d5828fd22023-02-08 09:51:29.489root 11241100x8000000000000000289768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b54e7c94b81a902023-02-08 09:51:29.489root 11241100x8000000000000000289767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1e311a1a8040522023-02-08 09:51:29.489root 11241100x8000000000000000289766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8394efd765144d602023-02-08 09:51:29.489root 11241100x8000000000000000289765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17774b876309b312023-02-08 09:51:29.489root 11241100x8000000000000000289764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9637ae452420651a2023-02-08 09:51:29.489root 11241100x8000000000000000289779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b5c652c3978c9a2023-02-08 09:51:29.490root 11241100x8000000000000000289778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5a9ed7a99e98392023-02-08 09:51:29.490root 11241100x8000000000000000289777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc65efc628c068f2023-02-08 09:51:29.490root 11241100x8000000000000000289776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed911a67fe71ac42023-02-08 09:51:29.490root 11241100x8000000000000000289775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e4f0dd0ef6d6f2023-02-08 09:51:29.490root 11241100x8000000000000000289780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6379771c3814f8022023-02-08 09:51:29.984root 11241100x8000000000000000289789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b9f958a11e778f2023-02-08 09:51:29.985root 11241100x8000000000000000289788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0f2b26b40147e12023-02-08 09:51:29.985root 11241100x8000000000000000289787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af4c56c48c6eea82023-02-08 09:51:29.985root 11241100x8000000000000000289786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70459371258bc8682023-02-08 09:51:29.985root 11241100x8000000000000000289785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415268c6cd4b69572023-02-08 09:51:29.985root 11241100x8000000000000000289784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34164b95419057b2023-02-08 09:51:29.985root 11241100x8000000000000000289783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e4d9a21fa115e02023-02-08 09:51:29.985root 11241100x8000000000000000289782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3ad22c51bf64e2023-02-08 09:51:29.985root 11241100x8000000000000000289781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da127b7589fd98412023-02-08 09:51:29.985root 11241100x8000000000000000289798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e1ea0e9cab9b222023-02-08 09:51:29.986root 11241100x8000000000000000289797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8df2a304a35eb4a2023-02-08 09:51:29.986root 11241100x8000000000000000289796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd63efabf30d36c42023-02-08 09:51:29.986root 11241100x8000000000000000289795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7158578eaf0ba9722023-02-08 09:51:29.986root 11241100x8000000000000000289794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3b5619c9a197cc2023-02-08 09:51:29.986root 11241100x8000000000000000289793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e01eb8cd1a25052023-02-08 09:51:29.986root 11241100x8000000000000000289792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c94dcd1506ab622023-02-08 09:51:29.986root 11241100x8000000000000000289791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcda35131dbfff32023-02-08 09:51:29.986root 11241100x8000000000000000289790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81e3d278922406e2023-02-08 09:51:29.986root 11241100x8000000000000000289802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b95a803d7e6ec32023-02-08 09:51:29.987root 11241100x8000000000000000289801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8098d48905c4102023-02-08 09:51:29.987root 11241100x8000000000000000289800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733d47087df4c6c72023-02-08 09:51:29.987root 11241100x8000000000000000289799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae98c2e14b16f3b12023-02-08 09:51:29.987root 11241100x8000000000000000289810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd7ead7f5cecae22023-02-08 09:51:29.988root 11241100x8000000000000000289809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0897c9c6147c33b12023-02-08 09:51:29.988root 11241100x8000000000000000289808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80c5103bf0e822d2023-02-08 09:51:29.988root 11241100x8000000000000000289807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d253e78ec471e6592023-02-08 09:51:29.988root 11241100x8000000000000000289806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507c5d6d6e7ad71a2023-02-08 09:51:29.988root 11241100x8000000000000000289805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9f16ed8de35ff82023-02-08 09:51:29.988root 11241100x8000000000000000289804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aaf5e5c5739e2c62023-02-08 09:51:29.988root 11241100x8000000000000000289803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b39d874e2883d42023-02-08 09:51:29.988root 11241100x8000000000000000289812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e19d4e9d77e7da72023-02-08 09:51:29.989root 11241100x8000000000000000289811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:29.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be1f1a30e8162e2023-02-08 09:51:29.989root 11241100x8000000000000000289823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d184389272aeee42023-02-08 09:51:30.484root 11241100x8000000000000000289822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473c36076e1617f42023-02-08 09:51:30.484root 11241100x8000000000000000289821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd7b6e5baa7e372023-02-08 09:51:30.484root 11241100x8000000000000000289820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f687cf6c9841a4cd2023-02-08 09:51:30.484root 11241100x8000000000000000289819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45c15942cb634252023-02-08 09:51:30.484root 11241100x8000000000000000289818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed260138f9863ac2023-02-08 09:51:30.484root 11241100x8000000000000000289817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07c5494e54f7bd02023-02-08 09:51:30.484root 11241100x8000000000000000289816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311dfc6beb8403d12023-02-08 09:51:30.484root 11241100x8000000000000000289815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a071010f7ecc16b32023-02-08 09:51:30.484root 11241100x8000000000000000289814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547a2b41bee51c8f2023-02-08 09:51:30.484root 11241100x8000000000000000289813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a37ed0a1370622023-02-08 09:51:30.484root 11241100x8000000000000000289836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ae6f20600cb3a2023-02-08 09:51:30.485root 11241100x8000000000000000289835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f477f60c87e5022023-02-08 09:51:30.485root 11241100x8000000000000000289834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099157635dd3bc6a2023-02-08 09:51:30.485root 11241100x8000000000000000289833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a843592821906bf32023-02-08 09:51:30.485root 11241100x8000000000000000289832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71081fef25d3bed92023-02-08 09:51:30.485root 11241100x8000000000000000289831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e879a3ec69ca18b72023-02-08 09:51:30.485root 11241100x8000000000000000289830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335db758b54a8cb72023-02-08 09:51:30.485root 11241100x8000000000000000289829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0011ca302a3f82e22023-02-08 09:51:30.485root 11241100x8000000000000000289828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb39fce5f226edf2023-02-08 09:51:30.485root 11241100x8000000000000000289827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec6c91ee2b99aa52023-02-08 09:51:30.485root 11241100x8000000000000000289826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1598d833bb155372023-02-08 09:51:30.485root 11241100x8000000000000000289825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f516a3a225325c842023-02-08 09:51:30.485root 11241100x8000000000000000289824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34e1ce2129eb1652023-02-08 09:51:30.485root 11241100x8000000000000000289847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099df8d0a2696ea2023-02-08 09:51:30.486root 11241100x8000000000000000289846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e40da5a7e7a515f2023-02-08 09:51:30.486root 11241100x8000000000000000289845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c380e03cec55c02023-02-08 09:51:30.486root 11241100x8000000000000000289844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ba4ab72fb6de6d2023-02-08 09:51:30.486root 11241100x8000000000000000289843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32cde06c0bdba5e2023-02-08 09:51:30.486root 11241100x8000000000000000289842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6947ab7fc75103ee2023-02-08 09:51:30.486root 11241100x8000000000000000289841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9420038cc4b9fad2023-02-08 09:51:30.486root 11241100x8000000000000000289840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d294942a46c06282023-02-08 09:51:30.486root 11241100x8000000000000000289839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222c0142028953f2023-02-08 09:51:30.486root 11241100x8000000000000000289838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51b4e5f98a1883a2023-02-08 09:51:30.486root 11241100x8000000000000000289837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2084ba9f15c64d82023-02-08 09:51:30.486root 11241100x8000000000000000289857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86fee2893c94e6b2023-02-08 09:51:30.487root 11241100x8000000000000000289856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65ec6731e2654722023-02-08 09:51:30.487root 11241100x8000000000000000289855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09811728c20cc3742023-02-08 09:51:30.487root 11241100x8000000000000000289854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5150da3a5ad0dff2023-02-08 09:51:30.487root 11241100x8000000000000000289853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d455963a65dda6a2023-02-08 09:51:30.487root 11241100x8000000000000000289852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c9a77a48d43c5c2023-02-08 09:51:30.487root 11241100x8000000000000000289851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5338900806c7fe8b2023-02-08 09:51:30.487root 11241100x8000000000000000289850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527cfa9bcac7d8e62023-02-08 09:51:30.487root 11241100x8000000000000000289849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32e4c54b11615172023-02-08 09:51:30.487root 11241100x8000000000000000289848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cae83c5387486692023-02-08 09:51:30.487root 11241100x8000000000000000289865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f514bedfeb029bc2023-02-08 09:51:30.488root 11241100x8000000000000000289864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855521c39d7e24512023-02-08 09:51:30.488root 11241100x8000000000000000289863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf2ea38ebcbba912023-02-08 09:51:30.488root 11241100x8000000000000000289862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827ab1c38c5aca02023-02-08 09:51:30.488root 11241100x8000000000000000289861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7298ce3f96bf24c2023-02-08 09:51:30.488root 11241100x8000000000000000289860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4fc02619df3f992023-02-08 09:51:30.488root 11241100x8000000000000000289859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afaac166f314ca32023-02-08 09:51:30.488root 11241100x8000000000000000289858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b930c1429593cf2023-02-08 09:51:30.488root 11241100x8000000000000000289876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f53c67cb0861c2023-02-08 09:51:30.489root 11241100x8000000000000000289875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118c851292124772023-02-08 09:51:30.489root 11241100x8000000000000000289874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2149b42b87b6b22023-02-08 09:51:30.489root 11241100x8000000000000000289873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf34663f67a618002023-02-08 09:51:30.489root 11241100x8000000000000000289872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e63b4a2c0a28ff2023-02-08 09:51:30.489root 11241100x8000000000000000289871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8863f6cedf905ec2023-02-08 09:51:30.489root 11241100x8000000000000000289870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e1c1650de5b96a2023-02-08 09:51:30.489root 11241100x8000000000000000289869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd9ceb920c9cbee2023-02-08 09:51:30.489root 11241100x8000000000000000289868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2f16cf1eedf4612023-02-08 09:51:30.489root 11241100x8000000000000000289867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd6a33748dea83e2023-02-08 09:51:30.489root 11241100x8000000000000000289866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3715e52d06802d802023-02-08 09:51:30.489root 11241100x8000000000000000289886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd9940e2bc27cf2023-02-08 09:51:30.490root 11241100x8000000000000000289885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04a4a3ef6879fe62023-02-08 09:51:30.490root 11241100x8000000000000000289884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d695a3180df64ac72023-02-08 09:51:30.490root 11241100x8000000000000000289883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afb3d8f0f5baf242023-02-08 09:51:30.490root 11241100x8000000000000000289882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e643a1b4ce32242023-02-08 09:51:30.490root 11241100x8000000000000000289881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8331369c85eb825f2023-02-08 09:51:30.490root 11241100x8000000000000000289880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71708f4db0a8be1b2023-02-08 09:51:30.490root 11241100x8000000000000000289879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4ac4090a09e6d42023-02-08 09:51:30.490root 11241100x8000000000000000289878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85110f75be969a62023-02-08 09:51:30.490root 11241100x8000000000000000289877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338e79f1b52c23162023-02-08 09:51:30.490root 11241100x8000000000000000289894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ca4b31da6048da2023-02-08 09:51:30.491root 11241100x8000000000000000289893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcee8834924ff142023-02-08 09:51:30.491root 11241100x8000000000000000289892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc1acb73754d17e2023-02-08 09:51:30.491root 11241100x8000000000000000289891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab13188e7c647a42023-02-08 09:51:30.491root 11241100x8000000000000000289890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0277707f4d203dc02023-02-08 09:51:30.491root 11241100x8000000000000000289889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40cf447f48eb91a2023-02-08 09:51:30.491root 11241100x8000000000000000289888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8756212e2bc552262023-02-08 09:51:30.491root 11241100x8000000000000000289887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229c1e2c996bf6542023-02-08 09:51:30.491root 11241100x8000000000000000289901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969e83ac4e801d672023-02-08 09:51:30.492root 11241100x8000000000000000289900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada412fc5a5c0e922023-02-08 09:51:30.492root 11241100x8000000000000000289899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159afd4ffcdc181e2023-02-08 09:51:30.492root 11241100x8000000000000000289898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d415181c8631c5822023-02-08 09:51:30.492root 11241100x8000000000000000289897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a25aa69c6cdffa2023-02-08 09:51:30.492root 11241100x8000000000000000289896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b7a9ba5b9801d2023-02-08 09:51:30.492root 11241100x8000000000000000289895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5fa58473ce54872023-02-08 09:51:30.492root 11241100x8000000000000000289908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f514895d42b4a38e2023-02-08 09:51:30.493root 11241100x8000000000000000289907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264379c0914779902023-02-08 09:51:30.493root 11241100x8000000000000000289906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15cd11d616c73d42023-02-08 09:51:30.493root 11241100x8000000000000000289905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009ab550ba754e12023-02-08 09:51:30.493root 11241100x8000000000000000289904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8469b0b1923b8db2023-02-08 09:51:30.493root 11241100x8000000000000000289903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5147efc439d124a2023-02-08 09:51:30.493root 11241100x8000000000000000289902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dbeb7faba65b692023-02-08 09:51:30.493root 11241100x8000000000000000289917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d59b01e71ccee72023-02-08 09:51:30.494root 11241100x8000000000000000289916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659ddd25b2d918bc2023-02-08 09:51:30.494root 11241100x8000000000000000289915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09053e937f84ec72023-02-08 09:51:30.494root 11241100x8000000000000000289914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf0884eb3aed9a92023-02-08 09:51:30.494root 11241100x8000000000000000289913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364db8a6d1de1ea62023-02-08 09:51:30.494root 11241100x8000000000000000289912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d367434b5081cde2023-02-08 09:51:30.494root 11241100x8000000000000000289911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20a852bf3e0f13b2023-02-08 09:51:30.494root 11241100x8000000000000000289910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93094d66bbba0912023-02-08 09:51:30.494root 11241100x8000000000000000289909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84b0f94dac9cabf2023-02-08 09:51:30.494root 11241100x8000000000000000289926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9025e092f0596e2023-02-08 09:51:30.985root 11241100x8000000000000000289925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fdbd9b50aec9782023-02-08 09:51:30.985root 11241100x8000000000000000289924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fd86d861f4bc232023-02-08 09:51:30.985root 11241100x8000000000000000289923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff1ff6738909342023-02-08 09:51:30.985root 11241100x8000000000000000289922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15127e9e6ff6de352023-02-08 09:51:30.985root 11241100x8000000000000000289921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d20b9e63f69caf2023-02-08 09:51:30.985root 11241100x8000000000000000289920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5960a9d8adb423272023-02-08 09:51:30.985root 11241100x8000000000000000289919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addf91ce958ddd9e2023-02-08 09:51:30.985root 11241100x8000000000000000289918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14b4adb26084a562023-02-08 09:51:30.985root 11241100x8000000000000000289937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b6591811bb00482023-02-08 09:51:30.986root 11241100x8000000000000000289936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07ce8bd17455bab2023-02-08 09:51:30.986root 11241100x8000000000000000289935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0c2f37a6a5ea92023-02-08 09:51:30.986root 11241100x8000000000000000289934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e6d606751b12c2023-02-08 09:51:30.986root 11241100x8000000000000000289933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362eeab048b836582023-02-08 09:51:30.986root 11241100x8000000000000000289932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d49b826664108502023-02-08 09:51:30.986root 11241100x8000000000000000289931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c95af84a30c63e2023-02-08 09:51:30.986root 11241100x8000000000000000289930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f97777b10f175e2023-02-08 09:51:30.986root 11241100x8000000000000000289929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3b7358d79e0d7e2023-02-08 09:51:30.986root 11241100x8000000000000000289928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e97baee875f59d2023-02-08 09:51:30.986root 11241100x8000000000000000289927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7948f1fe0482f392023-02-08 09:51:30.986root 11241100x8000000000000000289946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e72f9c7a49512692023-02-08 09:51:30.987root 11241100x8000000000000000289945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda9932f560af7752023-02-08 09:51:30.987root 11241100x8000000000000000289944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebb190ad82026e62023-02-08 09:51:30.987root 11241100x8000000000000000289943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0f32a90c37cc9f2023-02-08 09:51:30.987root 11241100x8000000000000000289942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34411f2b60912332023-02-08 09:51:30.987root 11241100x8000000000000000289941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58228c038fbecb7f2023-02-08 09:51:30.987root 11241100x8000000000000000289940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3511a2184eca21302023-02-08 09:51:30.987root 11241100x8000000000000000289939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235a08c2d91653f52023-02-08 09:51:30.987root 11241100x8000000000000000289938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a643bde69df2d7c82023-02-08 09:51:30.987root 11241100x8000000000000000289950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc3ffcbb79d7ba12023-02-08 09:51:30.988root 11241100x8000000000000000289949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e8f901610856ea2023-02-08 09:51:30.988root 11241100x8000000000000000289948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38fea578720c2c82023-02-08 09:51:30.988root 11241100x8000000000000000289947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:30.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890e2cc1d9ae26212023-02-08 09:51:30.988root 11241100x8000000000000000289954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccf2524bf9100c52023-02-08 09:51:31.485root 11241100x8000000000000000289953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275f6c0590bc304b2023-02-08 09:51:31.485root 11241100x8000000000000000289952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8919c7367aa45cf02023-02-08 09:51:31.485root 11241100x8000000000000000289951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1824dc6ab63875f2023-02-08 09:51:31.485root 11241100x8000000000000000289959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53650b9f998756d2023-02-08 09:51:31.486root 11241100x8000000000000000289958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbd43dc0aa99e612023-02-08 09:51:31.486root 11241100x8000000000000000289957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6ca2546feb43332023-02-08 09:51:31.486root 11241100x8000000000000000289956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f7fd29033c57f02023-02-08 09:51:31.486root 11241100x8000000000000000289955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b1ec6b0939e0f32023-02-08 09:51:31.486root 11241100x8000000000000000289968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c6afdbe5e29f22023-02-08 09:51:31.487root 11241100x8000000000000000289967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16033e97224d3f412023-02-08 09:51:31.487root 11241100x8000000000000000289966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1f432f771f11852023-02-08 09:51:31.487root 11241100x8000000000000000289965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a84b5fa53dcc8ef2023-02-08 09:51:31.487root 11241100x8000000000000000289964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40a1fd54ffa2c5f2023-02-08 09:51:31.487root 11241100x8000000000000000289963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45c8bf8745079862023-02-08 09:51:31.487root 11241100x8000000000000000289962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516096d44a13a712023-02-08 09:51:31.487root 11241100x8000000000000000289961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f783a2a920c48232023-02-08 09:51:31.487root 11241100x8000000000000000289960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b430a589c8fd4aa2023-02-08 09:51:31.487root 11241100x8000000000000000289982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bc4a4fae01e47b2023-02-08 09:51:31.488root 11241100x8000000000000000289981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c17ed86c0a5c99a2023-02-08 09:51:31.488root 11241100x8000000000000000289980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e31242ffabdf352023-02-08 09:51:31.488root 11241100x8000000000000000289979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745889d0d30a53e32023-02-08 09:51:31.488root 11241100x8000000000000000289978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17512f44d53d1e6c2023-02-08 09:51:31.488root 11241100x8000000000000000289977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd5024e6ac9a812023-02-08 09:51:31.488root 11241100x8000000000000000289976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36af638ea5a51f52023-02-08 09:51:31.488root 11241100x8000000000000000289975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aa37249be216062023-02-08 09:51:31.488root 11241100x8000000000000000289974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9274bcb36a8d8a2023-02-08 09:51:31.488root 11241100x8000000000000000289973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ab7bdb183aa7642023-02-08 09:51:31.488root 11241100x8000000000000000289972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178618323ea4c4222023-02-08 09:51:31.488root 11241100x8000000000000000289971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578bfc3e85076b9a2023-02-08 09:51:31.488root 11241100x8000000000000000289970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307d81411eceb1a52023-02-08 09:51:31.488root 11241100x8000000000000000289969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646f47c0950949a52023-02-08 09:51:31.488root 11241100x8000000000000000289983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af091450bbac8842023-02-08 09:51:31.489root 11241100x8000000000000000289989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b316224e937bb2023-02-08 09:51:31.984root 11241100x8000000000000000289988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7d66a17dc8b7b2023-02-08 09:51:31.984root 11241100x8000000000000000289987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9661f8da50316c2023-02-08 09:51:31.984root 11241100x8000000000000000289986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3819a9f40da683f72023-02-08 09:51:31.984root 11241100x8000000000000000289985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c200d1af2e92b83e2023-02-08 09:51:31.984root 11241100x8000000000000000289984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b3333cba8ad0d82023-02-08 09:51:31.984root 11241100x8000000000000000289993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2ed3c827bac8272023-02-08 09:51:31.985root 11241100x8000000000000000289992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25097f9eb5fa4322023-02-08 09:51:31.985root 11241100x8000000000000000289991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a114a811a0a520952023-02-08 09:51:31.985root 11241100x8000000000000000289990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391a659ffb5cabd82023-02-08 09:51:31.985root 11241100x8000000000000000290002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf17e83394c1b8a22023-02-08 09:51:31.986root 11241100x8000000000000000290001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5757b3d82881a1b22023-02-08 09:51:31.986root 11241100x8000000000000000290000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0ba39865558da72023-02-08 09:51:31.986root 11241100x8000000000000000289999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8cc5aff5d524892023-02-08 09:51:31.986root 11241100x8000000000000000289998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d55cab6e15d1d72023-02-08 09:51:31.986root 11241100x8000000000000000289997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f0aa22e33713b62023-02-08 09:51:31.986root 11241100x8000000000000000289996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9322b30571afec732023-02-08 09:51:31.986root 11241100x8000000000000000289995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c8b1e50b6c6f242023-02-08 09:51:31.986root 11241100x8000000000000000289994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bce76b14b750882023-02-08 09:51:31.986root 11241100x8000000000000000290012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55764978b1f8b762023-02-08 09:51:31.987root 11241100x8000000000000000290011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095b81070832f7222023-02-08 09:51:31.987root 11241100x8000000000000000290010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2cdbcb6cc363f02023-02-08 09:51:31.987root 11241100x8000000000000000290009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b783e211a0025b2b2023-02-08 09:51:31.987root 11241100x8000000000000000290008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a29cda24e1822ec2023-02-08 09:51:31.987root 11241100x8000000000000000290007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf7e2f824616a82023-02-08 09:51:31.987root 11241100x8000000000000000290006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6f284820cd33bd2023-02-08 09:51:31.987root 11241100x8000000000000000290005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0df27a9a0ff87cd2023-02-08 09:51:31.987root 11241100x8000000000000000290004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96648661fafa620d2023-02-08 09:51:31.987root 11241100x8000000000000000290003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f9701628c5923f2023-02-08 09:51:31.987root 11241100x8000000000000000290020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e306d34faa2927d2023-02-08 09:51:31.988root 11241100x8000000000000000290019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bf19f2f98cc8312023-02-08 09:51:31.988root 11241100x8000000000000000290018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3878d6a329488a2023-02-08 09:51:31.988root 11241100x8000000000000000290017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92ce5a15af57bec2023-02-08 09:51:31.988root 11241100x8000000000000000290016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2376b74af1b55e2023-02-08 09:51:31.988root 11241100x8000000000000000290015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9744852776ccff2023-02-08 09:51:31.988root 11241100x8000000000000000290014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e001b24ddcbfc4bc2023-02-08 09:51:31.988root 11241100x8000000000000000290013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4152e2edde52157f2023-02-08 09:51:31.988root 11241100x8000000000000000290025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39db5ddff6071d712023-02-08 09:51:31.989root 11241100x8000000000000000290024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a620a250c58c7562023-02-08 09:51:31.989root 11241100x8000000000000000290023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9caff55df6b1fb32023-02-08 09:51:31.989root 11241100x8000000000000000290022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a75a5688fd324a2023-02-08 09:51:31.989root 11241100x8000000000000000290021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:31.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d127652c90a87812023-02-08 09:51:31.989root 11241100x8000000000000000290027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d65cec60622e3a2023-02-08 09:51:32.240root 354300x8000000000000000290026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.240{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-45754-false10.0.1.12-8000- 11241100x8000000000000000290039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeaeae8125726ff2023-02-08 09:51:32.241root 11241100x8000000000000000290038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd062d401eb700e2023-02-08 09:51:32.241root 11241100x8000000000000000290037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe633a652868eccf2023-02-08 09:51:32.241root 11241100x8000000000000000290036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87183296fc4b29f32023-02-08 09:51:32.241root 11241100x8000000000000000290035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a29c9187c01bf22023-02-08 09:51:32.241root 11241100x8000000000000000290034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9d601d9ad570e12023-02-08 09:51:32.241root 11241100x8000000000000000290033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250addcd1a02f262023-02-08 09:51:32.241root 11241100x8000000000000000290032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fb62fb19ff12dd2023-02-08 09:51:32.241root 11241100x8000000000000000290031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09d1a4f4449e2fb2023-02-08 09:51:32.241root 11241100x8000000000000000290030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a799c9f7f5fab2023-02-08 09:51:32.241root 11241100x8000000000000000290029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c3ea0a94195ce12023-02-08 09:51:32.241root 11241100x8000000000000000290028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c51fe12ab97912023-02-08 09:51:32.241root 11241100x8000000000000000290048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c344b92e221d72023-02-08 09:51:32.242root 11241100x8000000000000000290047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325b3ff6d51ed1ba2023-02-08 09:51:32.242root 11241100x8000000000000000290046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889909e2fd36adea2023-02-08 09:51:32.242root 11241100x8000000000000000290045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcde5287ac2754e2023-02-08 09:51:32.242root 11241100x8000000000000000290044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f8c33a2cb6431b2023-02-08 09:51:32.242root 11241100x8000000000000000290043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e35f3c0872d00f72023-02-08 09:51:32.242root 11241100x8000000000000000290042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967da254a492051b2023-02-08 09:51:32.242root 11241100x8000000000000000290041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215ef358b9f8e1202023-02-08 09:51:32.242root 11241100x8000000000000000290040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef622a01530c72ae2023-02-08 09:51:32.242root 11241100x8000000000000000290054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4749e43f771279552023-02-08 09:51:32.243root 11241100x8000000000000000290053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ab0ff3b665f8722023-02-08 09:51:32.243root 11241100x8000000000000000290052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8ee7cc7e5df7762023-02-08 09:51:32.243root 11241100x8000000000000000290051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac098810c2dd9182023-02-08 09:51:32.243root 11241100x8000000000000000290050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1ccd4f664175ad2023-02-08 09:51:32.243root 11241100x8000000000000000290049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7825fdfcfcde58e52023-02-08 09:51:32.243root 11241100x8000000000000000290065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab26048a1083df0b2023-02-08 09:51:32.244root 11241100x8000000000000000290064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aeadc15f200cd92023-02-08 09:51:32.244root 11241100x8000000000000000290063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81a0373ca55bbdb2023-02-08 09:51:32.244root 11241100x8000000000000000290062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53964678b04df4fe2023-02-08 09:51:32.244root 11241100x8000000000000000290061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad56ad44fcbf17e2023-02-08 09:51:32.244root 11241100x8000000000000000290060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f52d8a61f13d40c2023-02-08 09:51:32.244root 11241100x8000000000000000290059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60c63cc8e4a3e022023-02-08 09:51:32.244root 11241100x8000000000000000290058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41eaca9b98ed3452023-02-08 09:51:32.244root 11241100x8000000000000000290057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fdb77ed32013122023-02-08 09:51:32.244root 11241100x8000000000000000290056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f930d56c367172023-02-08 09:51:32.244root 11241100x8000000000000000290055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.244{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d897fb58244c673c2023-02-08 09:51:32.244root 11241100x8000000000000000290076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee356bedfa3ef3e32023-02-08 09:51:32.245root 11241100x8000000000000000290075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841f1ddc2011d4042023-02-08 09:51:32.245root 11241100x8000000000000000290074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec36a72d58f5d902023-02-08 09:51:32.245root 11241100x8000000000000000290073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52b6fb3cbeb2dc82023-02-08 09:51:32.245root 11241100x8000000000000000290072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d771ae01675d8a52023-02-08 09:51:32.245root 11241100x8000000000000000290071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396fe5f5d956450d2023-02-08 09:51:32.245root 11241100x8000000000000000290070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb833a38201076be2023-02-08 09:51:32.245root 11241100x8000000000000000290069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fcc5954d318c472023-02-08 09:51:32.245root 11241100x8000000000000000290068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5a71c83bff402d2023-02-08 09:51:32.245root 11241100x8000000000000000290067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34e8caa24ec7cf92023-02-08 09:51:32.245root 11241100x8000000000000000290066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.245{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaa4f65e19c40142023-02-08 09:51:32.245root 11241100x8000000000000000290077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.246{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3224588ae46a4112023-02-08 09:51:32.246root 11241100x8000000000000000290084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d38bad4d59fad82023-02-08 09:51:32.734root 11241100x8000000000000000290083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26caf709cf612d962023-02-08 09:51:32.734root 11241100x8000000000000000290082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e0b48f5deba8052023-02-08 09:51:32.734root 11241100x8000000000000000290081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaf79fe4bd2c5822023-02-08 09:51:32.734root 11241100x8000000000000000290080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba8d965404696de2023-02-08 09:51:32.734root 11241100x8000000000000000290079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22be3a98bd7b3a9a2023-02-08 09:51:32.734root 11241100x8000000000000000290078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f67743d2ca5fca2023-02-08 09:51:32.734root 11241100x8000000000000000290093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b59c120b028da4b2023-02-08 09:51:32.735root 11241100x8000000000000000290092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d85abded1f3af772023-02-08 09:51:32.735root 11241100x8000000000000000290091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c455083a7301ed42023-02-08 09:51:32.735root 11241100x8000000000000000290090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ae71b185f1fa7e2023-02-08 09:51:32.735root 11241100x8000000000000000290089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa093fce2a7574e2023-02-08 09:51:32.735root 11241100x8000000000000000290088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58073af4d09217ca2023-02-08 09:51:32.735root 11241100x8000000000000000290087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bf89eab1c55dae2023-02-08 09:51:32.735root 11241100x8000000000000000290086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0a2877f238c072023-02-08 09:51:32.735root 11241100x8000000000000000290085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a9f82bc869c19a2023-02-08 09:51:32.735root 11241100x8000000000000000290108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4622bb7898ab22023-02-08 09:51:32.736root 11241100x8000000000000000290107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382fd4ab31f83cb2023-02-08 09:51:32.736root 11241100x8000000000000000290106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7b18a146a82302023-02-08 09:51:32.736root 11241100x8000000000000000290105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209ceab1ee1ebc72023-02-08 09:51:32.736root 11241100x8000000000000000290104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411b69164a170e3e2023-02-08 09:51:32.736root 11241100x8000000000000000290103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291c49d233d00cb42023-02-08 09:51:32.736root 11241100x8000000000000000290102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ee4f57ecfbd3d2023-02-08 09:51:32.736root 11241100x8000000000000000290101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c73c5a3fe8d57732023-02-08 09:51:32.736root 11241100x8000000000000000290100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74ea7e900cbd6b22023-02-08 09:51:32.736root 11241100x8000000000000000290099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215693364b8d4fa42023-02-08 09:51:32.736root 11241100x8000000000000000290098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14809785b78ba4d22023-02-08 09:51:32.736root 11241100x8000000000000000290097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f959c70958dc6f2023-02-08 09:51:32.736root 11241100x8000000000000000290096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be52d6ce0a449682023-02-08 09:51:32.736root 11241100x8000000000000000290095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8021b5a6fd9f8f2023-02-08 09:51:32.736root 11241100x8000000000000000290094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5caef24280ba1e82023-02-08 09:51:32.736root 11241100x8000000000000000290119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6367595465c0a22023-02-08 09:51:32.737root 11241100x8000000000000000290118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a166475248b370902023-02-08 09:51:32.737root 11241100x8000000000000000290117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe6d430f626d15e2023-02-08 09:51:32.737root 11241100x8000000000000000290116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b5f8bcc07f98962023-02-08 09:51:32.737root 11241100x8000000000000000290115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c14396c273ab62023-02-08 09:51:32.737root 11241100x8000000000000000290114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1488149cb020c72023-02-08 09:51:32.737root 11241100x8000000000000000290113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b0122a1120f96e2023-02-08 09:51:32.737root 11241100x8000000000000000290112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12236c27505d82492023-02-08 09:51:32.737root 11241100x8000000000000000290111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e35535b6999b3f2023-02-08 09:51:32.737root 11241100x8000000000000000290110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a307abafb7c9d0f2023-02-08 09:51:32.737root 11241100x8000000000000000290109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e0ef6b8e5db192023-02-08 09:51:32.737root 11241100x8000000000000000290134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5187f74a9fac130b2023-02-08 09:51:32.738root 11241100x8000000000000000290133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfcb60e9f7870492023-02-08 09:51:32.738root 11241100x8000000000000000290132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69b416140f436862023-02-08 09:51:32.738root 11241100x8000000000000000290131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e656f374dc6442023-02-08 09:51:32.738root 11241100x8000000000000000290130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44ced16c400c4142023-02-08 09:51:32.738root 11241100x8000000000000000290129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98e0fa5e41a4a432023-02-08 09:51:32.738root 11241100x8000000000000000290128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ba7b348e9103492023-02-08 09:51:32.738root 11241100x8000000000000000290127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70d435483cfa15b2023-02-08 09:51:32.738root 11241100x8000000000000000290126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de596f9d755987b82023-02-08 09:51:32.738root 11241100x8000000000000000290125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6973a6ae75cb812023-02-08 09:51:32.738root 11241100x8000000000000000290124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6354012326066b7f2023-02-08 09:51:32.738root 11241100x8000000000000000290123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2407ad90c4cefb5c2023-02-08 09:51:32.738root 11241100x8000000000000000290122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2472fd6639f59d902023-02-08 09:51:32.738root 11241100x8000000000000000290121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b4c6a77caed7e12023-02-08 09:51:32.738root 11241100x8000000000000000290120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63deba14ea3c1102023-02-08 09:51:32.738root 11241100x8000000000000000290136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e713d5d2b296bfa2023-02-08 09:51:32.739root 11241100x8000000000000000290135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:32.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed96078dffcfa4592023-02-08 09:51:32.739root 11241100x8000000000000000290137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b2cfeb025ec0382023-02-08 09:51:33.234root 11241100x8000000000000000290148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a03f407c79011482023-02-08 09:51:33.235root 11241100x8000000000000000290147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5fb35586d31d82023-02-08 09:51:33.235root 11241100x8000000000000000290146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eba8661bfef33d2023-02-08 09:51:33.235root 11241100x8000000000000000290145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd16f189628848e22023-02-08 09:51:33.235root 11241100x8000000000000000290144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9c04421c725c102023-02-08 09:51:33.235root 11241100x8000000000000000290143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a86e4bc5997a1c2023-02-08 09:51:33.235root 11241100x8000000000000000290142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da7278066a3e1672023-02-08 09:51:33.235root 11241100x8000000000000000290141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407288cd802cfdcb2023-02-08 09:51:33.235root 11241100x8000000000000000290140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e33776b68371e02023-02-08 09:51:33.235root 11241100x8000000000000000290139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab52001f697837a2023-02-08 09:51:33.235root 11241100x8000000000000000290138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37c9c5d6b328f6c2023-02-08 09:51:33.235root 11241100x8000000000000000290158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b0637c0f99fead2023-02-08 09:51:33.236root 11241100x8000000000000000290157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e5205a1078526f2023-02-08 09:51:33.236root 11241100x8000000000000000290156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de92d72e8048d8e2023-02-08 09:51:33.236root 11241100x8000000000000000290155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb522ce5b8920dbc2023-02-08 09:51:33.236root 11241100x8000000000000000290154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da2ac5fe9a15e612023-02-08 09:51:33.236root 11241100x8000000000000000290153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b024c8add6bbbf52023-02-08 09:51:33.236root 11241100x8000000000000000290152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d161439f9e7e1e512023-02-08 09:51:33.236root 11241100x8000000000000000290151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338baeb44676e7c2023-02-08 09:51:33.236root 11241100x8000000000000000290150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc345c1696f4169b2023-02-08 09:51:33.236root 11241100x8000000000000000290149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a470547c898b5302023-02-08 09:51:33.236root 11241100x8000000000000000290166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff31526f5e21160a2023-02-08 09:51:33.237root 11241100x8000000000000000290165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e1cf0ba48db382023-02-08 09:51:33.237root 11241100x8000000000000000290164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dbc32024ee0f182023-02-08 09:51:33.237root 11241100x8000000000000000290163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e33802cc3bb8a52023-02-08 09:51:33.237root 11241100x8000000000000000290162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0374bbeca6a53f2023-02-08 09:51:33.237root 11241100x8000000000000000290161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aad43b5b2e58b52023-02-08 09:51:33.237root 11241100x8000000000000000290160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec00d4bbe4ea00152023-02-08 09:51:33.237root 11241100x8000000000000000290159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88b679821f216ad2023-02-08 09:51:33.237root 11241100x8000000000000000290172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3dc7d945061ca42023-02-08 09:51:33.238root 11241100x8000000000000000290171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09cb6861867ffe72023-02-08 09:51:33.238root 11241100x8000000000000000290170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1165fa647d212c2023-02-08 09:51:33.238root 11241100x8000000000000000290169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a053181504f4851b2023-02-08 09:51:33.238root 11241100x8000000000000000290168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfb0b0ab13d09e32023-02-08 09:51:33.238root 11241100x8000000000000000290167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b78bcd30a2ffc7e2023-02-08 09:51:33.238root 11241100x8000000000000000290173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f90fd8d61b1a88c2023-02-08 09:51:33.734root 11241100x8000000000000000290177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116d1c998a1a85ac2023-02-08 09:51:33.735root 11241100x8000000000000000290176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d4c8903297c60b2023-02-08 09:51:33.735root 11241100x8000000000000000290175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4010b9b879a5e502023-02-08 09:51:33.735root 11241100x8000000000000000290174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffa02a957448ed2023-02-08 09:51:33.735root 11241100x8000000000000000290183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b9f55c4c95312a2023-02-08 09:51:33.736root 11241100x8000000000000000290182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3dfcfd2b3213a2023-02-08 09:51:33.736root 11241100x8000000000000000290181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dd523d60e5e5c02023-02-08 09:51:33.736root 11241100x8000000000000000290180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a747e29548d6d2023-02-08 09:51:33.736root 11241100x8000000000000000290179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe23e7e6a2a04f92023-02-08 09:51:33.736root 11241100x8000000000000000290178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abaa7137b6df4d42023-02-08 09:51:33.736root 11241100x8000000000000000290189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e8375a2ba909372023-02-08 09:51:33.737root 11241100x8000000000000000290188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ca9b96e3a176d02023-02-08 09:51:33.737root 11241100x8000000000000000290187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016bc8a4c58230c22023-02-08 09:51:33.737root 11241100x8000000000000000290186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132a7911da0d78d42023-02-08 09:51:33.737root 11241100x8000000000000000290185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f707040a37a30dc82023-02-08 09:51:33.737root 11241100x8000000000000000290184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83da013434e826472023-02-08 09:51:33.737root 11241100x8000000000000000290204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e132e37fc9027c2023-02-08 09:51:33.738root 11241100x8000000000000000290203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634d29081a223a3c2023-02-08 09:51:33.738root 11241100x8000000000000000290202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7274abc5ba6c86b2023-02-08 09:51:33.738root 11241100x8000000000000000290201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718170226cf049942023-02-08 09:51:33.738root 11241100x8000000000000000290200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ed5d5ec088d5172023-02-08 09:51:33.738root 11241100x8000000000000000290199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e436c8aa78e9aa562023-02-08 09:51:33.738root 11241100x8000000000000000290198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca6c262c23a60242023-02-08 09:51:33.738root 11241100x8000000000000000290197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51472f12a21e11e62023-02-08 09:51:33.738root 11241100x8000000000000000290196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646a40558594a55c2023-02-08 09:51:33.738root 11241100x8000000000000000290195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310e079c0b05b8682023-02-08 09:51:33.738root 11241100x8000000000000000290194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68428aea07316b2023-02-08 09:51:33.738root 11241100x8000000000000000290193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab5e4da4a33d22b2023-02-08 09:51:33.738root 11241100x8000000000000000290192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddb303b790658772023-02-08 09:51:33.738root 11241100x8000000000000000290191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e84b568a02f6402023-02-08 09:51:33.738root 11241100x8000000000000000290190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f282874d3c5a6db32023-02-08 09:51:33.738root 11241100x8000000000000000290206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6435c21ede6901d72023-02-08 09:51:33.739root 11241100x8000000000000000290205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:33.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b938040d4092112023-02-08 09:51:33.739root 11241100x8000000000000000290219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ddc33e8b13eaa2023-02-08 09:51:34.235root 11241100x8000000000000000290218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2d73e8788430bd2023-02-08 09:51:34.235root 11241100x8000000000000000290217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb4c1a068de2352023-02-08 09:51:34.235root 11241100x8000000000000000290216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640ac6948e540c192023-02-08 09:51:34.235root 11241100x8000000000000000290215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3eea7bf675ad3ec2023-02-08 09:51:34.235root 11241100x8000000000000000290214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2744400dea532b102023-02-08 09:51:34.235root 11241100x8000000000000000290213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504ab5df71730c52023-02-08 09:51:34.235root 11241100x8000000000000000290212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4bde5a7517a2cc2023-02-08 09:51:34.235root 11241100x8000000000000000290211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f93c30e27182b22023-02-08 09:51:34.235root 11241100x8000000000000000290210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc94a36bda97f2122023-02-08 09:51:34.235root 11241100x8000000000000000290209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bc9512d7b37c322023-02-08 09:51:34.235root 11241100x8000000000000000290208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec710c0250e00be2023-02-08 09:51:34.235root 11241100x8000000000000000290207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39ffb191f2c849d2023-02-08 09:51:34.235root 11241100x8000000000000000290224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e700f2ddaba4e22023-02-08 09:51:34.236root 11241100x8000000000000000290223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6503bb4b841f093b2023-02-08 09:51:34.236root 11241100x8000000000000000290222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f81b29eb0e847be2023-02-08 09:51:34.236root 11241100x8000000000000000290221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c4077424e3658d2023-02-08 09:51:34.236root 11241100x8000000000000000290220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7a56c330cd35592023-02-08 09:51:34.236root 11241100x8000000000000000290231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478d87482f558afd2023-02-08 09:51:34.237root 11241100x8000000000000000290230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d3f0e82c0e3f42023-02-08 09:51:34.237root 11241100x8000000000000000290229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1082ffb34e5d7a122023-02-08 09:51:34.237root 11241100x8000000000000000290228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08209c016f3566642023-02-08 09:51:34.237root 11241100x8000000000000000290227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6c11ebda985ea2023-02-08 09:51:34.237root 11241100x8000000000000000290226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ccf5ff0ca9ad72023-02-08 09:51:34.237root 11241100x8000000000000000290225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415f3aced4ab47942023-02-08 09:51:34.237root 11241100x8000000000000000290240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02387acc8edaf1d82023-02-08 09:51:34.238root 11241100x8000000000000000290239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd0fcfa375f3bcc2023-02-08 09:51:34.238root 11241100x8000000000000000290238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8afeddb003d3a22023-02-08 09:51:34.238root 11241100x8000000000000000290237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3e6fe8248778a2023-02-08 09:51:34.238root 11241100x8000000000000000290236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d7edaf71fe8aca2023-02-08 09:51:34.238root 11241100x8000000000000000290235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061e522f56f18ebd2023-02-08 09:51:34.238root 11241100x8000000000000000290234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc49ce25197738e2023-02-08 09:51:34.238root 11241100x8000000000000000290233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb50002248e1f082023-02-08 09:51:34.238root 11241100x8000000000000000290232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9439ecc841b2f12023-02-08 09:51:34.238root 11241100x8000000000000000290241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b48d365e2f87992023-02-08 09:51:34.734root 11241100x8000000000000000290254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5e1a1e7b8ceac22023-02-08 09:51:34.735root 11241100x8000000000000000290253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4452271ff589d812023-02-08 09:51:34.735root 11241100x8000000000000000290252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01256e7e7fc0e932023-02-08 09:51:34.735root 11241100x8000000000000000290251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07a5d17f26187a92023-02-08 09:51:34.735root 11241100x8000000000000000290250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42c9c7583719a02023-02-08 09:51:34.735root 11241100x8000000000000000290249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69cb445f585a9922023-02-08 09:51:34.735root 11241100x8000000000000000290248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222f290b4cf7daa2023-02-08 09:51:34.735root 11241100x8000000000000000290247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f81aa969c892172023-02-08 09:51:34.735root 11241100x8000000000000000290246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246fe1c51feedd042023-02-08 09:51:34.735root 11241100x8000000000000000290245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9ad7132be8275d2023-02-08 09:51:34.735root 11241100x8000000000000000290244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917ebecf1b12adce2023-02-08 09:51:34.735root 11241100x8000000000000000290243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8c223acfa5664d2023-02-08 09:51:34.735root 11241100x8000000000000000290242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1339f8f51f8e02052023-02-08 09:51:34.735root 11241100x8000000000000000290264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e450ddb2f1be89ec2023-02-08 09:51:34.736root 11241100x8000000000000000290263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db101393b464324d2023-02-08 09:51:34.736root 11241100x8000000000000000290262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc9a2d8fcc562232023-02-08 09:51:34.736root 11241100x8000000000000000290261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10f3fa46a31c0582023-02-08 09:51:34.736root 11241100x8000000000000000290260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f712b288ed83e4692023-02-08 09:51:34.736root 11241100x8000000000000000290259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b62b6c8dec36a782023-02-08 09:51:34.736root 11241100x8000000000000000290258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f30cb0b2b97dea2023-02-08 09:51:34.736root 11241100x8000000000000000290257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400d760c7cca45862023-02-08 09:51:34.736root 11241100x8000000000000000290256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180a19af52481a52023-02-08 09:51:34.736root 11241100x8000000000000000290255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca98a6cd1926ade52023-02-08 09:51:34.736root 11241100x8000000000000000290273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc51819d488e4f2023-02-08 09:51:34.737root 11241100x8000000000000000290272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499fd24b3f02dbc62023-02-08 09:51:34.737root 11241100x8000000000000000290271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2324d8c561b1ad2023-02-08 09:51:34.737root 11241100x8000000000000000290270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd764f394946402023-02-08 09:51:34.737root 11241100x8000000000000000290269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657b6bd7a4ff09752023-02-08 09:51:34.737root 11241100x8000000000000000290268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26247b9ad54a04f12023-02-08 09:51:34.737root 11241100x8000000000000000290267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96aeef6ce9f77b62023-02-08 09:51:34.737root 11241100x8000000000000000290266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cbb6d6084157602023-02-08 09:51:34.737root 11241100x8000000000000000290265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61df7e0dfb592102023-02-08 09:51:34.737root 11241100x8000000000000000290274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:34.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe62ca9556192b1c2023-02-08 09:51:34.738root 11241100x8000000000000000290276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98aef177f87d894b2023-02-08 09:51:35.234root 11241100x8000000000000000290275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d5e4f25bb44e482023-02-08 09:51:35.234root 11241100x8000000000000000290285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fb4b42903e563d2023-02-08 09:51:35.235root 11241100x8000000000000000290284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acd802a81b0d0402023-02-08 09:51:35.235root 11241100x8000000000000000290283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dac3a406d9d34da2023-02-08 09:51:35.235root 11241100x8000000000000000290282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c882df4052689d2023-02-08 09:51:35.235root 11241100x8000000000000000290281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1cc7253adb6f62023-02-08 09:51:35.235root 11241100x8000000000000000290280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b164fbb0fe09f2872023-02-08 09:51:35.235root 11241100x8000000000000000290279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b25d8b9a95b2a82023-02-08 09:51:35.235root 11241100x8000000000000000290278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b543a5c3bc8932a32023-02-08 09:51:35.235root 11241100x8000000000000000290277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a42424f4c76ec22023-02-08 09:51:35.235root 11241100x8000000000000000290294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10921e3640d32a4d2023-02-08 09:51:35.236root 11241100x8000000000000000290293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18159592104382a22023-02-08 09:51:35.236root 11241100x8000000000000000290292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140481cd5f33802b2023-02-08 09:51:35.236root 11241100x8000000000000000290291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027dc1ae12090c8f2023-02-08 09:51:35.236root 11241100x8000000000000000290290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08277cac846e76422023-02-08 09:51:35.236root 11241100x8000000000000000290289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568beaaa226720752023-02-08 09:51:35.236root 11241100x8000000000000000290288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4409bc2ac7b0a22e2023-02-08 09:51:35.236root 11241100x8000000000000000290287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2986179f2176c912023-02-08 09:51:35.236root 11241100x8000000000000000290286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49c3dfcec2b518b2023-02-08 09:51:35.236root 11241100x8000000000000000290304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12843e5c38a79562023-02-08 09:51:35.237root 11241100x8000000000000000290303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0b772a768bb8f92023-02-08 09:51:35.237root 11241100x8000000000000000290302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a683bc3654d1fd2023-02-08 09:51:35.237root 11241100x8000000000000000290301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bf6c834ac89bab2023-02-08 09:51:35.237root 11241100x8000000000000000290300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda7726c531705c32023-02-08 09:51:35.237root 11241100x8000000000000000290299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1d42b7f2e7b3422023-02-08 09:51:35.237root 11241100x8000000000000000290298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dc71f093fb25192023-02-08 09:51:35.237root 11241100x8000000000000000290297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cbae86503a62ab2023-02-08 09:51:35.237root 11241100x8000000000000000290296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a835693e68965ef92023-02-08 09:51:35.237root 11241100x8000000000000000290295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8acac9f96e03722023-02-08 09:51:35.237root 11241100x8000000000000000290313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69964b638aa21ecf2023-02-08 09:51:35.238root 11241100x8000000000000000290312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8278408ae7fe7ac2023-02-08 09:51:35.238root 11241100x8000000000000000290311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3b70bcc88a90642023-02-08 09:51:35.238root 11241100x8000000000000000290310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33d8a4fd2c9bb72023-02-08 09:51:35.238root 11241100x8000000000000000290309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f73a89389476a2023-02-08 09:51:35.238root 11241100x8000000000000000290308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e594882aa378482023-02-08 09:51:35.238root 11241100x8000000000000000290307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd64b267cf9fbc92023-02-08 09:51:35.238root 11241100x8000000000000000290306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c6651f505643e2023-02-08 09:51:35.238root 11241100x8000000000000000290305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e25821e833584c2023-02-08 09:51:35.238root 11241100x8000000000000000290317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d298c654fd653a2023-02-08 09:51:35.239root 11241100x8000000000000000290316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80dc9f6e0c8670b2023-02-08 09:51:35.239root 11241100x8000000000000000290315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81177047db06d5a2023-02-08 09:51:35.239root 11241100x8000000000000000290314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba1f63542d7cc72023-02-08 09:51:35.239root 11241100x8000000000000000290326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2859f37268c165b2023-02-08 09:51:35.734root 11241100x8000000000000000290325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c605ccc0c4ec51322023-02-08 09:51:35.734root 11241100x8000000000000000290324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa10a919d8bc70b72023-02-08 09:51:35.734root 11241100x8000000000000000290323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741eb4eff436a5a2023-02-08 09:51:35.734root 11241100x8000000000000000290322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41db17582fc64792023-02-08 09:51:35.734root 11241100x8000000000000000290321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bc95e6cf3361752023-02-08 09:51:35.734root 11241100x8000000000000000290320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d0c0d89f64215e2023-02-08 09:51:35.734root 11241100x8000000000000000290319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ad40db4d284362023-02-08 09:51:35.734root 11241100x8000000000000000290318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ca5e470c3dc24a2023-02-08 09:51:35.734root 11241100x8000000000000000290342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c54a8d5e0dc765e2023-02-08 09:51:35.735root 11241100x8000000000000000290341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d59c3db546573312023-02-08 09:51:35.735root 11241100x8000000000000000290340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a38b7ec0f2af742023-02-08 09:51:35.735root 11241100x8000000000000000290339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64882e491833ab4e2023-02-08 09:51:35.735root 11241100x8000000000000000290338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed39a01bf5224c42023-02-08 09:51:35.735root 11241100x8000000000000000290337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dde430d650e9db2023-02-08 09:51:35.735root 11241100x8000000000000000290336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d33ff650c47e5f2023-02-08 09:51:35.735root 11241100x8000000000000000290335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441f86b756413dfc2023-02-08 09:51:35.735root 11241100x8000000000000000290334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de14955558cdc1c2023-02-08 09:51:35.735root 11241100x8000000000000000290333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418f76980a5dd3572023-02-08 09:51:35.735root 11241100x8000000000000000290332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b54a86b580070bd2023-02-08 09:51:35.735root 11241100x8000000000000000290331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02636f133bee36552023-02-08 09:51:35.735root 11241100x8000000000000000290330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abefa83e7675063b2023-02-08 09:51:35.735root 11241100x8000000000000000290329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cf126e383c9b4b2023-02-08 09:51:35.735root 11241100x8000000000000000290328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52710099bd1161372023-02-08 09:51:35.735root 11241100x8000000000000000290327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c201f620024459e2023-02-08 09:51:35.735root 11241100x8000000000000000290355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01ec33c387406122023-02-08 09:51:35.736root 11241100x8000000000000000290354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab99ef7e23f83d2d2023-02-08 09:51:35.736root 11241100x8000000000000000290353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91547ce4803e49832023-02-08 09:51:35.736root 11241100x8000000000000000290352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad96a92f80b2fff22023-02-08 09:51:35.736root 11241100x8000000000000000290351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceafc49590301eb2023-02-08 09:51:35.736root 11241100x8000000000000000290350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c9d4fcd1bb63af2023-02-08 09:51:35.736root 11241100x8000000000000000290349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c1b8a3f79be6a62023-02-08 09:51:35.736root 11241100x8000000000000000290348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbf0bfa6d07db7a2023-02-08 09:51:35.736root 11241100x8000000000000000290347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafa3327adb6c9a72023-02-08 09:51:35.736root 11241100x8000000000000000290346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aada5c0c04bd5cb92023-02-08 09:51:35.736root 11241100x8000000000000000290345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62692f8c829a53012023-02-08 09:51:35.736root 11241100x8000000000000000290344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cea27179b69abd52023-02-08 09:51:35.736root 11241100x8000000000000000290343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3b185aed51a5ea2023-02-08 09:51:35.736root 11241100x8000000000000000290358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a4090b116d12a02023-02-08 09:51:35.737root 11241100x8000000000000000290357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec30e217d218eb12023-02-08 09:51:35.737root 11241100x8000000000000000290356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e27a3b619df8802023-02-08 09:51:35.737root 11241100x8000000000000000290361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e0bb4c1ff5664a2023-02-08 09:51:35.738root 11241100x8000000000000000290360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fd4939a2e0ddac2023-02-08 09:51:35.738root 11241100x8000000000000000290359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c8be0762f379bf2023-02-08 09:51:35.738root 11241100x8000000000000000290370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027f0b35000ccbb02023-02-08 09:51:35.739root 11241100x8000000000000000290369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b506f662bb4bdd582023-02-08 09:51:35.739root 11241100x8000000000000000290368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ddf359637b4132023-02-08 09:51:35.739root 11241100x8000000000000000290367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b646516b5cdbbb582023-02-08 09:51:35.739root 11241100x8000000000000000290366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b70bd44dc37febf2023-02-08 09:51:35.739root 11241100x8000000000000000290365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83f0e4195b3511a2023-02-08 09:51:35.739root 11241100x8000000000000000290364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bf226bab1f1f892023-02-08 09:51:35.739root 11241100x8000000000000000290363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b799171fcc025542023-02-08 09:51:35.739root 11241100x8000000000000000290362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b37d717bb46d392023-02-08 09:51:35.739root 11241100x8000000000000000290373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd57e1369ab0c042023-02-08 09:51:35.740root 11241100x8000000000000000290372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a5d6f90c943d8c2023-02-08 09:51:35.740root 11241100x8000000000000000290371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd3d5719e5113a52023-02-08 09:51:35.740root 11241100x8000000000000000290379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3af4896a2506ddf2023-02-08 09:51:35.742root 11241100x8000000000000000290378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a8ac2e18337e692023-02-08 09:51:35.742root 11241100x8000000000000000290377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f802de8d7b6dd9452023-02-08 09:51:35.742root 11241100x8000000000000000290376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258676d7f165c0732023-02-08 09:51:35.742root 11241100x8000000000000000290375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601967ac13b8cafe2023-02-08 09:51:35.742root 11241100x8000000000000000290374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056364f2faf801292023-02-08 09:51:35.742root 11241100x8000000000000000290384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a834b1fc469ec72023-02-08 09:51:35.743root 11241100x8000000000000000290383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effd0d0c095f79502023-02-08 09:51:35.743root 11241100x8000000000000000290382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8afe31999e86d32023-02-08 09:51:35.743root 11241100x8000000000000000290381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e63090fe316c72023-02-08 09:51:35.743root 11241100x8000000000000000290380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:35.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f92973a1b3c1c942023-02-08 09:51:35.743root 11241100x8000000000000000290388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144a03bcded8972e2023-02-08 09:51:36.234root 11241100x8000000000000000290387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8594706e1f31f3702023-02-08 09:51:36.234root 11241100x8000000000000000290386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e196053c39f2262023-02-08 09:51:36.234root 11241100x8000000000000000290385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b516cdc93191d392023-02-08 09:51:36.234root 11241100x8000000000000000290398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d581ca04da22adba2023-02-08 09:51:36.235root 11241100x8000000000000000290397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fa38d7bd8394f2023-02-08 09:51:36.235root 11241100x8000000000000000290396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5bc0624a0172872023-02-08 09:51:36.235root 11241100x8000000000000000290395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b036f2ee9a44a2023-02-08 09:51:36.235root 11241100x8000000000000000290394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363794927c84f4e32023-02-08 09:51:36.235root 11241100x8000000000000000290393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4ba4ed5d8a206c2023-02-08 09:51:36.235root 11241100x8000000000000000290392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0411e13dffffa46a2023-02-08 09:51:36.235root 11241100x8000000000000000290391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fe2cf0ae2e28a22023-02-08 09:51:36.235root 11241100x8000000000000000290390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ab6104b6b359af2023-02-08 09:51:36.235root 11241100x8000000000000000290389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bc1ece66bd42d82023-02-08 09:51:36.235root 11241100x8000000000000000290402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c471e041abaf7b2023-02-08 09:51:36.236root 11241100x8000000000000000290401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e875b34fc0721302023-02-08 09:51:36.236root 11241100x8000000000000000290400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb6c3899d779fa2023-02-08 09:51:36.236root 11241100x8000000000000000290399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c76bdbb5b472b72023-02-08 09:51:36.236root 11241100x8000000000000000290407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88088e9e9ffb576c2023-02-08 09:51:36.237root 11241100x8000000000000000290406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1a35652e56ca2a2023-02-08 09:51:36.237root 11241100x8000000000000000290405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d65111f03e7092e2023-02-08 09:51:36.237root 11241100x8000000000000000290404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff270e0016e4eb412023-02-08 09:51:36.237root 11241100x8000000000000000290403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2adf6534e0751cb52023-02-08 09:51:36.237root 11241100x8000000000000000290419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01247b719d69229b2023-02-08 09:51:36.238root 11241100x8000000000000000290418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6819fc8aa22ca82023-02-08 09:51:36.238root 11241100x8000000000000000290417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f61fba8db38a48c2023-02-08 09:51:36.238root 11241100x8000000000000000290416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fbff052b55df432023-02-08 09:51:36.238root 11241100x8000000000000000290415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e98efb45143ce92023-02-08 09:51:36.238root 11241100x8000000000000000290414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032842823a522742023-02-08 09:51:36.238root 11241100x8000000000000000290413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34266d7b80c6affa2023-02-08 09:51:36.238root 11241100x8000000000000000290412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a84c7c188f6b692023-02-08 09:51:36.238root 11241100x8000000000000000290411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0580c3e60572032023-02-08 09:51:36.238root 11241100x8000000000000000290410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6296c9b5c5e0842023-02-08 09:51:36.238root 11241100x8000000000000000290409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2069626ed9dd334b2023-02-08 09:51:36.238root 11241100x8000000000000000290408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54e0c47dd93f06b2023-02-08 09:51:36.238root 11241100x8000000000000000290424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5667e8ecedaa3dc2023-02-08 09:51:36.239root 11241100x8000000000000000290423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befb4b1bf869ce002023-02-08 09:51:36.239root 11241100x8000000000000000290422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da34267c4e79e9c72023-02-08 09:51:36.239root 11241100x8000000000000000290421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3412abf87ac4eefc2023-02-08 09:51:36.239root 11241100x8000000000000000290420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53a25e064150272023-02-08 09:51:36.239root 11241100x8000000000000000290432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d2c06e443ca6582023-02-08 09:51:36.240root 11241100x8000000000000000290431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38860fdc78058312023-02-08 09:51:36.240root 11241100x8000000000000000290430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3363b3dac3ffd92023-02-08 09:51:36.240root 11241100x8000000000000000290429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8217155aa5aaaea92023-02-08 09:51:36.240root 11241100x8000000000000000290428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a89e5adf198612023-02-08 09:51:36.240root 11241100x8000000000000000290427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e2d65d115fb3a2023-02-08 09:51:36.240root 11241100x8000000000000000290426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7875a817c26d27e2023-02-08 09:51:36.240root 11241100x8000000000000000290425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa7fe00ec60e9b22023-02-08 09:51:36.240root 11241100x8000000000000000290433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:51:36.361root 11241100x8000000000000000290434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cc3887c15d62172023-02-08 09:51:36.734root 11241100x8000000000000000290445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c5d77fc0ce4832023-02-08 09:51:36.735root 11241100x8000000000000000290444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba4f63aa0dc9fe22023-02-08 09:51:36.735root 11241100x8000000000000000290443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d0013f9d13be522023-02-08 09:51:36.735root 11241100x8000000000000000290442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7b5852407a41f32023-02-08 09:51:36.735root 11241100x8000000000000000290441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c59d1a70ff622f72023-02-08 09:51:36.735root 11241100x8000000000000000290440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff69570fc6bdfe2023-02-08 09:51:36.735root 11241100x8000000000000000290439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb9f4c77eaee452023-02-08 09:51:36.735root 11241100x8000000000000000290438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7e946fb76afe1d2023-02-08 09:51:36.735root 11241100x8000000000000000290437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312759a2a2428a5f2023-02-08 09:51:36.735root 11241100x8000000000000000290436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacc436953532b2a2023-02-08 09:51:36.735root 11241100x8000000000000000290435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78ba9b5f524f5822023-02-08 09:51:36.735root 11241100x8000000000000000290449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de112458764c16212023-02-08 09:51:36.736root 11241100x8000000000000000290448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390e219272d566772023-02-08 09:51:36.736root 11241100x8000000000000000290447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed46e9e2187a0542023-02-08 09:51:36.736root 11241100x8000000000000000290446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d756dfd44b6b62e2023-02-08 09:51:36.736root 11241100x8000000000000000290454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05e59f29917f6372023-02-08 09:51:36.737root 11241100x8000000000000000290453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5509ec3f2a229fee2023-02-08 09:51:36.737root 11241100x8000000000000000290452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8dd1776ebde6c72023-02-08 09:51:36.737root 11241100x8000000000000000290451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41907caaeaa215e72023-02-08 09:51:36.737root 11241100x8000000000000000290450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebb9fa27df8de152023-02-08 09:51:36.737root 11241100x8000000000000000290457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4595147f9088902023-02-08 09:51:36.738root 11241100x8000000000000000290456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ecec649e84ff312023-02-08 09:51:36.738root 11241100x8000000000000000290455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df82e79f1845b5232023-02-08 09:51:36.738root 11241100x8000000000000000290461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd845f7eeed0e7ca2023-02-08 09:51:36.739root 11241100x8000000000000000290460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca979d315bd3a92023-02-08 09:51:36.739root 11241100x8000000000000000290459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684ff5d71ac33f22023-02-08 09:51:36.739root 11241100x8000000000000000290458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54be6c5e45688c5f2023-02-08 09:51:36.739root 11241100x8000000000000000290466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c085e0e89f5de8f2023-02-08 09:51:36.740root 11241100x8000000000000000290465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76df96e7ba23b502023-02-08 09:51:36.740root 11241100x8000000000000000290464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3edf639b56de1d02023-02-08 09:51:36.740root 11241100x8000000000000000290463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f913f89afc0cf572023-02-08 09:51:36.740root 11241100x8000000000000000290462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e468cace306908e2023-02-08 09:51:36.740root 11241100x8000000000000000290470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5110e2ea011d3c552023-02-08 09:51:36.741root 11241100x8000000000000000290469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fff8597725045c02023-02-08 09:51:36.741root 11241100x8000000000000000290468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c911d650e095dd12023-02-08 09:51:36.741root 11241100x8000000000000000290467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de585ebe970bce2023-02-08 09:51:36.741root 11241100x8000000000000000290477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa3a9715c8f8bd22023-02-08 09:51:36.742root 11241100x8000000000000000290476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ed090665cc589a2023-02-08 09:51:36.742root 11241100x8000000000000000290475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c90b708b697b85d2023-02-08 09:51:36.742root 11241100x8000000000000000290474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b194828aa6aea2023-02-08 09:51:36.742root 11241100x8000000000000000290473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a1c1b709d6c122023-02-08 09:51:36.742root 11241100x8000000000000000290472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e41065ccd68e772023-02-08 09:51:36.742root 11241100x8000000000000000290471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcce993f7f2b8092023-02-08 09:51:36.742root 11241100x8000000000000000290482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238eb6d79abacb2d2023-02-08 09:51:36.743root 11241100x8000000000000000290481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935df500679078962023-02-08 09:51:36.743root 11241100x8000000000000000290480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad24f3b5f6e003b2023-02-08 09:51:36.743root 11241100x8000000000000000290479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83550b6bad40dd1d2023-02-08 09:51:36.743root 11241100x8000000000000000290478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:36.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b682fc0103ea6232023-02-08 09:51:36.743root 11241100x8000000000000000290485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967c50b4da0862242023-02-08 09:51:37.234root 11241100x8000000000000000290484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace62b7e2f5673472023-02-08 09:51:37.234root 11241100x8000000000000000290483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b26492b0e907b42023-02-08 09:51:37.234root 11241100x8000000000000000290495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3567d92a95c6772b2023-02-08 09:51:37.235root 11241100x8000000000000000290494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12adb82afad14cd2023-02-08 09:51:37.235root 11241100x8000000000000000290493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c350d7269f5b192023-02-08 09:51:37.235root 11241100x8000000000000000290492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3101855e8f23032023-02-08 09:51:37.235root 11241100x8000000000000000290491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cae3fbc56b31e952023-02-08 09:51:37.235root 11241100x8000000000000000290490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4787ccea820c6552023-02-08 09:51:37.235root 11241100x8000000000000000290489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ac4d932571336b2023-02-08 09:51:37.235root 11241100x8000000000000000290488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d6ecdd803a0562023-02-08 09:51:37.235root 11241100x8000000000000000290487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6c3056cc00e6972023-02-08 09:51:37.235root 11241100x8000000000000000290486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133c8d756efd7ab72023-02-08 09:51:37.235root 11241100x8000000000000000290504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4f4a1dcee65d092023-02-08 09:51:37.236root 11241100x8000000000000000290503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024603ae3836f7a2023-02-08 09:51:37.236root 11241100x8000000000000000290502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3152475b675fb25a2023-02-08 09:51:37.236root 11241100x8000000000000000290501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3843102e4191941e2023-02-08 09:51:37.236root 11241100x8000000000000000290500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14dd61ba36ed0b02023-02-08 09:51:37.236root 11241100x8000000000000000290499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c2c319c2d45e1d2023-02-08 09:51:37.236root 11241100x8000000000000000290498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e63cb77ef8aacc32023-02-08 09:51:37.236root 11241100x8000000000000000290497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dab3c7f2b82db72023-02-08 09:51:37.236root 11241100x8000000000000000290496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de9b4e34e5c9e942023-02-08 09:51:37.236root 11241100x8000000000000000290513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605445ae665fe9f72023-02-08 09:51:37.237root 11241100x8000000000000000290512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665618a142225fe42023-02-08 09:51:37.237root 11241100x8000000000000000290511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd12f1f463f50f92023-02-08 09:51:37.237root 11241100x8000000000000000290510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11525fd789e10b392023-02-08 09:51:37.237root 11241100x8000000000000000290509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41876c0de94bb502023-02-08 09:51:37.237root 11241100x8000000000000000290508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9b9c374c1a12e42023-02-08 09:51:37.237root 11241100x8000000000000000290507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf9315c89f851d92023-02-08 09:51:37.237root 11241100x8000000000000000290506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba4334e292a4c22023-02-08 09:51:37.237root 11241100x8000000000000000290505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e10f20c8c48796e2023-02-08 09:51:37.237root 11241100x8000000000000000290522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ec2a8c4d5a7b012023-02-08 09:51:37.238root 11241100x8000000000000000290521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caacb179925f59a82023-02-08 09:51:37.238root 11241100x8000000000000000290520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b231ad0f8718b1bf2023-02-08 09:51:37.238root 11241100x8000000000000000290519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dcca73c0d35b732023-02-08 09:51:37.238root 11241100x8000000000000000290518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005faacde13824522023-02-08 09:51:37.238root 11241100x8000000000000000290517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648297ef28b7cb002023-02-08 09:51:37.238root 11241100x8000000000000000290516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a0db3a17fcba322023-02-08 09:51:37.238root 11241100x8000000000000000290515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cb6fc58a1e73562023-02-08 09:51:37.238root 11241100x8000000000000000290514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41013ce2db919b02023-02-08 09:51:37.238root 11241100x8000000000000000290532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f061e226d88b8a292023-02-08 09:51:37.239root 11241100x8000000000000000290531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c0381339e3378a2023-02-08 09:51:37.239root 11241100x8000000000000000290530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3708fb95cba9db2023-02-08 09:51:37.239root 11241100x8000000000000000290529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e229a74207fe472023-02-08 09:51:37.239root 11241100x8000000000000000290528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f2ab799b38ae7b2023-02-08 09:51:37.239root 11241100x8000000000000000290527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46498d898be741f42023-02-08 09:51:37.239root 11241100x8000000000000000290526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bf11ef3039d47a2023-02-08 09:51:37.239root 11241100x8000000000000000290525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71033bd286ebc3882023-02-08 09:51:37.239root 11241100x8000000000000000290524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bc54b0e8b193982023-02-08 09:51:37.239root 11241100x8000000000000000290523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5a43e8b248b562023-02-08 09:51:37.239root 11241100x8000000000000000290535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc1f1e3fa5fabb02023-02-08 09:51:37.240root 11241100x8000000000000000290534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8ef69ab60a09742023-02-08 09:51:37.240root 11241100x8000000000000000290533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc9f3d7d822f13b2023-02-08 09:51:37.240root 11241100x8000000000000000290541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a95bb851a604fff2023-02-08 09:51:37.734root 11241100x8000000000000000290540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf8d46b16c0d7872023-02-08 09:51:37.734root 11241100x8000000000000000290539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4488d7f98fd9a53d2023-02-08 09:51:37.734root 11241100x8000000000000000290538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d884bcfa5eaef12023-02-08 09:51:37.734root 11241100x8000000000000000290537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea15cf426c82ef9f2023-02-08 09:51:37.734root 11241100x8000000000000000290536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f276a4be2ace8d2023-02-08 09:51:37.734root 11241100x8000000000000000290550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afae44ab37187d3e2023-02-08 09:51:37.735root 11241100x8000000000000000290549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597da101cccd85d42023-02-08 09:51:37.735root 11241100x8000000000000000290548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccaacc1db7368aa72023-02-08 09:51:37.735root 11241100x8000000000000000290547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c32bda8f437c802023-02-08 09:51:37.735root 11241100x8000000000000000290546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac2c6e3d06862782023-02-08 09:51:37.735root 11241100x8000000000000000290545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf933cda8f79d5d2023-02-08 09:51:37.735root 11241100x8000000000000000290544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a31f5d01f7ab4c2023-02-08 09:51:37.735root 11241100x8000000000000000290543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee7865941d028972023-02-08 09:51:37.735root 11241100x8000000000000000290542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a3f78911d923e82023-02-08 09:51:37.735root 11241100x8000000000000000290558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437e2d3ef910cde2023-02-08 09:51:37.736root 11241100x8000000000000000290557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3e2c186e6b9a32023-02-08 09:51:37.736root 11241100x8000000000000000290556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f37318089620fb2023-02-08 09:51:37.736root 11241100x8000000000000000290555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a9294de302b9282023-02-08 09:51:37.736root 11241100x8000000000000000290554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae5ded8b1fa5832023-02-08 09:51:37.736root 11241100x8000000000000000290553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5f94317e5b37cd2023-02-08 09:51:37.736root 11241100x8000000000000000290552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f20344ca3b18a2023-02-08 09:51:37.736root 11241100x8000000000000000290551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804a21dc95f3eb1a2023-02-08 09:51:37.736root 11241100x8000000000000000290563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec574bf677f65ad42023-02-08 09:51:37.737root 11241100x8000000000000000290562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645c6cadb14c83522023-02-08 09:51:37.737root 11241100x8000000000000000290561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05575ad974b0c3dc2023-02-08 09:51:37.737root 11241100x8000000000000000290560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161047e9ae5044c12023-02-08 09:51:37.737root 11241100x8000000000000000290559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e389fe009172e92023-02-08 09:51:37.737root 11241100x8000000000000000290567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe4015e49f044a12023-02-08 09:51:37.738root 11241100x8000000000000000290566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49757bda7b8831ad2023-02-08 09:51:37.738root 11241100x8000000000000000290565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9aadea9aa9a2fe2023-02-08 09:51:37.738root 11241100x8000000000000000290564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8682a507aa3f2f382023-02-08 09:51:37.738root 11241100x8000000000000000290571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c1d9067bf47c912023-02-08 09:51:37.739root 11241100x8000000000000000290570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f64442135c3ef942023-02-08 09:51:37.739root 11241100x8000000000000000290569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e601a49613c6fe2023-02-08 09:51:37.739root 11241100x8000000000000000290568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9d657c2eb25f1a2023-02-08 09:51:37.739root 11241100x8000000000000000290575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76efd7ec3445c0062023-02-08 09:51:37.740root 11241100x8000000000000000290574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f63e071d1c0a02023-02-08 09:51:37.740root 11241100x8000000000000000290573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29f389d3f1107282023-02-08 09:51:37.740root 11241100x8000000000000000290572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb240994339460912023-02-08 09:51:37.740root 11241100x8000000000000000290578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef42de88cabf9e5b2023-02-08 09:51:37.741root 11241100x8000000000000000290577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f36a684af41f972023-02-08 09:51:37.741root 11241100x8000000000000000290576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:37.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfd1092899c3da2023-02-08 09:51:37.741root 354300x8000000000000000290579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.080{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56384-false10.0.1.12-8000- 11241100x8000000000000000290587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5156c56336c5ca42023-02-08 09:51:38.081root 11241100x8000000000000000290586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46d2beefd0c67b02023-02-08 09:51:38.081root 11241100x8000000000000000290585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc47fee7aeddd2702023-02-08 09:51:38.081root 11241100x8000000000000000290584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0e7ca1b49ecb752023-02-08 09:51:38.081root 11241100x8000000000000000290583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f7947acf24ccb2023-02-08 09:51:38.081root 11241100x8000000000000000290582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09bd85c98d39c2b2023-02-08 09:51:38.081root 11241100x8000000000000000290581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947560976d36d5da2023-02-08 09:51:38.081root 11241100x8000000000000000290580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.081{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3222e40ea1870c2023-02-08 09:51:38.081root 11241100x8000000000000000290603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75734096d93a03a52023-02-08 09:51:38.082root 11241100x8000000000000000290602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef802e8e93dba82023-02-08 09:51:38.082root 11241100x8000000000000000290601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7640fdd1a900f12023-02-08 09:51:38.082root 11241100x8000000000000000290600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dabfbf4b93f2902023-02-08 09:51:38.082root 11241100x8000000000000000290599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b9f8c9a34b2f242023-02-08 09:51:38.082root 11241100x8000000000000000290598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c625ca80768b0f902023-02-08 09:51:38.082root 11241100x8000000000000000290597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676864ba47caeb1a2023-02-08 09:51:38.082root 11241100x8000000000000000290596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaa8a17be7b00942023-02-08 09:51:38.082root 11241100x8000000000000000290595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517fc89ba079fb762023-02-08 09:51:38.082root 11241100x8000000000000000290594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7844489a9cb82fb32023-02-08 09:51:38.082root 11241100x8000000000000000290593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6173e10c605a56ea2023-02-08 09:51:38.082root 11241100x8000000000000000290592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0b2b67a8801ba2023-02-08 09:51:38.082root 11241100x8000000000000000290591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed1263e19a9bc52023-02-08 09:51:38.082root 11241100x8000000000000000290590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c1b3cb674b3f6e2023-02-08 09:51:38.082root 11241100x8000000000000000290589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cd14a9114a01de2023-02-08 09:51:38.082root 11241100x8000000000000000290588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.082{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a5f4260abf79a22023-02-08 09:51:38.082root 11241100x8000000000000000290615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaed1ea2373f4cb2023-02-08 09:51:38.083root 11241100x8000000000000000290614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306ff26ccc2d0ede2023-02-08 09:51:38.083root 11241100x8000000000000000290613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aba720830d06dc22023-02-08 09:51:38.083root 11241100x8000000000000000290612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ade8312d1379c72023-02-08 09:51:38.083root 11241100x8000000000000000290611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd23453541dc08e2023-02-08 09:51:38.083root 11241100x8000000000000000290610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbaee814fda6f9e2023-02-08 09:51:38.083root 11241100x8000000000000000290609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f55144b946a1f5f2023-02-08 09:51:38.083root 11241100x8000000000000000290608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9af45231e4b422023-02-08 09:51:38.083root 11241100x8000000000000000290607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706b7e943f8b23bf2023-02-08 09:51:38.083root 11241100x8000000000000000290606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3845efe7f847f32023-02-08 09:51:38.083root 11241100x8000000000000000290605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1782a8bf18008e2023-02-08 09:51:38.083root 11241100x8000000000000000290604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.083{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245e0adba75bbaaf2023-02-08 09:51:38.083root 11241100x8000000000000000290616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3eebb1e41ea6012023-02-08 09:51:38.484root 11241100x8000000000000000290620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec6bf541b73db0f2023-02-08 09:51:38.485root 11241100x8000000000000000290619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa377915061e1c72023-02-08 09:51:38.485root 11241100x8000000000000000290618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4ef64167eb975c2023-02-08 09:51:38.485root 11241100x8000000000000000290617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f91a359140a29612023-02-08 09:51:38.485root 11241100x8000000000000000290627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deac6292549508eb2023-02-08 09:51:38.486root 11241100x8000000000000000290626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f15ee909c3adfde2023-02-08 09:51:38.486root 11241100x8000000000000000290625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe2b133fb138ca42023-02-08 09:51:38.486root 11241100x8000000000000000290624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04b445ac347e6082023-02-08 09:51:38.486root 11241100x8000000000000000290623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e39de67a3fc522023-02-08 09:51:38.486root 11241100x8000000000000000290622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59199d1b46a3d0ff2023-02-08 09:51:38.486root 11241100x8000000000000000290621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700f92ace89b6ce02023-02-08 09:51:38.486root 11241100x8000000000000000290633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cece8b3275dc8b42023-02-08 09:51:38.487root 11241100x8000000000000000290632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa31dbf84ff74d882023-02-08 09:51:38.487root 11241100x8000000000000000290631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed353267b4031fac2023-02-08 09:51:38.487root 11241100x8000000000000000290630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed37f0c949090472023-02-08 09:51:38.487root 11241100x8000000000000000290629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656f33245153403d2023-02-08 09:51:38.487root 11241100x8000000000000000290628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366dc95b328c59532023-02-08 09:51:38.487root 11241100x8000000000000000290640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7731e7def94485f2023-02-08 09:51:38.488root 11241100x8000000000000000290639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88caaabb6c031efa2023-02-08 09:51:38.488root 11241100x8000000000000000290638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6077f61066ef947a2023-02-08 09:51:38.488root 11241100x8000000000000000290637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1f5f90114654572023-02-08 09:51:38.488root 11241100x8000000000000000290636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d2bcf999ea4a642023-02-08 09:51:38.488root 11241100x8000000000000000290635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab85dee56056f6562023-02-08 09:51:38.488root 11241100x8000000000000000290634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9584019adcfb8bff2023-02-08 09:51:38.488root 11241100x8000000000000000290647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c590475186be42952023-02-08 09:51:38.489root 11241100x8000000000000000290646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196a03ecd23f80222023-02-08 09:51:38.489root 11241100x8000000000000000290645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089687b8271c9bf82023-02-08 09:51:38.489root 11241100x8000000000000000290644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d46a84efb691ce2023-02-08 09:51:38.489root 11241100x8000000000000000290643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121681b795b2ad482023-02-08 09:51:38.489root 11241100x8000000000000000290642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d649ec3edd196b12023-02-08 09:51:38.489root 11241100x8000000000000000290641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c847dc1f0b7a99682023-02-08 09:51:38.489root 11241100x8000000000000000290652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3fc3420593570d2023-02-08 09:51:38.490root 11241100x8000000000000000290651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db78feedd760a6742023-02-08 09:51:38.490root 11241100x8000000000000000290650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d282860f6e10a15e2023-02-08 09:51:38.490root 11241100x8000000000000000290649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4132baae5009147e2023-02-08 09:51:38.490root 11241100x8000000000000000290648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd626d1efb9ead2023-02-08 09:51:38.490root 11241100x8000000000000000290660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4caad6c7c2743752023-02-08 09:51:38.985root 11241100x8000000000000000290659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732f3ad4dca518892023-02-08 09:51:38.985root 11241100x8000000000000000290658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7a3acd8feee36c2023-02-08 09:51:38.985root 11241100x8000000000000000290657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc41cc3da8b67cc2023-02-08 09:51:38.985root 11241100x8000000000000000290656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e190574bf6fca27b2023-02-08 09:51:38.985root 11241100x8000000000000000290655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060e730747ea60482023-02-08 09:51:38.985root 11241100x8000000000000000290654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cd1af76b13474a2023-02-08 09:51:38.985root 11241100x8000000000000000290653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6cf585b764cc012023-02-08 09:51:38.985root 11241100x8000000000000000290670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba168de1a04eefe2023-02-08 09:51:38.986root 11241100x8000000000000000290669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93bfdd0bd7e70a62023-02-08 09:51:38.986root 11241100x8000000000000000290668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b332bd54a7fb6c2023-02-08 09:51:38.986root 11241100x8000000000000000290667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed694b3e8d0f5a092023-02-08 09:51:38.986root 11241100x8000000000000000290666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54a3d444db6bf7c2023-02-08 09:51:38.986root 11241100x8000000000000000290665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228bee05d4a09aa2023-02-08 09:51:38.986root 11241100x8000000000000000290664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403a0b8c943be6362023-02-08 09:51:38.986root 11241100x8000000000000000290663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ff4d8bb4ddf1b12023-02-08 09:51:38.986root 11241100x8000000000000000290662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6584f7518ad9812b2023-02-08 09:51:38.986root 11241100x8000000000000000290661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc7925d6f3dfbe42023-02-08 09:51:38.986root 11241100x8000000000000000290685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6379a5afae813f2023-02-08 09:51:38.987root 11241100x8000000000000000290684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6170c1b2d657b512023-02-08 09:51:38.987root 11241100x8000000000000000290683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ea259fe0202e12023-02-08 09:51:38.987root 11241100x8000000000000000290682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a406f76fc805f8f2023-02-08 09:51:38.987root 11241100x8000000000000000290681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff497417bafde112023-02-08 09:51:38.987root 11241100x8000000000000000290680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d25655bf65d62e2023-02-08 09:51:38.987root 11241100x8000000000000000290679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7f512e45179b6d2023-02-08 09:51:38.987root 11241100x8000000000000000290678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c9dc4b740d427a2023-02-08 09:51:38.987root 11241100x8000000000000000290677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1622425ae40587432023-02-08 09:51:38.987root 11241100x8000000000000000290676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd92977c35407362023-02-08 09:51:38.987root 11241100x8000000000000000290675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5fcf65402f04772023-02-08 09:51:38.987root 11241100x8000000000000000290674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c54619849bd1322023-02-08 09:51:38.987root 11241100x8000000000000000290673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392ed90bbf268cd52023-02-08 09:51:38.987root 11241100x8000000000000000290672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4c37782b824f512023-02-08 09:51:38.987root 11241100x8000000000000000290671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b1575f2784940c2023-02-08 09:51:38.987root 11241100x8000000000000000290688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846ab208103922882023-02-08 09:51:38.988root 11241100x8000000000000000290687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f24eb96f8ea922023-02-08 09:51:38.988root 11241100x8000000000000000290686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:38.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2e65a488751db2023-02-08 09:51:38.988root 11241100x8000000000000000290691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8423ad383850bf2023-02-08 09:51:39.363root 11241100x8000000000000000290690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718521cf59c16a5d2023-02-08 09:51:39.363root 23542300x8000000000000000290689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000290700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041a9e0262c0bf3a2023-02-08 09:51:39.364root 11241100x8000000000000000290699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6638730ffe26952023-02-08 09:51:39.364root 11241100x8000000000000000290698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77452db40eff59a2023-02-08 09:51:39.364root 11241100x8000000000000000290697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93e9ecf3121fef32023-02-08 09:51:39.364root 11241100x8000000000000000290696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c0be7231f9b0572023-02-08 09:51:39.364root 11241100x8000000000000000290695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983411836d378c382023-02-08 09:51:39.364root 11241100x8000000000000000290694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf976ba3d8067ab12023-02-08 09:51:39.364root 11241100x8000000000000000290693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb6f6bc7effc19b2023-02-08 09:51:39.364root 11241100x8000000000000000290692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d9a9efd7c8f282023-02-08 09:51:39.364root 11241100x8000000000000000290705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120bcb81872113532023-02-08 09:51:39.365root 11241100x8000000000000000290704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef70b76c9aa21912023-02-08 09:51:39.365root 11241100x8000000000000000290703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b129f747c554ac2023-02-08 09:51:39.365root 11241100x8000000000000000290702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce2b22bab2335792023-02-08 09:51:39.365root 11241100x8000000000000000290701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05009f17bb88a0032023-02-08 09:51:39.365root 11241100x8000000000000000290711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa17be9458baf5c2023-02-08 09:51:39.366root 11241100x8000000000000000290710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780fe0d69064c0ec2023-02-08 09:51:39.366root 11241100x8000000000000000290709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d04e9d6e55f94f2023-02-08 09:51:39.366root 11241100x8000000000000000290708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6408122a42e3ed82023-02-08 09:51:39.366root 11241100x8000000000000000290707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b5a43dbf3392a2023-02-08 09:51:39.366root 11241100x8000000000000000290706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaea674f3dad692f2023-02-08 09:51:39.366root 11241100x8000000000000000290717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9065f07c66ddf1c12023-02-08 09:51:39.367root 11241100x8000000000000000290716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f179e54c69c00a42023-02-08 09:51:39.367root 11241100x8000000000000000290715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a28390fabc895ef2023-02-08 09:51:39.367root 11241100x8000000000000000290714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c24150c37e029af2023-02-08 09:51:39.367root 11241100x8000000000000000290713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b293caa944903d82023-02-08 09:51:39.367root 11241100x8000000000000000290712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaecba2dee423e82023-02-08 09:51:39.367root 11241100x8000000000000000290730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953e3edd552053442023-02-08 09:51:39.368root 11241100x8000000000000000290729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a0a352501f9a272023-02-08 09:51:39.368root 11241100x8000000000000000290728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d74164dacdc9c72023-02-08 09:51:39.368root 11241100x8000000000000000290727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8423e1edd5d463dc2023-02-08 09:51:39.368root 11241100x8000000000000000290726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a776f23a68548f92023-02-08 09:51:39.368root 11241100x8000000000000000290725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d922f7f8995c42023-02-08 09:51:39.368root 11241100x8000000000000000290724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d82c4c8d7a539a2023-02-08 09:51:39.368root 11241100x8000000000000000290723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22376f6fcfc97cc62023-02-08 09:51:39.368root 11241100x8000000000000000290722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122fa4d2db9ce5012023-02-08 09:51:39.368root 11241100x8000000000000000290721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecb7c1f3701b5c62023-02-08 09:51:39.368root 11241100x8000000000000000290720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b07219e0b69f85c2023-02-08 09:51:39.368root 11241100x8000000000000000290719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25111f72cf2859b02023-02-08 09:51:39.368root 11241100x8000000000000000290718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.368{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e25b9c75c789c132023-02-08 09:51:39.368root 11241100x8000000000000000290742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcc731bc32be9ad2023-02-08 09:51:39.369root 11241100x8000000000000000290741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e991a9e72899332023-02-08 09:51:39.369root 11241100x8000000000000000290740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e0ab08da2740712023-02-08 09:51:39.369root 11241100x8000000000000000290739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c3032835fc6c02023-02-08 09:51:39.369root 11241100x8000000000000000290738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df74b8ff5023a362023-02-08 09:51:39.369root 11241100x8000000000000000290737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa2f16bc0cff3b62023-02-08 09:51:39.369root 11241100x8000000000000000290736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1189909a16134062023-02-08 09:51:39.369root 11241100x8000000000000000290735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259bae4e858e7d432023-02-08 09:51:39.369root 11241100x8000000000000000290734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0d82dccdeb47412023-02-08 09:51:39.369root 11241100x8000000000000000290733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a292d5471885aad62023-02-08 09:51:39.369root 11241100x8000000000000000290732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822d2df6f6619112023-02-08 09:51:39.369root 11241100x8000000000000000290731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.369{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84e71dcdb83bd4a2023-02-08 09:51:39.369root 11241100x8000000000000000290749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ca8bd7274a97982023-02-08 09:51:39.370root 11241100x8000000000000000290748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7739577ea7f08c12023-02-08 09:51:39.370root 11241100x8000000000000000290747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e5a6b794b301882023-02-08 09:51:39.370root 11241100x8000000000000000290746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344b7ed22e50484c2023-02-08 09:51:39.370root 11241100x8000000000000000290745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f0e34f5c102782023-02-08 09:51:39.370root 11241100x8000000000000000290744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9909e0aa1f303e2023-02-08 09:51:39.370root 11241100x8000000000000000290743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.370{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13bfd9e1baf4fde2023-02-08 09:51:39.370root 11241100x8000000000000000290761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edf1a15463b0b0f2023-02-08 09:51:39.735root 11241100x8000000000000000290760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c19378751707f42023-02-08 09:51:39.735root 11241100x8000000000000000290759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1c841897cd26b2023-02-08 09:51:39.735root 11241100x8000000000000000290758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc153dd449bb0eb82023-02-08 09:51:39.735root 11241100x8000000000000000290757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49e91fe3a4442fb2023-02-08 09:51:39.735root 11241100x8000000000000000290756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e03c89a2bd9a5e62023-02-08 09:51:39.735root 11241100x8000000000000000290755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cb4a388a2e0c602023-02-08 09:51:39.735root 11241100x8000000000000000290754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea2de16f6088dce2023-02-08 09:51:39.735root 11241100x8000000000000000290753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4538dbb83901d0892023-02-08 09:51:39.735root 11241100x8000000000000000290752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a108f8dd319814b2023-02-08 09:51:39.735root 11241100x8000000000000000290751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8400595610f95c432023-02-08 09:51:39.735root 11241100x8000000000000000290750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d151295e3372e6002023-02-08 09:51:39.735root 11241100x8000000000000000290775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2321b7281320f62023-02-08 09:51:39.736root 11241100x8000000000000000290774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a681f72136acaa2023-02-08 09:51:39.736root 11241100x8000000000000000290773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5335be1cf041b82023-02-08 09:51:39.736root 11241100x8000000000000000290772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ffab631c7dad2a2023-02-08 09:51:39.736root 11241100x8000000000000000290771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7ca0dc3f5e8182023-02-08 09:51:39.736root 11241100x8000000000000000290770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd62219ea7f5ed62023-02-08 09:51:39.736root 11241100x8000000000000000290769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c1cc68577c70ef2023-02-08 09:51:39.736root 11241100x8000000000000000290768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376ce1ef769c553e2023-02-08 09:51:39.736root 11241100x8000000000000000290767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d9b19cb4f1d95b2023-02-08 09:51:39.736root 11241100x8000000000000000290766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9684332ad0084b2023-02-08 09:51:39.736root 11241100x8000000000000000290765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83ab51ed4b355882023-02-08 09:51:39.736root 11241100x8000000000000000290764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cc88291228b4ce2023-02-08 09:51:39.736root 11241100x8000000000000000290763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377588b40218fca2023-02-08 09:51:39.736root 11241100x8000000000000000290762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d08968974b9aec2023-02-08 09:51:39.736root 11241100x8000000000000000290787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7a27208332111e2023-02-08 09:51:39.737root 11241100x8000000000000000290786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6273de201ca8a24d2023-02-08 09:51:39.737root 11241100x8000000000000000290785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093706fac9a04c5e2023-02-08 09:51:39.737root 11241100x8000000000000000290784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab50d540f1651f112023-02-08 09:51:39.737root 11241100x8000000000000000290783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0182eb9d30161e102023-02-08 09:51:39.737root 11241100x8000000000000000290782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfed285c5587fbf52023-02-08 09:51:39.737root 11241100x8000000000000000290781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49092dd037f8b7222023-02-08 09:51:39.737root 11241100x8000000000000000290780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4ff7c7c5a0c5372023-02-08 09:51:39.737root 11241100x8000000000000000290779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d8ca3d059a95e42023-02-08 09:51:39.737root 11241100x8000000000000000290778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2442601b1b408afa2023-02-08 09:51:39.737root 11241100x8000000000000000290777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c0c327dc5501642023-02-08 09:51:39.737root 11241100x8000000000000000290776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:39.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649372ae8a62d0d62023-02-08 09:51:39.737root 11241100x8000000000000000290788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d85487a6f37e52e2023-02-08 09:51:40.234root 11241100x8000000000000000290798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4e8f7c1601e1622023-02-08 09:51:40.235root 11241100x8000000000000000290797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd6380ed0527ec02023-02-08 09:51:40.235root 11241100x8000000000000000290796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b7635acaebcadd2023-02-08 09:51:40.235root 11241100x8000000000000000290795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572bb3f82628e9c52023-02-08 09:51:40.235root 11241100x8000000000000000290794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91793b4cc85d900c2023-02-08 09:51:40.235root 11241100x8000000000000000290793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7bc15420492fe12023-02-08 09:51:40.235root 11241100x8000000000000000290792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6099da5204674e7e2023-02-08 09:51:40.235root 11241100x8000000000000000290791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa801ec0501bc52e2023-02-08 09:51:40.235root 11241100x8000000000000000290790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd903b6d75ad4fb2023-02-08 09:51:40.235root 11241100x8000000000000000290789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fee1924f14f48102023-02-08 09:51:40.235root 11241100x8000000000000000290805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ea0d5f7463efb32023-02-08 09:51:40.236root 11241100x8000000000000000290804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0c966277b4f142023-02-08 09:51:40.236root 11241100x8000000000000000290803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff18c5c4e2356532023-02-08 09:51:40.236root 11241100x8000000000000000290802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb93d3d0dcf6fc32023-02-08 09:51:40.236root 11241100x8000000000000000290801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb9be2f3ae24102023-02-08 09:51:40.236root 11241100x8000000000000000290800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3db45c30e7b632023-02-08 09:51:40.236root 11241100x8000000000000000290799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6276663e9b874ed52023-02-08 09:51:40.236root 11241100x8000000000000000290810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f9355d2b588e902023-02-08 09:51:40.237root 11241100x8000000000000000290809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea405bdca3447082023-02-08 09:51:40.237root 11241100x8000000000000000290808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05001d21dd3b9fd42023-02-08 09:51:40.237root 11241100x8000000000000000290807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb418cc83b4b6102023-02-08 09:51:40.237root 11241100x8000000000000000290806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c8851c09d0cef2023-02-08 09:51:40.237root 11241100x8000000000000000290817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978e8a9d62ca4c6d2023-02-08 09:51:40.238root 11241100x8000000000000000290816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec8e33c2d6a5cdc2023-02-08 09:51:40.238root 11241100x8000000000000000290815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee7daf2d16e97582023-02-08 09:51:40.238root 11241100x8000000000000000290814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797bd6035a7a61f52023-02-08 09:51:40.238root 11241100x8000000000000000290813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f53cdcf22d50d82023-02-08 09:51:40.238root 11241100x8000000000000000290812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2bec9f48c973c02023-02-08 09:51:40.238root 11241100x8000000000000000290811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb6e4ef6d8ad70f2023-02-08 09:51:40.238root 11241100x8000000000000000290824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8a152dcac141ce2023-02-08 09:51:40.239root 11241100x8000000000000000290823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd10089aa993c4d2023-02-08 09:51:40.239root 11241100x8000000000000000290822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d404837a9d6e3a6b2023-02-08 09:51:40.239root 11241100x8000000000000000290821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b1fad794790cc2023-02-08 09:51:40.239root 11241100x8000000000000000290820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4bc92e4010ac292023-02-08 09:51:40.239root 11241100x8000000000000000290819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a282359924300d1a2023-02-08 09:51:40.239root 11241100x8000000000000000290818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30799a21be48cbaa2023-02-08 09:51:40.239root 11241100x8000000000000000290833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801e2b4759e6ada42023-02-08 09:51:40.734root 11241100x8000000000000000290832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c25aa3a1ecc66d2023-02-08 09:51:40.734root 11241100x8000000000000000290831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8b2b763c88fdb22023-02-08 09:51:40.734root 11241100x8000000000000000290830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bded7109d8dc6d412023-02-08 09:51:40.734root 11241100x8000000000000000290829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd90f3a30ec3a152023-02-08 09:51:40.734root 11241100x8000000000000000290828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee3c59095c9ff52023-02-08 09:51:40.734root 11241100x8000000000000000290827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c612a4c21489e4652023-02-08 09:51:40.734root 11241100x8000000000000000290826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c627f578938275292023-02-08 09:51:40.734root 11241100x8000000000000000290825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eff34fddff8c132023-02-08 09:51:40.734root 11241100x8000000000000000290845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a001978f25e902c52023-02-08 09:51:40.735root 11241100x8000000000000000290844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a47a0a3a5f3cb302023-02-08 09:51:40.735root 11241100x8000000000000000290843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92001ed0ebbcb8d42023-02-08 09:51:40.735root 11241100x8000000000000000290842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930e4a4ccfe900852023-02-08 09:51:40.735root 11241100x8000000000000000290841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bf5a1f86accbe82023-02-08 09:51:40.735root 11241100x8000000000000000290840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee81765148de8dcb2023-02-08 09:51:40.735root 11241100x8000000000000000290839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59aaa930cf3bfe3b2023-02-08 09:51:40.735root 11241100x8000000000000000290838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbeaffb0e9d5f142023-02-08 09:51:40.735root 11241100x8000000000000000290837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a92f6d73601e952023-02-08 09:51:40.735root 11241100x8000000000000000290836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7eff8b52f0f19e2023-02-08 09:51:40.735root 11241100x8000000000000000290835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27f693bfb7474d2023-02-08 09:51:40.735root 11241100x8000000000000000290834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95190affedc0b54b2023-02-08 09:51:40.735root 11241100x8000000000000000290858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94678eb91d4ef4d2023-02-08 09:51:40.736root 11241100x8000000000000000290857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b931fe2ea9bcfb0c2023-02-08 09:51:40.736root 11241100x8000000000000000290856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62ab8801b38c2b02023-02-08 09:51:40.736root 11241100x8000000000000000290855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02925decde7cd532023-02-08 09:51:40.736root 11241100x8000000000000000290854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c2dea9d4ad86f2023-02-08 09:51:40.736root 11241100x8000000000000000290853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31d0f98c0ef9dfe2023-02-08 09:51:40.736root 11241100x8000000000000000290852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f252c16df98e2e02023-02-08 09:51:40.736root 11241100x8000000000000000290851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fe6f8abe5619ba2023-02-08 09:51:40.736root 11241100x8000000000000000290850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9085a6b1e2e46d2023-02-08 09:51:40.736root 11241100x8000000000000000290849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8636f0aafff17a602023-02-08 09:51:40.736root 11241100x8000000000000000290848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68551ce71d87ad192023-02-08 09:51:40.736root 11241100x8000000000000000290847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451d43d1babc22d52023-02-08 09:51:40.736root 11241100x8000000000000000290846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03da226da83fe7e12023-02-08 09:51:40.736root 11241100x8000000000000000290871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277b0b271b93fff02023-02-08 09:51:40.737root 11241100x8000000000000000290870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3645a44f26599f2023-02-08 09:51:40.737root 11241100x8000000000000000290869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6056d11cc48737a42023-02-08 09:51:40.737root 11241100x8000000000000000290868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b02e40e9d230a2023-02-08 09:51:40.737root 11241100x8000000000000000290867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e9c18d30357072023-02-08 09:51:40.737root 11241100x8000000000000000290866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f2b2275f514da52023-02-08 09:51:40.737root 11241100x8000000000000000290865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c60df27239538a2023-02-08 09:51:40.737root 11241100x8000000000000000290864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67574ad4f8d5b1d82023-02-08 09:51:40.737root 11241100x8000000000000000290863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17b78a7ed66a2ae2023-02-08 09:51:40.737root 11241100x8000000000000000290862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca54c3403e32a282023-02-08 09:51:40.737root 11241100x8000000000000000290861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d348d2e3afb675042023-02-08 09:51:40.737root 11241100x8000000000000000290860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb2d2cf5b6b48f52023-02-08 09:51:40.737root 11241100x8000000000000000290859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4557110ec13d4f2023-02-08 09:51:40.737root 11241100x8000000000000000290879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583d933ef0f91d32023-02-08 09:51:40.738root 11241100x8000000000000000290878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74412ae7f68f5cfe2023-02-08 09:51:40.738root 11241100x8000000000000000290877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f58f18b9b199b02023-02-08 09:51:40.738root 11241100x8000000000000000290876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e1c7501e669ad2023-02-08 09:51:40.738root 11241100x8000000000000000290875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90882bf61e0ef032023-02-08 09:51:40.738root 11241100x8000000000000000290874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd0f35e7841567c2023-02-08 09:51:40.738root 11241100x8000000000000000290873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1751f5794ac250382023-02-08 09:51:40.738root 11241100x8000000000000000290872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dbd4eefc05436c2023-02-08 09:51:40.738root 11241100x8000000000000000290886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f58a794ce53fb02023-02-08 09:51:40.739root 11241100x8000000000000000290885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8eb8a67f2ee00f2023-02-08 09:51:40.739root 11241100x8000000000000000290884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ade8b12c91f5a072023-02-08 09:51:40.739root 11241100x8000000000000000290883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c915179b8c2ea472023-02-08 09:51:40.739root 11241100x8000000000000000290882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373ba2cb751688802023-02-08 09:51:40.739root 11241100x8000000000000000290881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b5040a492bfc282023-02-08 09:51:40.739root 11241100x8000000000000000290880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:40.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9c369296b39eb12023-02-08 09:51:40.739root 11241100x8000000000000000290891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb23be366dbc0ec2023-02-08 09:51:41.234root 11241100x8000000000000000290890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d40a22bdc9089762023-02-08 09:51:41.234root 11241100x8000000000000000290889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460d95c581dccf902023-02-08 09:51:41.234root 11241100x8000000000000000290888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709a8df12d001b82023-02-08 09:51:41.234root 11241100x8000000000000000290887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e18ba9987f7a2a2023-02-08 09:51:41.234root 11241100x8000000000000000290897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377817fd09a295c52023-02-08 09:51:41.235root 11241100x8000000000000000290896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a06c2fbda81472023-02-08 09:51:41.235root 11241100x8000000000000000290895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c72a7afa92c3f2023-02-08 09:51:41.235root 11241100x8000000000000000290894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a7159d9ca6449e2023-02-08 09:51:41.235root 11241100x8000000000000000290893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2058c7714172f4d42023-02-08 09:51:41.235root 11241100x8000000000000000290892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575cb3a5ef10fe42023-02-08 09:51:41.235root 11241100x8000000000000000290906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c988eb971debff072023-02-08 09:51:41.236root 11241100x8000000000000000290905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb58c24691a57a72023-02-08 09:51:41.236root 11241100x8000000000000000290904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c6e6f84573664b2023-02-08 09:51:41.236root 11241100x8000000000000000290903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5124f970d30886272023-02-08 09:51:41.236root 11241100x8000000000000000290902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3cc8de747ed5b2023-02-08 09:51:41.236root 11241100x8000000000000000290901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc956d1b103656dc2023-02-08 09:51:41.236root 11241100x8000000000000000290900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4d2362b015eeec2023-02-08 09:51:41.236root 11241100x8000000000000000290899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08195df762d6c692023-02-08 09:51:41.236root 11241100x8000000000000000290898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f9f2a904b9e7e2023-02-08 09:51:41.236root 11241100x8000000000000000290914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b10a87b836efa02023-02-08 09:51:41.237root 11241100x8000000000000000290913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034ce384a19712c62023-02-08 09:51:41.237root 11241100x8000000000000000290912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833bcbaa3cf13a12023-02-08 09:51:41.237root 11241100x8000000000000000290911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20939a7121c66ec2023-02-08 09:51:41.237root 11241100x8000000000000000290910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa49abe7cd7b369f2023-02-08 09:51:41.237root 11241100x8000000000000000290909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0714c49e6bc8afe62023-02-08 09:51:41.237root 11241100x8000000000000000290908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a683eb8154bed052023-02-08 09:51:41.237root 11241100x8000000000000000290907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2605e68e70b0b09f2023-02-08 09:51:41.237root 11241100x8000000000000000290924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3769d1c3341c7e62023-02-08 09:51:41.238root 11241100x8000000000000000290923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cbe44131753ab92023-02-08 09:51:41.238root 11241100x8000000000000000290922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f879bbc4a16c56d2023-02-08 09:51:41.238root 11241100x8000000000000000290921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f6c3fef69ba7c22023-02-08 09:51:41.238root 11241100x8000000000000000290920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89433be47f26a9c72023-02-08 09:51:41.238root 11241100x8000000000000000290919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea92e70a88faad22023-02-08 09:51:41.238root 11241100x8000000000000000290918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57595f5ddd967b4e2023-02-08 09:51:41.238root 11241100x8000000000000000290917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1dc4c5ece580e42023-02-08 09:51:41.238root 11241100x8000000000000000290916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8f421bb17e29952023-02-08 09:51:41.238root 11241100x8000000000000000290915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e180793d06ed21212023-02-08 09:51:41.238root 11241100x8000000000000000290930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f0b14356909892023-02-08 09:51:41.239root 11241100x8000000000000000290929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39a1afdd76dfb262023-02-08 09:51:41.239root 11241100x8000000000000000290928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6cf802353c98972023-02-08 09:51:41.239root 11241100x8000000000000000290927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1325f9695d119a2023-02-08 09:51:41.239root 11241100x8000000000000000290926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9a17a5394405b12023-02-08 09:51:41.239root 11241100x8000000000000000290925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba39ed5a1f90e6b32023-02-08 09:51:41.239root 11241100x8000000000000000290936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1e72dfcc160dab2023-02-08 09:51:41.240root 11241100x8000000000000000290935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e40d14d5103da12023-02-08 09:51:41.240root 11241100x8000000000000000290934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d961944d6cb1372023-02-08 09:51:41.240root 11241100x8000000000000000290933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2910a14f97af802023-02-08 09:51:41.240root 11241100x8000000000000000290932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314e7c59db335b252023-02-08 09:51:41.240root 11241100x8000000000000000290931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a3ddbd938ebf72023-02-08 09:51:41.240root 11241100x8000000000000000290941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce07df3ab7949a2023-02-08 09:51:41.241root 11241100x8000000000000000290940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac30b83256238752023-02-08 09:51:41.241root 11241100x8000000000000000290939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ab8276139f5d6d2023-02-08 09:51:41.241root 11241100x8000000000000000290938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310088e0285b550b2023-02-08 09:51:41.241root 11241100x8000000000000000290937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1c721f49a8584b2023-02-08 09:51:41.241root 11241100x8000000000000000290949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41b73943e7f30e42023-02-08 09:51:41.734root 11241100x8000000000000000290948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713a584c88d22b5b2023-02-08 09:51:41.734root 11241100x8000000000000000290947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ce0cb94378470f2023-02-08 09:51:41.734root 11241100x8000000000000000290946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e38f268a016d98a2023-02-08 09:51:41.734root 11241100x8000000000000000290945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8844ba6fcdff7282023-02-08 09:51:41.734root 11241100x8000000000000000290944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db99d18924a7e0802023-02-08 09:51:41.734root 11241100x8000000000000000290943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d670f5f8a50242e2023-02-08 09:51:41.734root 11241100x8000000000000000290942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79952c2d773b32092023-02-08 09:51:41.734root 11241100x8000000000000000290957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d1a515f1a58072023-02-08 09:51:41.735root 11241100x8000000000000000290956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc260a557843ab62023-02-08 09:51:41.735root 11241100x8000000000000000290955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19aca1f07622f322023-02-08 09:51:41.735root 11241100x8000000000000000290954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6136d17f967c53412023-02-08 09:51:41.735root 11241100x8000000000000000290953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d182331dfeed07362023-02-08 09:51:41.735root 11241100x8000000000000000290952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb3949d4445ae992023-02-08 09:51:41.735root 11241100x8000000000000000290951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20debd079f82f0442023-02-08 09:51:41.735root 11241100x8000000000000000290950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516fbd72bdfa5fb2023-02-08 09:51:41.735root 11241100x8000000000000000290967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f3e06d87248cee2023-02-08 09:51:41.736root 11241100x8000000000000000290966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c573288b5863c2452023-02-08 09:51:41.736root 11241100x8000000000000000290965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cc0db24f605e732023-02-08 09:51:41.736root 11241100x8000000000000000290964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31efbc35f2e9a22023-02-08 09:51:41.736root 11241100x8000000000000000290963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b1e63894078f912023-02-08 09:51:41.736root 11241100x8000000000000000290962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dea7672defbe042023-02-08 09:51:41.736root 11241100x8000000000000000290961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb57b23d4cdaa9482023-02-08 09:51:41.736root 11241100x8000000000000000290960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ece1c4c1fb09b12023-02-08 09:51:41.736root 11241100x8000000000000000290959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ecda0ef6ccdf5c2023-02-08 09:51:41.736root 11241100x8000000000000000290958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f447087a2971c7d2023-02-08 09:51:41.736root 11241100x8000000000000000290972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cd6688c947abbf2023-02-08 09:51:41.737root 11241100x8000000000000000290971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e8881fb87da00d2023-02-08 09:51:41.737root 11241100x8000000000000000290970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6022294b305c7ff52023-02-08 09:51:41.737root 11241100x8000000000000000290969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16504e6b16dcce02023-02-08 09:51:41.737root 11241100x8000000000000000290968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c7bfa0eab7ed952023-02-08 09:51:41.737root 11241100x8000000000000000290984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9722773885db852023-02-08 09:51:41.738root 11241100x8000000000000000290983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da95e081770e5d12023-02-08 09:51:41.738root 11241100x8000000000000000290982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f109e930c65fd5ed2023-02-08 09:51:41.738root 11241100x8000000000000000290981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4091aecf5e2d1f6b2023-02-08 09:51:41.738root 11241100x8000000000000000290980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaeab8648e2c7d32023-02-08 09:51:41.738root 11241100x8000000000000000290979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0639c86fc065855f2023-02-08 09:51:41.738root 11241100x8000000000000000290978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ff0e80697d2b212023-02-08 09:51:41.738root 11241100x8000000000000000290977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba9422bd16a68612023-02-08 09:51:41.738root 11241100x8000000000000000290976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654ee9280dde2fd52023-02-08 09:51:41.738root 11241100x8000000000000000290975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c957bb1e84a88f52023-02-08 09:51:41.738root 11241100x8000000000000000290974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6b3216530131a12023-02-08 09:51:41.738root 11241100x8000000000000000290973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e197c31fb573d4552023-02-08 09:51:41.738root 11241100x8000000000000000290994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af66ff36eb77d5a2023-02-08 09:51:41.739root 11241100x8000000000000000290993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03f5b7dea67a132023-02-08 09:51:41.739root 11241100x8000000000000000290992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0611c6153c4adc242023-02-08 09:51:41.739root 11241100x8000000000000000290991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a2447c60c00ba32023-02-08 09:51:41.739root 11241100x8000000000000000290990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7313ec3950739162023-02-08 09:51:41.739root 11241100x8000000000000000290989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4951a08b2d1fca2023-02-08 09:51:41.739root 11241100x8000000000000000290988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b9bda43a14c3ec2023-02-08 09:51:41.739root 11241100x8000000000000000290987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b55645ec8a77d062023-02-08 09:51:41.739root 11241100x8000000000000000290986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa71a69f638a27e2023-02-08 09:51:41.739root 11241100x8000000000000000290985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf41451a81c0bb7b2023-02-08 09:51:41.739root 11241100x8000000000000000291004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a0a0116a5f25132023-02-08 09:51:41.740root 11241100x8000000000000000291003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63de14ff9848a09d2023-02-08 09:51:41.740root 11241100x8000000000000000291002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35265c7e2e2120dd2023-02-08 09:51:41.740root 11241100x8000000000000000291001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1ecb612c65f0602023-02-08 09:51:41.740root 11241100x8000000000000000291000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de21dbb7041864a32023-02-08 09:51:41.740root 11241100x8000000000000000290999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8d407d0cd350582023-02-08 09:51:41.740root 11241100x8000000000000000290998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dc06ddd0a293202023-02-08 09:51:41.740root 11241100x8000000000000000290997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bfc895744d6b462023-02-08 09:51:41.740root 11241100x8000000000000000290996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d63e7efa10efac2023-02-08 09:51:41.740root 11241100x8000000000000000290995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79916469c71e9b352023-02-08 09:51:41.740root 11241100x8000000000000000291008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f804642e258be652023-02-08 09:51:41.741root 11241100x8000000000000000291007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfeb19252463f372023-02-08 09:51:41.741root 11241100x8000000000000000291006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfac04a893ed7fa2023-02-08 09:51:41.741root 11241100x8000000000000000291005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:41.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b66d687e79bf192023-02-08 09:51:41.741root 11241100x8000000000000000291012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f84ee8c4037edc52023-02-08 09:51:42.234root 11241100x8000000000000000291011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5868260d4c9c22023-02-08 09:51:42.234root 11241100x8000000000000000291010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223f1b58b44c74252023-02-08 09:51:42.234root 11241100x8000000000000000291009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033824e1d8f2fac32023-02-08 09:51:42.234root 11241100x8000000000000000291025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265e272c635c44502023-02-08 09:51:42.235root 11241100x8000000000000000291024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7c97780fea98172023-02-08 09:51:42.235root 11241100x8000000000000000291023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d124cd9579f8db62023-02-08 09:51:42.235root 11241100x8000000000000000291022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675e8fe1f34c63b2023-02-08 09:51:42.235root 11241100x8000000000000000291021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685b773e19180cf02023-02-08 09:51:42.235root 11241100x8000000000000000291020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02deb8fefd80f6a2023-02-08 09:51:42.235root 11241100x8000000000000000291019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea1ab647ed95402023-02-08 09:51:42.235root 11241100x8000000000000000291018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a13c55df368c432023-02-08 09:51:42.235root 11241100x8000000000000000291017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89d6aaf005e12e52023-02-08 09:51:42.235root 11241100x8000000000000000291016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f66d280092dc6c32023-02-08 09:51:42.235root 11241100x8000000000000000291015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1677496800ccba2b2023-02-08 09:51:42.235root 11241100x8000000000000000291014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2e3f1dae113f662023-02-08 09:51:42.235root 11241100x8000000000000000291013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2e50a21f366bb2023-02-08 09:51:42.235root 11241100x8000000000000000291040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3019c31f58e6cb142023-02-08 09:51:42.236root 11241100x8000000000000000291039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a45d9a4e14000f2023-02-08 09:51:42.236root 11241100x8000000000000000291038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37feeaf186b15be2023-02-08 09:51:42.236root 11241100x8000000000000000291037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f00daecc33e420d2023-02-08 09:51:42.236root 11241100x8000000000000000291036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca76e0016cd0b602023-02-08 09:51:42.236root 11241100x8000000000000000291035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e2b75ee7c183582023-02-08 09:51:42.236root 11241100x8000000000000000291034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3e610cc9152f52023-02-08 09:51:42.236root 11241100x8000000000000000291033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d188081fb78ae2023-02-08 09:51:42.236root 11241100x8000000000000000291032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303282fa2e59b2d82023-02-08 09:51:42.236root 11241100x8000000000000000291031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78422f80ec44ab312023-02-08 09:51:42.236root 11241100x8000000000000000291030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85941fc43454cd692023-02-08 09:51:42.236root 11241100x8000000000000000291029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701e24c947c9b21f2023-02-08 09:51:42.236root 11241100x8000000000000000291028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e917a8ad4ec0e5412023-02-08 09:51:42.236root 11241100x8000000000000000291027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d23b2ea8cccf8992023-02-08 09:51:42.236root 11241100x8000000000000000291026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413212536af0e2912023-02-08 09:51:42.236root 11241100x8000000000000000291047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322af597a01cd1d82023-02-08 09:51:42.237root 11241100x8000000000000000291046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a406715167ec95a2023-02-08 09:51:42.237root 11241100x8000000000000000291045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169a9018b309d4102023-02-08 09:51:42.237root 11241100x8000000000000000291044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cc20e32473a32e2023-02-08 09:51:42.237root 11241100x8000000000000000291043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bfbdc7393692162023-02-08 09:51:42.237root 11241100x8000000000000000291042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd8706bd1173c202023-02-08 09:51:42.237root 11241100x8000000000000000291041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2718f2dcf8345b092023-02-08 09:51:42.237root 11241100x8000000000000000291055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f0f6ce23aca6de2023-02-08 09:51:42.239root 11241100x8000000000000000291054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b411cadb4f56262023-02-08 09:51:42.239root 11241100x8000000000000000291053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f373334845c801e2023-02-08 09:51:42.239root 11241100x8000000000000000291052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c2dc721f1e34502023-02-08 09:51:42.239root 11241100x8000000000000000291051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5558b6d30a91da52023-02-08 09:51:42.239root 11241100x8000000000000000291050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f0396c07e24ffe2023-02-08 09:51:42.239root 11241100x8000000000000000291049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525d2793edb342ce2023-02-08 09:51:42.239root 11241100x8000000000000000291048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05173358e911efa2023-02-08 09:51:42.239root 11241100x8000000000000000291057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49064c74d44367a12023-02-08 09:51:42.240root 11241100x8000000000000000291056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f857d5ba4ae6da9c2023-02-08 09:51:42.240root 11241100x8000000000000000291058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c9dc14940203d2023-02-08 09:51:42.734root 11241100x8000000000000000291069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f62df3c9dd2e6d2023-02-08 09:51:42.735root 11241100x8000000000000000291068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558a539ae14fe58c2023-02-08 09:51:42.735root 11241100x8000000000000000291067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5d6b00271872a32023-02-08 09:51:42.735root 11241100x8000000000000000291066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d25ab19cd9f3982023-02-08 09:51:42.735root 11241100x8000000000000000291065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a407e987ef1ed72023-02-08 09:51:42.735root 11241100x8000000000000000291064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a539ea583a1372023-02-08 09:51:42.735root 11241100x8000000000000000291063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0076e25350aba8a2023-02-08 09:51:42.735root 11241100x8000000000000000291062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2bf75346dc2f7a2023-02-08 09:51:42.735root 11241100x8000000000000000291061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbcea1afef59d542023-02-08 09:51:42.735root 11241100x8000000000000000291060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d778a11b818e1d62023-02-08 09:51:42.735root 11241100x8000000000000000291059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa35fc385b70072023-02-08 09:51:42.735root 11241100x8000000000000000291083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cdc063eb5a438e2023-02-08 09:51:42.736root 11241100x8000000000000000291082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8116bb95aef8d41f2023-02-08 09:51:42.736root 11241100x8000000000000000291081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970dbab1416a6cb12023-02-08 09:51:42.736root 11241100x8000000000000000291080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6264cb728614bd2023-02-08 09:51:42.736root 11241100x8000000000000000291079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89e77750e9404f32023-02-08 09:51:42.736root 11241100x8000000000000000291078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ade9bb990b3df82023-02-08 09:51:42.736root 11241100x8000000000000000291077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d3ee8659a635cb2023-02-08 09:51:42.736root 11241100x8000000000000000291076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abf6d45cb553e5d2023-02-08 09:51:42.736root 11241100x8000000000000000291075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b440e401e458272023-02-08 09:51:42.736root 11241100x8000000000000000291074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15f50bffb3b14532023-02-08 09:51:42.736root 11241100x8000000000000000291073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860eee800e718ec72023-02-08 09:51:42.736root 11241100x8000000000000000291072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85edbb6610d10d412023-02-08 09:51:42.736root 11241100x8000000000000000291071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b2d246e5b244a72023-02-08 09:51:42.736root 11241100x8000000000000000291070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b89416e99cf4962023-02-08 09:51:42.736root 11241100x8000000000000000291095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de42a7021b3ca582023-02-08 09:51:42.737root 11241100x8000000000000000291094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f911c7934e09522023-02-08 09:51:42.737root 11241100x8000000000000000291093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907fea6131a02a932023-02-08 09:51:42.737root 11241100x8000000000000000291092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403acb0db36ffea62023-02-08 09:51:42.737root 11241100x8000000000000000291091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aba8019fbb84b752023-02-08 09:51:42.737root 11241100x8000000000000000291090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bdbf7a116de5972023-02-08 09:51:42.737root 11241100x8000000000000000291089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79d4d4d8547689d2023-02-08 09:51:42.737root 11241100x8000000000000000291088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125f07e33df3dd8e2023-02-08 09:51:42.737root 11241100x8000000000000000291087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d06b78651626c72023-02-08 09:51:42.737root 11241100x8000000000000000291086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37e3881f9f6f1db2023-02-08 09:51:42.737root 11241100x8000000000000000291085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad914e8c8826c9ec2023-02-08 09:51:42.737root 11241100x8000000000000000291084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3e3f045396aecb2023-02-08 09:51:42.737root 11241100x8000000000000000291097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6b2f7686a26512023-02-08 09:51:42.738root 11241100x8000000000000000291096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:42.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96fc071a58650c2023-02-08 09:51:42.738root 354300x8000000000000000291098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.093{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56396-false10.0.1.12-8000- 11241100x8000000000000000291104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1b586447955dde2023-02-08 09:51:43.094root 11241100x8000000000000000291103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fddcfb752e0d442023-02-08 09:51:43.094root 11241100x8000000000000000291102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d1ce2aae95928c2023-02-08 09:51:43.094root 11241100x8000000000000000291101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6a8fc1b1a5c0e2023-02-08 09:51:43.094root 11241100x8000000000000000291100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3734b371c28bc52023-02-08 09:51:43.094root 11241100x8000000000000000291099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.094{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801aab956781e2702023-02-08 09:51:43.094root 11241100x8000000000000000291118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1663f7049f07e46a2023-02-08 09:51:43.095root 11241100x8000000000000000291117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f90f40ae6aff5d72023-02-08 09:51:43.095root 11241100x8000000000000000291116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe1ccbe0b2f78972023-02-08 09:51:43.095root 11241100x8000000000000000291115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e67daeae447d7962023-02-08 09:51:43.095root 11241100x8000000000000000291114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaa654ee6135b282023-02-08 09:51:43.095root 11241100x8000000000000000291113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949f53ed573c30212023-02-08 09:51:43.095root 11241100x8000000000000000291112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c83696b556c9c2023-02-08 09:51:43.095root 11241100x8000000000000000291111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbe7c33a313dcf2023-02-08 09:51:43.095root 11241100x8000000000000000291110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc1ae4130ac82db2023-02-08 09:51:43.095root 11241100x8000000000000000291109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee9ed2d8661a4b92023-02-08 09:51:43.095root 11241100x8000000000000000291108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87eb7ef3c8d2bf32023-02-08 09:51:43.095root 11241100x8000000000000000291107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3b441b92ae5a1b2023-02-08 09:51:43.095root 11241100x8000000000000000291106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eff32b8bd324e22023-02-08 09:51:43.095root 11241100x8000000000000000291105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.095{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e51d286207a422023-02-08 09:51:43.095root 11241100x8000000000000000291128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b7653991433c3f2023-02-08 09:51:43.096root 11241100x8000000000000000291127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0640a2c604fea79a2023-02-08 09:51:43.096root 11241100x8000000000000000291126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcc69d80cdaeec92023-02-08 09:51:43.096root 11241100x8000000000000000291125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1e67155c5a48712023-02-08 09:51:43.096root 11241100x8000000000000000291124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249ea578a426599c2023-02-08 09:51:43.096root 11241100x8000000000000000291123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45907c0589d07df42023-02-08 09:51:43.096root 11241100x8000000000000000291122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29734e953cb47c672023-02-08 09:51:43.096root 11241100x8000000000000000291121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de25fb12331455a22023-02-08 09:51:43.096root 11241100x8000000000000000291120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee19f38220e8854f2023-02-08 09:51:43.096root 11241100x8000000000000000291119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.096{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04e6e888b826da2023-02-08 09:51:43.096root 11241100x8000000000000000291136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a28d211ca3a6b72023-02-08 09:51:43.097root 11241100x8000000000000000291135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738a0e5f93de9b652023-02-08 09:51:43.097root 11241100x8000000000000000291134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41059f160c242e8e2023-02-08 09:51:43.097root 11241100x8000000000000000291133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c8e867b094b1102023-02-08 09:51:43.097root 11241100x8000000000000000291132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e668ad2e9eb8c32023-02-08 09:51:43.097root 11241100x8000000000000000291131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c0a668dc0356a2023-02-08 09:51:43.097root 11241100x8000000000000000291130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2d2afb2e6eb54e2023-02-08 09:51:43.097root 11241100x8000000000000000291129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.097{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2634afdaebe268262023-02-08 09:51:43.097root 11241100x8000000000000000291142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be49260addd2b62023-02-08 09:51:43.098root 11241100x8000000000000000291141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9792af040fa1aea02023-02-08 09:51:43.098root 11241100x8000000000000000291140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a859d5ee766f282023-02-08 09:51:43.098root 11241100x8000000000000000291139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388d5cc087e774e42023-02-08 09:51:43.098root 11241100x8000000000000000291138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fb34ce350e4f792023-02-08 09:51:43.098root 11241100x8000000000000000291137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.098{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e6da811ae6ad182023-02-08 09:51:43.098root 11241100x8000000000000000291151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1ab41581f3b7d82023-02-08 09:51:43.099root 11241100x8000000000000000291150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921efe5dae5fc1fe2023-02-08 09:51:43.099root 11241100x8000000000000000291149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b534033682516a962023-02-08 09:51:43.099root 11241100x8000000000000000291148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d665b50253a2ec2023-02-08 09:51:43.099root 11241100x8000000000000000291147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82568de32a3a7d242023-02-08 09:51:43.099root 11241100x8000000000000000291146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b343b63c754d2e2023-02-08 09:51:43.099root 11241100x8000000000000000291145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df69a352a4565a5b2023-02-08 09:51:43.099root 11241100x8000000000000000291144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc39cd70060071c2023-02-08 09:51:43.099root 11241100x8000000000000000291143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.099{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e840f41cbd3dcae2023-02-08 09:51:43.099root 11241100x8000000000000000291161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81ab912109a7f3c2023-02-08 09:51:43.100root 11241100x8000000000000000291160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1ece96175d42952023-02-08 09:51:43.100root 11241100x8000000000000000291159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5a823e0c7e965d2023-02-08 09:51:43.100root 11241100x8000000000000000291158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f9d9242001dc222023-02-08 09:51:43.100root 11241100x8000000000000000291157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a78553a8e7494df2023-02-08 09:51:43.100root 11241100x8000000000000000291156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3923386b2515dc0d2023-02-08 09:51:43.100root 11241100x8000000000000000291155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a803b3a21a7e5c2023-02-08 09:51:43.100root 11241100x8000000000000000291154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1c90bb0cd5732f2023-02-08 09:51:43.100root 11241100x8000000000000000291153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f633154ff78f18b2023-02-08 09:51:43.100root 11241100x8000000000000000291152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.100{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb04c9b6e81e63702023-02-08 09:51:43.100root 11241100x8000000000000000291166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee30a8d838cbde52023-02-08 09:51:43.484root 11241100x8000000000000000291165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0896bbfaa2ea6e52023-02-08 09:51:43.484root 11241100x8000000000000000291164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751d86175de488532023-02-08 09:51:43.484root 11241100x8000000000000000291163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b31f112d816cf82023-02-08 09:51:43.484root 11241100x8000000000000000291162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2045bec13842912023-02-08 09:51:43.484root 11241100x8000000000000000291175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dc661fdd83e6b72023-02-08 09:51:43.485root 11241100x8000000000000000291174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c023afbb478482e2023-02-08 09:51:43.485root 11241100x8000000000000000291173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a574f2825a30772023-02-08 09:51:43.485root 11241100x8000000000000000291172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca9bb0d4f42601e2023-02-08 09:51:43.485root 11241100x8000000000000000291171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874d95b11ea68b182023-02-08 09:51:43.485root 11241100x8000000000000000291170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac2a3518fcfd5252023-02-08 09:51:43.485root 11241100x8000000000000000291169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222600438624f7ca2023-02-08 09:51:43.485root 11241100x8000000000000000291168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8798d7756f7bba2023-02-08 09:51:43.485root 11241100x8000000000000000291167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683f80732acb4c1b2023-02-08 09:51:43.485root 11241100x8000000000000000291182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42321318fd296362023-02-08 09:51:43.486root 11241100x8000000000000000291181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb79c30b396d7432023-02-08 09:51:43.486root 11241100x8000000000000000291180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03de8b009c0635b72023-02-08 09:51:43.486root 11241100x8000000000000000291179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4a2a0fe75956672023-02-08 09:51:43.486root 11241100x8000000000000000291178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d40e2255837ac9c2023-02-08 09:51:43.486root 11241100x8000000000000000291177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c37183f74ca502023-02-08 09:51:43.486root 11241100x8000000000000000291176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964c2d1a071ca24f2023-02-08 09:51:43.486root 11241100x8000000000000000291189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d033ba57a8d3b692023-02-08 09:51:43.487root 11241100x8000000000000000291188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054be77dc49cbd782023-02-08 09:51:43.487root 11241100x8000000000000000291187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b2eb623d2314f2023-02-08 09:51:43.487root 11241100x8000000000000000291186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a85775ffb099a92023-02-08 09:51:43.487root 11241100x8000000000000000291185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48b84fdd8a965712023-02-08 09:51:43.487root 11241100x8000000000000000291184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9facc8fbed90142023-02-08 09:51:43.487root 11241100x8000000000000000291183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8596f31660af60582023-02-08 09:51:43.487root 11241100x8000000000000000291198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af1e9202d34084e2023-02-08 09:51:43.488root 11241100x8000000000000000291197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead9e48db4a137dc2023-02-08 09:51:43.488root 11241100x8000000000000000291196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae8ccedc9fd01ad2023-02-08 09:51:43.488root 11241100x8000000000000000291195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edfe9fe203e40822023-02-08 09:51:43.488root 11241100x8000000000000000291194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d299a46585c7c92023-02-08 09:51:43.488root 11241100x8000000000000000291193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38628de320f5e6612023-02-08 09:51:43.488root 11241100x8000000000000000291192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee3eb0c80d6ed3f2023-02-08 09:51:43.488root 11241100x8000000000000000291191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8200e01385e5503d2023-02-08 09:51:43.488root 11241100x8000000000000000291190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e71d230f20ac372023-02-08 09:51:43.488root 11241100x8000000000000000291207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5872de37f35d071f2023-02-08 09:51:43.489root 11241100x8000000000000000291206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59a94f350c0284e2023-02-08 09:51:43.489root 11241100x8000000000000000291205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4600159c91cbcdf92023-02-08 09:51:43.489root 11241100x8000000000000000291204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad85903c0b0fd8cf2023-02-08 09:51:43.489root 11241100x8000000000000000291203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7014a7d5303dd6b2023-02-08 09:51:43.489root 11241100x8000000000000000291202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be73269b472ac212023-02-08 09:51:43.489root 11241100x8000000000000000291201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261370676fe32b52023-02-08 09:51:43.489root 11241100x8000000000000000291200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6717b0629f8586e62023-02-08 09:51:43.489root 11241100x8000000000000000291199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc195ad9b5597ed2023-02-08 09:51:43.489root 11241100x8000000000000000291212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acda08dd23080872023-02-08 09:51:43.490root 11241100x8000000000000000291211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4e4d8dfcea69242023-02-08 09:51:43.490root 11241100x8000000000000000291210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536e5491e32ed13b2023-02-08 09:51:43.490root 11241100x8000000000000000291209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64730af8059e25762023-02-08 09:51:43.490root 11241100x8000000000000000291208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b9179921136ad02023-02-08 09:51:43.490root 11241100x8000000000000000291220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96ee95400c9503f2023-02-08 09:51:43.491root 11241100x8000000000000000291219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49b5b081d7ccd02023-02-08 09:51:43.491root 11241100x8000000000000000291218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507045454a39ab602023-02-08 09:51:43.491root 11241100x8000000000000000291217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb504350921d5102023-02-08 09:51:43.491root 11241100x8000000000000000291216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73d7d9e20d441112023-02-08 09:51:43.491root 11241100x8000000000000000291215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4ba54a483cf2a92023-02-08 09:51:43.491root 11241100x8000000000000000291214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e242e7daebc557b2023-02-08 09:51:43.491root 11241100x8000000000000000291213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb3101dff425c902023-02-08 09:51:43.491root 11241100x8000000000000000291232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed12e64cad99f2b42023-02-08 09:51:43.492root 11241100x8000000000000000291231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ed1230bd8e00a2023-02-08 09:51:43.492root 11241100x8000000000000000291230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169873a29f2a23ec2023-02-08 09:51:43.492root 11241100x8000000000000000291229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e8682f87b8d76b2023-02-08 09:51:43.492root 11241100x8000000000000000291228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d626cf7b784485ac2023-02-08 09:51:43.492root 11241100x8000000000000000291227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c78a82d7d720fdd2023-02-08 09:51:43.492root 11241100x8000000000000000291226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbea801095e12cde2023-02-08 09:51:43.492root 11241100x8000000000000000291225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafe29f05edaa16d2023-02-08 09:51:43.492root 11241100x8000000000000000291224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12162d06a56d72a02023-02-08 09:51:43.492root 11241100x8000000000000000291223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3003bc3bb025d22023-02-08 09:51:43.492root 11241100x8000000000000000291222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0187bdf3a87d882023-02-08 09:51:43.492root 11241100x8000000000000000291221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aacceace11ec3d52023-02-08 09:51:43.492root 11241100x8000000000000000291239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90d843d906b3b62023-02-08 09:51:43.493root 11241100x8000000000000000291238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d38f8aba44897402023-02-08 09:51:43.493root 11241100x8000000000000000291237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d73b9d18bb0954e2023-02-08 09:51:43.493root 11241100x8000000000000000291236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930c4f4511b6d5ea2023-02-08 09:51:43.493root 11241100x8000000000000000291235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17fb0a8a6b71172023-02-08 09:51:43.493root 11241100x8000000000000000291234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94bfe3513b74e942023-02-08 09:51:43.493root 11241100x8000000000000000291233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a814127686230602023-02-08 09:51:43.493root 11241100x8000000000000000291243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c0487f17a7d3132023-02-08 09:51:43.495root 11241100x8000000000000000291242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf641a0301a0f182023-02-08 09:51:43.495root 11241100x8000000000000000291241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f468c92d13f18ee62023-02-08 09:51:43.495root 11241100x8000000000000000291240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3904ef51d12b7ea92023-02-08 09:51:43.495root 11241100x8000000000000000291247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170de0524551ee072023-02-08 09:51:43.496root 11241100x8000000000000000291246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd0fce1858401492023-02-08 09:51:43.496root 11241100x8000000000000000291245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a794e41a387445e82023-02-08 09:51:43.496root 11241100x8000000000000000291244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa544680c713d82023-02-08 09:51:43.496root 11241100x8000000000000000291252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f46d42f4b163a22023-02-08 09:51:43.497root 11241100x8000000000000000291251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b796b3703babddb22023-02-08 09:51:43.497root 11241100x8000000000000000291250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb344bd178cd49202023-02-08 09:51:43.497root 11241100x8000000000000000291249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d36aed03d780f42023-02-08 09:51:43.497root 11241100x8000000000000000291248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62492903ab8ca59a2023-02-08 09:51:43.497root 11241100x8000000000000000291258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c632c25ab1391f2023-02-08 09:51:43.498root 11241100x8000000000000000291257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89e01143968e4f2023-02-08 09:51:43.498root 11241100x8000000000000000291256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc91abf34d8d969b2023-02-08 09:51:43.498root 11241100x8000000000000000291255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6855ef513a86c8c2023-02-08 09:51:43.498root 11241100x8000000000000000291254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef328c50cbd161ba2023-02-08 09:51:43.498root 11241100x8000000000000000291253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496851fa433eb4d92023-02-08 09:51:43.498root 11241100x8000000000000000291266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7040657532578432023-02-08 09:51:43.499root 11241100x8000000000000000291265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7744e0a3938c7bd2023-02-08 09:51:43.499root 11241100x8000000000000000291264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24280e456bd996932023-02-08 09:51:43.499root 11241100x8000000000000000291263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc43af4d36313c012023-02-08 09:51:43.499root 11241100x8000000000000000291262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd11036d55ce92992023-02-08 09:51:43.499root 11241100x8000000000000000291261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d17c4d70ef828a2023-02-08 09:51:43.499root 11241100x8000000000000000291260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051dc40cfa14156e2023-02-08 09:51:43.499root 11241100x8000000000000000291259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efab19e98cd49012023-02-08 09:51:43.499root 11241100x8000000000000000291272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f91281e7744f8692023-02-08 09:51:43.500root 11241100x8000000000000000291271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05411a873d7be41e2023-02-08 09:51:43.500root 11241100x8000000000000000291270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce703d6592f1b4712023-02-08 09:51:43.500root 11241100x8000000000000000291269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93238b5a5e34f012023-02-08 09:51:43.500root 11241100x8000000000000000291268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3223be156bb9d2023-02-08 09:51:43.500root 11241100x8000000000000000291267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d1306382fc0bef2023-02-08 09:51:43.500root 11241100x8000000000000000291277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d41c4ea3af93e952023-02-08 09:51:43.501root 11241100x8000000000000000291276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610f26301b2e48a42023-02-08 09:51:43.501root 11241100x8000000000000000291275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b520bdea34482012023-02-08 09:51:43.501root 11241100x8000000000000000291274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dadea6dcca6e832023-02-08 09:51:43.501root 11241100x8000000000000000291273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69aad9d9cc7def42023-02-08 09:51:43.501root 11241100x8000000000000000291285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5f2378a55963532023-02-08 09:51:43.985root 11241100x8000000000000000291284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ca95aa1b471462023-02-08 09:51:43.985root 11241100x8000000000000000291283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c8b8977528cd002023-02-08 09:51:43.985root 11241100x8000000000000000291282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc00dc539ab228f2023-02-08 09:51:43.985root 11241100x8000000000000000291281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d29cb47d0709772023-02-08 09:51:43.985root 11241100x8000000000000000291280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fe26119c36fb132023-02-08 09:51:43.985root 11241100x8000000000000000291279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d0340f2ca641012023-02-08 09:51:43.985root 11241100x8000000000000000291278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471d22ebfea89e032023-02-08 09:51:43.985root 11241100x8000000000000000291294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29423bafa2800bf32023-02-08 09:51:43.986root 11241100x8000000000000000291293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c719cf7c4523fca2023-02-08 09:51:43.986root 11241100x8000000000000000291292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eebfc62632d242f2023-02-08 09:51:43.986root 11241100x8000000000000000291291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec967121f66ef92023-02-08 09:51:43.986root 11241100x8000000000000000291290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1816573e4962032b2023-02-08 09:51:43.986root 11241100x8000000000000000291289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf63aa69893d0c2023-02-08 09:51:43.986root 11241100x8000000000000000291288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f264f53482a08d82023-02-08 09:51:43.986root 11241100x8000000000000000291287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2e7bbedc17a8052023-02-08 09:51:43.986root 11241100x8000000000000000291286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1058071d75505de62023-02-08 09:51:43.986root 11241100x8000000000000000291302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97377e85f353e60a2023-02-08 09:51:43.987root 11241100x8000000000000000291301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708776589357ac762023-02-08 09:51:43.987root 11241100x8000000000000000291300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d32f2b971cb4c3d2023-02-08 09:51:43.987root 11241100x8000000000000000291299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c02bde65410be4b2023-02-08 09:51:43.987root 11241100x8000000000000000291298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b67f7dcbd60f13e2023-02-08 09:51:43.987root 11241100x8000000000000000291297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f2bc37a329e5cd2023-02-08 09:51:43.987root 11241100x8000000000000000291296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142b4cd0bb308c322023-02-08 09:51:43.987root 11241100x8000000000000000291295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34188a96403abfc02023-02-08 09:51:43.987root 11241100x8000000000000000291308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54a9c23472718b2023-02-08 09:51:43.988root 11241100x8000000000000000291307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c22fae0c4278a212023-02-08 09:51:43.988root 11241100x8000000000000000291306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2218d9a11b5d892023-02-08 09:51:43.988root 11241100x8000000000000000291305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e414d107de07c25a2023-02-08 09:51:43.988root 11241100x8000000000000000291304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1354b3df06607362023-02-08 09:51:43.988root 11241100x8000000000000000291303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e76e5ed795952e02023-02-08 09:51:43.988root 11241100x8000000000000000291312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82229700ce6b06852023-02-08 09:51:43.989root 11241100x8000000000000000291311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ef53a650687b9f2023-02-08 09:51:43.989root 11241100x8000000000000000291310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324864993c8b2b42023-02-08 09:51:43.989root 11241100x8000000000000000291309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3118129a5b3082023-02-08 09:51:43.989root 11241100x8000000000000000291319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a27343da6bc832023-02-08 09:51:43.990root 11241100x8000000000000000291318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ab65e239ac26222023-02-08 09:51:43.990root 11241100x8000000000000000291317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7028307c64837c822023-02-08 09:51:43.990root 11241100x8000000000000000291316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebcb626435dad5b2023-02-08 09:51:43.990root 11241100x8000000000000000291315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907f3a9bf31160222023-02-08 09:51:43.990root 11241100x8000000000000000291314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79d462870aea8df2023-02-08 09:51:43.990root 11241100x8000000000000000291313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:43.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ed5a01f561a3e82023-02-08 09:51:43.990root 11241100x8000000000000000291327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b143b03438ac05a52023-02-08 09:51:44.485root 11241100x8000000000000000291326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd8f467c8391c502023-02-08 09:51:44.485root 11241100x8000000000000000291325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688da7d703dd56e42023-02-08 09:51:44.485root 11241100x8000000000000000291324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6b2590a47ed5042023-02-08 09:51:44.485root 11241100x8000000000000000291323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59d05eab25590b22023-02-08 09:51:44.485root 11241100x8000000000000000291322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82db58b5becb2c132023-02-08 09:51:44.485root 11241100x8000000000000000291321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79194842c678d1602023-02-08 09:51:44.485root 11241100x8000000000000000291320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6761661e155872f42023-02-08 09:51:44.485root 11241100x8000000000000000291339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76057c4926d637572023-02-08 09:51:44.486root 11241100x8000000000000000291338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70054f22e10ea4352023-02-08 09:51:44.486root 11241100x8000000000000000291337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51efd48737982722023-02-08 09:51:44.486root 11241100x8000000000000000291336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186154575656f4c2023-02-08 09:51:44.486root 11241100x8000000000000000291335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc0b02abb55cd8e2023-02-08 09:51:44.486root 11241100x8000000000000000291334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bec6275785ba0102023-02-08 09:51:44.486root 11241100x8000000000000000291333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb7bd6a341269762023-02-08 09:51:44.486root 11241100x8000000000000000291332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5e31c83e35c8332023-02-08 09:51:44.486root 11241100x8000000000000000291331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a37bf103ce20122023-02-08 09:51:44.486root 11241100x8000000000000000291330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0021c58ff60dc302023-02-08 09:51:44.486root 11241100x8000000000000000291329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc84e6e60b733512023-02-08 09:51:44.486root 11241100x8000000000000000291328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d06bb78ee368352023-02-08 09:51:44.486root 11241100x8000000000000000291349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f36675f0289756f2023-02-08 09:51:44.487root 11241100x8000000000000000291348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b030c5e4ea5075a92023-02-08 09:51:44.487root 11241100x8000000000000000291347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2026e97a9158499c2023-02-08 09:51:44.487root 11241100x8000000000000000291346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d2525db96ae4212023-02-08 09:51:44.487root 11241100x8000000000000000291345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c558ebab092a8bc02023-02-08 09:51:44.487root 11241100x8000000000000000291344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666de2fe555b4db2023-02-08 09:51:44.487root 11241100x8000000000000000291343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7f9ac1cb6346502023-02-08 09:51:44.487root 11241100x8000000000000000291342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5045ba46c53bd152023-02-08 09:51:44.487root 11241100x8000000000000000291341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca399cb913b4a7a2023-02-08 09:51:44.487root 11241100x8000000000000000291340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53e1171808d0cf52023-02-08 09:51:44.487root 11241100x8000000000000000291355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7552ac188b25b40c2023-02-08 09:51:44.488root 11241100x8000000000000000291354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8596a1b930de68c62023-02-08 09:51:44.488root 11241100x8000000000000000291353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22c6c097189c8722023-02-08 09:51:44.488root 11241100x8000000000000000291352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4da41406cc16a32023-02-08 09:51:44.488root 11241100x8000000000000000291351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd96115a45e186aa2023-02-08 09:51:44.488root 11241100x8000000000000000291350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4046416c5e8b57292023-02-08 09:51:44.488root 11241100x8000000000000000291357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28794c4c644665c2023-02-08 09:51:44.490root 11241100x8000000000000000291356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32602b7a42ae018b2023-02-08 09:51:44.490root 11241100x8000000000000000291358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d1f179699b68752023-02-08 09:51:44.984root 11241100x8000000000000000291360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4333000d25fa602023-02-08 09:51:44.985root 11241100x8000000000000000291359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a25290fb0d11352023-02-08 09:51:44.985root 11241100x8000000000000000291364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b8d2aa6deef782023-02-08 09:51:44.986root 11241100x8000000000000000291363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c7854cb8e7aaaf2023-02-08 09:51:44.986root 11241100x8000000000000000291362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7cd8e5c8b5b80d2023-02-08 09:51:44.986root 11241100x8000000000000000291361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d40083717ba0f682023-02-08 09:51:44.986root 11241100x8000000000000000291375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007a7af85cafff3e2023-02-08 09:51:44.987root 11241100x8000000000000000291374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850aec8b22a394c2023-02-08 09:51:44.987root 11241100x8000000000000000291373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6179872c67e1812023-02-08 09:51:44.987root 11241100x8000000000000000291372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd4ce29cc5eba512023-02-08 09:51:44.987root 11241100x8000000000000000291371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d987449d19be942023-02-08 09:51:44.987root 11241100x8000000000000000291370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b512f649f61358f2023-02-08 09:51:44.987root 11241100x8000000000000000291369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44207ca640b074812023-02-08 09:51:44.987root 11241100x8000000000000000291368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bff8ca55f6fe7d2023-02-08 09:51:44.987root 11241100x8000000000000000291367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d970b5cc7c3652023-02-08 09:51:44.987root 11241100x8000000000000000291366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286bbbd6a03a9e022023-02-08 09:51:44.987root 11241100x8000000000000000291365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6a65b765fd2f7d2023-02-08 09:51:44.987root 11241100x8000000000000000291383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7c062b80bbca782023-02-08 09:51:44.988root 11241100x8000000000000000291382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa16b3e114bcfbc2023-02-08 09:51:44.988root 11241100x8000000000000000291381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d471807b1ce6f42023-02-08 09:51:44.988root 11241100x8000000000000000291380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c07c3afbd4c79e92023-02-08 09:51:44.988root 11241100x8000000000000000291379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c41e78d2cf3b55b2023-02-08 09:51:44.988root 11241100x8000000000000000291378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dab72e8b77b8922023-02-08 09:51:44.988root 11241100x8000000000000000291377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79aaf9fccaf97dd42023-02-08 09:51:44.988root 11241100x8000000000000000291376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37543d90d3c1af92023-02-08 09:51:44.988root 11241100x8000000000000000291390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21abeb9d102bb99d2023-02-08 09:51:44.989root 11241100x8000000000000000291389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e625d2a5287c3cdc2023-02-08 09:51:44.989root 11241100x8000000000000000291388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5a2d2ab24999c32023-02-08 09:51:44.989root 11241100x8000000000000000291387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08340b2e853d4d692023-02-08 09:51:44.989root 11241100x8000000000000000291386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48319fa131fa4e272023-02-08 09:51:44.989root 11241100x8000000000000000291385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ef6341d7f9eb722023-02-08 09:51:44.989root 11241100x8000000000000000291384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464d47e9afcb1a9c2023-02-08 09:51:44.989root 11241100x8000000000000000291396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d94506c9c28493c2023-02-08 09:51:44.990root 11241100x8000000000000000291395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3221a9dff55e759a2023-02-08 09:51:44.990root 11241100x8000000000000000291394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844759abc0be020d2023-02-08 09:51:44.990root 11241100x8000000000000000291393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b9e6364cda54a12023-02-08 09:51:44.990root 11241100x8000000000000000291392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeee6a1252fefab2023-02-08 09:51:44.990root 11241100x8000000000000000291391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:44.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ad37e85ac3ef602023-02-08 09:51:44.990root 11241100x8000000000000000291402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e204d6d62294c5a2023-02-08 09:51:45.484root 11241100x8000000000000000291401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8dcf96181d47e2023-02-08 09:51:45.484root 11241100x8000000000000000291400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a468f4425775dcdf2023-02-08 09:51:45.484root 11241100x8000000000000000291399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b09f7745f75572023-02-08 09:51:45.484root 11241100x8000000000000000291398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b2737f733efc692023-02-08 09:51:45.484root 11241100x8000000000000000291397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8995770175a27542023-02-08 09:51:45.484root 11241100x8000000000000000291412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d57f3ee80d706a82023-02-08 09:51:45.485root 11241100x8000000000000000291411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c213a5813ee88f62023-02-08 09:51:45.485root 11241100x8000000000000000291410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1469a709bc80687c2023-02-08 09:51:45.485root 11241100x8000000000000000291409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f6424bef334ca2023-02-08 09:51:45.485root 11241100x8000000000000000291408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7bc0b3c5d68e942023-02-08 09:51:45.485root 11241100x8000000000000000291407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b617cbf939f338e42023-02-08 09:51:45.485root 11241100x8000000000000000291406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7253f4e467275f8c2023-02-08 09:51:45.485root 11241100x8000000000000000291405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c96032c7e9edfc2023-02-08 09:51:45.485root 11241100x8000000000000000291404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7092ce7405d992023-02-08 09:51:45.485root 11241100x8000000000000000291403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc88d06d6483e62023-02-08 09:51:45.485root 11241100x8000000000000000291418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdb75ce016fb3932023-02-08 09:51:45.486root 11241100x8000000000000000291417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c371b87a4c14cc52023-02-08 09:51:45.486root 11241100x8000000000000000291416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4e5799a6456022023-02-08 09:51:45.486root 11241100x8000000000000000291415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b06f2068c9c2f62023-02-08 09:51:45.486root 11241100x8000000000000000291414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3cd995d098ab52023-02-08 09:51:45.486root 11241100x8000000000000000291413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36921200fb32de182023-02-08 09:51:45.486root 11241100x8000000000000000291426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603d76efc15557432023-02-08 09:51:45.487root 11241100x8000000000000000291425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ed03ec1499b8302023-02-08 09:51:45.487root 11241100x8000000000000000291424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911c39a283d925712023-02-08 09:51:45.487root 11241100x8000000000000000291423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2cfa48e17d72a72023-02-08 09:51:45.487root 11241100x8000000000000000291422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456705e23c005e052023-02-08 09:51:45.487root 11241100x8000000000000000291421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bca31d0156bf8fb2023-02-08 09:51:45.487root 11241100x8000000000000000291420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925d0feb064943f22023-02-08 09:51:45.487root 11241100x8000000000000000291419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f02bac9d14514d72023-02-08 09:51:45.487root 11241100x8000000000000000291435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320c0bfaf94368c22023-02-08 09:51:45.488root 11241100x8000000000000000291434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a83a1b0428f0832023-02-08 09:51:45.488root 11241100x8000000000000000291433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66c7a6fe71d9f42023-02-08 09:51:45.488root 11241100x8000000000000000291432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0042f933722b9d362023-02-08 09:51:45.488root 11241100x8000000000000000291431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a379a5344b409a82023-02-08 09:51:45.488root 11241100x8000000000000000291430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9fb57f5d5c775c2023-02-08 09:51:45.488root 11241100x8000000000000000291429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a22c1736f856e2023-02-08 09:51:45.488root 11241100x8000000000000000291428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2eaa4dd8a69ad42023-02-08 09:51:45.488root 11241100x8000000000000000291427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7c301a4f8699552023-02-08 09:51:45.488root 11241100x8000000000000000291438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7687d84beffc6fd42023-02-08 09:51:45.489root 11241100x8000000000000000291437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28171b8d7da974352023-02-08 09:51:45.489root 11241100x8000000000000000291436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2cfec13708f7bd2023-02-08 09:51:45.489root 11241100x8000000000000000291441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a2997fff17efd42023-02-08 09:51:45.984root 11241100x8000000000000000291440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15a0917050b2ce2023-02-08 09:51:45.984root 11241100x8000000000000000291439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f0d7d3b3095122023-02-08 09:51:45.984root 11241100x8000000000000000291450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2689f0013efaf852023-02-08 09:51:45.985root 11241100x8000000000000000291449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c419724131dca2023-02-08 09:51:45.985root 11241100x8000000000000000291448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5396440ee60b22023-02-08 09:51:45.985root 11241100x8000000000000000291447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e718c6ac6c777dd2023-02-08 09:51:45.985root 11241100x8000000000000000291446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1b66751e639f132023-02-08 09:51:45.985root 11241100x8000000000000000291445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ceb8dff830be0f2023-02-08 09:51:45.985root 11241100x8000000000000000291444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71fb38fef5060d42023-02-08 09:51:45.985root 11241100x8000000000000000291443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657f6b1b707f110b2023-02-08 09:51:45.985root 11241100x8000000000000000291442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18e628e01e80ce2023-02-08 09:51:45.985root 11241100x8000000000000000291457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7c1e90367fcc382023-02-08 09:51:45.986root 11241100x8000000000000000291456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433071e3f7f525ab2023-02-08 09:51:45.986root 11241100x8000000000000000291455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6389be39b025e22023-02-08 09:51:45.986root 11241100x8000000000000000291454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7d06c65b7ccbf32023-02-08 09:51:45.986root 11241100x8000000000000000291453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044bebc27e3789fe2023-02-08 09:51:45.986root 11241100x8000000000000000291452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d581c3ce3d2d9a2023-02-08 09:51:45.986root 11241100x8000000000000000291451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647369548bd842652023-02-08 09:51:45.986root 11241100x8000000000000000291466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3a0266e41276802023-02-08 09:51:45.987root 11241100x8000000000000000291465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2cca7b287b38742023-02-08 09:51:45.987root 11241100x8000000000000000291464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9296bac029013732023-02-08 09:51:45.987root 11241100x8000000000000000291463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050b9dc36a70a1312023-02-08 09:51:45.987root 11241100x8000000000000000291462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f8d7f1adcbae8c2023-02-08 09:51:45.987root 11241100x8000000000000000291461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcd40194d858ecf2023-02-08 09:51:45.987root 11241100x8000000000000000291460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b415b5809a90c22023-02-08 09:51:45.987root 11241100x8000000000000000291459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996891920c645a0d2023-02-08 09:51:45.987root 11241100x8000000000000000291458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6351c020818d0d2023-02-08 09:51:45.987root 11241100x8000000000000000291476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1cd03eb085500dd2023-02-08 09:51:45.988root 11241100x8000000000000000291475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6d4565367752682023-02-08 09:51:45.988root 11241100x8000000000000000291474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6da7465ca1f61a72023-02-08 09:51:45.988root 11241100x8000000000000000291473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7da9e40326a032023-02-08 09:51:45.988root 11241100x8000000000000000291472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c69a0cb86d3e8942023-02-08 09:51:45.988root 11241100x8000000000000000291471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf320842d1b88dc2023-02-08 09:51:45.988root 11241100x8000000000000000291470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92453371f0592aa22023-02-08 09:51:45.988root 11241100x8000000000000000291469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea978182d7694f572023-02-08 09:51:45.988root 11241100x8000000000000000291468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feba5bbb678ae2f2023-02-08 09:51:45.988root 11241100x8000000000000000291467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650097a8dd5679092023-02-08 09:51:45.988root 11241100x8000000000000000291485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f4de21f9d8be362023-02-08 09:51:45.989root 11241100x8000000000000000291484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8890dbba705a28ba2023-02-08 09:51:45.989root 11241100x8000000000000000291483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80645633f99ad4412023-02-08 09:51:45.989root 11241100x8000000000000000291482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a8d4053477b0392023-02-08 09:51:45.989root 11241100x8000000000000000291481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085944c3b0d49b632023-02-08 09:51:45.989root 11241100x8000000000000000291480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7371b2fa0a1a4452023-02-08 09:51:45.989root 11241100x8000000000000000291479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc7dc1849c47aef2023-02-08 09:51:45.989root 11241100x8000000000000000291478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb2b75b2ae2681b2023-02-08 09:51:45.989root 11241100x8000000000000000291477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e61e2a5cc901bf2023-02-08 09:51:45.989root 11241100x8000000000000000291487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad89000eb0408cbc2023-02-08 09:51:45.990root 11241100x8000000000000000291486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:45.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdd929591253b4d2023-02-08 09:51:45.990root 11241100x8000000000000000291495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4848971a69d5e5b82023-02-08 09:51:46.485root 11241100x8000000000000000291494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab89e1c511b1052023-02-08 09:51:46.485root 11241100x8000000000000000291493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd530c66f4fc4962023-02-08 09:51:46.485root 11241100x8000000000000000291492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756953fa9e72aede2023-02-08 09:51:46.485root 11241100x8000000000000000291491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e184768ef82a56dc2023-02-08 09:51:46.485root 11241100x8000000000000000291490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c1089f80c4cd32023-02-08 09:51:46.485root 11241100x8000000000000000291489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623dca0af5d2ef822023-02-08 09:51:46.485root 11241100x8000000000000000291488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3652bae391661b22023-02-08 09:51:46.485root 11241100x8000000000000000291503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15cdf3dea9518822023-02-08 09:51:46.486root 11241100x8000000000000000291502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f99db6e8c0c9b2023-02-08 09:51:46.486root 11241100x8000000000000000291501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7839baae3167909f2023-02-08 09:51:46.486root 11241100x8000000000000000291500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e1f45b948cc5e92023-02-08 09:51:46.486root 11241100x8000000000000000291499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1328162812b8542023-02-08 09:51:46.486root 11241100x8000000000000000291498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca4ff9dd7db5b742023-02-08 09:51:46.486root 11241100x8000000000000000291497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ac015a8b864d182023-02-08 09:51:46.486root 11241100x8000000000000000291496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c50a08174c78b1c2023-02-08 09:51:46.486root 11241100x8000000000000000291511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1785c4c15a5c8e42023-02-08 09:51:46.487root 11241100x8000000000000000291510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a9028e67eff8f72023-02-08 09:51:46.487root 11241100x8000000000000000291509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f41c7edfc802062023-02-08 09:51:46.487root 11241100x8000000000000000291508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ba1a3f23c10732023-02-08 09:51:46.487root 11241100x8000000000000000291507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3907b9905503988b2023-02-08 09:51:46.487root 11241100x8000000000000000291506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0384d4025e73b72023-02-08 09:51:46.487root 11241100x8000000000000000291505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00587465e3d983582023-02-08 09:51:46.487root 11241100x8000000000000000291504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfb62c2eef6ef702023-02-08 09:51:46.487root 11241100x8000000000000000291521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d579a26831cb6c662023-02-08 09:51:46.488root 11241100x8000000000000000291520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f3b07df3e0b4b2023-02-08 09:51:46.488root 11241100x8000000000000000291519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5417d389221935092023-02-08 09:51:46.488root 11241100x8000000000000000291518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1623acb8db66b1d32023-02-08 09:51:46.488root 11241100x8000000000000000291517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e96bab1a28aa72023-02-08 09:51:46.488root 11241100x8000000000000000291516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16bc254658d1c1b2023-02-08 09:51:46.488root 11241100x8000000000000000291515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565328b0313ecfa12023-02-08 09:51:46.488root 11241100x8000000000000000291514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a229fc1d83fd4f02023-02-08 09:51:46.488root 11241100x8000000000000000291513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8acbf25d687032023-02-08 09:51:46.488root 11241100x8000000000000000291512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccac503c40cb561b2023-02-08 09:51:46.488root 11241100x8000000000000000291525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851a92ca92d2fed12023-02-08 09:51:46.489root 11241100x8000000000000000291524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7a86bc937bb712023-02-08 09:51:46.489root 11241100x8000000000000000291523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43e3238685cbcef2023-02-08 09:51:46.489root 11241100x8000000000000000291522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8797c06e38a56b22023-02-08 09:51:46.489root 11241100x8000000000000000291528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eec41dcdea3b9e2023-02-08 09:51:46.984root 11241100x8000000000000000291527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d5ae3fd9a7b8622023-02-08 09:51:46.984root 11241100x8000000000000000291526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e9513125e91d22023-02-08 09:51:46.984root 11241100x8000000000000000291538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423b460c6eddf0be2023-02-08 09:51:46.985root 11241100x8000000000000000291537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177234ef5e079f72023-02-08 09:51:46.985root 11241100x8000000000000000291536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf90bf210ae0759b2023-02-08 09:51:46.985root 11241100x8000000000000000291535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4300c0141e06de7a2023-02-08 09:51:46.985root 11241100x8000000000000000291534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92d0048b9222c962023-02-08 09:51:46.985root 11241100x8000000000000000291533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455f95cb201e56f32023-02-08 09:51:46.985root 11241100x8000000000000000291532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70264f1d37eb10c2023-02-08 09:51:46.985root 11241100x8000000000000000291531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a01ec7e3509698a2023-02-08 09:51:46.985root 11241100x8000000000000000291530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e40c633d48f810c2023-02-08 09:51:46.985root 11241100x8000000000000000291529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003ba9f59ed74c1f2023-02-08 09:51:46.985root 11241100x8000000000000000291546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0dfe13fcdc34e32023-02-08 09:51:46.986root 11241100x8000000000000000291545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f85146a5749fa52023-02-08 09:51:46.986root 11241100x8000000000000000291544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876c2b2674e7b4582023-02-08 09:51:46.986root 11241100x8000000000000000291543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86068d41eae3034f2023-02-08 09:51:46.986root 11241100x8000000000000000291542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454c8750f446eaa02023-02-08 09:51:46.986root 11241100x8000000000000000291541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76cc84b2b4989dd2023-02-08 09:51:46.986root 11241100x8000000000000000291540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179051907c8d0a382023-02-08 09:51:46.986root 11241100x8000000000000000291539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febb48de359b80e2023-02-08 09:51:46.986root 11241100x8000000000000000291553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f4169859b363e62023-02-08 09:51:46.987root 11241100x8000000000000000291552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a57139c6254362023-02-08 09:51:46.987root 11241100x8000000000000000291551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca97f90a6582a41f2023-02-08 09:51:46.987root 11241100x8000000000000000291550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab58a3ece5ac51e2023-02-08 09:51:46.987root 11241100x8000000000000000291549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1996b051aee501ef2023-02-08 09:51:46.987root 11241100x8000000000000000291548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b0a9f6e5d95ac02023-02-08 09:51:46.987root 11241100x8000000000000000291547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349bcc572639eccb2023-02-08 09:51:46.987root 11241100x8000000000000000291561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ccd66cb19e5e4f2023-02-08 09:51:46.988root 11241100x8000000000000000291560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aebf98ffada0572023-02-08 09:51:46.988root 11241100x8000000000000000291559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84095bb71ccdc23b2023-02-08 09:51:46.988root 11241100x8000000000000000291558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bded24cbb9faceca2023-02-08 09:51:46.988root 11241100x8000000000000000291557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d921136e1d5e6d612023-02-08 09:51:46.988root 11241100x8000000000000000291556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5592429226c71952023-02-08 09:51:46.988root 11241100x8000000000000000291555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcf2e1cead257bc2023-02-08 09:51:46.988root 11241100x8000000000000000291554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b862969430f631b62023-02-08 09:51:46.988root 11241100x8000000000000000291565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc37c8602e9588202023-02-08 09:51:46.989root 11241100x8000000000000000291564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e8002f607f2e02023-02-08 09:51:46.989root 11241100x8000000000000000291563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f732b858b779f62023-02-08 09:51:46.989root 11241100x8000000000000000291562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9450180d5350559f2023-02-08 09:51:46.989root 11241100x8000000000000000291568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39330209064ad5532023-02-08 09:51:46.990root 11241100x8000000000000000291567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc463e92e1917b32023-02-08 09:51:46.990root 11241100x8000000000000000291566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:46.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067b1578e0a264d82023-02-08 09:51:46.990root 11241100x8000000000000000291569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6a99ebefc10b332023-02-08 09:51:47.484root 11241100x8000000000000000291578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564bbb9065c405a32023-02-08 09:51:47.485root 11241100x8000000000000000291577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb9e1ca8bfc00be2023-02-08 09:51:47.485root 11241100x8000000000000000291576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b5a211a63963ec2023-02-08 09:51:47.485root 11241100x8000000000000000291575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38055d2ae2c6124a2023-02-08 09:51:47.485root 11241100x8000000000000000291574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892551bdf4ef49bf2023-02-08 09:51:47.485root 11241100x8000000000000000291573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac44d940ee0a4d12023-02-08 09:51:47.485root 11241100x8000000000000000291572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4139191faec7294f2023-02-08 09:51:47.485root 11241100x8000000000000000291571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b8536f50691bef2023-02-08 09:51:47.485root 11241100x8000000000000000291570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d8d00588941ef72023-02-08 09:51:47.485root 11241100x8000000000000000291588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ea8c176b8882e62023-02-08 09:51:47.486root 11241100x8000000000000000291587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fa2a62d66423742023-02-08 09:51:47.486root 11241100x8000000000000000291586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a71d7607c080da82023-02-08 09:51:47.486root 11241100x8000000000000000291585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe246488c20e5b2023-02-08 09:51:47.486root 11241100x8000000000000000291584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643460e6ba13b74d2023-02-08 09:51:47.486root 11241100x8000000000000000291583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6976f3e1938c13772023-02-08 09:51:47.486root 11241100x8000000000000000291582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadf5d2b78101bac2023-02-08 09:51:47.486root 11241100x8000000000000000291581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a029d98bc44ddae2023-02-08 09:51:47.486root 11241100x8000000000000000291580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c6a2b63db3757f2023-02-08 09:51:47.486root 11241100x8000000000000000291579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a30843620354ba82023-02-08 09:51:47.486root 11241100x8000000000000000291598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1f74c0d50668022023-02-08 09:51:47.487root 11241100x8000000000000000291597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96612fcf8ee73fc2023-02-08 09:51:47.487root 11241100x8000000000000000291596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53e71105f2ae9522023-02-08 09:51:47.487root 11241100x8000000000000000291595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aaede8a8117f752023-02-08 09:51:47.487root 11241100x8000000000000000291594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cb8dd262b9f8b62023-02-08 09:51:47.487root 11241100x8000000000000000291593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f243fd15e89ea1682023-02-08 09:51:47.487root 11241100x8000000000000000291592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e82b41879f9c5a2023-02-08 09:51:47.487root 11241100x8000000000000000291591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4540813b0e6d7d92023-02-08 09:51:47.487root 11241100x8000000000000000291590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee868d9b18d078822023-02-08 09:51:47.487root 11241100x8000000000000000291589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e9044655f02ff42023-02-08 09:51:47.487root 11241100x8000000000000000291608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7aa83ca1869ed22023-02-08 09:51:47.488root 11241100x8000000000000000291607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c3a5c3f30e8e7b2023-02-08 09:51:47.488root 11241100x8000000000000000291606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70673b5d43341f172023-02-08 09:51:47.488root 11241100x8000000000000000291605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c64420ca102237c2023-02-08 09:51:47.488root 11241100x8000000000000000291604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10b8f1933bd43a2023-02-08 09:51:47.488root 11241100x8000000000000000291603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8cb23a68eb12952023-02-08 09:51:47.488root 11241100x8000000000000000291602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d315da8fb5512f12023-02-08 09:51:47.488root 11241100x8000000000000000291601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7837b51f3f23c32023-02-08 09:51:47.488root 11241100x8000000000000000291600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca39c386960aca2023-02-08 09:51:47.488root 11241100x8000000000000000291599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca46bdda2a1d06d52023-02-08 09:51:47.488root 11241100x8000000000000000291610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5accd0da2fceb96a2023-02-08 09:51:47.489root 11241100x8000000000000000291609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73346a3fab6dee782023-02-08 09:51:47.489root 11241100x8000000000000000291611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a0da5be1e0030f2023-02-08 09:51:47.984root 11241100x8000000000000000291619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c32333b3e7de8c02023-02-08 09:51:47.985root 11241100x8000000000000000291618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41574e1c39a0ecd72023-02-08 09:51:47.985root 11241100x8000000000000000291617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97272ff9ec7a6532023-02-08 09:51:47.985root 11241100x8000000000000000291616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d144df9d595b5702023-02-08 09:51:47.985root 11241100x8000000000000000291615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4802eaa70d0599c02023-02-08 09:51:47.985root 11241100x8000000000000000291614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd44bc241712c5c12023-02-08 09:51:47.985root 11241100x8000000000000000291613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1c9e8857522fc42023-02-08 09:51:47.985root 11241100x8000000000000000291612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ccbe8ee329af362023-02-08 09:51:47.985root 11241100x8000000000000000291627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bac11ca10af760d2023-02-08 09:51:47.986root 11241100x8000000000000000291626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c31adb81666d90a2023-02-08 09:51:47.986root 11241100x8000000000000000291625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f4565c8314453a2023-02-08 09:51:47.986root 11241100x8000000000000000291624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04ebb3ae5a6a7852023-02-08 09:51:47.986root 11241100x8000000000000000291623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c6df87ee4408042023-02-08 09:51:47.986root 11241100x8000000000000000291622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e4decc390989d2023-02-08 09:51:47.986root 11241100x8000000000000000291621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef309c246860d332023-02-08 09:51:47.986root 11241100x8000000000000000291620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7941c7881fa9ae2023-02-08 09:51:47.986root 11241100x8000000000000000291632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f1e1ff427a96a5f2023-02-08 09:51:47.987root 11241100x8000000000000000291631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c121b85165c2cda22023-02-08 09:51:47.987root 11241100x8000000000000000291630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af15fb2232bc1f42023-02-08 09:51:47.987root 11241100x8000000000000000291629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1608c46b95508abb2023-02-08 09:51:47.987root 11241100x8000000000000000291628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48302ed317112b12023-02-08 09:51:47.987root 11241100x8000000000000000291640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d4ced85cd1d562023-02-08 09:51:47.988root 11241100x8000000000000000291639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925d4307941779892023-02-08 09:51:47.988root 11241100x8000000000000000291638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba2f75308095492023-02-08 09:51:47.988root 11241100x8000000000000000291637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d30d0051cfdd9b2023-02-08 09:51:47.988root 11241100x8000000000000000291636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af112af30c5ac2712023-02-08 09:51:47.988root 11241100x8000000000000000291635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a361fab3a7964a2023-02-08 09:51:47.988root 11241100x8000000000000000291634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6140d298e16ea2023-02-08 09:51:47.988root 11241100x8000000000000000291633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ce5b1a723e3ad22023-02-08 09:51:47.988root 11241100x8000000000000000291648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d613538b4ce5322023-02-08 09:51:47.989root 11241100x8000000000000000291647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6d43d8fa76a7b2023-02-08 09:51:47.989root 11241100x8000000000000000291646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2053649af64ff4bd2023-02-08 09:51:47.989root 11241100x8000000000000000291645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c1183e5628eb852023-02-08 09:51:47.989root 11241100x8000000000000000291644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22ad2c17ea460312023-02-08 09:51:47.989root 11241100x8000000000000000291643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a221ced45450ca82023-02-08 09:51:47.989root 11241100x8000000000000000291642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4eb3ec1761eeb2023-02-08 09:51:47.989root 11241100x8000000000000000291641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b229b8ddb9d4772023-02-08 09:51:47.989root 11241100x8000000000000000291650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb35e02f5f00bf32023-02-08 09:51:47.990root 11241100x8000000000000000291649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:47.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187548ccf0c4a9d82023-02-08 09:51:47.990root 354300x8000000000000000291651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.109{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59298-false10.0.1.12-8000- 11241100x8000000000000000291655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31391cb340f43cc2023-02-08 09:51:48.484root 11241100x8000000000000000291654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4909d56ee60ad3df2023-02-08 09:51:48.484root 11241100x8000000000000000291653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be718a3a2a60df832023-02-08 09:51:48.484root 11241100x8000000000000000291652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd3910c3b7226db2023-02-08 09:51:48.484root 11241100x8000000000000000291666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f2b98916ea61642023-02-08 09:51:48.485root 11241100x8000000000000000291665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a1888740df6bed2023-02-08 09:51:48.485root 11241100x8000000000000000291664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa995e3dd32fcb572023-02-08 09:51:48.485root 11241100x8000000000000000291663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb156b99036692b22023-02-08 09:51:48.485root 11241100x8000000000000000291662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d80a18753583e162023-02-08 09:51:48.485root 11241100x8000000000000000291661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cadba49e7fe22f2023-02-08 09:51:48.485root 11241100x8000000000000000291660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0416acfd386ba05a2023-02-08 09:51:48.485root 11241100x8000000000000000291659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ee2c720d98a812023-02-08 09:51:48.485root 11241100x8000000000000000291658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde3db4171e1ffe52023-02-08 09:51:48.485root 11241100x8000000000000000291657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6c5d24a32e371a2023-02-08 09:51:48.485root 11241100x8000000000000000291656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1044cfce5e580a112023-02-08 09:51:48.485root 11241100x8000000000000000291680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d40145c353c32a2023-02-08 09:51:48.486root 11241100x8000000000000000291679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e40c6d7d5b09ff2023-02-08 09:51:48.486root 11241100x8000000000000000291678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4fcb7638ab4c792023-02-08 09:51:48.486root 11241100x8000000000000000291677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f45eee27d1999c2023-02-08 09:51:48.486root 11241100x8000000000000000291676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54937a9cc0adcec12023-02-08 09:51:48.486root 11241100x8000000000000000291675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b789fb3bf7e1f52023-02-08 09:51:48.486root 11241100x8000000000000000291674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6afc9465f204f7252023-02-08 09:51:48.486root 11241100x8000000000000000291673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cff520cd56830d32023-02-08 09:51:48.486root 11241100x8000000000000000291672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30636fef5244b0e2023-02-08 09:51:48.486root 11241100x8000000000000000291671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cf53e5a1b2efe82023-02-08 09:51:48.486root 11241100x8000000000000000291670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75c7ea9e7686bcd2023-02-08 09:51:48.486root 11241100x8000000000000000291669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccae023e16bfe382023-02-08 09:51:48.486root 11241100x8000000000000000291668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51edaa6af156addb2023-02-08 09:51:48.486root 11241100x8000000000000000291667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df539ad00e3542192023-02-08 09:51:48.486root 11241100x8000000000000000291689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03afb1912aff352023-02-08 09:51:48.487root 11241100x8000000000000000291688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0901a9d133f6536e2023-02-08 09:51:48.487root 11241100x8000000000000000291687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241ade6dcf513ffc2023-02-08 09:51:48.487root 11241100x8000000000000000291686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04df663cd891f012023-02-08 09:51:48.487root 11241100x8000000000000000291685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c957666ab2b1bf882023-02-08 09:51:48.487root 11241100x8000000000000000291684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68544dd5eb1211b2023-02-08 09:51:48.487root 11241100x8000000000000000291683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbeadc0eeab6b102023-02-08 09:51:48.487root 11241100x8000000000000000291682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27cf6490c777eac2023-02-08 09:51:48.487root 11241100x8000000000000000291681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea23a4afe5024492023-02-08 09:51:48.487root 11241100x8000000000000000291692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1fad909667cdb32023-02-08 09:51:48.488root 11241100x8000000000000000291691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03715ba58783fec2023-02-08 09:51:48.488root 11241100x8000000000000000291690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfa59f88dc70ee02023-02-08 09:51:48.488root 11241100x8000000000000000291697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba092171ba3588a32023-02-08 09:51:48.489root 11241100x8000000000000000291696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432f36e74f75b1d72023-02-08 09:51:48.489root 11241100x8000000000000000291695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a28ba76c130b49a2023-02-08 09:51:48.489root 11241100x8000000000000000291694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb09fdd4013ca142023-02-08 09:51:48.489root 11241100x8000000000000000291693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20184d39f181861d2023-02-08 09:51:48.489root 11241100x8000000000000000291701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780062942bb26c1d2023-02-08 09:51:48.490root 11241100x8000000000000000291700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754697a8cc6eec452023-02-08 09:51:48.490root 11241100x8000000000000000291699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf806bf8a6f709fe2023-02-08 09:51:48.490root 11241100x8000000000000000291698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86549d0ead7e2ffd2023-02-08 09:51:48.490root 11241100x8000000000000000291703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5cc6bdba3427612023-02-08 09:51:48.984root 11241100x8000000000000000291702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c9a39355e08bf42023-02-08 09:51:48.984root 11241100x8000000000000000291715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8b95b9e13b7ca32023-02-08 09:51:48.985root 11241100x8000000000000000291714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8adeb49d71589742023-02-08 09:51:48.985root 11241100x8000000000000000291713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d74d98aca2f2522023-02-08 09:51:48.985root 11241100x8000000000000000291712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812908b2dcb600a62023-02-08 09:51:48.985root 11241100x8000000000000000291711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d9018dfa5a798b2023-02-08 09:51:48.985root 11241100x8000000000000000291710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e22bb97653ea252023-02-08 09:51:48.985root 11241100x8000000000000000291709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33cae23b6b843592023-02-08 09:51:48.985root 11241100x8000000000000000291708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74e869332023d592023-02-08 09:51:48.985root 11241100x8000000000000000291707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1787779ce2a1bd62023-02-08 09:51:48.985root 11241100x8000000000000000291706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b791891128f7ee52023-02-08 09:51:48.985root 11241100x8000000000000000291705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d321195cf7e8589a2023-02-08 09:51:48.985root 11241100x8000000000000000291704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6048c7710a59b92023-02-08 09:51:48.985root 11241100x8000000000000000291729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfa148ac274a27a2023-02-08 09:51:48.986root 11241100x8000000000000000291728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e794863d14a1102023-02-08 09:51:48.986root 11241100x8000000000000000291727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4f0b2fc9aee5f42023-02-08 09:51:48.986root 11241100x8000000000000000291726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf1f0720d7c14352023-02-08 09:51:48.986root 11241100x8000000000000000291725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9615aae2a968662023-02-08 09:51:48.986root 11241100x8000000000000000291724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46abb29fdc247072023-02-08 09:51:48.986root 11241100x8000000000000000291723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78588f06b57b04a72023-02-08 09:51:48.986root 11241100x8000000000000000291722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd91af14f050b0d2023-02-08 09:51:48.986root 11241100x8000000000000000291721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc179057ba5a7212023-02-08 09:51:48.986root 11241100x8000000000000000291720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f057402ff838b28c2023-02-08 09:51:48.986root 11241100x8000000000000000291719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2bacedcb29c8252023-02-08 09:51:48.986root 11241100x8000000000000000291718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a75cf81c153432023-02-08 09:51:48.986root 11241100x8000000000000000291717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ca222f425934fc2023-02-08 09:51:48.986root 11241100x8000000000000000291716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6cb2cfac71da562023-02-08 09:51:48.986root 11241100x8000000000000000291743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8ca4acb6df26a52023-02-08 09:51:48.987root 11241100x8000000000000000291742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4863e64188008cad2023-02-08 09:51:48.987root 11241100x8000000000000000291741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3961c85dbc2ff4172023-02-08 09:51:48.987root 11241100x8000000000000000291740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34e0857e302e5452023-02-08 09:51:48.987root 11241100x8000000000000000291739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f016b9cbc785762023-02-08 09:51:48.987root 11241100x8000000000000000291738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3845367cc16901772023-02-08 09:51:48.987root 11241100x8000000000000000291737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e35637b4fe72862023-02-08 09:51:48.987root 11241100x8000000000000000291736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddc3b7009645e392023-02-08 09:51:48.987root 11241100x8000000000000000291735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64609c037a3e1c3a2023-02-08 09:51:48.987root 11241100x8000000000000000291734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8eb746ef2f525e2023-02-08 09:51:48.987root 11241100x8000000000000000291733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b803a2888a920e7e2023-02-08 09:51:48.987root 11241100x8000000000000000291732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9984013945c5a92023-02-08 09:51:48.987root 11241100x8000000000000000291731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ff2a358b3fcc712023-02-08 09:51:48.987root 11241100x8000000000000000291730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207fad8785a833c02023-02-08 09:51:48.987root 11241100x8000000000000000291746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2924b8d0c0c46b62023-02-08 09:51:48.988root 11241100x8000000000000000291745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2d1329d129da322023-02-08 09:51:48.988root 11241100x8000000000000000291744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:48.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78de3d04c507d92f2023-02-08 09:51:48.988root 11241100x8000000000000000291755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd5c6d6961dbbe42023-02-08 09:51:49.484root 11241100x8000000000000000291754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a0ff8912228c22023-02-08 09:51:49.484root 11241100x8000000000000000291753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7495d700e7d9cb72023-02-08 09:51:49.484root 11241100x8000000000000000291752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8f099c5e1503c12023-02-08 09:51:49.484root 11241100x8000000000000000291751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528e23d977ba45132023-02-08 09:51:49.484root 11241100x8000000000000000291750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1443ea344d4fd9da2023-02-08 09:51:49.484root 11241100x8000000000000000291749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbbf3e49261dff02023-02-08 09:51:49.484root 11241100x8000000000000000291748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e17f0beb5cf23062023-02-08 09:51:49.484root 11241100x8000000000000000291747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe87ed5bed40fdd2023-02-08 09:51:49.484root 11241100x8000000000000000291764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cab7472b150fda2023-02-08 09:51:49.485root 11241100x8000000000000000291763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be8c2a1e80cf2c32023-02-08 09:51:49.485root 11241100x8000000000000000291762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3714b034caf146002023-02-08 09:51:49.485root 11241100x8000000000000000291761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592802564a6b4c1e2023-02-08 09:51:49.485root 11241100x8000000000000000291760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b996cbec74f2eac92023-02-08 09:51:49.485root 11241100x8000000000000000291759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4ce07989331e02023-02-08 09:51:49.485root 11241100x8000000000000000291758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d33a74e04243c2023-02-08 09:51:49.485root 11241100x8000000000000000291757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c477b17b44ca2c5e2023-02-08 09:51:49.485root 11241100x8000000000000000291756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f609209eafea12023-02-08 09:51:49.485root 11241100x8000000000000000291767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b84d186813b7e952023-02-08 09:51:49.486root 11241100x8000000000000000291766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b201e1924fedb9d2023-02-08 09:51:49.486root 11241100x8000000000000000291765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9e9c200d0e26c32023-02-08 09:51:49.486root 11241100x8000000000000000291770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0a0f453b4c3fdf2023-02-08 09:51:49.487root 11241100x8000000000000000291769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4744f664a3c44be72023-02-08 09:51:49.487root 11241100x8000000000000000291768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff44bc7e1e59e892023-02-08 09:51:49.487root 11241100x8000000000000000291774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9942167269462002023-02-08 09:51:49.488root 11241100x8000000000000000291773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5739e344ee125312023-02-08 09:51:49.488root 11241100x8000000000000000291772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6da2f0d80c19da32023-02-08 09:51:49.488root 11241100x8000000000000000291771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e46b5b3ee586562023-02-08 09:51:49.488root 11241100x8000000000000000291779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d687424a9fda9d82023-02-08 09:51:49.489root 11241100x8000000000000000291778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ccc6aef75012032023-02-08 09:51:49.489root 11241100x8000000000000000291777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b119e470ea6d562023-02-08 09:51:49.489root 11241100x8000000000000000291776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f47a33b3b42a9302023-02-08 09:51:49.489root 11241100x8000000000000000291775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46ed47d3425e0e32023-02-08 09:51:49.489root 11241100x8000000000000000291787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c41d6dfae11fd2023-02-08 09:51:49.490root 11241100x8000000000000000291786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd8c10c26d2a8b2023-02-08 09:51:49.490root 11241100x8000000000000000291785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f613e14e2fb270192023-02-08 09:51:49.490root 11241100x8000000000000000291784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3739e03410b7a96a2023-02-08 09:51:49.490root 11241100x8000000000000000291783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdf80763f105f732023-02-08 09:51:49.490root 11241100x8000000000000000291782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6549633be7ec3462023-02-08 09:51:49.490root 11241100x8000000000000000291781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e323c47579bad2023-02-08 09:51:49.490root 11241100x8000000000000000291780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c37eb51bdb42092023-02-08 09:51:49.490root 11241100x8000000000000000291794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b9a6fbf94a05472023-02-08 09:51:49.491root 11241100x8000000000000000291793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767b489aab4a607f2023-02-08 09:51:49.491root 11241100x8000000000000000291792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2dc8ffb4d4484d2023-02-08 09:51:49.491root 11241100x8000000000000000291791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043975b03b3a03132023-02-08 09:51:49.491root 11241100x8000000000000000291790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51912d8749137fdb2023-02-08 09:51:49.491root 11241100x8000000000000000291789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ead62818cc5db72023-02-08 09:51:49.491root 11241100x8000000000000000291788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee32bed6105cd492023-02-08 09:51:49.491root 11241100x8000000000000000291797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4eb81bd868c102023-02-08 09:51:49.984root 11241100x8000000000000000291796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82312594eba5d4bb2023-02-08 09:51:49.984root 11241100x8000000000000000291795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986fa959cf1957372023-02-08 09:51:49.984root 11241100x8000000000000000291807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4288f426919ebcd82023-02-08 09:51:49.985root 11241100x8000000000000000291806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a920aef127dcd2162023-02-08 09:51:49.985root 11241100x8000000000000000291805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7249ed74f2a6a02023-02-08 09:51:49.985root 11241100x8000000000000000291804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d3fe8f14fc71902023-02-08 09:51:49.985root 11241100x8000000000000000291803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fab2a60ffcf2e82023-02-08 09:51:49.985root 11241100x8000000000000000291802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886b012c24ca5cb52023-02-08 09:51:49.985root 11241100x8000000000000000291801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c240ab8cf0b4b2c2023-02-08 09:51:49.985root 11241100x8000000000000000291800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07cc6a8a5c93c9d2023-02-08 09:51:49.985root 11241100x8000000000000000291799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a995d51e925f86af2023-02-08 09:51:49.985root 11241100x8000000000000000291798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a2e5ff4d35bd742023-02-08 09:51:49.985root 11241100x8000000000000000291817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f61fb6ff5527cf12023-02-08 09:51:49.986root 11241100x8000000000000000291816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519c99a2dd381bcb2023-02-08 09:51:49.986root 11241100x8000000000000000291815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2fdbfcb7fddb962023-02-08 09:51:49.986root 11241100x8000000000000000291814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66656d776395b8ce2023-02-08 09:51:49.986root 11241100x8000000000000000291813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce90177c7d2a7f102023-02-08 09:51:49.986root 11241100x8000000000000000291812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753df7ec0e8da3e2023-02-08 09:51:49.986root 11241100x8000000000000000291811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5859ca680f14742023-02-08 09:51:49.986root 11241100x8000000000000000291810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc0e3c7966f9522023-02-08 09:51:49.986root 11241100x8000000000000000291809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47291c383dabc0052023-02-08 09:51:49.986root 11241100x8000000000000000291808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1d8622928fe8c92023-02-08 09:51:49.986root 11241100x8000000000000000291826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe219bcb57c2abf2023-02-08 09:51:49.987root 11241100x8000000000000000291825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057368f96a5e733a2023-02-08 09:51:49.987root 11241100x8000000000000000291824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec872b98d1b97a542023-02-08 09:51:49.987root 11241100x8000000000000000291823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848ed93e3e1984212023-02-08 09:51:49.987root 11241100x8000000000000000291822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4968f98eef6950382023-02-08 09:51:49.987root 11241100x8000000000000000291821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f235f87ef2f6e9fe2023-02-08 09:51:49.987root 11241100x8000000000000000291820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd87329ee6bf0c902023-02-08 09:51:49.987root 11241100x8000000000000000291819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1701ec3fbc7e3a2023-02-08 09:51:49.987root 11241100x8000000000000000291818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a651484425586c2023-02-08 09:51:49.987root 11241100x8000000000000000291837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa8c486165a52912023-02-08 09:51:49.988root 11241100x8000000000000000291836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b549091aedcd272023-02-08 09:51:49.988root 11241100x8000000000000000291835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a131878c78b09f2023-02-08 09:51:49.988root 11241100x8000000000000000291834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbd3144cd74c1e02023-02-08 09:51:49.988root 11241100x8000000000000000291833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69820d790500c29e2023-02-08 09:51:49.988root 11241100x8000000000000000291832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71acdef4619f1c0f2023-02-08 09:51:49.988root 11241100x8000000000000000291831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3febad77dcc685462023-02-08 09:51:49.988root 11241100x8000000000000000291830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b608b498b333452023-02-08 09:51:49.988root 11241100x8000000000000000291829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8adac6407890b12023-02-08 09:51:49.988root 11241100x8000000000000000291828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea6c69e7da246672023-02-08 09:51:49.988root 11241100x8000000000000000291827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0975a105da74ab9d2023-02-08 09:51:49.988root 11241100x8000000000000000291846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df87b3f12de5af652023-02-08 09:51:49.989root 11241100x8000000000000000291845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a549ad09942e72023-02-08 09:51:49.989root 11241100x8000000000000000291844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db24620c61e0ae8d2023-02-08 09:51:49.989root 11241100x8000000000000000291843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa249ebc7942dd2023-02-08 09:51:49.989root 11241100x8000000000000000291842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34583049a7c35ec52023-02-08 09:51:49.989root 11241100x8000000000000000291841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f2912f377ae3ee2023-02-08 09:51:49.989root 11241100x8000000000000000291840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa2ebc7902a3d972023-02-08 09:51:49.989root 11241100x8000000000000000291839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcddc0171e21e2b2023-02-08 09:51:49.989root 11241100x8000000000000000291838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74835a3a196ba10a2023-02-08 09:51:49.989root 11241100x8000000000000000291857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cd691aa42e6cf52023-02-08 09:51:49.990root 11241100x8000000000000000291856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d921468b969ef02023-02-08 09:51:49.990root 11241100x8000000000000000291855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc6ba1285f8ba812023-02-08 09:51:49.990root 11241100x8000000000000000291854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c180c3bb2c7a39692023-02-08 09:51:49.990root 11241100x8000000000000000291853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2190e3f0162e0e2023-02-08 09:51:49.990root 11241100x8000000000000000291852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c3ded214909a62023-02-08 09:51:49.990root 11241100x8000000000000000291851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3fd040615e6ae2023-02-08 09:51:49.990root 11241100x8000000000000000291850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043b8670dd20c1902023-02-08 09:51:49.990root 11241100x8000000000000000291849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77c9d0ee6840e882023-02-08 09:51:49.990root 11241100x8000000000000000291848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3c30bced6275e42023-02-08 09:51:49.990root 11241100x8000000000000000291847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7f57c6190d5a412023-02-08 09:51:49.990root 11241100x8000000000000000291865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426caabad7a8b9dc2023-02-08 09:51:49.991root 11241100x8000000000000000291864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b6f13be816b97c2023-02-08 09:51:49.991root 11241100x8000000000000000291863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c2ed1c6bed5b262023-02-08 09:51:49.991root 11241100x8000000000000000291862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bec77324733d762023-02-08 09:51:49.991root 11241100x8000000000000000291861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bef9a52c49fabd2023-02-08 09:51:49.991root 11241100x8000000000000000291860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a794cad83645ee592023-02-08 09:51:49.991root 11241100x8000000000000000291859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71e6934b8f523c32023-02-08 09:51:49.991root 11241100x8000000000000000291858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6374b7354774252023-02-08 09:51:49.991root 11241100x8000000000000000291872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d5c419b11398d62023-02-08 09:51:49.992root 11241100x8000000000000000291871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9765c3e59dacbea02023-02-08 09:51:49.992root 11241100x8000000000000000291870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c27f72de7cb218f2023-02-08 09:51:49.992root 11241100x8000000000000000291869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5556e786da1a376c2023-02-08 09:51:49.992root 11241100x8000000000000000291868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86eb7d3ded1bb1e2023-02-08 09:51:49.992root 11241100x8000000000000000291867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f6fe87b9e67ef22023-02-08 09:51:49.992root 11241100x8000000000000000291866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc3a5b8398a2c1b2023-02-08 09:51:49.992root 11241100x8000000000000000291874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d080f9aef67ff3e2023-02-08 09:51:49.993root 11241100x8000000000000000291873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:49.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bef372bfd771ad2023-02-08 09:51:49.993root 11241100x8000000000000000291884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dbcadfe98cc2492023-02-08 09:51:50.484root 11241100x8000000000000000291883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cda9c1d82ed6db2023-02-08 09:51:50.484root 11241100x8000000000000000291882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8a4bd3cbc06322023-02-08 09:51:50.484root 11241100x8000000000000000291881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d089ec71e8cb12c62023-02-08 09:51:50.484root 11241100x8000000000000000291880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cea4be39a4783a2023-02-08 09:51:50.484root 11241100x8000000000000000291879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f2ac661fb03bf2023-02-08 09:51:50.484root 11241100x8000000000000000291878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b6f01ec1ee4402023-02-08 09:51:50.484root 11241100x8000000000000000291877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3478e383220cabb2023-02-08 09:51:50.484root 11241100x8000000000000000291876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43abe834949cd2172023-02-08 09:51:50.484root 11241100x8000000000000000291875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec2fb345fdb056c2023-02-08 09:51:50.484root 11241100x8000000000000000291895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7df4f2aa7f422b02023-02-08 09:51:50.485root 11241100x8000000000000000291894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a96a6a9908af22023-02-08 09:51:50.485root 11241100x8000000000000000291893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddb8c49c37f84d72023-02-08 09:51:50.485root 11241100x8000000000000000291892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576642d097e78fe2023-02-08 09:51:50.485root 11241100x8000000000000000291891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ea2c91509f6fc92023-02-08 09:51:50.485root 11241100x8000000000000000291890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681988f048c3e6ae2023-02-08 09:51:50.485root 11241100x8000000000000000291889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b19c5a189b7bde2023-02-08 09:51:50.485root 11241100x8000000000000000291888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425f42901bca31432023-02-08 09:51:50.485root 11241100x8000000000000000291887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5b2b9e8cae9c572023-02-08 09:51:50.485root 11241100x8000000000000000291886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43dbbdb25d61852023-02-08 09:51:50.485root 11241100x8000000000000000291885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26275a671d8a32262023-02-08 09:51:50.485root 11241100x8000000000000000291902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a5f7f43aeba93d2023-02-08 09:51:50.486root 11241100x8000000000000000291901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f54c2b323f42802023-02-08 09:51:50.486root 11241100x8000000000000000291900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390ac64db989c3ad2023-02-08 09:51:50.486root 11241100x8000000000000000291899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461870fa6402464b2023-02-08 09:51:50.486root 11241100x8000000000000000291898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b8a60347bcdff12023-02-08 09:51:50.486root 11241100x8000000000000000291897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7561d899cfb83f72023-02-08 09:51:50.486root 11241100x8000000000000000291896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d094dee7686f8b2023-02-08 09:51:50.486root 11241100x8000000000000000291906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fec06b584ca91b2023-02-08 09:51:50.487root 11241100x8000000000000000291905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e34ae67d026fca82023-02-08 09:51:50.487root 11241100x8000000000000000291904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b12100dc90a35f52023-02-08 09:51:50.487root 11241100x8000000000000000291903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5268a507e6e3254d2023-02-08 09:51:50.487root 11241100x8000000000000000291916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444776e68d5792ef2023-02-08 09:51:50.488root 11241100x8000000000000000291915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce0f908760ab6242023-02-08 09:51:50.488root 11241100x8000000000000000291914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3d9024960c89d2023-02-08 09:51:50.488root 11241100x8000000000000000291913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166624befd25ebb82023-02-08 09:51:50.488root 11241100x8000000000000000291912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41111b7cbf658bde2023-02-08 09:51:50.488root 11241100x8000000000000000291911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d215e72a165a57442023-02-08 09:51:50.488root 11241100x8000000000000000291910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf38614d25be4722023-02-08 09:51:50.488root 11241100x8000000000000000291909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de5f117ba075c7e2023-02-08 09:51:50.488root 11241100x8000000000000000291908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2dcc20440057bd2023-02-08 09:51:50.488root 11241100x8000000000000000291907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454615494e264ce42023-02-08 09:51:50.488root 11241100x8000000000000000291922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d922895636c212023-02-08 09:51:50.489root 11241100x8000000000000000291921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9124ed77fbf37712023-02-08 09:51:50.489root 11241100x8000000000000000291920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724eca97e83bf8fe2023-02-08 09:51:50.489root 11241100x8000000000000000291919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e21c75f5b622ed22023-02-08 09:51:50.489root 11241100x8000000000000000291918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1900d3d7da525efe2023-02-08 09:51:50.489root 11241100x8000000000000000291917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ce99b9fa940d602023-02-08 09:51:50.489root 11241100x8000000000000000291927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2e330e6e07f0812023-02-08 09:51:50.490root 11241100x8000000000000000291926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b77bf4b44d78902023-02-08 09:51:50.490root 11241100x8000000000000000291925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9931234ff24e52023-02-08 09:51:50.490root 11241100x8000000000000000291924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6e163c47904982023-02-08 09:51:50.490root 11241100x8000000000000000291923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f65784ff2386b22023-02-08 09:51:50.490root 11241100x8000000000000000291929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aea212484f77eb2023-02-08 09:51:50.984root 11241100x8000000000000000291928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c12868293f1cf92023-02-08 09:51:50.984root 11241100x8000000000000000291937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a480f9897e0de3192023-02-08 09:51:50.985root 11241100x8000000000000000291936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836831cc2229bcbe2023-02-08 09:51:50.985root 11241100x8000000000000000291935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfe9fb7a4c51b612023-02-08 09:51:50.985root 11241100x8000000000000000291934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b3569116f46fff2023-02-08 09:51:50.985root 11241100x8000000000000000291933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec484d6737ba032023-02-08 09:51:50.985root 11241100x8000000000000000291932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f193c22866349afe2023-02-08 09:51:50.985root 11241100x8000000000000000291931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abaddbe5c208758d2023-02-08 09:51:50.985root 11241100x8000000000000000291930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c73d5d6ece74872023-02-08 09:51:50.985root 11241100x8000000000000000291951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d21d276fd9d779e2023-02-08 09:51:50.986root 11241100x8000000000000000291950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5627ed4439b03b3b2023-02-08 09:51:50.986root 11241100x8000000000000000291949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4a934a20f132c2023-02-08 09:51:50.986root 11241100x8000000000000000291948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7eece7c3b977a32023-02-08 09:51:50.986root 11241100x8000000000000000291947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2a47d9655b64892023-02-08 09:51:50.986root 11241100x8000000000000000291946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c748fe9e093ab00b2023-02-08 09:51:50.986root 11241100x8000000000000000291945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d77d9eaa950e022023-02-08 09:51:50.986root 11241100x8000000000000000291944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adb7ecc935520b02023-02-08 09:51:50.986root 11241100x8000000000000000291943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586d2c42662c73f82023-02-08 09:51:50.986root 11241100x8000000000000000291942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dafbc543b7148c2023-02-08 09:51:50.986root 11241100x8000000000000000291941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef99ba767f862cd2023-02-08 09:51:50.986root 11241100x8000000000000000291940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0697f48fb1f514702023-02-08 09:51:50.986root 11241100x8000000000000000291939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4995868904d9ef12023-02-08 09:51:50.986root 11241100x8000000000000000291938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6089c5c29575b41f2023-02-08 09:51:50.986root 11241100x8000000000000000291962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc97c61d0d31f5d12023-02-08 09:51:50.987root 11241100x8000000000000000291961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a59dc15cfb598822023-02-08 09:51:50.987root 11241100x8000000000000000291960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f90d8d7a75f64aa2023-02-08 09:51:50.987root 11241100x8000000000000000291959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1375155511016e2023-02-08 09:51:50.987root 11241100x8000000000000000291958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2268ef681e111e342023-02-08 09:51:50.987root 11241100x8000000000000000291957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005a783e076ef632023-02-08 09:51:50.987root 11241100x8000000000000000291956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b86bb776dfcf7a2023-02-08 09:51:50.987root 11241100x8000000000000000291955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b755191c47bf5b7b2023-02-08 09:51:50.987root 11241100x8000000000000000291954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bed353b434320a52023-02-08 09:51:50.987root 11241100x8000000000000000291953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae2341afcffaac92023-02-08 09:51:50.987root 11241100x8000000000000000291952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752104c9f1df94762023-02-08 09:51:50.987root 11241100x8000000000000000291971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92564188b94d05c12023-02-08 09:51:50.988root 11241100x8000000000000000291970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db00a5eff3542f042023-02-08 09:51:50.988root 11241100x8000000000000000291969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc04d5cbdca495a2023-02-08 09:51:50.988root 11241100x8000000000000000291968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27371472fb2457132023-02-08 09:51:50.988root 11241100x8000000000000000291967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48459da35b349c9b2023-02-08 09:51:50.988root 11241100x8000000000000000291966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8060325b6fe3d2023-02-08 09:51:50.988root 11241100x8000000000000000291965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb2310fe738d8d12023-02-08 09:51:50.988root 11241100x8000000000000000291964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af360e560dd1d78c2023-02-08 09:51:50.988root 11241100x8000000000000000291963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1c5d3c4eb68e452023-02-08 09:51:50.988root 11241100x8000000000000000291972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:50.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4cadcd7bd180aa2023-02-08 09:51:50.989root 11241100x8000000000000000291974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ac10aae74f74102023-02-08 09:51:51.484root 11241100x8000000000000000291973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6b913b900e1ad72023-02-08 09:51:51.484root 11241100x8000000000000000291982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854f74ffcecd9f6c2023-02-08 09:51:51.485root 11241100x8000000000000000291981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c970842584a57c82023-02-08 09:51:51.485root 11241100x8000000000000000291980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a66bf49ebb7f7a2023-02-08 09:51:51.485root 11241100x8000000000000000291979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d281d77ff00535a2023-02-08 09:51:51.485root 11241100x8000000000000000291978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e413a46ccea9c50a2023-02-08 09:51:51.485root 11241100x8000000000000000291977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d367f4133aae282023-02-08 09:51:51.485root 11241100x8000000000000000291976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098e9cd5f69f1b062023-02-08 09:51:51.485root 11241100x8000000000000000291975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cb78fb7ad9e50d2023-02-08 09:51:51.485root 11241100x8000000000000000291993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696f75405751bf112023-02-08 09:51:51.486root 11241100x8000000000000000291992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d8cc77a6992522023-02-08 09:51:51.486root 11241100x8000000000000000291991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0b233f4d4a81dd2023-02-08 09:51:51.486root 11241100x8000000000000000291990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa53e4d11fef8c1f2023-02-08 09:51:51.486root 11241100x8000000000000000291989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9980043fa5501a2023-02-08 09:51:51.486root 11241100x8000000000000000291988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a923c968fe125c22023-02-08 09:51:51.486root 11241100x8000000000000000291987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d7ed8feb72c0a2023-02-08 09:51:51.486root 11241100x8000000000000000291986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02c11c5cab16ec42023-02-08 09:51:51.486root 11241100x8000000000000000291985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9978429dbb6b55652023-02-08 09:51:51.486root 11241100x8000000000000000291984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34ba5cfd68246482023-02-08 09:51:51.486root 11241100x8000000000000000291983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d9fc7a26a2f93d2023-02-08 09:51:51.486root 11241100x8000000000000000292002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c776214651686a2023-02-08 09:51:51.487root 11241100x8000000000000000292001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceec3795dbec22f2023-02-08 09:51:51.487root 11241100x8000000000000000292000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1dca35c493e3992023-02-08 09:51:51.487root 11241100x8000000000000000291999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c288f6d94dc4572023-02-08 09:51:51.487root 11241100x8000000000000000291998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f462d94c86e67c2023-02-08 09:51:51.487root 11241100x8000000000000000291997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110250b9d8d3ff792023-02-08 09:51:51.487root 11241100x8000000000000000291996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4179ba70e13ac1082023-02-08 09:51:51.487root 11241100x8000000000000000291995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533287fc9965b9ec2023-02-08 09:51:51.487root 11241100x8000000000000000291994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c12a19957f042412023-02-08 09:51:51.487root 11241100x8000000000000000292012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5275c472080218822023-02-08 09:51:51.488root 11241100x8000000000000000292011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a130d863c5eb9762023-02-08 09:51:51.488root 11241100x8000000000000000292010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4738ad3dd0dd4f2023-02-08 09:51:51.488root 11241100x8000000000000000292009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecf2cb1fa6c52a72023-02-08 09:51:51.488root 11241100x8000000000000000292008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd93079213a1862023-02-08 09:51:51.488root 11241100x8000000000000000292007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6409600974d639f2023-02-08 09:51:51.488root 11241100x8000000000000000292006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5273551df7bf0ab62023-02-08 09:51:51.488root 11241100x8000000000000000292005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91768095d9822def2023-02-08 09:51:51.488root 11241100x8000000000000000292004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25aa958b69a2d9e2023-02-08 09:51:51.488root 11241100x8000000000000000292003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fbc0b5fb005da42023-02-08 09:51:51.488root 11241100x8000000000000000292013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37874543672dedc2023-02-08 09:51:51.489root 11241100x8000000000000000292019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f57806958fe902023-02-08 09:51:51.984root 11241100x8000000000000000292018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad83aa33e16ad232023-02-08 09:51:51.984root 11241100x8000000000000000292017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d5e2d79c7727b12023-02-08 09:51:51.984root 11241100x8000000000000000292016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9a297b3e86a7382023-02-08 09:51:51.984root 11241100x8000000000000000292015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2168d89d0c88cc842023-02-08 09:51:51.984root 11241100x8000000000000000292014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af38d7f4a4f9e0e52023-02-08 09:51:51.984root 11241100x8000000000000000292023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a236ef0fc099912023-02-08 09:51:51.985root 11241100x8000000000000000292022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ffe5a9b20ec89b2023-02-08 09:51:51.985root 11241100x8000000000000000292021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b8c9bb4fd3c202023-02-08 09:51:51.985root 11241100x8000000000000000292020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eebfd771469b6d2023-02-08 09:51:51.985root 11241100x8000000000000000292031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece6887dae8418742023-02-08 09:51:51.986root 11241100x8000000000000000292030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dfe6ed2fde08dc2023-02-08 09:51:51.986root 11241100x8000000000000000292029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720b25392f44b7482023-02-08 09:51:51.986root 11241100x8000000000000000292028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781c5fe9a5655fe02023-02-08 09:51:51.986root 11241100x8000000000000000292027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68614e6c9b8a258d2023-02-08 09:51:51.986root 11241100x8000000000000000292026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845da64092e929962023-02-08 09:51:51.986root 11241100x8000000000000000292025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176000a4c17588842023-02-08 09:51:51.986root 11241100x8000000000000000292024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f772b89cde92422023-02-08 09:51:51.986root 11241100x8000000000000000292040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fae39a25786b142023-02-08 09:51:51.987root 11241100x8000000000000000292039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bedaad7522531e52023-02-08 09:51:51.987root 11241100x8000000000000000292038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07924d6bbf59ad182023-02-08 09:51:51.987root 11241100x8000000000000000292037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c914ec98074233bc2023-02-08 09:51:51.987root 11241100x8000000000000000292036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ac8d47bc56eee12023-02-08 09:51:51.987root 11241100x8000000000000000292035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ccba5ad9e1a80f2023-02-08 09:51:51.987root 11241100x8000000000000000292034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba98b21c2cb4f4432023-02-08 09:51:51.987root 11241100x8000000000000000292033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e23fe9e029e6c392023-02-08 09:51:51.987root 11241100x8000000000000000292032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfc57bfec5b6a612023-02-08 09:51:51.987root 11241100x8000000000000000292045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa10039b0f3782802023-02-08 09:51:51.988root 11241100x8000000000000000292044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8bcb5247780d9b2023-02-08 09:51:51.988root 11241100x8000000000000000292043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03200d281851f0c02023-02-08 09:51:51.988root 11241100x8000000000000000292042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cbcb9f25470f6f2023-02-08 09:51:51.988root 11241100x8000000000000000292041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9706042801d307f62023-02-08 09:51:51.988root 11241100x8000000000000000292047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b525d58d7567602023-02-08 09:51:51.989root 11241100x8000000000000000292046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b04cca86c20607f2023-02-08 09:51:51.989root 11241100x8000000000000000292050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e903b080be512da2023-02-08 09:51:51.990root 11241100x8000000000000000292049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b6bbcdd0915ef82023-02-08 09:51:51.990root 11241100x8000000000000000292048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5cc490524830302023-02-08 09:51:51.990root 11241100x8000000000000000292053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3828b242902eb332023-02-08 09:51:51.991root 11241100x8000000000000000292052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11bfbd45749be522023-02-08 09:51:51.991root 11241100x8000000000000000292051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bbb8cdf60793fc2023-02-08 09:51:51.991root 11241100x8000000000000000292059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598456b1e9b92e92023-02-08 09:51:51.992root 11241100x8000000000000000292058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb21b20f04ad7d02023-02-08 09:51:51.992root 11241100x8000000000000000292057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae02d948ecf931d2023-02-08 09:51:51.992root 11241100x8000000000000000292056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727b5880b3548f822023-02-08 09:51:51.992root 11241100x8000000000000000292055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06813fe9b6e70ea2023-02-08 09:51:51.992root 11241100x8000000000000000292054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365fb5284299e91e2023-02-08 09:51:51.992root 11241100x8000000000000000292062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a139bc2dc317692023-02-08 09:51:51.993root 11241100x8000000000000000292061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fffa921ff80e62b2023-02-08 09:51:51.993root 11241100x8000000000000000292060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:51.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dce80d2ae99b6122023-02-08 09:51:51.993root 11241100x8000000000000000292070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdc5b213fd385882023-02-08 09:51:52.485root 11241100x8000000000000000292069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84666ff8beb99c2023-02-08 09:51:52.485root 11241100x8000000000000000292068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88388b7aba6b33842023-02-08 09:51:52.485root 11241100x8000000000000000292067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6d7ad671d2ed092023-02-08 09:51:52.485root 11241100x8000000000000000292066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b47941a45c31cf52023-02-08 09:51:52.485root 11241100x8000000000000000292065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ae5a38399f6d62023-02-08 09:51:52.485root 11241100x8000000000000000292064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1094489dfeba242023-02-08 09:51:52.485root 11241100x8000000000000000292063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce553128a9e9fee72023-02-08 09:51:52.485root 11241100x8000000000000000292083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52527e63c95ddfe22023-02-08 09:51:52.486root 11241100x8000000000000000292082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f265d5b1564376d92023-02-08 09:51:52.486root 11241100x8000000000000000292081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a90e4d3914bbb852023-02-08 09:51:52.486root 11241100x8000000000000000292080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af028ba7fc50a102023-02-08 09:51:52.486root 11241100x8000000000000000292079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad84050f220ef2f12023-02-08 09:51:52.486root 11241100x8000000000000000292078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b383a933f4ef0362023-02-08 09:51:52.486root 11241100x8000000000000000292077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff663cd26e125082023-02-08 09:51:52.486root 11241100x8000000000000000292076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a04bf3d51c96dd92023-02-08 09:51:52.486root 11241100x8000000000000000292075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccdec0d9ed6b60c2023-02-08 09:51:52.486root 11241100x8000000000000000292074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2dc526dba7e4692023-02-08 09:51:52.486root 11241100x8000000000000000292073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea72289c22ac25cf2023-02-08 09:51:52.486root 11241100x8000000000000000292072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e1ba0add34338d2023-02-08 09:51:52.486root 11241100x8000000000000000292071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801f6acf0abdc10f2023-02-08 09:51:52.486root 11241100x8000000000000000292099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eb6599bcc7080b2023-02-08 09:51:52.487root 11241100x8000000000000000292098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c999a2573b8072023-02-08 09:51:52.487root 11241100x8000000000000000292097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d358271734e2f12023-02-08 09:51:52.487root 11241100x8000000000000000292096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db705fa88bb3f3062023-02-08 09:51:52.487root 11241100x8000000000000000292095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e4b52f16d2196c2023-02-08 09:51:52.487root 11241100x8000000000000000292094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cacc3762ed06602023-02-08 09:51:52.487root 11241100x8000000000000000292093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604570c1952087902023-02-08 09:51:52.487root 11241100x8000000000000000292092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d428d847372e92023-02-08 09:51:52.487root 11241100x8000000000000000292091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f8c4f1c9822782023-02-08 09:51:52.487root 11241100x8000000000000000292090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0840f007ca3ecac2023-02-08 09:51:52.487root 11241100x8000000000000000292089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2f7e4b4c8780622023-02-08 09:51:52.487root 11241100x8000000000000000292088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4834849d6d038c2023-02-08 09:51:52.487root 11241100x8000000000000000292087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0723e872c34a8e2023-02-08 09:51:52.487root 11241100x8000000000000000292086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef28e9f79d09df62023-02-08 09:51:52.487root 11241100x8000000000000000292085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d725c4ddd95ae2023-02-08 09:51:52.487root 11241100x8000000000000000292084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f47e7a44b3efe322023-02-08 09:51:52.487root 11241100x8000000000000000292101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91083d1c9502c1e32023-02-08 09:51:52.488root 11241100x8000000000000000292100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a1edcc40f43742023-02-08 09:51:52.488root 11241100x8000000000000000292106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936b0defc94e46fd2023-02-08 09:51:52.985root 11241100x8000000000000000292105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae232c83ed749e42023-02-08 09:51:52.985root 11241100x8000000000000000292104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf99d0b5ab3ac0362023-02-08 09:51:52.985root 11241100x8000000000000000292103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0668deca6c384082023-02-08 09:51:52.985root 11241100x8000000000000000292102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5833a351f9e239b32023-02-08 09:51:52.985root 11241100x8000000000000000292121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc429b3a1d708a32023-02-08 09:51:52.986root 11241100x8000000000000000292120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f3cb76b2363e3e2023-02-08 09:51:52.986root 11241100x8000000000000000292119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06ece0c9c26dac02023-02-08 09:51:52.986root 11241100x8000000000000000292118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2880ea02b7500c2023-02-08 09:51:52.986root 11241100x8000000000000000292117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44214bbab12e5fb2023-02-08 09:51:52.986root 11241100x8000000000000000292116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7bea4af21e4b42023-02-08 09:51:52.986root 11241100x8000000000000000292115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927fcf5ba49b55ff2023-02-08 09:51:52.986root 11241100x8000000000000000292114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc1e87be092949a2023-02-08 09:51:52.986root 11241100x8000000000000000292113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec473cf3708c2a52023-02-08 09:51:52.986root 11241100x8000000000000000292112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411df66db2e053692023-02-08 09:51:52.986root 11241100x8000000000000000292111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddb9f19fd255e492023-02-08 09:51:52.986root 11241100x8000000000000000292110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b77c7508a930462023-02-08 09:51:52.986root 11241100x8000000000000000292109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d843b1efa14427fb2023-02-08 09:51:52.986root 11241100x8000000000000000292108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965c355b1384fe552023-02-08 09:51:52.986root 11241100x8000000000000000292107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbc724e2333b6c32023-02-08 09:51:52.986root 11241100x8000000000000000292133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4148fd4a3c01174b2023-02-08 09:51:52.987root 11241100x8000000000000000292132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17d6b55792eb3602023-02-08 09:51:52.987root 11241100x8000000000000000292131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9fa22b2a4ed2242023-02-08 09:51:52.987root 11241100x8000000000000000292130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4f28fee3f257542023-02-08 09:51:52.987root 11241100x8000000000000000292129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6e2f8b676dcae2023-02-08 09:51:52.987root 11241100x8000000000000000292128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececeac85b1231972023-02-08 09:51:52.987root 11241100x8000000000000000292127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee360a42451c41332023-02-08 09:51:52.987root 11241100x8000000000000000292126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d18cab600c8587e2023-02-08 09:51:52.987root 11241100x8000000000000000292125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969f5b912d187e92023-02-08 09:51:52.987root 11241100x8000000000000000292124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a981323df1aae092023-02-08 09:51:52.987root 11241100x8000000000000000292123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36374c19105844d92023-02-08 09:51:52.987root 11241100x8000000000000000292122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c342a0e62a3fe2023-02-08 09:51:52.987root 11241100x8000000000000000292140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448c9a32a483aa0c2023-02-08 09:51:52.988root 11241100x8000000000000000292139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68fabe0117b03692023-02-08 09:51:52.988root 11241100x8000000000000000292138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161e8f63749ef71c2023-02-08 09:51:52.988root 11241100x8000000000000000292137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a0d3204bcaaef42023-02-08 09:51:52.988root 11241100x8000000000000000292136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f01e1574fa922712023-02-08 09:51:52.988root 11241100x8000000000000000292135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2885c5d5d0c13bc32023-02-08 09:51:52.988root 11241100x8000000000000000292134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:52.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6731ae5ddbf9e4b2023-02-08 09:51:52.988root 354300x8000000000000000292141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.140{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59310-false10.0.1.12-8000- 11241100x8000000000000000292142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f61e3f748808a2023-02-08 09:51:53.484root 11241100x8000000000000000292154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea29dd501709b052023-02-08 09:51:53.485root 11241100x8000000000000000292153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff61fed02f773aa2023-02-08 09:51:53.485root 11241100x8000000000000000292152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b03853ce4246bba2023-02-08 09:51:53.485root 11241100x8000000000000000292151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9eeb0431dfcfe5d2023-02-08 09:51:53.485root 11241100x8000000000000000292150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b24f99be1a1bdad2023-02-08 09:51:53.485root 11241100x8000000000000000292149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322fc6eba85611062023-02-08 09:51:53.485root 11241100x8000000000000000292148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d12cb8f532568772023-02-08 09:51:53.485root 11241100x8000000000000000292147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b48f2369cf6a89e2023-02-08 09:51:53.485root 11241100x8000000000000000292146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d76fa03f1efad2023-02-08 09:51:53.485root 11241100x8000000000000000292145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e33f1041a801bd2023-02-08 09:51:53.485root 11241100x8000000000000000292144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290361ab7e2d3f7d2023-02-08 09:51:53.485root 11241100x8000000000000000292143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeee0dc0a56ff7992023-02-08 09:51:53.485root 11241100x8000000000000000292168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf0ff9814cfa2e02023-02-08 09:51:53.486root 11241100x8000000000000000292167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a4c97403f57242023-02-08 09:51:53.486root 11241100x8000000000000000292166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02d57c8141699a22023-02-08 09:51:53.486root 11241100x8000000000000000292165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce2dbe3119442fa2023-02-08 09:51:53.486root 11241100x8000000000000000292164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca9537c0f4a26fc2023-02-08 09:51:53.486root 11241100x8000000000000000292163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48519b022531f072023-02-08 09:51:53.486root 11241100x8000000000000000292162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfef81c73e6f7a872023-02-08 09:51:53.486root 11241100x8000000000000000292161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8867f720bff932023-02-08 09:51:53.486root 11241100x8000000000000000292160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ddcde050be5ff2023-02-08 09:51:53.486root 11241100x8000000000000000292159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70911bc26b7e28a82023-02-08 09:51:53.486root 11241100x8000000000000000292158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9809ccfe263a5c7c2023-02-08 09:51:53.486root 11241100x8000000000000000292157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf393a0d1a7fe1752023-02-08 09:51:53.486root 11241100x8000000000000000292156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75700eeb96b65be72023-02-08 09:51:53.486root 11241100x8000000000000000292155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3e84b11f74ee122023-02-08 09:51:53.486root 11241100x8000000000000000292173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225b3793eb086da42023-02-08 09:51:53.487root 11241100x8000000000000000292172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d672c387c2cb202023-02-08 09:51:53.487root 11241100x8000000000000000292171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232a5e35c1e35a782023-02-08 09:51:53.487root 11241100x8000000000000000292170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488cdb056299e262023-02-08 09:51:53.487root 11241100x8000000000000000292169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529260e61ac451b52023-02-08 09:51:53.487root 11241100x8000000000000000292183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47645dae6991ea1b2023-02-08 09:51:53.488root 11241100x8000000000000000292182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067a4e877c62fa82023-02-08 09:51:53.488root 11241100x8000000000000000292181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c68bfc3f0fb3412023-02-08 09:51:53.488root 11241100x8000000000000000292180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48dc9ee14b1c02d2023-02-08 09:51:53.488root 11241100x8000000000000000292179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d839ef83a89d90982023-02-08 09:51:53.488root 11241100x8000000000000000292178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d250785b372058d2023-02-08 09:51:53.488root 11241100x8000000000000000292177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d041ba4f5a190b602023-02-08 09:51:53.488root 11241100x8000000000000000292176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc9116528a8c582023-02-08 09:51:53.488root 11241100x8000000000000000292175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69b790da51a0d8e2023-02-08 09:51:53.488root 11241100x8000000000000000292174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7c295ba459d0792023-02-08 09:51:53.488root 11241100x8000000000000000292187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c3af3220b4cd72023-02-08 09:51:53.984root 11241100x8000000000000000292186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc9d1259ba700f2023-02-08 09:51:53.984root 11241100x8000000000000000292185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bba080e78d716e2023-02-08 09:51:53.984root 11241100x8000000000000000292184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3083f64e5b0ad6792023-02-08 09:51:53.984root 11241100x8000000000000000292193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d8bb4e69ac2bef2023-02-08 09:51:53.985root 11241100x8000000000000000292192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ec64a84ebe0e802023-02-08 09:51:53.985root 11241100x8000000000000000292191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d920471fcb728622023-02-08 09:51:53.985root 11241100x8000000000000000292190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9ea47f8b2ce7b2023-02-08 09:51:53.985root 11241100x8000000000000000292189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d912eb333b0cb7002023-02-08 09:51:53.985root 11241100x8000000000000000292188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9407c3df6396aa952023-02-08 09:51:53.985root 11241100x8000000000000000292204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ba0570862441a2023-02-08 09:51:53.986root 11241100x8000000000000000292203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d9a551483d9a362023-02-08 09:51:53.986root 11241100x8000000000000000292202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9021cddeb615c1712023-02-08 09:51:53.986root 11241100x8000000000000000292201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb5201d03a5e6aa2023-02-08 09:51:53.986root 11241100x8000000000000000292200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aea4d2a7703428a2023-02-08 09:51:53.986root 11241100x8000000000000000292199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748009ba47709d732023-02-08 09:51:53.986root 11241100x8000000000000000292198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acebe7804e64e0c42023-02-08 09:51:53.986root 11241100x8000000000000000292197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc93b0da75f9e842023-02-08 09:51:53.986root 11241100x8000000000000000292196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27614d6a41c65f182023-02-08 09:51:53.986root 11241100x8000000000000000292195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb966ae33a9bb6f2023-02-08 09:51:53.986root 11241100x8000000000000000292194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74cacfb56e660812023-02-08 09:51:53.986root 11241100x8000000000000000292213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df68076a36aaf712023-02-08 09:51:53.987root 11241100x8000000000000000292212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd6ba766eddf99c2023-02-08 09:51:53.987root 11241100x8000000000000000292211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb29fea6ab6a9102023-02-08 09:51:53.987root 11241100x8000000000000000292210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053379df685d89912023-02-08 09:51:53.987root 11241100x8000000000000000292209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1be4575ac025622023-02-08 09:51:53.987root 11241100x8000000000000000292208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e284c6c2a4e800f92023-02-08 09:51:53.987root 11241100x8000000000000000292207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9055cd09790ea1dd2023-02-08 09:51:53.987root 11241100x8000000000000000292206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84042396efef19412023-02-08 09:51:53.987root 11241100x8000000000000000292205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fb6b0142044f952023-02-08 09:51:53.987root 11241100x8000000000000000292224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0173033d6d91068e2023-02-08 09:51:53.988root 11241100x8000000000000000292223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a7e8955fc77b392023-02-08 09:51:53.988root 11241100x8000000000000000292222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dede2487e3c7e8f2023-02-08 09:51:53.988root 11241100x8000000000000000292221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21279d3a0147662023-02-08 09:51:53.988root 11241100x8000000000000000292220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a6487cd2a42daa2023-02-08 09:51:53.988root 11241100x8000000000000000292219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6dbfa73731bc41d2023-02-08 09:51:53.988root 11241100x8000000000000000292218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efd6114da0b15d12023-02-08 09:51:53.988root 11241100x8000000000000000292217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a986dcade53891e2023-02-08 09:51:53.988root 11241100x8000000000000000292216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b785aca59049c4fb2023-02-08 09:51:53.988root 11241100x8000000000000000292215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6852befb5a337e142023-02-08 09:51:53.988root 11241100x8000000000000000292214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1bc1aa7d35abf42023-02-08 09:51:53.988root 11241100x8000000000000000292232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02f55fc5b560a922023-02-08 09:51:53.989root 11241100x8000000000000000292231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43978df190480d4e2023-02-08 09:51:53.989root 11241100x8000000000000000292230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687023d451f2b562023-02-08 09:51:53.989root 11241100x8000000000000000292229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2027ee55e08c4efe2023-02-08 09:51:53.989root 11241100x8000000000000000292228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0276daab0b20ff22023-02-08 09:51:53.989root 11241100x8000000000000000292227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f557a82ab2fd302023-02-08 09:51:53.989root 11241100x8000000000000000292226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5987d2bc606ea8e82023-02-08 09:51:53.989root 11241100x8000000000000000292225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63d864db1b3d89f2023-02-08 09:51:53.989root 11241100x8000000000000000292240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5d66d7f4648f472023-02-08 09:51:53.990root 11241100x8000000000000000292239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21b0b48f2ef64f2023-02-08 09:51:53.990root 11241100x8000000000000000292238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b7f89b4de435092023-02-08 09:51:53.990root 11241100x8000000000000000292237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c311d0f99b25f52023-02-08 09:51:53.990root 11241100x8000000000000000292236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a6f49c94c4fbd2023-02-08 09:51:53.990root 11241100x8000000000000000292235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78eefb8abbeca692023-02-08 09:51:53.990root 11241100x8000000000000000292234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0bf0ada1a21c52023-02-08 09:51:53.990root 11241100x8000000000000000292233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:53.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0347e64bb05842023-02-08 09:51:53.990root 11241100x8000000000000000292242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b94a8ecdfd1e462023-02-08 09:51:54.484root 11241100x8000000000000000292241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbccec4943b14642023-02-08 09:51:54.484root 11241100x8000000000000000292256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93fe9a423616fd2023-02-08 09:51:54.485root 11241100x8000000000000000292255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ee515ba19f19772023-02-08 09:51:54.485root 11241100x8000000000000000292254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bfc0e50c81cc162023-02-08 09:51:54.485root 11241100x8000000000000000292253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4881f94e36b0cd6f2023-02-08 09:51:54.485root 11241100x8000000000000000292252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c531ffa2660f76952023-02-08 09:51:54.485root 11241100x8000000000000000292251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece8327c60c132012023-02-08 09:51:54.485root 11241100x8000000000000000292250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfa65f8cde355782023-02-08 09:51:54.485root 11241100x8000000000000000292249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10be3e6e962a532e2023-02-08 09:51:54.485root 11241100x8000000000000000292248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320eb1fb0db54a752023-02-08 09:51:54.485root 11241100x8000000000000000292247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187c2127f21d8b0c2023-02-08 09:51:54.485root 11241100x8000000000000000292246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f003a95d02adf2ae2023-02-08 09:51:54.485root 11241100x8000000000000000292245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd259f31ae084d82023-02-08 09:51:54.485root 11241100x8000000000000000292244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6268af08cf2ee4b22023-02-08 09:51:54.485root 11241100x8000000000000000292243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c8031f0fdbf6132023-02-08 09:51:54.485root 11241100x8000000000000000292268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c5280001fd3c92023-02-08 09:51:54.486root 11241100x8000000000000000292267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab18ab207e3d44222023-02-08 09:51:54.486root 11241100x8000000000000000292266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92964a5798b931d72023-02-08 09:51:54.486root 11241100x8000000000000000292265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ea24ee9021df822023-02-08 09:51:54.486root 11241100x8000000000000000292264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee725cbaf1dbdddd2023-02-08 09:51:54.486root 11241100x8000000000000000292263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3ed01f950db5aa2023-02-08 09:51:54.486root 11241100x8000000000000000292262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847a67a8519a7fe62023-02-08 09:51:54.486root 11241100x8000000000000000292261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0469ca9e67daf782023-02-08 09:51:54.486root 11241100x8000000000000000292260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850ebe23f128e4b2023-02-08 09:51:54.486root 11241100x8000000000000000292259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d813d97003706a2023-02-08 09:51:54.486root 11241100x8000000000000000292258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b98407e770adbc22023-02-08 09:51:54.486root 11241100x8000000000000000292257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d343d74d6c0799802023-02-08 09:51:54.486root 11241100x8000000000000000292279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475795fdda4f124b2023-02-08 09:51:54.487root 11241100x8000000000000000292278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e2f0b3e7a26e302023-02-08 09:51:54.487root 11241100x8000000000000000292277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343f070c6fb5b44b2023-02-08 09:51:54.487root 11241100x8000000000000000292276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9513e1bcc770f3fc2023-02-08 09:51:54.487root 11241100x8000000000000000292275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9359c2b91de5db2023-02-08 09:51:54.487root 11241100x8000000000000000292274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c853075fc6c3142023-02-08 09:51:54.487root 11241100x8000000000000000292273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e31fdd48c79fa22023-02-08 09:51:54.487root 11241100x8000000000000000292272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c7ed6b3c1bc36a2023-02-08 09:51:54.487root 11241100x8000000000000000292271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e2806d8d1c70662023-02-08 09:51:54.487root 11241100x8000000000000000292270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cba95f66ca2e2df2023-02-08 09:51:54.487root 11241100x8000000000000000292269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef96d087a92a14e12023-02-08 09:51:54.487root 11241100x8000000000000000292283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44037b2dee4751252023-02-08 09:51:54.488root 11241100x8000000000000000292282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96fe1ec9101a7c2023-02-08 09:51:54.488root 11241100x8000000000000000292281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e524391c6a5620762023-02-08 09:51:54.488root 11241100x8000000000000000292280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c910450f95e3daf2023-02-08 09:51:54.488root 11241100x8000000000000000292294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2513f517fc375ce2023-02-08 09:51:54.985root 11241100x8000000000000000292293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdf9f7ae742bbf12023-02-08 09:51:54.985root 11241100x8000000000000000292292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc89f2855e6714d2023-02-08 09:51:54.985root 11241100x8000000000000000292291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7060c1bed9483c92023-02-08 09:51:54.985root 11241100x8000000000000000292290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee8cc6e09b510d2023-02-08 09:51:54.985root 11241100x8000000000000000292289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4eaa0d6c51acb72023-02-08 09:51:54.985root 11241100x8000000000000000292288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2b22b5031043e2023-02-08 09:51:54.985root 11241100x8000000000000000292287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0abb1f0503dc092023-02-08 09:51:54.985root 11241100x8000000000000000292286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8572a981d0ada842023-02-08 09:51:54.985root 11241100x8000000000000000292285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc1d2eb0e3ee48f2023-02-08 09:51:54.985root 11241100x8000000000000000292284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548bb6e9b07798012023-02-08 09:51:54.985root 11241100x8000000000000000292303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc401557d2563ab42023-02-08 09:51:54.986root 11241100x8000000000000000292302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd602c1b2e96fa192023-02-08 09:51:54.986root 11241100x8000000000000000292301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19d9ce8f3d1c8172023-02-08 09:51:54.986root 11241100x8000000000000000292300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadada9cfa93a15c2023-02-08 09:51:54.986root 11241100x8000000000000000292299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbe096015d697c02023-02-08 09:51:54.986root 11241100x8000000000000000292298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31e206e6b6e1a932023-02-08 09:51:54.986root 11241100x8000000000000000292297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df199cc1fc077d7b2023-02-08 09:51:54.986root 11241100x8000000000000000292296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f24acfb9c16692023-02-08 09:51:54.986root 11241100x8000000000000000292295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1447998267d526da2023-02-08 09:51:54.986root 11241100x8000000000000000292311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9ec8687c2498522023-02-08 09:51:54.987root 11241100x8000000000000000292310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063d7813c9b2e5f62023-02-08 09:51:54.987root 11241100x8000000000000000292309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840212f07ea930502023-02-08 09:51:54.987root 11241100x8000000000000000292308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc48439f6890ab022023-02-08 09:51:54.987root 11241100x8000000000000000292307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5172fc942735792023-02-08 09:51:54.987root 11241100x8000000000000000292306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f6e5485667a2862023-02-08 09:51:54.987root 11241100x8000000000000000292305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bfa7ce6a44b4fa2023-02-08 09:51:54.987root 11241100x8000000000000000292304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e5e7ee2e2d3cb62023-02-08 09:51:54.987root 11241100x8000000000000000292315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec6fd47723cbe782023-02-08 09:51:54.988root 11241100x8000000000000000292314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cfe98bb57372082023-02-08 09:51:54.988root 11241100x8000000000000000292313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d157d8805a816f12023-02-08 09:51:54.988root 11241100x8000000000000000292312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9018ac4b7755e52023-02-08 09:51:54.988root 11241100x8000000000000000292321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a546307ed31755e12023-02-08 09:51:54.989root 11241100x8000000000000000292320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699dac37f6da2f5f2023-02-08 09:51:54.989root 11241100x8000000000000000292319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead1b03aecf3dc32023-02-08 09:51:54.989root 11241100x8000000000000000292318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868d9eff97d8f9f82023-02-08 09:51:54.989root 11241100x8000000000000000292317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd40089939755072023-02-08 09:51:54.989root 11241100x8000000000000000292316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9d467dcf9ece362023-02-08 09:51:54.989root 11241100x8000000000000000292324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6de4fc378c1904a2023-02-08 09:51:54.990root 11241100x8000000000000000292323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c7a2b9d754c562023-02-08 09:51:54.990root 11241100x8000000000000000292322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:54.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7cee1aa187ae1c2023-02-08 09:51:54.990root 11241100x8000000000000000292329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0f47dfcd8f3a912023-02-08 09:51:55.484root 11241100x8000000000000000292328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc69ccdef14f1602023-02-08 09:51:55.484root 11241100x8000000000000000292327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d625edae6c62272023-02-08 09:51:55.484root 11241100x8000000000000000292326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0d146dcd6bbc72023-02-08 09:51:55.484root 11241100x8000000000000000292325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f20f55cd230cdbb2023-02-08 09:51:55.484root 11241100x8000000000000000292337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccb6aa9949e0e8a2023-02-08 09:51:55.485root 11241100x8000000000000000292336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7cfccce019294e2023-02-08 09:51:55.485root 11241100x8000000000000000292335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb8fa2c25da756f2023-02-08 09:51:55.485root 11241100x8000000000000000292334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11ad09f60199892023-02-08 09:51:55.485root 11241100x8000000000000000292333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067e9db9053c5dfc2023-02-08 09:51:55.485root 11241100x8000000000000000292332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17754993ffc4e0b32023-02-08 09:51:55.485root 11241100x8000000000000000292331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2771022bd0aa6de2023-02-08 09:51:55.485root 11241100x8000000000000000292330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb11fda1cabe2b2023-02-08 09:51:55.485root 11241100x8000000000000000292346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6dd0c4ff987972023-02-08 09:51:55.486root 11241100x8000000000000000292345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc892e261ce04012023-02-08 09:51:55.486root 11241100x8000000000000000292344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d1f60e91c0aa682023-02-08 09:51:55.486root 11241100x8000000000000000292343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2702c265516343c32023-02-08 09:51:55.486root 11241100x8000000000000000292342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1065bb794fbc910e2023-02-08 09:51:55.486root 11241100x8000000000000000292341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e830141f476203c2023-02-08 09:51:55.486root 11241100x8000000000000000292340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e6e5df16f4fe8a2023-02-08 09:51:55.486root 11241100x8000000000000000292339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e665e162eb73ddd42023-02-08 09:51:55.486root 11241100x8000000000000000292338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325468626751bf7b2023-02-08 09:51:55.486root 11241100x8000000000000000292351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8decb0682ad3f2023-02-08 09:51:55.487root 11241100x8000000000000000292350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd383bcfe7e5dee2023-02-08 09:51:55.487root 11241100x8000000000000000292349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6d6064be8d7e7f2023-02-08 09:51:55.487root 11241100x8000000000000000292348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f15bc5c5ea91872023-02-08 09:51:55.487root 11241100x8000000000000000292347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58b22097ddeea422023-02-08 09:51:55.487root 11241100x8000000000000000292358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8c30389af69b482023-02-08 09:51:55.488root 11241100x8000000000000000292357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90765b0ab14ecbb12023-02-08 09:51:55.488root 11241100x8000000000000000292356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1c45e5c208ceb92023-02-08 09:51:55.488root 11241100x8000000000000000292355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d984dea000ee6202023-02-08 09:51:55.488root 11241100x8000000000000000292354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9a26353ae773d62023-02-08 09:51:55.488root 11241100x8000000000000000292353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e474fc039ccd232e2023-02-08 09:51:55.488root 11241100x8000000000000000292352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad17e0d61c147d02023-02-08 09:51:55.488root 11241100x8000000000000000292362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103707874bbe4152023-02-08 09:51:55.489root 11241100x8000000000000000292361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391a2b3e8049e0d32023-02-08 09:51:55.489root 11241100x8000000000000000292360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7e1bc08665a1992023-02-08 09:51:55.489root 11241100x8000000000000000292359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8dc37c65aea9f62023-02-08 09:51:55.489root 11241100x8000000000000000292370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a4ed18137789592023-02-08 09:51:55.490root 11241100x8000000000000000292369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdb120e25dbf13d2023-02-08 09:51:55.490root 11241100x8000000000000000292368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f4b974e56ec9802023-02-08 09:51:55.490root 11241100x8000000000000000292367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92f06ab3c1fd1df2023-02-08 09:51:55.490root 11241100x8000000000000000292366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5117b09721d449712023-02-08 09:51:55.490root 11241100x8000000000000000292365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3512fa9ad6dcba2023-02-08 09:51:55.490root 11241100x8000000000000000292364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273035decc3648e22023-02-08 09:51:55.490root 11241100x8000000000000000292363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dbf0ee036cee212023-02-08 09:51:55.490root 11241100x8000000000000000292371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2029913a42f20e62023-02-08 09:51:55.491root 11241100x8000000000000000292375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ce61607739071f2023-02-08 09:51:55.984root 11241100x8000000000000000292374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f82e12fc56d7f32023-02-08 09:51:55.984root 11241100x8000000000000000292373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdb779a4244d6852023-02-08 09:51:55.984root 11241100x8000000000000000292372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f28693327b3b552023-02-08 09:51:55.984root 11241100x8000000000000000292385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb81245a22e458932023-02-08 09:51:55.985root 11241100x8000000000000000292384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8742f510667f92023-02-08 09:51:55.985root 11241100x8000000000000000292383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb39e4d3c42dfe92023-02-08 09:51:55.985root 11241100x8000000000000000292382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cce2329f58253132023-02-08 09:51:55.985root 11241100x8000000000000000292381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f2e7906d48382f2023-02-08 09:51:55.985root 11241100x8000000000000000292380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ef08d8c57ded972023-02-08 09:51:55.985root 11241100x8000000000000000292379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5471072be53cd9432023-02-08 09:51:55.985root 11241100x8000000000000000292378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def612eff098436d2023-02-08 09:51:55.985root 11241100x8000000000000000292377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c454f2699aa096b2023-02-08 09:51:55.985root 11241100x8000000000000000292376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d640a21dc7c929232023-02-08 09:51:55.985root 11241100x8000000000000000292391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49940010824f438c2023-02-08 09:51:55.986root 11241100x8000000000000000292390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30d311c55d52d762023-02-08 09:51:55.986root 11241100x8000000000000000292389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c176a300bb66718d2023-02-08 09:51:55.986root 11241100x8000000000000000292388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71247ccdfbaf7afe2023-02-08 09:51:55.986root 11241100x8000000000000000292387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd75a729182d1ad2023-02-08 09:51:55.986root 11241100x8000000000000000292386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2274b8f6653ea6e02023-02-08 09:51:55.986root 11241100x8000000000000000292396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9997f7adf175202023-02-08 09:51:55.987root 11241100x8000000000000000292395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fbcefa003972292023-02-08 09:51:55.987root 11241100x8000000000000000292394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4892bf3d13fd31d2023-02-08 09:51:55.987root 11241100x8000000000000000292393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9158a0008a4be2023-02-08 09:51:55.987root 11241100x8000000000000000292392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c6a76ba897a6ea2023-02-08 09:51:55.987root 11241100x8000000000000000292399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea199cb5fb964ce32023-02-08 09:51:55.988root 11241100x8000000000000000292398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe7d1cd1ba0baa72023-02-08 09:51:55.988root 11241100x8000000000000000292397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c208103591b56b22023-02-08 09:51:55.988root 11241100x8000000000000000292406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9762c66b9197424e2023-02-08 09:51:55.989root 11241100x8000000000000000292405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494b233c3eb851752023-02-08 09:51:55.989root 11241100x8000000000000000292404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64959a06f9290d9d2023-02-08 09:51:55.989root 11241100x8000000000000000292403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c59b648ad0003272023-02-08 09:51:55.989root 11241100x8000000000000000292402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d48ff67fc43b412023-02-08 09:51:55.989root 11241100x8000000000000000292401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4fd678657085db2023-02-08 09:51:55.989root 11241100x8000000000000000292400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db16083545d5221e2023-02-08 09:51:55.989root 11241100x8000000000000000292408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8063b23d615cd192023-02-08 09:51:55.990root 11241100x8000000000000000292407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd499ebd76fa4762023-02-08 09:51:55.990root 11241100x8000000000000000292413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12883050d3546a462023-02-08 09:51:55.991root 11241100x8000000000000000292412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4c38315dce18c32023-02-08 09:51:55.991root 11241100x8000000000000000292411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84616310eeeea64f2023-02-08 09:51:55.991root 11241100x8000000000000000292410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3883650ccff6b16d2023-02-08 09:51:55.991root 11241100x8000000000000000292409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6638da60278227992023-02-08 09:51:55.991root 11241100x8000000000000000292414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:55.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabe5dd329de31e72023-02-08 09:51:55.992root 11241100x8000000000000000292417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cbf6cead6464a02023-02-08 09:51:56.484root 11241100x8000000000000000292416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0692054442b57c792023-02-08 09:51:56.484root 11241100x8000000000000000292415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45111c54bb7338b2023-02-08 09:51:56.484root 11241100x8000000000000000292421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d005d5d173a18d2023-02-08 09:51:56.485root 11241100x8000000000000000292420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb888dc5ec5b628d2023-02-08 09:51:56.485root 11241100x8000000000000000292419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b64e05ba62d4cf2023-02-08 09:51:56.485root 11241100x8000000000000000292418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e9f8f3207a03682023-02-08 09:51:56.485root 11241100x8000000000000000292428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac941cbbb1607f12023-02-08 09:51:56.486root 11241100x8000000000000000292427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0198321769a6272023-02-08 09:51:56.486root 11241100x8000000000000000292426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8a02cd8d8e23db2023-02-08 09:51:56.486root 11241100x8000000000000000292425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7953ecc1967849072023-02-08 09:51:56.486root 11241100x8000000000000000292424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f8f5e9bb7a818a2023-02-08 09:51:56.486root 11241100x8000000000000000292423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d6c1a86925bac72023-02-08 09:51:56.486root 11241100x8000000000000000292422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbdc9b8d644dede2023-02-08 09:51:56.486root 11241100x8000000000000000292436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29152b1475a2783b2023-02-08 09:51:56.487root 11241100x8000000000000000292435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f140150454b4e7e32023-02-08 09:51:56.487root 11241100x8000000000000000292434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832d8d55b59f066e2023-02-08 09:51:56.487root 11241100x8000000000000000292433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62a7d9744b46e02023-02-08 09:51:56.487root 11241100x8000000000000000292432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ce9afda7c0b6bc2023-02-08 09:51:56.487root 11241100x8000000000000000292431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e777fd3989f282023-02-08 09:51:56.487root 11241100x8000000000000000292430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b60521942ebe2c72023-02-08 09:51:56.487root 11241100x8000000000000000292429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6b394a4aac91f02023-02-08 09:51:56.487root 11241100x8000000000000000292442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23a33f25eb67e0e2023-02-08 09:51:56.488root 11241100x8000000000000000292441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddee1a0c708eddd2023-02-08 09:51:56.488root 11241100x8000000000000000292440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b0fbbc5dabbb442023-02-08 09:51:56.488root 11241100x8000000000000000292439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4360ee770fe59bb32023-02-08 09:51:56.488root 11241100x8000000000000000292438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdb0aad17648f5f2023-02-08 09:51:56.488root 11241100x8000000000000000292437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a213a76cac9d22023-02-08 09:51:56.488root 11241100x8000000000000000292447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e00590c161718d82023-02-08 09:51:56.489root 11241100x8000000000000000292446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd8e9a37c267e192023-02-08 09:51:56.489root 11241100x8000000000000000292445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00f98691df3c8c12023-02-08 09:51:56.489root 11241100x8000000000000000292444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0da77b93ae60a0c2023-02-08 09:51:56.489root 11241100x8000000000000000292443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ac7029320efe832023-02-08 09:51:56.489root 11241100x8000000000000000292454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fdf6b80eb11c3b2023-02-08 09:51:56.490root 11241100x8000000000000000292453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ecddeff4cf3b8b2023-02-08 09:51:56.490root 11241100x8000000000000000292452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fffd25e3377ef872023-02-08 09:51:56.490root 11241100x8000000000000000292451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30f40e81d9b133b2023-02-08 09:51:56.490root 11241100x8000000000000000292450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38858a8a0441870a2023-02-08 09:51:56.490root 11241100x8000000000000000292449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00137605dd673c8b2023-02-08 09:51:56.490root 11241100x8000000000000000292448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2598be28e8ef5d2e2023-02-08 09:51:56.490root 11241100x8000000000000000292457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20dfefaa424a5132023-02-08 09:51:56.491root 11241100x8000000000000000292456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fc8ad9118ef9ec2023-02-08 09:51:56.491root 11241100x8000000000000000292455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993c9ed3bf55a602023-02-08 09:51:56.491root 11241100x8000000000000000292458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf44e1b9f0f955462023-02-08 09:51:56.984root 11241100x8000000000000000292466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e9955728f49752023-02-08 09:51:56.985root 11241100x8000000000000000292465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c667156d23ba4d02023-02-08 09:51:56.985root 11241100x8000000000000000292464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39c6667cda478302023-02-08 09:51:56.985root 11241100x8000000000000000292463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1889d484a9c972023-02-08 09:51:56.985root 11241100x8000000000000000292462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e418fdd135b025852023-02-08 09:51:56.985root 11241100x8000000000000000292461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83ee2735a3e2bfc2023-02-08 09:51:56.985root 11241100x8000000000000000292460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebfcd4c3f4c7c2f2023-02-08 09:51:56.985root 11241100x8000000000000000292459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea135fe1a34c542023-02-08 09:51:56.985root 11241100x8000000000000000292476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608d9c614ec3ecb12023-02-08 09:51:56.986root 11241100x8000000000000000292475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053406532f6b1d6a2023-02-08 09:51:56.986root 11241100x8000000000000000292474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e81d266dd8e812023-02-08 09:51:56.986root 11241100x8000000000000000292473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376aed6ac6d412dd2023-02-08 09:51:56.986root 11241100x8000000000000000292472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e27bd72e9d6c8c32023-02-08 09:51:56.986root 11241100x8000000000000000292471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b951fd8c6ee3d012023-02-08 09:51:56.986root 11241100x8000000000000000292470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f7921e36ca63c62023-02-08 09:51:56.986root 11241100x8000000000000000292469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c037406672e01752023-02-08 09:51:56.986root 11241100x8000000000000000292468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6356dd0079c981ad2023-02-08 09:51:56.986root 11241100x8000000000000000292467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3d697acb2283012023-02-08 09:51:56.986root 11241100x8000000000000000292487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2b2bdd4df006c72023-02-08 09:51:56.987root 11241100x8000000000000000292486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a1c41ddd8e87c2023-02-08 09:51:56.987root 11241100x8000000000000000292485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e64e60eebf3f12023-02-08 09:51:56.987root 11241100x8000000000000000292484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6d1f74b7c952e92023-02-08 09:51:56.987root 11241100x8000000000000000292483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73a2df60cad12c12023-02-08 09:51:56.987root 11241100x8000000000000000292482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834b7cc6fbecb78d2023-02-08 09:51:56.987root 11241100x8000000000000000292481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8dfba66f0752a22023-02-08 09:51:56.987root 11241100x8000000000000000292480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31ddc5dfd5f74602023-02-08 09:51:56.987root 11241100x8000000000000000292479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1d98c6369d517c2023-02-08 09:51:56.987root 11241100x8000000000000000292478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759f65bcaa3b3dc52023-02-08 09:51:56.987root 11241100x8000000000000000292477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e458eded75fd9e52023-02-08 09:51:56.987root 11241100x8000000000000000292497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450ee6b294f7e5442023-02-08 09:51:56.988root 11241100x8000000000000000292496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d6eabb67db7bcb2023-02-08 09:51:56.988root 11241100x8000000000000000292495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b552c040f12c6fd12023-02-08 09:51:56.988root 11241100x8000000000000000292494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9a6c621f6ae2e2023-02-08 09:51:56.988root 11241100x8000000000000000292493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c560e5e74d8442023-02-08 09:51:56.988root 11241100x8000000000000000292492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd07f1db09973972023-02-08 09:51:56.988root 11241100x8000000000000000292491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5d480b0a34696d2023-02-08 09:51:56.988root 11241100x8000000000000000292490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379d8d9123c7d5f12023-02-08 09:51:56.988root 11241100x8000000000000000292489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1543367b06b163742023-02-08 09:51:56.988root 11241100x8000000000000000292488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:56.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f37362ead05f7052023-02-08 09:51:56.988root 11241100x8000000000000000292498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc1a9ecc758981f2023-02-08 09:51:57.484root 11241100x8000000000000000292506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fbd7516917b1402023-02-08 09:51:57.485root 11241100x8000000000000000292505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae4399600bed352023-02-08 09:51:57.485root 11241100x8000000000000000292504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df4c13948cd78202023-02-08 09:51:57.485root 11241100x8000000000000000292503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abbf7b9df873d902023-02-08 09:51:57.485root 11241100x8000000000000000292502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad451d6c627d84d82023-02-08 09:51:57.485root 11241100x8000000000000000292501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1fb874496ffe1a2023-02-08 09:51:57.485root 11241100x8000000000000000292500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8038fae6714f96af2023-02-08 09:51:57.485root 11241100x8000000000000000292499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc92ba34b3806282023-02-08 09:51:57.485root 11241100x8000000000000000292516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57427813a33c4c72023-02-08 09:51:57.486root 11241100x8000000000000000292515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a171beaefd8fc0d02023-02-08 09:51:57.486root 11241100x8000000000000000292514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d29ad9fd0ad1f32023-02-08 09:51:57.486root 11241100x8000000000000000292513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8a9dce06fef2802023-02-08 09:51:57.486root 11241100x8000000000000000292512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b926cfb8988dce02023-02-08 09:51:57.486root 11241100x8000000000000000292511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b37f086f73c6ab02023-02-08 09:51:57.486root 11241100x8000000000000000292510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19b6d51fb1643c42023-02-08 09:51:57.486root 11241100x8000000000000000292509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee6784b53b9b3082023-02-08 09:51:57.486root 11241100x8000000000000000292508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7ba7643defbfa2023-02-08 09:51:57.486root 11241100x8000000000000000292507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dca5212eca08222023-02-08 09:51:57.486root 11241100x8000000000000000292522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab69352d39e1fed62023-02-08 09:51:57.487root 11241100x8000000000000000292521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7911569b2ebd70bb2023-02-08 09:51:57.487root 11241100x8000000000000000292520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a1f82ddb0fbad2023-02-08 09:51:57.487root 11241100x8000000000000000292519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f293067a55e16c2023-02-08 09:51:57.487root 11241100x8000000000000000292518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd68b4fc33dcaf22023-02-08 09:51:57.487root 11241100x8000000000000000292517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb34ce941b571632023-02-08 09:51:57.487root 11241100x8000000000000000292532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc3f823b2185b12023-02-08 09:51:57.488root 11241100x8000000000000000292531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a328b94a838418c72023-02-08 09:51:57.488root 11241100x8000000000000000292530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3254de61421fb2023-02-08 09:51:57.488root 11241100x8000000000000000292529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1e7c2a0fc60732023-02-08 09:51:57.488root 11241100x8000000000000000292528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e0853d6e0ce17f2023-02-08 09:51:57.488root 11241100x8000000000000000292527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1067dd9b758055892023-02-08 09:51:57.488root 11241100x8000000000000000292526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81003e6df8123992023-02-08 09:51:57.488root 11241100x8000000000000000292525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2012f22f013e34c2023-02-08 09:51:57.488root 11241100x8000000000000000292524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3811b7b8136dbbba2023-02-08 09:51:57.488root 11241100x8000000000000000292523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe911208c6abd1b22023-02-08 09:51:57.488root 11241100x8000000000000000292541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e02da3ef983aa62023-02-08 09:51:57.489root 11241100x8000000000000000292540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d92f11c231866532023-02-08 09:51:57.489root 11241100x8000000000000000292539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf40a869e0c206f52023-02-08 09:51:57.489root 11241100x8000000000000000292538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b637c82b1164c42023-02-08 09:51:57.489root 11241100x8000000000000000292537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26380b67c5c147e52023-02-08 09:51:57.489root 11241100x8000000000000000292536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1f459429d1173b2023-02-08 09:51:57.489root 11241100x8000000000000000292535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2843ca8ece17eac12023-02-08 09:51:57.489root 11241100x8000000000000000292534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd92467b013096d2023-02-08 09:51:57.489root 11241100x8000000000000000292533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a3f9c7d6c66922023-02-08 09:51:57.489root 11241100x8000000000000000292542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa76d4f4d2f05292023-02-08 09:51:57.984root 11241100x8000000000000000292553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b81901e644f12a2023-02-08 09:51:57.985root 11241100x8000000000000000292552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5b73cd423475f02023-02-08 09:51:57.985root 11241100x8000000000000000292551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b3f8a0be91819a2023-02-08 09:51:57.985root 11241100x8000000000000000292550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aafc1ef000fbc32023-02-08 09:51:57.985root 11241100x8000000000000000292549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6789b1d6d5be08da2023-02-08 09:51:57.985root 11241100x8000000000000000292548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1e48bf0892e3632023-02-08 09:51:57.985root 11241100x8000000000000000292547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d397eb6b7844fb2023-02-08 09:51:57.985root 11241100x8000000000000000292546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea05d16e721e42dc2023-02-08 09:51:57.985root 11241100x8000000000000000292545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c5cab7a62b4cec2023-02-08 09:51:57.985root 11241100x8000000000000000292544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9812940a2219f892023-02-08 09:51:57.985root 11241100x8000000000000000292543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969646cd60356f062023-02-08 09:51:57.985root 11241100x8000000000000000292568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c9b886de242f652023-02-08 09:51:57.986root 11241100x8000000000000000292567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6288c40762206fbf2023-02-08 09:51:57.986root 11241100x8000000000000000292566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a919f1bd157548d52023-02-08 09:51:57.986root 11241100x8000000000000000292565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa173fc7090adc2023-02-08 09:51:57.986root 11241100x8000000000000000292564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d162cfcdcfae972023-02-08 09:51:57.986root 11241100x8000000000000000292563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5e4444c3c85fb32023-02-08 09:51:57.986root 11241100x8000000000000000292562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54df4f56c2222fc22023-02-08 09:51:57.986root 11241100x8000000000000000292561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fb845074732fb82023-02-08 09:51:57.986root 11241100x8000000000000000292560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec42c4416e218a62023-02-08 09:51:57.986root 11241100x8000000000000000292559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c64403fae6888152023-02-08 09:51:57.986root 11241100x8000000000000000292558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5126e6d0a55504162023-02-08 09:51:57.986root 11241100x8000000000000000292557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaa3134967d8a212023-02-08 09:51:57.986root 11241100x8000000000000000292556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e88699a220866092023-02-08 09:51:57.986root 11241100x8000000000000000292555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745d19669ce1dbd12023-02-08 09:51:57.986root 11241100x8000000000000000292554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2329946f8d23882023-02-08 09:51:57.986root 11241100x8000000000000000292576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc287a6d673aeaa2023-02-08 09:51:57.987root 11241100x8000000000000000292575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcd90e321f5202c2023-02-08 09:51:57.987root 11241100x8000000000000000292574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007b2c0a52c224cb2023-02-08 09:51:57.987root 11241100x8000000000000000292573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5923862ef2191e72023-02-08 09:51:57.987root 11241100x8000000000000000292572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd781028356794ab2023-02-08 09:51:57.987root 11241100x8000000000000000292571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b30e4402acaea412023-02-08 09:51:57.987root 11241100x8000000000000000292570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ebe99e07502602023-02-08 09:51:57.987root 11241100x8000000000000000292569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15338395a9de1d2023-02-08 09:51:57.987root 11241100x8000000000000000292581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a057689ab72ea2e2023-02-08 09:51:57.988root 11241100x8000000000000000292580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20278919bf0e8d6a2023-02-08 09:51:57.988root 11241100x8000000000000000292579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552974a7b0e0040a2023-02-08 09:51:57.988root 11241100x8000000000000000292578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f0778cad193742023-02-08 09:51:57.988root 11241100x8000000000000000292577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:57.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52782116cddbdb682023-02-08 09:51:57.988root 354300x8000000000000000292582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.187{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43490-false10.0.1.12-8000- 11241100x8000000000000000292589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34683681c34ed25c2023-02-08 09:51:58.485root 11241100x8000000000000000292588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9239445f418edf42023-02-08 09:51:58.485root 11241100x8000000000000000292587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad1309b95b0d8fe2023-02-08 09:51:58.485root 11241100x8000000000000000292586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4dc0c91ff4bd132023-02-08 09:51:58.485root 11241100x8000000000000000292585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cab8733608e4972023-02-08 09:51:58.485root 11241100x8000000000000000292584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8097f7574163a3ec2023-02-08 09:51:58.485root 11241100x8000000000000000292583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980db72be25bdce62023-02-08 09:51:58.485root 11241100x8000000000000000292601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7076225d8e27a912023-02-08 09:51:58.486root 11241100x8000000000000000292600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b18ecfec4b9b62023-02-08 09:51:58.486root 11241100x8000000000000000292599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f0c9020a756f9f2023-02-08 09:51:58.486root 11241100x8000000000000000292598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622c387987cafea2023-02-08 09:51:58.486root 11241100x8000000000000000292597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaf052382dcd51c2023-02-08 09:51:58.486root 11241100x8000000000000000292596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed1e1fc298396732023-02-08 09:51:58.486root 11241100x8000000000000000292595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a9958d427fc2512023-02-08 09:51:58.486root 11241100x8000000000000000292594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe0a9975377cc32023-02-08 09:51:58.486root 11241100x8000000000000000292593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68033b8dcb76b4a2023-02-08 09:51:58.486root 11241100x8000000000000000292592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc9f54bf34b322d2023-02-08 09:51:58.486root 11241100x8000000000000000292591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516f3a8e1033a432023-02-08 09:51:58.486root 11241100x8000000000000000292590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c6db953bc9cf4e2023-02-08 09:51:58.486root 11241100x8000000000000000292612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631d0eb5e153abd32023-02-08 09:51:58.487root 11241100x8000000000000000292611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a31b4f6bef74c62023-02-08 09:51:58.487root 11241100x8000000000000000292610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2b6f399eb0ff532023-02-08 09:51:58.487root 11241100x8000000000000000292609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573851958283415d2023-02-08 09:51:58.487root 11241100x8000000000000000292608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20e72dc8f03fda82023-02-08 09:51:58.487root 11241100x8000000000000000292607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045390018b7a65492023-02-08 09:51:58.487root 11241100x8000000000000000292606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0e2398ed5e4b0b2023-02-08 09:51:58.487root 11241100x8000000000000000292605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7eb5d31f5731b2023-02-08 09:51:58.487root 11241100x8000000000000000292604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce119c8409ead232023-02-08 09:51:58.487root 11241100x8000000000000000292603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2040ba8786c52a42023-02-08 09:51:58.487root 11241100x8000000000000000292602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24084879acf3e0ef2023-02-08 09:51:58.487root 11241100x8000000000000000292624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603fad3e08a62c42023-02-08 09:51:58.488root 11241100x8000000000000000292623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf827aa624a77ee02023-02-08 09:51:58.488root 11241100x8000000000000000292622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a10bcba846212fe2023-02-08 09:51:58.488root 11241100x8000000000000000292621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc3035e0393b4b92023-02-08 09:51:58.488root 11241100x8000000000000000292620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03559c17700e7f9b2023-02-08 09:51:58.488root 11241100x8000000000000000292619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4bce4e6e480dc02023-02-08 09:51:58.488root 11241100x8000000000000000292618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b1be997f5f3ec22023-02-08 09:51:58.488root 11241100x8000000000000000292617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b813c6031ddd8d992023-02-08 09:51:58.488root 11241100x8000000000000000292616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692aa623c04930b72023-02-08 09:51:58.488root 11241100x8000000000000000292615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5aebf38b953e5b52023-02-08 09:51:58.488root 11241100x8000000000000000292614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1311839b8656746b2023-02-08 09:51:58.488root 11241100x8000000000000000292613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8da9e4203818fa2023-02-08 09:51:58.488root 11241100x8000000000000000292625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88133801a6270882023-02-08 09:51:58.489root 11241100x8000000000000000292626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2a93b4db2c98fa2023-02-08 09:51:58.984root 11241100x8000000000000000292637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3843bdd88f8ad37a2023-02-08 09:51:58.985root 11241100x8000000000000000292636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc606ba3e62dae62023-02-08 09:51:58.985root 11241100x8000000000000000292635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d48c73db80e5222023-02-08 09:51:58.985root 11241100x8000000000000000292634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ffb1b01093fc022023-02-08 09:51:58.985root 11241100x8000000000000000292633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca0897903f02ec82023-02-08 09:51:58.985root 11241100x8000000000000000292632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2c21f936a2ff382023-02-08 09:51:58.985root 11241100x8000000000000000292631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00671ba259ad2be2023-02-08 09:51:58.985root 11241100x8000000000000000292630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0d5f8b595188d72023-02-08 09:51:58.985root 11241100x8000000000000000292629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a1c00f5d5b0b1c2023-02-08 09:51:58.985root 11241100x8000000000000000292628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a04beae4e0d6722023-02-08 09:51:58.985root 11241100x8000000000000000292627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc7bb36dd359192023-02-08 09:51:58.985root 11241100x8000000000000000292645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d8f79cf1d286292023-02-08 09:51:58.986root 11241100x8000000000000000292644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ce394c67f105d92023-02-08 09:51:58.986root 11241100x8000000000000000292643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c725753eb29f0e2023-02-08 09:51:58.986root 11241100x8000000000000000292642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fcbf44402a1b0c2023-02-08 09:51:58.986root 11241100x8000000000000000292641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e337bc0a9be5242023-02-08 09:51:58.986root 11241100x8000000000000000292640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812af96afeef2cde2023-02-08 09:51:58.986root 11241100x8000000000000000292639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a8112601bd85712023-02-08 09:51:58.986root 11241100x8000000000000000292638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4703d58c3f6406e52023-02-08 09:51:58.986root 11241100x8000000000000000292655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd8531fd5e1c3b2023-02-08 09:51:58.987root 11241100x8000000000000000292654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c6fad2266c1ed2023-02-08 09:51:58.987root 11241100x8000000000000000292653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a69375d9219b32023-02-08 09:51:58.987root 11241100x8000000000000000292652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bc0b3cc852bed12023-02-08 09:51:58.987root 11241100x8000000000000000292651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9826afe181ba53af2023-02-08 09:51:58.987root 11241100x8000000000000000292650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e300db12db30f72023-02-08 09:51:58.987root 11241100x8000000000000000292649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9673c6a17dd7f1da2023-02-08 09:51:58.987root 11241100x8000000000000000292648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730ec1fe94a3b622023-02-08 09:51:58.987root 11241100x8000000000000000292647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb06a4bd1227953e2023-02-08 09:51:58.987root 11241100x8000000000000000292646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c10f0ed204623ce2023-02-08 09:51:58.987root 11241100x8000000000000000292665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c0d55b4417dea2023-02-08 09:51:58.988root 11241100x8000000000000000292664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800576fb08a95422023-02-08 09:51:58.988root 11241100x8000000000000000292663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554cb2df7af9ba0a2023-02-08 09:51:58.988root 11241100x8000000000000000292662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7494c0ec1f9e02023-02-08 09:51:58.988root 11241100x8000000000000000292661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941074df92d35a412023-02-08 09:51:58.988root 11241100x8000000000000000292660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25604aed243bd29e2023-02-08 09:51:58.988root 11241100x8000000000000000292659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb998e84b1331112023-02-08 09:51:58.988root 11241100x8000000000000000292658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea880601e0e557f72023-02-08 09:51:58.988root 11241100x8000000000000000292657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad27ec241bbb406f2023-02-08 09:51:58.988root 11241100x8000000000000000292656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718af0410f4db7032023-02-08 09:51:58.988root 11241100x8000000000000000292668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22738fa834af834f2023-02-08 09:51:58.989root 11241100x8000000000000000292667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578fe45ea02c4832023-02-08 09:51:58.989root 11241100x8000000000000000292666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:58.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818826e07c8d9d7b2023-02-08 09:51:58.989root 11241100x8000000000000000292670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d1977f31a60ec2023-02-08 09:51:59.484root 11241100x8000000000000000292669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed33cb38ba4ada822023-02-08 09:51:59.484root 11241100x8000000000000000292678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9782ea07e1e3f4692023-02-08 09:51:59.485root 11241100x8000000000000000292677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69076dbaa7fcf9882023-02-08 09:51:59.485root 11241100x8000000000000000292676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc214355ed261602023-02-08 09:51:59.485root 11241100x8000000000000000292675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1852bc7f95d71f7f2023-02-08 09:51:59.485root 11241100x8000000000000000292674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87890b5852766f352023-02-08 09:51:59.485root 11241100x8000000000000000292673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152497a4aa391ca62023-02-08 09:51:59.485root 11241100x8000000000000000292672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca29f6a930ed97122023-02-08 09:51:59.485root 11241100x8000000000000000292671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3642daa54321492f2023-02-08 09:51:59.485root 11241100x8000000000000000292693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab0e06e615ba5a2023-02-08 09:51:59.486root 11241100x8000000000000000292692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbec40ed20819352023-02-08 09:51:59.486root 11241100x8000000000000000292691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369343a81e6764942023-02-08 09:51:59.486root 11241100x8000000000000000292690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d75ff16c79bbb12023-02-08 09:51:59.486root 11241100x8000000000000000292689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f674d3e25c732e8b2023-02-08 09:51:59.486root 11241100x8000000000000000292688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5381d69964e04bf32023-02-08 09:51:59.486root 11241100x8000000000000000292687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885e6f26812bdfe62023-02-08 09:51:59.486root 11241100x8000000000000000292686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc38b9466ebd25a92023-02-08 09:51:59.486root 11241100x8000000000000000292685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd7e986888cff8b2023-02-08 09:51:59.486root 11241100x8000000000000000292684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be09805e204c9612023-02-08 09:51:59.486root 11241100x8000000000000000292683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25975f2529581b22023-02-08 09:51:59.486root 11241100x8000000000000000292682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceab82114ce68332023-02-08 09:51:59.486root 11241100x8000000000000000292681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb76c9b6f5b53e8e2023-02-08 09:51:59.486root 11241100x8000000000000000292680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62e2ba8aef7a1d2023-02-08 09:51:59.486root 11241100x8000000000000000292679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1614f36552ac470e2023-02-08 09:51:59.486root 11241100x8000000000000000292705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f09f52e54e6e5592023-02-08 09:51:59.487root 11241100x8000000000000000292704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba42fe6dec75932023-02-08 09:51:59.487root 11241100x8000000000000000292703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554c6c4a3e249822023-02-08 09:51:59.487root 11241100x8000000000000000292702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88f30a4c0cc41592023-02-08 09:51:59.487root 11241100x8000000000000000292701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbd38251088a4302023-02-08 09:51:59.487root 11241100x8000000000000000292700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac527c3a354c12872023-02-08 09:51:59.487root 11241100x8000000000000000292699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b8960b30ba461e2023-02-08 09:51:59.487root 11241100x8000000000000000292698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f958dda389205e2023-02-08 09:51:59.487root 11241100x8000000000000000292697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1848913604f98972023-02-08 09:51:59.487root 11241100x8000000000000000292696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1f03716b85d0e12023-02-08 09:51:59.487root 11241100x8000000000000000292695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348740b7b76dc4392023-02-08 09:51:59.487root 11241100x8000000000000000292694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c07a9d0854df082023-02-08 09:51:59.487root 11241100x8000000000000000292719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d30f53462ae5ad72023-02-08 09:51:59.488root 11241100x8000000000000000292718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34836cd517c864a92023-02-08 09:51:59.488root 11241100x8000000000000000292717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13439961f8ee9f932023-02-08 09:51:59.488root 11241100x8000000000000000292716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def13ff6e98997fb2023-02-08 09:51:59.488root 11241100x8000000000000000292715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520dc02245c2d4d82023-02-08 09:51:59.488root 11241100x8000000000000000292714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbe3f8d823516fa2023-02-08 09:51:59.488root 11241100x8000000000000000292713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867fae1dc54cc5da2023-02-08 09:51:59.488root 11241100x8000000000000000292712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72516af44b293d32023-02-08 09:51:59.488root 11241100x8000000000000000292711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2170c23cd00c4212023-02-08 09:51:59.488root 11241100x8000000000000000292710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7cf2c031fd1a402023-02-08 09:51:59.488root 11241100x8000000000000000292709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ca828e028f85e2023-02-08 09:51:59.488root 11241100x8000000000000000292708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31001eb6a43a0612023-02-08 09:51:59.488root 11241100x8000000000000000292707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5119418eeab2817e2023-02-08 09:51:59.488root 11241100x8000000000000000292706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e124f1f13f7c238d2023-02-08 09:51:59.488root 11241100x8000000000000000292728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2850b7d8c66e20c2023-02-08 09:51:59.489root 11241100x8000000000000000292727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5031dcd14abd5d2023-02-08 09:51:59.489root 11241100x8000000000000000292726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d8bcce2f17dffd2023-02-08 09:51:59.489root 11241100x8000000000000000292725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d1249e34ba7442023-02-08 09:51:59.489root 11241100x8000000000000000292724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8306db85c19632682023-02-08 09:51:59.489root 11241100x8000000000000000292723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3036d0604c8fa5b22023-02-08 09:51:59.489root 11241100x8000000000000000292722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253a8763341a06d02023-02-08 09:51:59.489root 11241100x8000000000000000292721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d585ebe35c2cd1c22023-02-08 09:51:59.489root 11241100x8000000000000000292720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d641e21f18ccc1b2023-02-08 09:51:59.489root 11241100x8000000000000000292732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0a5a792867c1b22023-02-08 09:51:59.490root 11241100x8000000000000000292731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c5dd06f06ef1e02023-02-08 09:51:59.490root 11241100x8000000000000000292730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9650fb69dd2efc152023-02-08 09:51:59.490root 11241100x8000000000000000292729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18805679261d897a2023-02-08 09:51:59.490root 11241100x8000000000000000292736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24d299b999c0c612023-02-08 09:51:59.491root 11241100x8000000000000000292735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726c2900f6075cc2023-02-08 09:51:59.491root 11241100x8000000000000000292734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dd26c47098af892023-02-08 09:51:59.491root 11241100x8000000000000000292733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77486e186722cf72023-02-08 09:51:59.491root 11241100x8000000000000000292741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64d988b789b8d8c2023-02-08 09:51:59.492root 11241100x8000000000000000292740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a795264fd2d1a42023-02-08 09:51:59.492root 11241100x8000000000000000292739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3b09d91dadc8c72023-02-08 09:51:59.492root 11241100x8000000000000000292738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eedfc810855f642023-02-08 09:51:59.492root 11241100x8000000000000000292737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15d2fcb98cebd4a2023-02-08 09:51:59.492root 11241100x8000000000000000292745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26cf16762cbc23c2023-02-08 09:51:59.493root 11241100x8000000000000000292744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a67a73342057afd2023-02-08 09:51:59.493root 11241100x8000000000000000292743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851b548f7e05182f2023-02-08 09:51:59.493root 11241100x8000000000000000292742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f04d4b0fcd5eab2023-02-08 09:51:59.493root 11241100x8000000000000000292749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34950a57c156fed22023-02-08 09:51:59.494root 11241100x8000000000000000292748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3fa4b1baa2aad12023-02-08 09:51:59.494root 11241100x8000000000000000292747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccf1debfbad30602023-02-08 09:51:59.494root 11241100x8000000000000000292746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed945ffec647e4f42023-02-08 09:51:59.494root 11241100x8000000000000000292754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f4ee17e0722fdb2023-02-08 09:51:59.495root 11241100x8000000000000000292753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e816d73c555ab62023-02-08 09:51:59.495root 11241100x8000000000000000292752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba3a12b3aaefca42023-02-08 09:51:59.495root 11241100x8000000000000000292751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30db2ae58a7692a2023-02-08 09:51:59.495root 11241100x8000000000000000292750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.495{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ed1f479b071c2d2023-02-08 09:51:59.495root 11241100x8000000000000000292759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5d85f900c0c8d52023-02-08 09:51:59.496root 11241100x8000000000000000292758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602f82b3fa5cb4be2023-02-08 09:51:59.496root 11241100x8000000000000000292757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b651e856e5133a2023-02-08 09:51:59.496root 11241100x8000000000000000292756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308f3fbb5550cfac2023-02-08 09:51:59.496root 11241100x8000000000000000292755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.496{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7374882cf50bae8a2023-02-08 09:51:59.496root 11241100x8000000000000000292765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab867802414d4082023-02-08 09:51:59.497root 11241100x8000000000000000292764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9108361b5006edc2023-02-08 09:51:59.497root 11241100x8000000000000000292763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b79799c3ced6e3c2023-02-08 09:51:59.497root 11241100x8000000000000000292762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ec5f4e9a3e9e432023-02-08 09:51:59.497root 11241100x8000000000000000292761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84335bbfb32e7e3d2023-02-08 09:51:59.497root 11241100x8000000000000000292760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.497{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fca3e6452bd5342023-02-08 09:51:59.497root 11241100x8000000000000000292770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086798ba4ee9b17b2023-02-08 09:51:59.498root 11241100x8000000000000000292769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80084db43acafe22023-02-08 09:51:59.498root 11241100x8000000000000000292768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4f0dcfae8fc95e2023-02-08 09:51:59.498root 11241100x8000000000000000292767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4771b44407544afb2023-02-08 09:51:59.498root 11241100x8000000000000000292766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.498{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c252a95a2462dc32023-02-08 09:51:59.498root 11241100x8000000000000000292773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a015d0115a52902023-02-08 09:51:59.499root 11241100x8000000000000000292772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0d6b615633220d2023-02-08 09:51:59.499root 11241100x8000000000000000292771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.499{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dadd4cf29bf6152023-02-08 09:51:59.499root 11241100x8000000000000000292778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ccc95d051950ba2023-02-08 09:51:59.500root 11241100x8000000000000000292777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6fd3fd220ab6292023-02-08 09:51:59.500root 11241100x8000000000000000292776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef595819aa2c8bd72023-02-08 09:51:59.500root 11241100x8000000000000000292775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c643ff9555790092023-02-08 09:51:59.500root 11241100x8000000000000000292774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.500{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec297845c111d7b2023-02-08 09:51:59.500root 11241100x8000000000000000292782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96efc03638f1965e2023-02-08 09:51:59.501root 11241100x8000000000000000292781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6fd8309e41d5292023-02-08 09:51:59.501root 11241100x8000000000000000292780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee60cc73c616feb62023-02-08 09:51:59.501root 11241100x8000000000000000292779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.501{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f07ccde1dea4682023-02-08 09:51:59.501root 11241100x8000000000000000292784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635682dfae1b78c72023-02-08 09:51:59.502root 11241100x8000000000000000292783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.502{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa601a5cf4bc51ae2023-02-08 09:51:59.502root 11241100x8000000000000000292790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8118b87187c6a42023-02-08 09:51:59.503root 11241100x8000000000000000292789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1abb9db7fd897a2023-02-08 09:51:59.503root 11241100x8000000000000000292788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc11e0be31ec0cd2023-02-08 09:51:59.503root 11241100x8000000000000000292787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473d7fc06f4503942023-02-08 09:51:59.503root 11241100x8000000000000000292786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89dc2dc90ca6fc42023-02-08 09:51:59.503root 11241100x8000000000000000292785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.503{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ad455860d3355f2023-02-08 09:51:59.503root 11241100x8000000000000000292793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b26cbf6a8d3772023-02-08 09:51:59.984root 11241100x8000000000000000292792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e614fed84eb8a8d2023-02-08 09:51:59.984root 11241100x8000000000000000292791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9f75341bb14f02023-02-08 09:51:59.984root 11241100x8000000000000000292800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de211332dcc7db52023-02-08 09:51:59.985root 11241100x8000000000000000292799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dee08f870bf8a92023-02-08 09:51:59.985root 11241100x8000000000000000292798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5046084450d1f5af2023-02-08 09:51:59.985root 11241100x8000000000000000292797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e6275ccdf8daa02023-02-08 09:51:59.985root 11241100x8000000000000000292796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6044cd5a905a932023-02-08 09:51:59.985root 11241100x8000000000000000292795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93178213aad0837c2023-02-08 09:51:59.985root 11241100x8000000000000000292794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6409be736d2580a22023-02-08 09:51:59.985root 11241100x8000000000000000292813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a854b449a48af3e62023-02-08 09:51:59.986root 11241100x8000000000000000292812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abceda514ba2367d2023-02-08 09:51:59.986root 11241100x8000000000000000292811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b385a3f17a6c012023-02-08 09:51:59.986root 11241100x8000000000000000292810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3684ee74d8f335542023-02-08 09:51:59.986root 11241100x8000000000000000292809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61528f31a1d6fad2023-02-08 09:51:59.986root 11241100x8000000000000000292808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807618499fd4e6122023-02-08 09:51:59.986root 11241100x8000000000000000292807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ddaa70591631952023-02-08 09:51:59.986root 11241100x8000000000000000292806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f39a0dc11972e42023-02-08 09:51:59.986root 11241100x8000000000000000292805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92626b19e53c7242023-02-08 09:51:59.986root 11241100x8000000000000000292804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c68fff1cdf682b52023-02-08 09:51:59.986root 11241100x8000000000000000292803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be860a1a01650be72023-02-08 09:51:59.986root 11241100x8000000000000000292802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488062b527d51d12023-02-08 09:51:59.986root 11241100x8000000000000000292801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bf302d2f8325842023-02-08 09:51:59.986root 11241100x8000000000000000292823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f365b35030f542ee2023-02-08 09:51:59.987root 11241100x8000000000000000292822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfcb69c8eabce7b2023-02-08 09:51:59.987root 11241100x8000000000000000292821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ade34c85c384412023-02-08 09:51:59.987root 11241100x8000000000000000292820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e24aec544a83182023-02-08 09:51:59.987root 11241100x8000000000000000292819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd750dd1995aa9962023-02-08 09:51:59.987root 11241100x8000000000000000292818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995166bc394506bf2023-02-08 09:51:59.987root 11241100x8000000000000000292817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3271a92c8248c20a2023-02-08 09:51:59.987root 11241100x8000000000000000292816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa623636ddc54112023-02-08 09:51:59.987root 11241100x8000000000000000292815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85298e66fc26bab2023-02-08 09:51:59.987root 11241100x8000000000000000292814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2956e8f7c556d2023-02-08 09:51:59.987root 11241100x8000000000000000292833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6197b324d72a4462023-02-08 09:51:59.988root 11241100x8000000000000000292832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f403ba26acde52ce2023-02-08 09:51:59.988root 11241100x8000000000000000292831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55e2c0e5364e30a2023-02-08 09:51:59.988root 11241100x8000000000000000292830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cf7bd6f63d08212023-02-08 09:51:59.988root 11241100x8000000000000000292829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a031d8013a5ae2023-02-08 09:51:59.988root 11241100x8000000000000000292828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd64a9b994f16772023-02-08 09:51:59.988root 11241100x8000000000000000292827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9347596f1cd46c2023-02-08 09:51:59.988root 11241100x8000000000000000292826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a94aa3299678f6b2023-02-08 09:51:59.988root 11241100x8000000000000000292825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd1344bb665fefe2023-02-08 09:51:59.988root 11241100x8000000000000000292824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fceada438a637ca2023-02-08 09:51:59.988root 11241100x8000000000000000292840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28f1ac5f5e166e82023-02-08 09:51:59.989root 11241100x8000000000000000292839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ecb0fabfff66242023-02-08 09:51:59.989root 11241100x8000000000000000292838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78207ef33a44f9f72023-02-08 09:51:59.989root 11241100x8000000000000000292837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a2062e12d3b6762023-02-08 09:51:59.989root 11241100x8000000000000000292836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1713bfb6904c86b92023-02-08 09:51:59.989root 11241100x8000000000000000292835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dc559580a789702023-02-08 09:51:59.989root 11241100x8000000000000000292834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4231ceb1d6df3072023-02-08 09:51:59.989root 11241100x8000000000000000292845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8361d8fa16496e2023-02-08 09:51:59.990root 11241100x8000000000000000292844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6204a68caf6a8482023-02-08 09:51:59.990root 11241100x8000000000000000292843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166a9f28dda19e822023-02-08 09:51:59.990root 11241100x8000000000000000292842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c552160af136392023-02-08 09:51:59.990root 11241100x8000000000000000292841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:51:59.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e45b877f2058ef2023-02-08 09:51:59.990root 11241100x8000000000000000292847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4092ba4bba558d452023-02-08 09:52:00.484root 11241100x8000000000000000292846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417022f17b2383112023-02-08 09:52:00.484root 11241100x8000000000000000292857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77cc8565a9b88642023-02-08 09:52:00.485root 11241100x8000000000000000292856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d4b6e5418d48452023-02-08 09:52:00.485root 11241100x8000000000000000292855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01677e916c20332023-02-08 09:52:00.485root 11241100x8000000000000000292854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12c9759233012b52023-02-08 09:52:00.485root 11241100x8000000000000000292853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eee1736bce17f92023-02-08 09:52:00.485root 11241100x8000000000000000292852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e0eb94219efe9b2023-02-08 09:52:00.485root 11241100x8000000000000000292851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8045c5607a1de2023-02-08 09:52:00.485root 11241100x8000000000000000292850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7620c69cd127a2292023-02-08 09:52:00.485root 11241100x8000000000000000292849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39df67129611902023-02-08 09:52:00.485root 11241100x8000000000000000292848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58ea7c6caab0fd62023-02-08 09:52:00.485root 11241100x8000000000000000292867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0330304922f6b44b2023-02-08 09:52:00.486root 11241100x8000000000000000292866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf94b658c9ee48a2023-02-08 09:52:00.486root 11241100x8000000000000000292865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ef8ccd912ae4392023-02-08 09:52:00.486root 11241100x8000000000000000292864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2a49c7bbf88832023-02-08 09:52:00.486root 11241100x8000000000000000292863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f570efa9bd29b6f2023-02-08 09:52:00.486root 11241100x8000000000000000292862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cb77a6cf25971f2023-02-08 09:52:00.486root 11241100x8000000000000000292861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f86125c34ce98e2023-02-08 09:52:00.486root 11241100x8000000000000000292860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d7e7893bf4ab532023-02-08 09:52:00.486root 11241100x8000000000000000292859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eba3c12a345f1b2023-02-08 09:52:00.486root 11241100x8000000000000000292858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aae74bb14dbd792023-02-08 09:52:00.486root 11241100x8000000000000000292873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c423a20e8bb67852023-02-08 09:52:00.487root 11241100x8000000000000000292872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a187148d2ba0d14a2023-02-08 09:52:00.487root 11241100x8000000000000000292871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5654a0bd0f79d4fb2023-02-08 09:52:00.487root 11241100x8000000000000000292870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f52fb00831119ed2023-02-08 09:52:00.487root 11241100x8000000000000000292869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb4d813354229ed2023-02-08 09:52:00.487root 11241100x8000000000000000292868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9535e5509956f92d2023-02-08 09:52:00.487root 11241100x8000000000000000292878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5365684dcac3772023-02-08 09:52:00.488root 11241100x8000000000000000292877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1145fd4e1229f7ff2023-02-08 09:52:00.488root 11241100x8000000000000000292876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6eae10390f0b002023-02-08 09:52:00.488root 11241100x8000000000000000292875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d173e40a55258d2023-02-08 09:52:00.488root 11241100x8000000000000000292874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef33c9e3b04416502023-02-08 09:52:00.488root 11241100x8000000000000000292884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c653f15c14deb2ef2023-02-08 09:52:00.489root 11241100x8000000000000000292883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307ce52f81bb0cea2023-02-08 09:52:00.489root 11241100x8000000000000000292882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca573cc31abef372023-02-08 09:52:00.489root 11241100x8000000000000000292881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fae821b164c93fa2023-02-08 09:52:00.489root 11241100x8000000000000000292880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca231e575416cc92023-02-08 09:52:00.489root 11241100x8000000000000000292879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3d6e6bd7db00a02023-02-08 09:52:00.489root 11241100x8000000000000000292887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b0461afa64a62c2023-02-08 09:52:00.490root 11241100x8000000000000000292886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a861087f1ce642023-02-08 09:52:00.490root 11241100x8000000000000000292885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291b312dd3c751b92023-02-08 09:52:00.490root 11241100x8000000000000000292888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3922e18f76009b02023-02-08 09:52:00.491root 11241100x8000000000000000292890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6061ffd6625e01392023-02-08 09:52:00.984root 11241100x8000000000000000292889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb1ba672e297b32023-02-08 09:52:00.984root 11241100x8000000000000000292893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce3582bb260d4f22023-02-08 09:52:00.985root 11241100x8000000000000000292892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba23e693d7550022023-02-08 09:52:00.985root 11241100x8000000000000000292891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f06bcb8ef8e5b12023-02-08 09:52:00.985root 11241100x8000000000000000292897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc6f6aaa185a6582023-02-08 09:52:00.986root 11241100x8000000000000000292896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6995d3f805bf5a7b2023-02-08 09:52:00.986root 11241100x8000000000000000292895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd40086c412989302023-02-08 09:52:00.986root 11241100x8000000000000000292894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa7796edf0d81d02023-02-08 09:52:00.986root 11241100x8000000000000000292907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da88e5d95bce3e2023-02-08 09:52:00.987root 11241100x8000000000000000292906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622167cbfe97f72e2023-02-08 09:52:00.987root 11241100x8000000000000000292905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ceff1d748b02de2023-02-08 09:52:00.987root 11241100x8000000000000000292904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676cba2b88d80052023-02-08 09:52:00.987root 11241100x8000000000000000292903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b612add15ed812a2023-02-08 09:52:00.987root 11241100x8000000000000000292902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e8f45398e556042023-02-08 09:52:00.987root 11241100x8000000000000000292901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a50a8067dcc8c182023-02-08 09:52:00.987root 11241100x8000000000000000292900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a8fa4894c538a42023-02-08 09:52:00.987root 11241100x8000000000000000292899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e219d7a6b7b05f7c2023-02-08 09:52:00.987root 11241100x8000000000000000292898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7741dfc5e8fa968b2023-02-08 09:52:00.987root 11241100x8000000000000000292921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084350e2b515b41b2023-02-08 09:52:00.988root 11241100x8000000000000000292920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67af17368fa6a3902023-02-08 09:52:00.988root 11241100x8000000000000000292919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6236c3d784633a2023-02-08 09:52:00.988root 11241100x8000000000000000292918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9df104db325a7492023-02-08 09:52:00.988root 11241100x8000000000000000292917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8cc6649215db32023-02-08 09:52:00.988root 11241100x8000000000000000292916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de9715242897c902023-02-08 09:52:00.988root 11241100x8000000000000000292915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008b6306ceb3c972023-02-08 09:52:00.988root 11241100x8000000000000000292914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3721afeb600219372023-02-08 09:52:00.988root 11241100x8000000000000000292913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b41bd83dbdcd52023-02-08 09:52:00.988root 11241100x8000000000000000292912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d9c21fae3313eb2023-02-08 09:52:00.988root 11241100x8000000000000000292911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b6642824c5d49e2023-02-08 09:52:00.988root 11241100x8000000000000000292910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0eb8db407416802023-02-08 09:52:00.988root 11241100x8000000000000000292909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6484e9ee1d4bbd2023-02-08 09:52:00.988root 11241100x8000000000000000292908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e62b6fae2dc73f2023-02-08 09:52:00.988root 11241100x8000000000000000292931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb8d7576c65375f2023-02-08 09:52:00.989root 11241100x8000000000000000292930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe0b7afe94b5c6d2023-02-08 09:52:00.989root 11241100x8000000000000000292929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f585072bf64da4a22023-02-08 09:52:00.989root 11241100x8000000000000000292928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50cef604f494fa12023-02-08 09:52:00.989root 11241100x8000000000000000292927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b9bc4b268d22212023-02-08 09:52:00.989root 11241100x8000000000000000292926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c89ed42b1edda262023-02-08 09:52:00.989root 11241100x8000000000000000292925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4946570bbf110a2023-02-08 09:52:00.989root 11241100x8000000000000000292924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc975b62162a2182023-02-08 09:52:00.989root 11241100x8000000000000000292923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89ce4ab4059748d2023-02-08 09:52:00.989root 11241100x8000000000000000292922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:00.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098f6cbececde3d2023-02-08 09:52:00.989root 11241100x8000000000000000292932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af872cff00ed0ff2023-02-08 09:52:01.484root 11241100x8000000000000000292937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491a9a8659d7d5582023-02-08 09:52:01.485root 11241100x8000000000000000292936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b3e97ccb4a8d62023-02-08 09:52:01.485root 11241100x8000000000000000292935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78fdba70026996c2023-02-08 09:52:01.485root 11241100x8000000000000000292934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664efc78646cf6db2023-02-08 09:52:01.485root 11241100x8000000000000000292933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a740e139280b4ae2023-02-08 09:52:01.485root 11241100x8000000000000000292948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b52bebc72bbbf12023-02-08 09:52:01.486root 11241100x8000000000000000292947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75d96a97ab1afc52023-02-08 09:52:01.486root 11241100x8000000000000000292946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a5e4210e58e892023-02-08 09:52:01.486root 11241100x8000000000000000292945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24fc497173fdf42023-02-08 09:52:01.486root 11241100x8000000000000000292944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c0f5b8c58b0752023-02-08 09:52:01.486root 11241100x8000000000000000292943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ff904e1231228c2023-02-08 09:52:01.486root 11241100x8000000000000000292942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2ca10fcb68827b2023-02-08 09:52:01.486root 11241100x8000000000000000292941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0fa98b85d4e9ac2023-02-08 09:52:01.486root 11241100x8000000000000000292940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0f2baebe2368842023-02-08 09:52:01.486root 11241100x8000000000000000292939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f8f11387ecad832023-02-08 09:52:01.486root 11241100x8000000000000000292938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d628f5820042c62023-02-08 09:52:01.486root 11241100x8000000000000000292957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a241ec452aa0099e2023-02-08 09:52:01.487root 11241100x8000000000000000292956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aeb6f923cf4895a2023-02-08 09:52:01.487root 11241100x8000000000000000292955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8b24e1fa0eb58e2023-02-08 09:52:01.487root 11241100x8000000000000000292954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4fe1b7ad3623492023-02-08 09:52:01.487root 11241100x8000000000000000292953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ada018a66895ba2023-02-08 09:52:01.487root 11241100x8000000000000000292952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6737158d082a81f2023-02-08 09:52:01.487root 11241100x8000000000000000292951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af98076b3e5f5db2023-02-08 09:52:01.487root 11241100x8000000000000000292950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d389278cc115572023-02-08 09:52:01.487root 11241100x8000000000000000292949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a8fac5002443df2023-02-08 09:52:01.487root 11241100x8000000000000000292968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d47fceb94f8562023-02-08 09:52:01.488root 11241100x8000000000000000292967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32e18f3b8bbf5a2023-02-08 09:52:01.488root 11241100x8000000000000000292966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bef850f68708b82023-02-08 09:52:01.488root 11241100x8000000000000000292965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06814bdb7bc073342023-02-08 09:52:01.488root 11241100x8000000000000000292964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f1ba312770b2832023-02-08 09:52:01.488root 11241100x8000000000000000292963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8476850216254a2023-02-08 09:52:01.488root 11241100x8000000000000000292962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0cf967603a30ab2023-02-08 09:52:01.488root 11241100x8000000000000000292961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0360ea0996ba91c92023-02-08 09:52:01.488root 11241100x8000000000000000292960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11c856bfabe60802023-02-08 09:52:01.488root 11241100x8000000000000000292959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92372ffb8421257d2023-02-08 09:52:01.488root 11241100x8000000000000000292958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ec53a46c7420b92023-02-08 09:52:01.488root 11241100x8000000000000000292975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a34ac68a3c964ed2023-02-08 09:52:01.489root 11241100x8000000000000000292974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bb786bb54f63df2023-02-08 09:52:01.489root 11241100x8000000000000000292973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd36c4c2393ed492023-02-08 09:52:01.489root 11241100x8000000000000000292972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f23cd8de9404e2023-02-08 09:52:01.489root 11241100x8000000000000000292971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adeabe9c4cb7f482023-02-08 09:52:01.489root 11241100x8000000000000000292970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56300b746737a7a82023-02-08 09:52:01.489root 11241100x8000000000000000292969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ea9a95910a14f2023-02-08 09:52:01.489root 11241100x8000000000000000292984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5009042ae637862023-02-08 09:52:01.985root 11241100x8000000000000000292983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32168992a9d0e3af2023-02-08 09:52:01.985root 11241100x8000000000000000292982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f37debb0f0e1b442023-02-08 09:52:01.985root 11241100x8000000000000000292981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcabd91d088e09f42023-02-08 09:52:01.985root 11241100x8000000000000000292980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca21bdfc15b233e72023-02-08 09:52:01.985root 11241100x8000000000000000292979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf02e9cc4457a5ee2023-02-08 09:52:01.985root 11241100x8000000000000000292978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511266cffbbc53aa2023-02-08 09:52:01.985root 11241100x8000000000000000292977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23052684407280182023-02-08 09:52:01.985root 11241100x8000000000000000292976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f8299823bdc922023-02-08 09:52:01.985root 11241100x8000000000000000292999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091c438dd9caa77c2023-02-08 09:52:01.986root 11241100x8000000000000000292998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93409ddd67a00c1c2023-02-08 09:52:01.986root 11241100x8000000000000000292997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbae737b685484032023-02-08 09:52:01.986root 11241100x8000000000000000292996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d9e351b60b5ebf2023-02-08 09:52:01.986root 11241100x8000000000000000292995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6368d8bbf9df68732023-02-08 09:52:01.986root 11241100x8000000000000000292994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4fda3059eef5782023-02-08 09:52:01.986root 11241100x8000000000000000292993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc1816f2797a342023-02-08 09:52:01.986root 11241100x8000000000000000292992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84f8e59151e0462023-02-08 09:52:01.986root 11241100x8000000000000000292991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f21751414ff393d2023-02-08 09:52:01.986root 11241100x8000000000000000292990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba23ac6c8d23af72023-02-08 09:52:01.986root 11241100x8000000000000000292989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2b0ab1c7b07d82023-02-08 09:52:01.986root 11241100x8000000000000000292988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30c2508557a23b62023-02-08 09:52:01.986root 11241100x8000000000000000292987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d48edcdd7ab85902023-02-08 09:52:01.986root 11241100x8000000000000000292986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e3efa556db58092023-02-08 09:52:01.986root 11241100x8000000000000000292985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024beb07161c7c382023-02-08 09:52:01.986root 11241100x8000000000000000293014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8169991d415d4e2023-02-08 09:52:01.987root 11241100x8000000000000000293013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004ec676f255f5cb2023-02-08 09:52:01.987root 11241100x8000000000000000293012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746a29f629a1fdcc2023-02-08 09:52:01.987root 11241100x8000000000000000293011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e639da4ae0b3e242023-02-08 09:52:01.987root 11241100x8000000000000000293010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ec457433edebe72023-02-08 09:52:01.987root 11241100x8000000000000000293009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4733dd4fcc5051fb2023-02-08 09:52:01.987root 11241100x8000000000000000293008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee8d52021d26ac82023-02-08 09:52:01.987root 11241100x8000000000000000293007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2b902d37a708562023-02-08 09:52:01.987root 11241100x8000000000000000293006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a317b8e1cae97e2023-02-08 09:52:01.987root 11241100x8000000000000000293005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c03039f42043a4d2023-02-08 09:52:01.987root 11241100x8000000000000000293004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ade163f7cd2e5c2023-02-08 09:52:01.987root 11241100x8000000000000000293003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed649d1a5f82f4b2023-02-08 09:52:01.987root 11241100x8000000000000000293002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f98665d4a769a2023-02-08 09:52:01.987root 11241100x8000000000000000293001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d207cf602285ac2023-02-08 09:52:01.987root 11241100x8000000000000000293000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd20c1ce242799832023-02-08 09:52:01.987root 11241100x8000000000000000293017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8e902cf70ffef02023-02-08 09:52:01.988root 11241100x8000000000000000293016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2fe3b7d0f153482023-02-08 09:52:01.988root 11241100x8000000000000000293015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ea332ce57a39022023-02-08 09:52:01.988root 11241100x8000000000000000293020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadfc4d1e78c10b92023-02-08 09:52:01.995root 11241100x8000000000000000293019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725c53907037923c2023-02-08 09:52:01.995root 11241100x8000000000000000293018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.995{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6be1437e3ffdcd2023-02-08 09:52:01.995root 11241100x8000000000000000293033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370b8a5478348e792023-02-08 09:52:01.996root 11241100x8000000000000000293032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b37211839f1e7f2023-02-08 09:52:01.996root 11241100x8000000000000000293031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34175b283cf45d142023-02-08 09:52:01.996root 11241100x8000000000000000293030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774cd113b22169ff2023-02-08 09:52:01.996root 11241100x8000000000000000293029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1df0abd15d0c7c2023-02-08 09:52:01.996root 11241100x8000000000000000293028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622a5de8d54f15452023-02-08 09:52:01.996root 11241100x8000000000000000293027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889770d19ce869182023-02-08 09:52:01.996root 11241100x8000000000000000293026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f8468172d0149b2023-02-08 09:52:01.996root 11241100x8000000000000000293025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55f4fe31f4d8a4e2023-02-08 09:52:01.996root 11241100x8000000000000000293024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd7936f5400f9932023-02-08 09:52:01.996root 11241100x8000000000000000293023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f255eabebbfcd2023-02-08 09:52:01.996root 11241100x8000000000000000293022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa954d79fae634732023-02-08 09:52:01.996root 11241100x8000000000000000293021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.996{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fded1276c9266032023-02-08 09:52:01.996root 11241100x8000000000000000293034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:01.999{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f74285cc88f5962023-02-08 09:52:01.999root 11241100x8000000000000000293043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51d1065a75819b52023-02-08 09:52:02.000root 11241100x8000000000000000293042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c96b798692cdc382023-02-08 09:52:02.000root 11241100x8000000000000000293041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9258310ecc23e7d42023-02-08 09:52:02.000root 11241100x8000000000000000293040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b20b88727fe5f842023-02-08 09:52:02.000root 11241100x8000000000000000293039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57476934777634d92023-02-08 09:52:02.000root 11241100x8000000000000000293038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b72928b6244522023-02-08 09:52:02.000root 11241100x8000000000000000293037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a13ce400859118f2023-02-08 09:52:02.000root 11241100x8000000000000000293036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e111909940a25292023-02-08 09:52:02.000root 11241100x8000000000000000293035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.000{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d895a5eed026e46d2023-02-08 09:52:02.000root 11241100x8000000000000000293056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ed3d21467961e52023-02-08 09:52:02.001root 11241100x8000000000000000293055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34406ac813304d22023-02-08 09:52:02.001root 11241100x8000000000000000293054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b005584cb51d7872023-02-08 09:52:02.001root 11241100x8000000000000000293053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce323fcd27fd9a2023-02-08 09:52:02.001root 11241100x8000000000000000293052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3568f7886327beb22023-02-08 09:52:02.001root 11241100x8000000000000000293051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c26db3009344a92023-02-08 09:52:02.001root 11241100x8000000000000000293050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f284256ec5534b2023-02-08 09:52:02.001root 11241100x8000000000000000293049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa382dfb0be96612023-02-08 09:52:02.001root 11241100x8000000000000000293048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fd4252ad50de142023-02-08 09:52:02.001root 11241100x8000000000000000293047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a01f368dcd0162e2023-02-08 09:52:02.001root 11241100x8000000000000000293046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6828f36825b51442023-02-08 09:52:02.001root 11241100x8000000000000000293045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9810008c1d7fd9f2023-02-08 09:52:02.001root 11241100x8000000000000000293044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.001{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8679381378b647a2023-02-08 09:52:02.001root 11241100x8000000000000000293057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.002{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b3eb7eaaac5432023-02-08 09:52:02.002root 11241100x8000000000000000293064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04daecf27c27e6702023-02-08 09:52:02.485root 11241100x8000000000000000293063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87d6c22fbd106ac2023-02-08 09:52:02.485root 11241100x8000000000000000293062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914506b672e89b3f2023-02-08 09:52:02.485root 11241100x8000000000000000293061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e6aaba2f5be3462023-02-08 09:52:02.485root 11241100x8000000000000000293060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f49028fb34899e2023-02-08 09:52:02.485root 11241100x8000000000000000293059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9db775ab9c0c4b2023-02-08 09:52:02.485root 11241100x8000000000000000293058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f685bba39f34a42023-02-08 09:52:02.485root 11241100x8000000000000000293073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecf5d70c3f3af4e2023-02-08 09:52:02.486root 11241100x8000000000000000293072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0998b5633773e62023-02-08 09:52:02.486root 11241100x8000000000000000293071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fdf6f141c0dc3e2023-02-08 09:52:02.486root 11241100x8000000000000000293070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef1e201fb9376df2023-02-08 09:52:02.486root 11241100x8000000000000000293069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc0f0af6de0e3ed2023-02-08 09:52:02.486root 11241100x8000000000000000293068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7280df641944bf362023-02-08 09:52:02.486root 11241100x8000000000000000293067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a38c73102152772023-02-08 09:52:02.486root 11241100x8000000000000000293066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e379e5072c80302023-02-08 09:52:02.486root 11241100x8000000000000000293065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8742b084649ad072023-02-08 09:52:02.486root 11241100x8000000000000000293082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeeba5bfd39f12b2023-02-08 09:52:02.487root 11241100x8000000000000000293081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22977daca9506432023-02-08 09:52:02.487root 11241100x8000000000000000293080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438b5fb9c52f3bb2023-02-08 09:52:02.487root 11241100x8000000000000000293079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f513b59346fdc692023-02-08 09:52:02.487root 11241100x8000000000000000293078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb06cdf9b10e40222023-02-08 09:52:02.487root 11241100x8000000000000000293077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fe05e080b241852023-02-08 09:52:02.487root 11241100x8000000000000000293076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d3a4fdbae069982023-02-08 09:52:02.487root 11241100x8000000000000000293075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f98041e9808e152023-02-08 09:52:02.487root 11241100x8000000000000000293074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e4c633906acc52023-02-08 09:52:02.487root 11241100x8000000000000000293096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56444f8e75772f22023-02-08 09:52:02.488root 11241100x8000000000000000293095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be71aaed272467722023-02-08 09:52:02.488root 11241100x8000000000000000293094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc7dd39fafda022023-02-08 09:52:02.488root 11241100x8000000000000000293093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab849bdc04c0ced2023-02-08 09:52:02.488root 11241100x8000000000000000293092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30440435c1c7c97d2023-02-08 09:52:02.488root 11241100x8000000000000000293091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee91c3b20700bd452023-02-08 09:52:02.488root 11241100x8000000000000000293090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4809ce2d0f08d42023-02-08 09:52:02.488root 11241100x8000000000000000293089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc95a8379b790e232023-02-08 09:52:02.488root 11241100x8000000000000000293088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b5dccbaff2b7732023-02-08 09:52:02.488root 11241100x8000000000000000293087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5bf7a77522891a2023-02-08 09:52:02.488root 11241100x8000000000000000293086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7c03336db2dbc02023-02-08 09:52:02.488root 11241100x8000000000000000293085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10394c7bf04ed6ad2023-02-08 09:52:02.488root 11241100x8000000000000000293084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3994fab21019eae2023-02-08 09:52:02.488root 11241100x8000000000000000293083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0184f18d5f2fb57b2023-02-08 09:52:02.488root 11241100x8000000000000000293100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc449c5e80c4fa92023-02-08 09:52:02.489root 11241100x8000000000000000293099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7630568286bbe2023-02-08 09:52:02.489root 11241100x8000000000000000293098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cfe6c6cd13bf142023-02-08 09:52:02.489root 11241100x8000000000000000293097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db185a5f43145412023-02-08 09:52:02.489root 11241100x8000000000000000293105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baeab891aa151872023-02-08 09:52:02.984root 11241100x8000000000000000293104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1192897c079892023-02-08 09:52:02.984root 11241100x8000000000000000293103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d5cd9e70ea1b552023-02-08 09:52:02.984root 11241100x8000000000000000293102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc7bd20246481db2023-02-08 09:52:02.984root 11241100x8000000000000000293101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83074f59ece23d4b2023-02-08 09:52:02.984root 11241100x8000000000000000293113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203db0bad4cab4892023-02-08 09:52:02.985root 11241100x8000000000000000293112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e987d6afcf4739c2023-02-08 09:52:02.985root 11241100x8000000000000000293111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ba0b13a90679cb2023-02-08 09:52:02.985root 11241100x8000000000000000293110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c64ba4c567487142023-02-08 09:52:02.985root 11241100x8000000000000000293109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dc0f7e1aec46ee2023-02-08 09:52:02.985root 11241100x8000000000000000293108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389526152fcf7ac02023-02-08 09:52:02.985root 11241100x8000000000000000293107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488dc200eb3713a2023-02-08 09:52:02.985root 11241100x8000000000000000293106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d32136928f3e4ec2023-02-08 09:52:02.985root 11241100x8000000000000000293126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a5031ff998e5742023-02-08 09:52:02.986root 11241100x8000000000000000293125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a357118ee562ece2023-02-08 09:52:02.986root 11241100x8000000000000000293124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dc8a3a9d4ed6a12023-02-08 09:52:02.986root 11241100x8000000000000000293123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d16da5dc55e639b2023-02-08 09:52:02.986root 11241100x8000000000000000293122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426c5db2d9ddea962023-02-08 09:52:02.986root 11241100x8000000000000000293121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d73459ff0eb4882023-02-08 09:52:02.986root 11241100x8000000000000000293120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308981f523355fc82023-02-08 09:52:02.986root 11241100x8000000000000000293119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63ea9676e3d7f482023-02-08 09:52:02.986root 11241100x8000000000000000293118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e923d5ff169a8b2023-02-08 09:52:02.986root 11241100x8000000000000000293117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98704d5c2271fcf32023-02-08 09:52:02.986root 11241100x8000000000000000293116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7f12822cb886fe2023-02-08 09:52:02.986root 11241100x8000000000000000293115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6410a1ac47f3682023-02-08 09:52:02.986root 11241100x8000000000000000293114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b08747f6c54e4df2023-02-08 09:52:02.986root 11241100x8000000000000000293141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4947ac30221de83a2023-02-08 09:52:02.987root 11241100x8000000000000000293140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495fa153532648d52023-02-08 09:52:02.987root 11241100x8000000000000000293139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6256a04a58a092a82023-02-08 09:52:02.987root 11241100x8000000000000000293138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3d4d6fadd0f85d2023-02-08 09:52:02.987root 11241100x8000000000000000293137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe5b621ee1508792023-02-08 09:52:02.987root 11241100x8000000000000000293136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f880947ec08902023-02-08 09:52:02.987root 11241100x8000000000000000293135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8148b3e4373c3962023-02-08 09:52:02.987root 11241100x8000000000000000293134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd4cd0f7cb98ed22023-02-08 09:52:02.987root 11241100x8000000000000000293133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eba7217713a5af2023-02-08 09:52:02.987root 11241100x8000000000000000293132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e446a20b99e692023-02-08 09:52:02.987root 11241100x8000000000000000293131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a972686cf267c912023-02-08 09:52:02.987root 11241100x8000000000000000293130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8477476c512c93a2023-02-08 09:52:02.987root 11241100x8000000000000000293129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c6741294afb4542023-02-08 09:52:02.987root 11241100x8000000000000000293128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93804ced8ae4843b2023-02-08 09:52:02.987root 11241100x8000000000000000293127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e926808677bdb8a2023-02-08 09:52:02.987root 11241100x8000000000000000293151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea0be16dcb590d02023-02-08 09:52:02.988root 11241100x8000000000000000293150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904be8df91d13c392023-02-08 09:52:02.988root 11241100x8000000000000000293149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb6c449d5d1f9282023-02-08 09:52:02.988root 11241100x8000000000000000293148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d914f07546499bab2023-02-08 09:52:02.988root 11241100x8000000000000000293147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a153e25ae97e7722023-02-08 09:52:02.988root 11241100x8000000000000000293146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcb89379edab5752023-02-08 09:52:02.988root 11241100x8000000000000000293145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ba508209dbf43c2023-02-08 09:52:02.988root 11241100x8000000000000000293144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa4215eba41c76e2023-02-08 09:52:02.988root 11241100x8000000000000000293143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30814d3dad084122023-02-08 09:52:02.988root 11241100x8000000000000000293142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0c39b72c3e29882023-02-08 09:52:02.988root 11241100x8000000000000000293160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052f9d7e88b446de2023-02-08 09:52:02.989root 11241100x8000000000000000293159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61edc914596a228e2023-02-08 09:52:02.989root 11241100x8000000000000000293158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5bd8bc6422da582023-02-08 09:52:02.989root 11241100x8000000000000000293157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c1493fd7d2d4422023-02-08 09:52:02.989root 11241100x8000000000000000293156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339c4e9fda8b86262023-02-08 09:52:02.989root 11241100x8000000000000000293155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c1a571c1abb38f2023-02-08 09:52:02.989root 11241100x8000000000000000293154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4d2733b5a9d6872023-02-08 09:52:02.989root 11241100x8000000000000000293153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5166c2525605877f2023-02-08 09:52:02.989root 11241100x8000000000000000293152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5171e6473eac0e822023-02-08 09:52:02.989root 11241100x8000000000000000293170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a16ead214ee9b92023-02-08 09:52:02.990root 11241100x8000000000000000293169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b6cf44582c4b702023-02-08 09:52:02.990root 11241100x8000000000000000293168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8236fc8031fde5b2023-02-08 09:52:02.990root 11241100x8000000000000000293167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067ba69cc84c7dcf2023-02-08 09:52:02.990root 11241100x8000000000000000293166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f5a8e6533ecfbc2023-02-08 09:52:02.990root 11241100x8000000000000000293165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae84563b9d08172023-02-08 09:52:02.990root 11241100x8000000000000000293164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4173371c59ac3ce2023-02-08 09:52:02.990root 11241100x8000000000000000293163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32c8a64819788f2023-02-08 09:52:02.990root 11241100x8000000000000000293162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85172bd46604b4662023-02-08 09:52:02.990root 11241100x8000000000000000293161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9367d5a6f52a752023-02-08 09:52:02.990root 11241100x8000000000000000293180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3030b7a4892b9cd2023-02-08 09:52:02.991root 11241100x8000000000000000293179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd689e4b5f6804212023-02-08 09:52:02.991root 11241100x8000000000000000293178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfd4579b34e54202023-02-08 09:52:02.991root 11241100x8000000000000000293177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0dd82595def9702023-02-08 09:52:02.991root 11241100x8000000000000000293176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9436ff90d307fac52023-02-08 09:52:02.991root 11241100x8000000000000000293175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839459f1f77293932023-02-08 09:52:02.991root 11241100x8000000000000000293174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ae7a610a9559fb2023-02-08 09:52:02.991root 11241100x8000000000000000293173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50b9040155856962023-02-08 09:52:02.991root 11241100x8000000000000000293172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d727c3650ee5a2023-02-08 09:52:02.991root 11241100x8000000000000000293171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2ce3a52cc965c2023-02-08 09:52:02.991root 11241100x8000000000000000293189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7766e80e64f0992023-02-08 09:52:02.992root 11241100x8000000000000000293188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b316dbc79ff402e82023-02-08 09:52:02.992root 11241100x8000000000000000293187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e755df1914b842023-02-08 09:52:02.992root 11241100x8000000000000000293186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b94f89ce0586d62023-02-08 09:52:02.992root 11241100x8000000000000000293185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b657555c0693dc82023-02-08 09:52:02.992root 11241100x8000000000000000293184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb065ad6fabbae262023-02-08 09:52:02.992root 11241100x8000000000000000293183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286637e76ff305262023-02-08 09:52:02.992root 11241100x8000000000000000293182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e9fd9d1abeb9f92023-02-08 09:52:02.992root 11241100x8000000000000000293181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e47bdc20b7b5962023-02-08 09:52:02.992root 11241100x8000000000000000293199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7410f4912714cc8b2023-02-08 09:52:02.993root 11241100x8000000000000000293198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa284dbb8add9be2023-02-08 09:52:02.993root 11241100x8000000000000000293197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d38938bc15dfcf2023-02-08 09:52:02.993root 11241100x8000000000000000293196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf58d62e14aecd32023-02-08 09:52:02.993root 11241100x8000000000000000293195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1999f94fbd11b1482023-02-08 09:52:02.993root 11241100x8000000000000000293194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814cefb79f6806032023-02-08 09:52:02.993root 11241100x8000000000000000293193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b72df896756d752023-02-08 09:52:02.993root 11241100x8000000000000000293192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69f08a46371359d2023-02-08 09:52:02.993root 11241100x8000000000000000293191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f409a9c100064c4d2023-02-08 09:52:02.993root 11241100x8000000000000000293190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ec803e8dd7aa7a2023-02-08 09:52:02.993root 11241100x8000000000000000293201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085208f984321832023-02-08 09:52:02.994root 11241100x8000000000000000293200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:02.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2b16abf5ac27d2023-02-08 09:52:02.994root 354300x8000000000000000293202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.194{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43496-false10.0.1.12-8000- 11241100x8000000000000000293206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e156b6286c341f2023-02-08 09:52:03.485root 11241100x8000000000000000293205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa001b5e1bdee352023-02-08 09:52:03.485root 11241100x8000000000000000293204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b441557735f192023-02-08 09:52:03.485root 11241100x8000000000000000293203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ee7605535a71722023-02-08 09:52:03.485root 11241100x8000000000000000293212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43a818028a703f62023-02-08 09:52:03.486root 11241100x8000000000000000293211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcda9c3b92af43a2023-02-08 09:52:03.486root 11241100x8000000000000000293210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ef3242a6e6709c2023-02-08 09:52:03.486root 11241100x8000000000000000293209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d6e8c385d951bd2023-02-08 09:52:03.486root 11241100x8000000000000000293208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9f831e6a4e80122023-02-08 09:52:03.486root 11241100x8000000000000000293207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d5d4a9480b0d102023-02-08 09:52:03.486root 11241100x8000000000000000293219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e182d9cf4399052023-02-08 09:52:03.487root 11241100x8000000000000000293218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d829fb2b2a6a5c72023-02-08 09:52:03.487root 11241100x8000000000000000293217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded01635db6f0ad42023-02-08 09:52:03.487root 11241100x8000000000000000293216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7fdb9d602f5e2d2023-02-08 09:52:03.487root 11241100x8000000000000000293215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e146804cd64aacb2023-02-08 09:52:03.487root 11241100x8000000000000000293214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a39cafdd8b92aa2023-02-08 09:52:03.487root 11241100x8000000000000000293213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ab80ef5abee0e2023-02-08 09:52:03.487root 11241100x8000000000000000293225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cba9bbdde991f42023-02-08 09:52:03.488root 11241100x8000000000000000293224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60299636cfa455f12023-02-08 09:52:03.488root 11241100x8000000000000000293223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b542ba59b3c8d12023-02-08 09:52:03.488root 11241100x8000000000000000293222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3cc3ab8b0949f2023-02-08 09:52:03.488root 11241100x8000000000000000293221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5953a579e8bdca432023-02-08 09:52:03.488root 11241100x8000000000000000293220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b7350b699d61752023-02-08 09:52:03.488root 11241100x8000000000000000293229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b02a496ae2e7fad2023-02-08 09:52:03.489root 11241100x8000000000000000293228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f548dd937375a562023-02-08 09:52:03.489root 11241100x8000000000000000293227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25589f64918e4922023-02-08 09:52:03.489root 11241100x8000000000000000293226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fb6b5dda49546b2023-02-08 09:52:03.489root 11241100x8000000000000000293234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc04c92ac394a5802023-02-08 09:52:03.490root 11241100x8000000000000000293233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597ac716c662f30d2023-02-08 09:52:03.490root 11241100x8000000000000000293232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103c2b5a1c0c16882023-02-08 09:52:03.490root 11241100x8000000000000000293231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dbfd6d868effdb2023-02-08 09:52:03.490root 11241100x8000000000000000293230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21b9894f0a34c5d2023-02-08 09:52:03.490root 11241100x8000000000000000293239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15e14c8b616c5c62023-02-08 09:52:03.491root 11241100x8000000000000000293238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c99b8b95d4ae012023-02-08 09:52:03.491root 11241100x8000000000000000293237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8c7feba888b2ee2023-02-08 09:52:03.491root 11241100x8000000000000000293236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4d90cfb793efce2023-02-08 09:52:03.491root 11241100x8000000000000000293235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3095e3ab1ea759852023-02-08 09:52:03.491root 11241100x8000000000000000293242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bffb2691d081d32023-02-08 09:52:03.492root 11241100x8000000000000000293241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde7f3e5bb16f97a2023-02-08 09:52:03.492root 11241100x8000000000000000293240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedc49e653a8795e2023-02-08 09:52:03.492root 11241100x8000000000000000293246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac93ad40803d90f12023-02-08 09:52:03.493root 11241100x8000000000000000293245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb965f7e3bd27072023-02-08 09:52:03.493root 11241100x8000000000000000293244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0753572fd4dec2023-02-08 09:52:03.493root 11241100x8000000000000000293243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83224df2f433473d2023-02-08 09:52:03.493root 11241100x8000000000000000293253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d7631321b37e02023-02-08 09:52:03.985root 11241100x8000000000000000293252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7d9dbc06f5aa282023-02-08 09:52:03.985root 11241100x8000000000000000293251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d31864ccb59c0ae2023-02-08 09:52:03.985root 11241100x8000000000000000293250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a12219ee3266e62023-02-08 09:52:03.985root 11241100x8000000000000000293249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effa7d25b88cf8f62023-02-08 09:52:03.985root 11241100x8000000000000000293248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c87b2f7587633862023-02-08 09:52:03.985root 11241100x8000000000000000293247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d25affaffea45e22023-02-08 09:52:03.985root 11241100x8000000000000000293262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31513bb4380e18932023-02-08 09:52:03.986root 11241100x8000000000000000293261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f7908e52f0eac2023-02-08 09:52:03.986root 11241100x8000000000000000293260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0b776e2d3a963e2023-02-08 09:52:03.986root 11241100x8000000000000000293259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5476bd9396d17a22023-02-08 09:52:03.986root 11241100x8000000000000000293258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a66310725cc4f32023-02-08 09:52:03.986root 11241100x8000000000000000293257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fdc60dffd151e22023-02-08 09:52:03.986root 11241100x8000000000000000293256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf94383ebece2442023-02-08 09:52:03.986root 11241100x8000000000000000293255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44217c83c09b8e292023-02-08 09:52:03.986root 11241100x8000000000000000293254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a2167983b79eb2023-02-08 09:52:03.986root 11241100x8000000000000000293269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0acce1c60270e882023-02-08 09:52:03.987root 11241100x8000000000000000293268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4008484cee8368132023-02-08 09:52:03.987root 11241100x8000000000000000293267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5e37a2287186ac2023-02-08 09:52:03.987root 11241100x8000000000000000293266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5701c25023f2f9f2023-02-08 09:52:03.987root 11241100x8000000000000000293265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c128e6c6294c22e62023-02-08 09:52:03.987root 11241100x8000000000000000293264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e45f1d0c509912023-02-08 09:52:03.987root 11241100x8000000000000000293263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a389ed055b429c532023-02-08 09:52:03.987root 11241100x8000000000000000293274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70948c58bc89852023-02-08 09:52:03.988root 11241100x8000000000000000293273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306d4768e3f121b2023-02-08 09:52:03.988root 11241100x8000000000000000293272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0728bacb392e66732023-02-08 09:52:03.988root 11241100x8000000000000000293271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65a4b2fe335f7b52023-02-08 09:52:03.988root 11241100x8000000000000000293270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7e3238691d3aa22023-02-08 09:52:03.988root 11241100x8000000000000000293279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c54e8cbb7f67c72023-02-08 09:52:03.989root 11241100x8000000000000000293278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc34d5a35d31cb42023-02-08 09:52:03.989root 11241100x8000000000000000293277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb26d9694c57ed22023-02-08 09:52:03.989root 11241100x8000000000000000293276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d40430cc7b13d52023-02-08 09:52:03.989root 11241100x8000000000000000293275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b79bdf8e1aa65792023-02-08 09:52:03.989root 11241100x8000000000000000293285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e3ad2555a558212023-02-08 09:52:03.990root 11241100x8000000000000000293284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af350ac15d96af422023-02-08 09:52:03.990root 11241100x8000000000000000293283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be72f6027d0b8e02023-02-08 09:52:03.990root 11241100x8000000000000000293282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e1ed17976609ab2023-02-08 09:52:03.990root 11241100x8000000000000000293281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ddc1de0e2b2ca2023-02-08 09:52:03.990root 11241100x8000000000000000293280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d835c83930ab426f2023-02-08 09:52:03.990root 11241100x8000000000000000293289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322d89d0d5a3d8082023-02-08 09:52:03.991root 11241100x8000000000000000293288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925e5436bee1edfe2023-02-08 09:52:03.991root 11241100x8000000000000000293287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c553b3f3d1fd1ab2023-02-08 09:52:03.991root 11241100x8000000000000000293286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:03.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eda717119605e02023-02-08 09:52:03.991root 11241100x8000000000000000293291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628f3da84ae0fad2023-02-08 09:52:04.484root 11241100x8000000000000000293290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5f1e3e06a94cb2023-02-08 09:52:04.484root 11241100x8000000000000000293297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444b90e41df60f6d2023-02-08 09:52:04.485root 11241100x8000000000000000293296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e178cd56e816d2082023-02-08 09:52:04.485root 11241100x8000000000000000293295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c057a690b29111c2023-02-08 09:52:04.485root 11241100x8000000000000000293294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2380988dcf96322023-02-08 09:52:04.485root 11241100x8000000000000000293293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183b0c3f45363a572023-02-08 09:52:04.485root 11241100x8000000000000000293292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a35486589c6d3a2023-02-08 09:52:04.485root 11241100x8000000000000000293306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaa95c1907613ac2023-02-08 09:52:04.486root 11241100x8000000000000000293305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365ea73d7241505a2023-02-08 09:52:04.486root 11241100x8000000000000000293304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e332f666cdb4f4822023-02-08 09:52:04.486root 11241100x8000000000000000293303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e0fdcebc6b85e62023-02-08 09:52:04.486root 11241100x8000000000000000293302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07bd0ba3d5de982023-02-08 09:52:04.486root 11241100x8000000000000000293301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecce879e9e06ed32023-02-08 09:52:04.486root 11241100x8000000000000000293300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbd6df386d47152023-02-08 09:52:04.486root 11241100x8000000000000000293299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a585e58be00f4b2023-02-08 09:52:04.486root 11241100x8000000000000000293298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156e049d84f82f222023-02-08 09:52:04.486root 11241100x8000000000000000293314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c1f146628c28352023-02-08 09:52:04.487root 11241100x8000000000000000293313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9679d2367e444ee2023-02-08 09:52:04.487root 11241100x8000000000000000293312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc77839c9cc3cac02023-02-08 09:52:04.487root 11241100x8000000000000000293311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc21d4cb1596b15c2023-02-08 09:52:04.487root 11241100x8000000000000000293310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf7be7cd8419c982023-02-08 09:52:04.487root 11241100x8000000000000000293309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939c4a25c4de06a02023-02-08 09:52:04.487root 11241100x8000000000000000293308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e01c8572fd8464d2023-02-08 09:52:04.487root 11241100x8000000000000000293307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d416bc6c3330030d2023-02-08 09:52:04.487root 11241100x8000000000000000293321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fce6badb0ef06382023-02-08 09:52:04.488root 11241100x8000000000000000293320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2412e77c342b17be2023-02-08 09:52:04.488root 11241100x8000000000000000293319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47414132e15f64ef2023-02-08 09:52:04.488root 11241100x8000000000000000293318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa83a26c81b52a082023-02-08 09:52:04.488root 11241100x8000000000000000293317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9662c61d462e5f62023-02-08 09:52:04.488root 11241100x8000000000000000293316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97265359f90bdc0d2023-02-08 09:52:04.488root 11241100x8000000000000000293315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cdac66f6f7fa3e2023-02-08 09:52:04.488root 11241100x8000000000000000293332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99bf26906b38a892023-02-08 09:52:04.489root 11241100x8000000000000000293331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492810387dc09fe2023-02-08 09:52:04.489root 11241100x8000000000000000293330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c0b4fb065aa27b2023-02-08 09:52:04.489root 11241100x8000000000000000293329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8ba7a04fac030a2023-02-08 09:52:04.489root 11241100x8000000000000000293328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04e8e3bc29aa8c92023-02-08 09:52:04.489root 11241100x8000000000000000293327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c05b5588a935c672023-02-08 09:52:04.489root 11241100x8000000000000000293326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fd5b475b0dcb242023-02-08 09:52:04.489root 11241100x8000000000000000293325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bd0431766d7dd12023-02-08 09:52:04.489root 11241100x8000000000000000293324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ac65a6ed2d8802023-02-08 09:52:04.489root 11241100x8000000000000000293323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1df4a73660d0ac2023-02-08 09:52:04.489root 11241100x8000000000000000293322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd2a74f9f9128d52023-02-08 09:52:04.489root 11241100x8000000000000000293335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8eb5dedccb81842023-02-08 09:52:04.490root 11241100x8000000000000000293334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13b6ca0839573982023-02-08 09:52:04.490root 11241100x8000000000000000293333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c1688f4b282a8a2023-02-08 09:52:04.490root 11241100x8000000000000000293336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c571d94a6e8922cb2023-02-08 09:52:04.984root 11241100x8000000000000000293342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bb12778d6948582023-02-08 09:52:04.985root 11241100x8000000000000000293341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fa6818654ab4bb2023-02-08 09:52:04.985root 11241100x8000000000000000293340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5756a66465e2158e2023-02-08 09:52:04.985root 11241100x8000000000000000293339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d803df5cd1f9db2023-02-08 09:52:04.985root 11241100x8000000000000000293338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228531ba4b1667852023-02-08 09:52:04.985root 11241100x8000000000000000293337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb26238910e742192023-02-08 09:52:04.985root 11241100x8000000000000000293345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb4803173c11f8d2023-02-08 09:52:04.986root 11241100x8000000000000000293344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32721abbcffe3eb2023-02-08 09:52:04.986root 11241100x8000000000000000293343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe236a64d06e0782023-02-08 09:52:04.986root 11241100x8000000000000000293350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05501b5c0b31de2a2023-02-08 09:52:04.987root 11241100x8000000000000000293349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b86d38962f310f2023-02-08 09:52:04.987root 11241100x8000000000000000293348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be226a14465d362023-02-08 09:52:04.987root 11241100x8000000000000000293347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36fb629afc4bcf02023-02-08 09:52:04.987root 11241100x8000000000000000293346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ace6f59f890adb82023-02-08 09:52:04.987root 11241100x8000000000000000293358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccb331e55581d622023-02-08 09:52:04.988root 11241100x8000000000000000293357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3fb0f1fbaf28262023-02-08 09:52:04.988root 11241100x8000000000000000293356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d9f0e047369a42023-02-08 09:52:04.988root 11241100x8000000000000000293355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9060a4c7c790bb2023-02-08 09:52:04.988root 11241100x8000000000000000293354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083ecb1da3381e362023-02-08 09:52:04.988root 11241100x8000000000000000293353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e9169198eff0992023-02-08 09:52:04.988root 11241100x8000000000000000293352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff5d7921cae5d672023-02-08 09:52:04.988root 11241100x8000000000000000293351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28462f32adcd18812023-02-08 09:52:04.988root 11241100x8000000000000000293366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2037f21d476ec12f2023-02-08 09:52:04.989root 11241100x8000000000000000293365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b93afa53b16c972023-02-08 09:52:04.989root 11241100x8000000000000000293364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9a77edc42bd4092023-02-08 09:52:04.989root 11241100x8000000000000000293363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92be1d4efe7233b2023-02-08 09:52:04.989root 11241100x8000000000000000293362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a228a0653713312023-02-08 09:52:04.989root 11241100x8000000000000000293361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2d75ff8e3b8f62023-02-08 09:52:04.989root 11241100x8000000000000000293360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5dee81311052b2023-02-08 09:52:04.989root 11241100x8000000000000000293359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59ec71b53fa2c4c2023-02-08 09:52:04.989root 11241100x8000000000000000293374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f99b2140cac630d2023-02-08 09:52:04.990root 11241100x8000000000000000293373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d5e69ec78e87a2023-02-08 09:52:04.990root 11241100x8000000000000000293372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a22d4ef9c61542023-02-08 09:52:04.990root 11241100x8000000000000000293371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02225cf0994b69522023-02-08 09:52:04.990root 11241100x8000000000000000293370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019a9531109ae39d2023-02-08 09:52:04.990root 11241100x8000000000000000293369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb43e75ff22e19072023-02-08 09:52:04.990root 11241100x8000000000000000293368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1162c380e0bdcc5f2023-02-08 09:52:04.990root 11241100x8000000000000000293367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe2743b3c0c94762023-02-08 09:52:04.990root 11241100x8000000000000000293382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826f6276da743af32023-02-08 09:52:04.991root 11241100x8000000000000000293381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf0fd7fc6ce2c492023-02-08 09:52:04.991root 11241100x8000000000000000293380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7a97ddd7b7f5982023-02-08 09:52:04.991root 11241100x8000000000000000293379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54044d30cde98b02023-02-08 09:52:04.991root 11241100x8000000000000000293378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea931591579dba102023-02-08 09:52:04.991root 11241100x8000000000000000293377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738c6a2c9ca5e94a2023-02-08 09:52:04.991root 11241100x8000000000000000293376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40ac3010f2e2b1c2023-02-08 09:52:04.991root 11241100x8000000000000000293375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:04.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18ca42164eea5a82023-02-08 09:52:04.991root 11241100x8000000000000000293390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aad33dca5792fb2023-02-08 09:52:05.485root 11241100x8000000000000000293389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325105202c744e892023-02-08 09:52:05.485root 11241100x8000000000000000293388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e6dae374d934842023-02-08 09:52:05.485root 11241100x8000000000000000293387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4e18778f1c46802023-02-08 09:52:05.485root 11241100x8000000000000000293386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3b6773724382b2023-02-08 09:52:05.485root 11241100x8000000000000000293385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9072a8f593d7a9cb2023-02-08 09:52:05.485root 11241100x8000000000000000293384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1eb8364c49c34132023-02-08 09:52:05.485root 11241100x8000000000000000293383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b829ca0fe802ebf32023-02-08 09:52:05.485root 11241100x8000000000000000293401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeda3bdb52d6a8e32023-02-08 09:52:05.486root 11241100x8000000000000000293400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030f409e9ef611c02023-02-08 09:52:05.486root 11241100x8000000000000000293399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1b9b98d556b9502023-02-08 09:52:05.486root 11241100x8000000000000000293398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67af9e1cee65b6c2023-02-08 09:52:05.486root 11241100x8000000000000000293397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753622f773aa94d2023-02-08 09:52:05.486root 11241100x8000000000000000293396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459b42472e7d063a2023-02-08 09:52:05.486root 11241100x8000000000000000293395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c69eebe79a467c2023-02-08 09:52:05.486root 11241100x8000000000000000293394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ed0847cbf9f9032023-02-08 09:52:05.486root 11241100x8000000000000000293393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1129108bdfda662023-02-08 09:52:05.486root 11241100x8000000000000000293392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625f9e038c9adbb2023-02-08 09:52:05.486root 11241100x8000000000000000293391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f651e3cd31b0f12023-02-08 09:52:05.486root 11241100x8000000000000000293410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddde76a210e55e82023-02-08 09:52:05.487root 11241100x8000000000000000293409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9dd3e3eb42a7f52023-02-08 09:52:05.487root 11241100x8000000000000000293408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8406c74aaac736932023-02-08 09:52:05.487root 11241100x8000000000000000293407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61107e5578fb2e12023-02-08 09:52:05.487root 11241100x8000000000000000293406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d991f9d0f3214912023-02-08 09:52:05.487root 11241100x8000000000000000293405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472cfb42045b67c12023-02-08 09:52:05.487root 11241100x8000000000000000293404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7bf528abe6b2aa2023-02-08 09:52:05.487root 11241100x8000000000000000293403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cf4ea6080509362023-02-08 09:52:05.487root 11241100x8000000000000000293402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7969c99d1cb3c1132023-02-08 09:52:05.487root 11241100x8000000000000000293421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484fc2f5a88773902023-02-08 09:52:05.488root 11241100x8000000000000000293420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f64b3c5a8216f2023-02-08 09:52:05.488root 11241100x8000000000000000293419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18b60fa8cda26c12023-02-08 09:52:05.488root 11241100x8000000000000000293418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16474b1ec50ecfa72023-02-08 09:52:05.488root 11241100x8000000000000000293417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7390956788e15abc2023-02-08 09:52:05.488root 11241100x8000000000000000293416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4e63d83de427472023-02-08 09:52:05.488root 11241100x8000000000000000293415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48ed3a0cbe8b69a2023-02-08 09:52:05.488root 11241100x8000000000000000293414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d1353e7aaaa3c52023-02-08 09:52:05.488root 11241100x8000000000000000293413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f191ff7e1f90ab2023-02-08 09:52:05.488root 11241100x8000000000000000293412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732452775249141e2023-02-08 09:52:05.488root 11241100x8000000000000000293411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8420b5eb218df282023-02-08 09:52:05.488root 11241100x8000000000000000293425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13394aa3d6689ee2023-02-08 09:52:05.489root 11241100x8000000000000000293424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b9e5c4822808222023-02-08 09:52:05.489root 11241100x8000000000000000293423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7837a20ef11b5e262023-02-08 09:52:05.489root 11241100x8000000000000000293422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0cdf79cf1870492023-02-08 09:52:05.489root 11241100x8000000000000000293434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a55698817265512023-02-08 09:52:05.985root 11241100x8000000000000000293433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d416ebfbb2415efb2023-02-08 09:52:05.985root 11241100x8000000000000000293432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f0ba89f8d03b02023-02-08 09:52:05.985root 11241100x8000000000000000293431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3383008d751177b2023-02-08 09:52:05.985root 11241100x8000000000000000293430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83157640591d7d2023-02-08 09:52:05.985root 11241100x8000000000000000293429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771fae901b1556172023-02-08 09:52:05.985root 11241100x8000000000000000293428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817a89991119b51e2023-02-08 09:52:05.985root 11241100x8000000000000000293427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fdab07bee7119f2023-02-08 09:52:05.985root 11241100x8000000000000000293426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14143fe496ca7a1f2023-02-08 09:52:05.985root 11241100x8000000000000000293447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d9c9cd240274312023-02-08 09:52:05.986root 11241100x8000000000000000293446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331f549b1d9878ad2023-02-08 09:52:05.986root 11241100x8000000000000000293445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459c08414c94feb62023-02-08 09:52:05.986root 11241100x8000000000000000293444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d2769df4e6d93f2023-02-08 09:52:05.986root 11241100x8000000000000000293443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642dcf17d058c38d2023-02-08 09:52:05.986root 11241100x8000000000000000293442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261cc47f9e71baa82023-02-08 09:52:05.986root 11241100x8000000000000000293441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5516ec8b86d92e22023-02-08 09:52:05.986root 11241100x8000000000000000293440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d50c7f29dda48eb2023-02-08 09:52:05.986root 11241100x8000000000000000293439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0253fb9775d9e32023-02-08 09:52:05.986root 11241100x8000000000000000293438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b1e3efa11157202023-02-08 09:52:05.986root 11241100x8000000000000000293437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f20ec4723682a82023-02-08 09:52:05.986root 11241100x8000000000000000293436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94095c33398cc2c72023-02-08 09:52:05.986root 11241100x8000000000000000293435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d820038feed8a562023-02-08 09:52:05.986root 11241100x8000000000000000293454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccb5391d7fcb16e2023-02-08 09:52:05.987root 11241100x8000000000000000293453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d530f9efc794be02023-02-08 09:52:05.987root 11241100x8000000000000000293452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9466907e1fabe1a32023-02-08 09:52:05.987root 11241100x8000000000000000293451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920a850da644a4d2023-02-08 09:52:05.987root 11241100x8000000000000000293450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3de8113c81204002023-02-08 09:52:05.987root 11241100x8000000000000000293449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be568042d32cac612023-02-08 09:52:05.987root 11241100x8000000000000000293448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b509019c35b86642023-02-08 09:52:05.987root 11241100x8000000000000000293455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f7ba2f2651aabb2023-02-08 09:52:05.989root 11241100x8000000000000000293460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d307ddb59f5d702023-02-08 09:52:05.990root 11241100x8000000000000000293459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f061856a36f671f42023-02-08 09:52:05.990root 11241100x8000000000000000293458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e91d8311af082d2023-02-08 09:52:05.990root 11241100x8000000000000000293457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edfbc5a45ae786b2023-02-08 09:52:05.990root 11241100x8000000000000000293456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdc51944b0170822023-02-08 09:52:05.990root 11241100x8000000000000000293467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1f5b3b48e916792023-02-08 09:52:05.991root 11241100x8000000000000000293466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbd3981f57e0ad32023-02-08 09:52:05.991root 11241100x8000000000000000293465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab0ed84501893c62023-02-08 09:52:05.991root 11241100x8000000000000000293464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f27037e90fc6bd22023-02-08 09:52:05.991root 11241100x8000000000000000293463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd354523861f22c2023-02-08 09:52:05.991root 11241100x8000000000000000293462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e70e51be6030f2023-02-08 09:52:05.991root 11241100x8000000000000000293461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:05.991{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b59d49a2225062023-02-08 09:52:05.991root 11241100x8000000000000000293468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:52:06.361root 11241100x8000000000000000293480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c522651285b4396f2023-02-08 09:52:06.362root 11241100x8000000000000000293479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d684790da18e5802023-02-08 09:52:06.362root 11241100x8000000000000000293478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd817bb974547f82023-02-08 09:52:06.362root 11241100x8000000000000000293477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c176a7ae93d6ab2023-02-08 09:52:06.362root 11241100x8000000000000000293476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c048dc99dfeca92023-02-08 09:52:06.362root 11241100x8000000000000000293475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36e0aa7115557602023-02-08 09:52:06.362root 11241100x8000000000000000293474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f155ed67cfe2fa2023-02-08 09:52:06.362root 11241100x8000000000000000293473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99bb09db92d237a2023-02-08 09:52:06.362root 11241100x8000000000000000293472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624fb425eff8ba962023-02-08 09:52:06.362root 11241100x8000000000000000293471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43398d2456162e722023-02-08 09:52:06.362root 11241100x8000000000000000293470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2cc55475fec6332023-02-08 09:52:06.362root 11241100x8000000000000000293469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4631a1b7ae493f2f2023-02-08 09:52:06.362root 11241100x8000000000000000293489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa91355a61ccfa2023-02-08 09:52:06.363root 11241100x8000000000000000293488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab5a0cee7c6e5ec2023-02-08 09:52:06.363root 11241100x8000000000000000293487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4ff8cfc8cc7fa72023-02-08 09:52:06.363root 11241100x8000000000000000293486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b86e6132ea07c62023-02-08 09:52:06.363root 11241100x8000000000000000293485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a8300e901b78452023-02-08 09:52:06.363root 11241100x8000000000000000293484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fc53d58f4f485a2023-02-08 09:52:06.363root 11241100x8000000000000000293483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60bbd0cf088efe52023-02-08 09:52:06.363root 11241100x8000000000000000293482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae856855e644b3292023-02-08 09:52:06.363root 11241100x8000000000000000293481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2309ead99b37972023-02-08 09:52:06.363root 11241100x8000000000000000293500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3cbe456a67d9c92023-02-08 09:52:06.364root 11241100x8000000000000000293499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2d7624f743634a2023-02-08 09:52:06.364root 11241100x8000000000000000293498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed8d7718c683bc62023-02-08 09:52:06.364root 11241100x8000000000000000293497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5561e95a9d7a164f2023-02-08 09:52:06.364root 11241100x8000000000000000293496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9dc061c21a76e7f2023-02-08 09:52:06.364root 11241100x8000000000000000293495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572a825696fd00982023-02-08 09:52:06.364root 11241100x8000000000000000293494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319ecdb860a878ac2023-02-08 09:52:06.364root 11241100x8000000000000000293493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0522afac80f2bc1b2023-02-08 09:52:06.364root 11241100x8000000000000000293492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d607a4859e50a7062023-02-08 09:52:06.364root 11241100x8000000000000000293491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca6071511bded492023-02-08 09:52:06.364root 11241100x8000000000000000293490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.364{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e91612fbd820272023-02-08 09:52:06.364root 11241100x8000000000000000293510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b1ba7e806909f52023-02-08 09:52:06.365root 11241100x8000000000000000293509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58b13e53d0c38032023-02-08 09:52:06.365root 11241100x8000000000000000293508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa72a8b07cf5c2da2023-02-08 09:52:06.365root 11241100x8000000000000000293507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c894b52f48bec842023-02-08 09:52:06.365root 11241100x8000000000000000293506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cee3d07652541f2023-02-08 09:52:06.365root 11241100x8000000000000000293505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524ab2fdfa2f96382023-02-08 09:52:06.365root 11241100x8000000000000000293504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe90d39c8607fd062023-02-08 09:52:06.365root 11241100x8000000000000000293503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd4803641b472032023-02-08 09:52:06.365root 11241100x8000000000000000293502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4d14cc69f893582023-02-08 09:52:06.365root 11241100x8000000000000000293501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.365{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749ff7cb655cf2c02023-02-08 09:52:06.365root 11241100x8000000000000000293525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f00e93bca20f152023-02-08 09:52:06.366root 11241100x8000000000000000293524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15631210a65cd392023-02-08 09:52:06.366root 11241100x8000000000000000293523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab2e21b0462060d2023-02-08 09:52:06.366root 11241100x8000000000000000293522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198584eeaba6c562023-02-08 09:52:06.366root 11241100x8000000000000000293521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5902732608e518282023-02-08 09:52:06.366root 11241100x8000000000000000293520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefcf8cee8bbb4902023-02-08 09:52:06.366root 11241100x8000000000000000293519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a386f499e66ac7682023-02-08 09:52:06.366root 11241100x8000000000000000293518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce637e10acddf9e2023-02-08 09:52:06.366root 11241100x8000000000000000293517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7465d3a48c9878b2023-02-08 09:52:06.366root 11241100x8000000000000000293516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5d2395744ec0322023-02-08 09:52:06.366root 11241100x8000000000000000293515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa06d302671750272023-02-08 09:52:06.366root 11241100x8000000000000000293514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5dae74f44f18512023-02-08 09:52:06.366root 11241100x8000000000000000293513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd6d0a2e2afa77b2023-02-08 09:52:06.366root 11241100x8000000000000000293512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c0f40eb4f1f1a52023-02-08 09:52:06.366root 11241100x8000000000000000293511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.366{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa70581e34b8ee2d2023-02-08 09:52:06.366root 11241100x8000000000000000293526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.367{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22fc311e5dbc9412023-02-08 09:52:06.367root 11241100x8000000000000000293535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb8bab1f02555b22023-02-08 09:52:06.735root 11241100x8000000000000000293534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cffb0f3ec9148c92023-02-08 09:52:06.735root 11241100x8000000000000000293533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4651e12dfbaa962023-02-08 09:52:06.735root 11241100x8000000000000000293532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9be0ad93da3a92023-02-08 09:52:06.735root 11241100x8000000000000000293531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739d321cab625e312023-02-08 09:52:06.735root 11241100x8000000000000000293530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7b2516fff9778b2023-02-08 09:52:06.735root 11241100x8000000000000000293529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafffec5fc90627f2023-02-08 09:52:06.735root 11241100x8000000000000000293528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fbe9412e72f2462023-02-08 09:52:06.735root 11241100x8000000000000000293527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aee3068b48fcfe2023-02-08 09:52:06.735root 11241100x8000000000000000293541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196a00458207a2492023-02-08 09:52:06.736root 11241100x8000000000000000293540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b4fccc674b75072023-02-08 09:52:06.736root 11241100x8000000000000000293539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bd03599fb08e5c2023-02-08 09:52:06.736root 11241100x8000000000000000293538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cfbc564bee324b2023-02-08 09:52:06.736root 11241100x8000000000000000293537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2cbbd9275949872023-02-08 09:52:06.736root 11241100x8000000000000000293536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90de0e3249a0ded2023-02-08 09:52:06.736root 11241100x8000000000000000293542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98df136e913f188c2023-02-08 09:52:06.738root 11241100x8000000000000000293551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba527c9a90ff3ad72023-02-08 09:52:06.739root 11241100x8000000000000000293550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca41a967a411970a2023-02-08 09:52:06.739root 11241100x8000000000000000293549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d29ee30ff7b42e2023-02-08 09:52:06.739root 11241100x8000000000000000293548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c643e9c06825d212023-02-08 09:52:06.739root 11241100x8000000000000000293547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5950b3272a733dfe2023-02-08 09:52:06.739root 11241100x8000000000000000293546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36583d4aa4e655df2023-02-08 09:52:06.739root 11241100x8000000000000000293545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0732dbe5740d242023-02-08 09:52:06.739root 11241100x8000000000000000293544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead867bbdd004472023-02-08 09:52:06.739root 11241100x8000000000000000293543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031228114617042f2023-02-08 09:52:06.739root 11241100x8000000000000000293552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fc75076ec6130f2023-02-08 09:52:06.740root 11241100x8000000000000000293557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07449db723043d5c2023-02-08 09:52:06.741root 11241100x8000000000000000293556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981a8802041eb8322023-02-08 09:52:06.741root 11241100x8000000000000000293555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46515b960a24e6732023-02-08 09:52:06.741root 11241100x8000000000000000293554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b86499423b28842023-02-08 09:52:06.741root 11241100x8000000000000000293553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec852d37425b532023-02-08 09:52:06.741root 11241100x8000000000000000293566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fd3d1ede8790412023-02-08 09:52:06.742root 11241100x8000000000000000293565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48189e0e9c4200f2023-02-08 09:52:06.742root 11241100x8000000000000000293564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0ca3981c4400022023-02-08 09:52:06.742root 11241100x8000000000000000293563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2cd9179135e36e2023-02-08 09:52:06.742root 11241100x8000000000000000293562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d512c43b2fc364d2023-02-08 09:52:06.742root 11241100x8000000000000000293561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc1a2943128d9ef2023-02-08 09:52:06.742root 11241100x8000000000000000293560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22001e897a961532023-02-08 09:52:06.742root 11241100x8000000000000000293559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ffa3bcc47f07242023-02-08 09:52:06.742root 11241100x8000000000000000293558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60cfcb05daade882023-02-08 09:52:06.742root 11241100x8000000000000000293571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c5cf5f1ce278a2023-02-08 09:52:06.743root 11241100x8000000000000000293570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f834b1b8675382023-02-08 09:52:06.743root 11241100x8000000000000000293569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd405cf08a1aee82023-02-08 09:52:06.743root 11241100x8000000000000000293568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efeef734208255b2023-02-08 09:52:06.743root 11241100x8000000000000000293567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a643f10875431e642023-02-08 09:52:06.743root 354300x8000000000000000293572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:06.753{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-46022-false10.0.1.12-8089- 11241100x8000000000000000293573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82de4d9a35de44202023-02-08 09:52:07.234root 11241100x8000000000000000293577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadefe40e4c6374c2023-02-08 09:52:07.235root 11241100x8000000000000000293576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5def977b225ccb92023-02-08 09:52:07.235root 11241100x8000000000000000293575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b2ec5d58eca6632023-02-08 09:52:07.235root 11241100x8000000000000000293574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582079bb061f00002023-02-08 09:52:07.235root 11241100x8000000000000000293582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b321504c93ad2c2023-02-08 09:52:07.236root 11241100x8000000000000000293581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e9dd6f40aaf2082023-02-08 09:52:07.236root 11241100x8000000000000000293580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dca37f9645d9b52023-02-08 09:52:07.236root 11241100x8000000000000000293579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f532cbf8d14ad2023-02-08 09:52:07.236root 11241100x8000000000000000293578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647907acd97024fe2023-02-08 09:52:07.236root 11241100x8000000000000000293587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213bdbc08faca07b2023-02-08 09:52:07.237root 11241100x8000000000000000293586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccee205c957eaa302023-02-08 09:52:07.237root 11241100x8000000000000000293585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adef16c720b6ac1d2023-02-08 09:52:07.237root 11241100x8000000000000000293584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f866edb34c100df2023-02-08 09:52:07.237root 11241100x8000000000000000293583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbce4febbc271c292023-02-08 09:52:07.237root 11241100x8000000000000000293589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f37799ecfa651e2023-02-08 09:52:07.238root 11241100x8000000000000000293588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a664feaae7076f22023-02-08 09:52:07.238root 11241100x8000000000000000293593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b55408972ee532023-02-08 09:52:07.239root 11241100x8000000000000000293592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43214f6e3afa6172023-02-08 09:52:07.239root 11241100x8000000000000000293591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822566168f73c3ed2023-02-08 09:52:07.239root 11241100x8000000000000000293590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e61805cd243ecc2023-02-08 09:52:07.239root 11241100x8000000000000000293594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.241{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2baed2b3d8ae02023-02-08 09:52:07.241root 11241100x8000000000000000293610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08236a94576a4262023-02-08 09:52:07.242root 11241100x8000000000000000293609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6d0d60159ccb252023-02-08 09:52:07.242root 11241100x8000000000000000293608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654a2228e575603d2023-02-08 09:52:07.242root 11241100x8000000000000000293607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e133cd5b415880c02023-02-08 09:52:07.242root 11241100x8000000000000000293606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb2c25fbc29fc8b2023-02-08 09:52:07.242root 11241100x8000000000000000293605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a00527fc9f9bfc2023-02-08 09:52:07.242root 11241100x8000000000000000293604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fcaa466220f6e22023-02-08 09:52:07.242root 11241100x8000000000000000293603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17ca609b74cc5242023-02-08 09:52:07.242root 11241100x8000000000000000293602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfeba3a70f2c0e162023-02-08 09:52:07.242root 11241100x8000000000000000293601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471e4c4b2213635e2023-02-08 09:52:07.242root 11241100x8000000000000000293600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfb383fd22d52632023-02-08 09:52:07.242root 11241100x8000000000000000293599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179b4c2c88e0b6292023-02-08 09:52:07.242root 11241100x8000000000000000293598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16a1cc2931c25302023-02-08 09:52:07.242root 11241100x8000000000000000293597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538d6383f245dae2023-02-08 09:52:07.242root 11241100x8000000000000000293596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e860cb6255f1b82023-02-08 09:52:07.242root 11241100x8000000000000000293595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3804b380c4d79dd22023-02-08 09:52:07.242root 11241100x8000000000000000293620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a0e50c86dac06a2023-02-08 09:52:07.243root 11241100x8000000000000000293619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34188cf8e986f5b32023-02-08 09:52:07.243root 11241100x8000000000000000293618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c0159176ed82572023-02-08 09:52:07.243root 11241100x8000000000000000293617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c327f0c8c7ff822023-02-08 09:52:07.243root 11241100x8000000000000000293616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce8b67d3fc839a42023-02-08 09:52:07.243root 11241100x8000000000000000293615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26c00c1b0dfe5332023-02-08 09:52:07.243root 11241100x8000000000000000293614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef2dd1c8061be1f2023-02-08 09:52:07.243root 11241100x8000000000000000293613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f4ca9e316fe4c2023-02-08 09:52:07.243root 11241100x8000000000000000293612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccdbe7197aac4652023-02-08 09:52:07.243root 11241100x8000000000000000293611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e779b5546f86152023-02-08 09:52:07.243root 11241100x8000000000000000293622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f20cc7ded8d342023-02-08 09:52:07.734root 11241100x8000000000000000293621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebf075ee6c382602023-02-08 09:52:07.734root 11241100x8000000000000000293627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd23d4fea4f4231c2023-02-08 09:52:07.735root 11241100x8000000000000000293626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4fd5248aabdd642023-02-08 09:52:07.735root 11241100x8000000000000000293625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b05675422fcc212023-02-08 09:52:07.735root 11241100x8000000000000000293624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d61516db883562023-02-08 09:52:07.735root 11241100x8000000000000000293623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8197f7b1876ee462023-02-08 09:52:07.735root 11241100x8000000000000000293631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9c6a6bfa6b18a2023-02-08 09:52:07.736root 11241100x8000000000000000293630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16806656eb009c132023-02-08 09:52:07.736root 11241100x8000000000000000293629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9b8c53adb738e62023-02-08 09:52:07.736root 11241100x8000000000000000293628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b22164ff404ec12023-02-08 09:52:07.736root 11241100x8000000000000000293634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb8a317eadec2fe2023-02-08 09:52:07.737root 11241100x8000000000000000293633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de39571310aed982023-02-08 09:52:07.737root 11241100x8000000000000000293632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364b4e6ec187fb4f2023-02-08 09:52:07.737root 11241100x8000000000000000293635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6a1c003537d18b2023-02-08 09:52:07.738root 11241100x8000000000000000293636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e14ac7304d3b912023-02-08 09:52:07.739root 11241100x8000000000000000293642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d160e6c4f39de3cb2023-02-08 09:52:07.740root 11241100x8000000000000000293641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0b0df2feb705272023-02-08 09:52:07.740root 11241100x8000000000000000293640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f46bb879ecc5b42023-02-08 09:52:07.740root 11241100x8000000000000000293639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80069ae6997e9b42023-02-08 09:52:07.740root 11241100x8000000000000000293638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb66166a66a5b97e2023-02-08 09:52:07.740root 11241100x8000000000000000293637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e299b24c55fb5de2023-02-08 09:52:07.740root 11241100x8000000000000000293647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd7ae787594e6ca2023-02-08 09:52:07.741root 11241100x8000000000000000293646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec8edf1069030052023-02-08 09:52:07.741root 11241100x8000000000000000293645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e2fa948e605ec2023-02-08 09:52:07.741root 11241100x8000000000000000293644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d1a4533fc817e2023-02-08 09:52:07.741root 11241100x8000000000000000293643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1096fe3c618edd2023-02-08 09:52:07.741root 11241100x8000000000000000293657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef7a3c998daab072023-02-08 09:52:07.746root 11241100x8000000000000000293656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3581eceb345f70ee2023-02-08 09:52:07.746root 11241100x8000000000000000293655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e0af658bd1b3242023-02-08 09:52:07.746root 11241100x8000000000000000293654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4cbc17ad0806092023-02-08 09:52:07.746root 11241100x8000000000000000293653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95755319f4efc5b2023-02-08 09:52:07.746root 11241100x8000000000000000293652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c6fe2c6140ccc2023-02-08 09:52:07.746root 11241100x8000000000000000293651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12f33c90f97c2632023-02-08 09:52:07.746root 11241100x8000000000000000293650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc6b191098d8832023-02-08 09:52:07.746root 11241100x8000000000000000293649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0bbddaea3d87a32023-02-08 09:52:07.746root 11241100x8000000000000000293648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.746{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ffaa439e8538ed2023-02-08 09:52:07.746root 11241100x8000000000000000293667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858bb100500a8bd82023-02-08 09:52:07.747root 11241100x8000000000000000293666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93606d5132536f92023-02-08 09:52:07.747root 11241100x8000000000000000293665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b991d6717613712023-02-08 09:52:07.747root 11241100x8000000000000000293664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d256c439565599152023-02-08 09:52:07.747root 11241100x8000000000000000293663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1041c5d0e5db02023-02-08 09:52:07.747root 11241100x8000000000000000293662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35ca631d67c2462023-02-08 09:52:07.747root 11241100x8000000000000000293661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a76e8c5ad295952023-02-08 09:52:07.747root 11241100x8000000000000000293660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6566b770dafc9bae2023-02-08 09:52:07.747root 11241100x8000000000000000293659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df7883d2aef340e2023-02-08 09:52:07.747root 11241100x8000000000000000293658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.747{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687c58273b3239d2023-02-08 09:52:07.747root 11241100x8000000000000000293670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355176d72fb8c8cd2023-02-08 09:52:07.748root 11241100x8000000000000000293669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60bdcbf265c88f62023-02-08 09:52:07.748root 11241100x8000000000000000293668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:07.748{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a7bec41f83b9612023-02-08 09:52:07.748root 11241100x8000000000000000293679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a718819c4a4d73d2023-02-08 09:52:08.235root 11241100x8000000000000000293678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907186d783c7cd862023-02-08 09:52:08.235root 11241100x8000000000000000293677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dbc97d107261ce2023-02-08 09:52:08.235root 11241100x8000000000000000293676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6062fc69333c212023-02-08 09:52:08.235root 11241100x8000000000000000293675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa6aa915b0932892023-02-08 09:52:08.235root 11241100x8000000000000000293674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1e964c4f2415382023-02-08 09:52:08.235root 11241100x8000000000000000293673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0d7a414d0891f22023-02-08 09:52:08.235root 11241100x8000000000000000293672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c386976f2699ec2023-02-08 09:52:08.235root 11241100x8000000000000000293671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa003d08196b6c32023-02-08 09:52:08.235root 11241100x8000000000000000293690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2574c3ac054265e2023-02-08 09:52:08.236root 11241100x8000000000000000293689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041520046decb0e92023-02-08 09:52:08.236root 11241100x8000000000000000293688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1d9634a4e14a932023-02-08 09:52:08.236root 11241100x8000000000000000293687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe876532b84f8d882023-02-08 09:52:08.236root 11241100x8000000000000000293686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ee51e24dfd095a2023-02-08 09:52:08.236root 11241100x8000000000000000293685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe4ffd3eeb5ec0f2023-02-08 09:52:08.236root 11241100x8000000000000000293684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a200577593e7509c2023-02-08 09:52:08.236root 11241100x8000000000000000293683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f99f1c7b3356442023-02-08 09:52:08.236root 11241100x8000000000000000293682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14de13c873e0b0382023-02-08 09:52:08.236root 11241100x8000000000000000293681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5327f33e1fc13e42023-02-08 09:52:08.236root 11241100x8000000000000000293680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c92da9aa5276b922023-02-08 09:52:08.236root 11241100x8000000000000000293699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac418991a31c432023-02-08 09:52:08.237root 11241100x8000000000000000293698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918289cd5a41c0832023-02-08 09:52:08.237root 11241100x8000000000000000293697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd8265e1aa0b8432023-02-08 09:52:08.237root 11241100x8000000000000000293696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac7ef42f83ce6302023-02-08 09:52:08.237root 11241100x8000000000000000293695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b632d4737c47e2023-02-08 09:52:08.237root 11241100x8000000000000000293694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8133729de36fdd112023-02-08 09:52:08.237root 11241100x8000000000000000293693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da714f626eefb3912023-02-08 09:52:08.237root 11241100x8000000000000000293692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384a09225ef0a9e2023-02-08 09:52:08.237root 11241100x8000000000000000293691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c763d5c17a3ef42023-02-08 09:52:08.237root 11241100x8000000000000000293704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d4f692cbc4cab2023-02-08 09:52:08.238root 11241100x8000000000000000293703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdbc1142328461d2023-02-08 09:52:08.238root 11241100x8000000000000000293702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df65d96df0a70b002023-02-08 09:52:08.238root 11241100x8000000000000000293701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659b391dc9f95c152023-02-08 09:52:08.238root 11241100x8000000000000000293700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69123d4666a4ce592023-02-08 09:52:08.238root 11241100x8000000000000000293710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb7710c4c80ff422023-02-08 09:52:08.239root 11241100x8000000000000000293709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba6a22fe6c28f62023-02-08 09:52:08.239root 11241100x8000000000000000293708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197f826ebb365822023-02-08 09:52:08.239root 11241100x8000000000000000293707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a1965da17f19292023-02-08 09:52:08.239root 11241100x8000000000000000293706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd21076286afa2882023-02-08 09:52:08.239root 11241100x8000000000000000293705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eef2c8b024746e2023-02-08 09:52:08.239root 11241100x8000000000000000293714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472683c582e039a2023-02-08 09:52:08.240root 11241100x8000000000000000293713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e08b51dc191102023-02-08 09:52:08.240root 11241100x8000000000000000293712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3750a584ad64bf2023-02-08 09:52:08.240root 11241100x8000000000000000293711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dc9eff7f6981aa2023-02-08 09:52:08.240root 11241100x8000000000000000293719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48adc9cb8d0d4d2d2023-02-08 09:52:08.734root 11241100x8000000000000000293718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eb1e61eec079232023-02-08 09:52:08.734root 11241100x8000000000000000293717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cc8855c5777c6f2023-02-08 09:52:08.734root 11241100x8000000000000000293716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a18059bb8cd9782023-02-08 09:52:08.734root 11241100x8000000000000000293715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c10291729b2aab2023-02-08 09:52:08.734root 11241100x8000000000000000293726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fe3d6a25d8a3cf2023-02-08 09:52:08.735root 11241100x8000000000000000293725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c05769bc9a1ef2023-02-08 09:52:08.735root 11241100x8000000000000000293724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4e4c180b66ad472023-02-08 09:52:08.735root 11241100x8000000000000000293723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ea0fba3572f4072023-02-08 09:52:08.735root 11241100x8000000000000000293722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfce07c4a719d382023-02-08 09:52:08.735root 11241100x8000000000000000293721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e29611e1f95e4f2023-02-08 09:52:08.735root 11241100x8000000000000000293720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839512819e4b5f492023-02-08 09:52:08.735root 11241100x8000000000000000293733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315c4401afc3df422023-02-08 09:52:08.736root 11241100x8000000000000000293732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f4d359f5d245ec2023-02-08 09:52:08.736root 11241100x8000000000000000293731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3673da03c5d97e2023-02-08 09:52:08.736root 11241100x8000000000000000293730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cb91ef76b9a8232023-02-08 09:52:08.736root 11241100x8000000000000000293729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fb85cbe5fff6e02023-02-08 09:52:08.736root 11241100x8000000000000000293728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cafb2a2b42deb82023-02-08 09:52:08.736root 11241100x8000000000000000293727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e37d4c60713612023-02-08 09:52:08.736root 11241100x8000000000000000293738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed68564541bf6692023-02-08 09:52:08.737root 11241100x8000000000000000293737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33632366804898682023-02-08 09:52:08.737root 11241100x8000000000000000293736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b702ddf1b262d42023-02-08 09:52:08.737root 11241100x8000000000000000293735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a1b6fd23baf6182023-02-08 09:52:08.737root 11241100x8000000000000000293734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f18f18cbddcb4032023-02-08 09:52:08.737root 11241100x8000000000000000293743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec2dc9f7c5ef6c72023-02-08 09:52:08.738root 11241100x8000000000000000293742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d6e603426f38f2023-02-08 09:52:08.738root 11241100x8000000000000000293741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9843b816b4c4807b2023-02-08 09:52:08.738root 11241100x8000000000000000293740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62207fc4f7311962023-02-08 09:52:08.738root 11241100x8000000000000000293739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99577f72eedec5202023-02-08 09:52:08.738root 11241100x8000000000000000293749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701825f32e3615c82023-02-08 09:52:08.739root 11241100x8000000000000000293748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf070c74e227a6b62023-02-08 09:52:08.739root 11241100x8000000000000000293747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4caaf11338976222023-02-08 09:52:08.739root 11241100x8000000000000000293746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604736c642584a2c2023-02-08 09:52:08.739root 11241100x8000000000000000293745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3f7fe9b0bd76ea2023-02-08 09:52:08.739root 11241100x8000000000000000293744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda551ac3be7f9522023-02-08 09:52:08.739root 11241100x8000000000000000293755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd35ca4dfd1bb352023-02-08 09:52:08.740root 11241100x8000000000000000293754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16001f7e81d9b4712023-02-08 09:52:08.740root 11241100x8000000000000000293753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df388aed5ec937fd2023-02-08 09:52:08.740root 11241100x8000000000000000293752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b156fafb6d9322023-02-08 09:52:08.740root 11241100x8000000000000000293751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f02012a52cfd0a2023-02-08 09:52:08.740root 11241100x8000000000000000293750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3035bb2d157c8d6b2023-02-08 09:52:08.740root 11241100x8000000000000000293758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a901bcc07c67f2023-02-08 09:52:08.741root 11241100x8000000000000000293757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65d2a7b03c976d62023-02-08 09:52:08.741root 11241100x8000000000000000293756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:08.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a03e7bcdf8c435c2023-02-08 09:52:08.741root 354300x8000000000000000293759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.188{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35278-false10.0.1.12-8000- 11241100x8000000000000000293766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242f18edacea5ee2023-02-08 09:52:09.189root 11241100x8000000000000000293765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e464ce0a6b05a42023-02-08 09:52:09.189root 11241100x8000000000000000293764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.459892d3f74fbac22023-02-08 09:52:09.189root 11241100x8000000000000000293763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285c8bd3c4e23ba42023-02-08 09:52:09.189root 11241100x8000000000000000293762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ded61758582e442023-02-08 09:52:09.189root 11241100x8000000000000000293761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d0435aabdbe9612023-02-08 09:52:09.189root 11241100x8000000000000000293760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.189{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74ee425e2a94472023-02-08 09:52:09.189root 11241100x8000000000000000293773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1bd5b7b4abb5072023-02-08 09:52:09.190root 11241100x8000000000000000293772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0930e94bc7d33c2023-02-08 09:52:09.190root 11241100x8000000000000000293771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e419c2192ca105c32023-02-08 09:52:09.190root 11241100x8000000000000000293770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1471abbb5c6a0e732023-02-08 09:52:09.190root 11241100x8000000000000000293769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39217f09e0b8e94b2023-02-08 09:52:09.190root 11241100x8000000000000000293768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3807c5152850f85a2023-02-08 09:52:09.190root 11241100x8000000000000000293767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.190{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9572c5f7c1c3d42023-02-08 09:52:09.190root 11241100x8000000000000000293779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0e9f0f206b00f82023-02-08 09:52:09.191root 11241100x8000000000000000293778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8a74e73d4118962023-02-08 09:52:09.191root 11241100x8000000000000000293777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c85c891c0107b02023-02-08 09:52:09.191root 11241100x8000000000000000293776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef7e88fd5ebdd292023-02-08 09:52:09.191root 11241100x8000000000000000293775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75be0741466bb7eb2023-02-08 09:52:09.191root 11241100x8000000000000000293774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.191{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd043e8dc8217ed62023-02-08 09:52:09.191root 11241100x8000000000000000293787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f943d7f8d41592b2023-02-08 09:52:09.192root 11241100x8000000000000000293786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5914d88ba82db02023-02-08 09:52:09.192root 11241100x8000000000000000293785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e025d8749aec92742023-02-08 09:52:09.192root 11241100x8000000000000000293784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1de07a89823ba2023-02-08 09:52:09.192root 11241100x8000000000000000293783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785f96099ef53b822023-02-08 09:52:09.192root 11241100x8000000000000000293782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018db45c46cc55e22023-02-08 09:52:09.192root 11241100x8000000000000000293781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315e1068755d65132023-02-08 09:52:09.192root 11241100x8000000000000000293780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.192{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d877f4487426f1e2023-02-08 09:52:09.192root 11241100x8000000000000000293799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca6d626ce732fa2023-02-08 09:52:09.193root 11241100x8000000000000000293798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48745cec170431702023-02-08 09:52:09.193root 11241100x8000000000000000293797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04c39fa99aa802b2023-02-08 09:52:09.193root 11241100x8000000000000000293796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760a97f2a78986de2023-02-08 09:52:09.193root 11241100x8000000000000000293795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60bd0de52ec36e62023-02-08 09:52:09.193root 11241100x8000000000000000293794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f97699fb6cda3f32023-02-08 09:52:09.193root 11241100x8000000000000000293793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85238d5a0c976dc2023-02-08 09:52:09.193root 11241100x8000000000000000293792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369546fed87c40832023-02-08 09:52:09.193root 11241100x8000000000000000293791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664e32bbfda95dd12023-02-08 09:52:09.193root 11241100x8000000000000000293790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957d0cbbfa4d4c8f2023-02-08 09:52:09.193root 11241100x8000000000000000293789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665ac891ec6043aa2023-02-08 09:52:09.193root 11241100x8000000000000000293788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.193{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd8e7065c2b1fe62023-02-08 09:52:09.193root 11241100x8000000000000000293812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b683ca453b48ec2023-02-08 09:52:09.194root 11241100x8000000000000000293811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16fc2280896b0e32023-02-08 09:52:09.194root 11241100x8000000000000000293810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d589006f927074902023-02-08 09:52:09.194root 11241100x8000000000000000293809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4544beb4605accff2023-02-08 09:52:09.194root 11241100x8000000000000000293808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2c1eec2015f7a52023-02-08 09:52:09.194root 11241100x8000000000000000293807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d292d6e97b0c0a692023-02-08 09:52:09.194root 11241100x8000000000000000293806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea1a6ec68b630b02023-02-08 09:52:09.194root 11241100x8000000000000000293805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d509e910d680b272023-02-08 09:52:09.194root 11241100x8000000000000000293804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b04b42020437982023-02-08 09:52:09.194root 11241100x8000000000000000293803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721f3e75063140b82023-02-08 09:52:09.194root 11241100x8000000000000000293802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc87baf464ed67552023-02-08 09:52:09.194root 11241100x8000000000000000293801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b95107c156635f2023-02-08 09:52:09.194root 11241100x8000000000000000293800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.194{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacfb0096d0c3d5e2023-02-08 09:52:09.194root 11241100x8000000000000000293817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.195{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3fc9c4e8c9ed452023-02-08 09:52:09.195root 11241100x8000000000000000293816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.195{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2955145d86726fe12023-02-08 09:52:09.195root 11241100x8000000000000000293815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.195{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f362470f725d70a2023-02-08 09:52:09.195root 11241100x8000000000000000293814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.195{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6f4f6edc3406e62023-02-08 09:52:09.195root 11241100x8000000000000000293813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.195{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8bcad12ed69e02023-02-08 09:52:09.195root 23542300x8000000000000000293818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.362{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000293824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b349e4e9fe15a32023-02-08 09:52:09.485root 11241100x8000000000000000293823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf242d82508c74982023-02-08 09:52:09.485root 11241100x8000000000000000293822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc07f63a6c8b8782023-02-08 09:52:09.485root 11241100x8000000000000000293821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d97ebcd28713512023-02-08 09:52:09.485root 11241100x8000000000000000293820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8548ab00fbcc31e02023-02-08 09:52:09.485root 11241100x8000000000000000293819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e96693b0a754462023-02-08 09:52:09.485root 11241100x8000000000000000293830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866917a28705ee242023-02-08 09:52:09.486root 11241100x8000000000000000293829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86fdf84943fb4702023-02-08 09:52:09.486root 11241100x8000000000000000293828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbef8e33617a99b82023-02-08 09:52:09.486root 11241100x8000000000000000293827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6ffe6a7e062be12023-02-08 09:52:09.486root 11241100x8000000000000000293826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5513b6dca5e3a82023-02-08 09:52:09.486root 11241100x8000000000000000293825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35ac5e4a3e533702023-02-08 09:52:09.486root 11241100x8000000000000000293835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc70db9788fc6d332023-02-08 09:52:09.487root 11241100x8000000000000000293834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f557424a5668ebea2023-02-08 09:52:09.487root 11241100x8000000000000000293833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f807a35a5437cf2023-02-08 09:52:09.487root 11241100x8000000000000000293832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8645f85b303b522023-02-08 09:52:09.487root 11241100x8000000000000000293831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f26f49c282c7572023-02-08 09:52:09.487root 11241100x8000000000000000293841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6914c569a908b9e82023-02-08 09:52:09.488root 11241100x8000000000000000293840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018946408755939e2023-02-08 09:52:09.488root 11241100x8000000000000000293839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3907cf4d9309422023-02-08 09:52:09.488root 11241100x8000000000000000293838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d080a61305fe4a2023-02-08 09:52:09.488root 11241100x8000000000000000293837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0e95303000c3a92023-02-08 09:52:09.488root 11241100x8000000000000000293836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84670360ed61f24a2023-02-08 09:52:09.488root 11241100x8000000000000000293848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3990acb3dac9e36c2023-02-08 09:52:09.489root 11241100x8000000000000000293847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de62a24331aca22023-02-08 09:52:09.489root 11241100x8000000000000000293846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4734458faa2930882023-02-08 09:52:09.489root 11241100x8000000000000000293845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40e58d23a8ae49d2023-02-08 09:52:09.489root 11241100x8000000000000000293844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88206fdc1c8184142023-02-08 09:52:09.489root 11241100x8000000000000000293843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dbb43366111e2b2023-02-08 09:52:09.489root 11241100x8000000000000000293842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.489{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0acadc3f9d3e802023-02-08 09:52:09.489root 11241100x8000000000000000293852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b4f0f8c4a9bbaf2023-02-08 09:52:09.490root 11241100x8000000000000000293851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf42f72c9d1eaf232023-02-08 09:52:09.490root 11241100x8000000000000000293850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27292ebad4b49b7f2023-02-08 09:52:09.490root 11241100x8000000000000000293849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.490{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83998560490323d2023-02-08 09:52:09.490root 11241100x8000000000000000293853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.491{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac8d643bc397ed2023-02-08 09:52:09.491root 11241100x8000000000000000293859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871728f76489b5922023-02-08 09:52:09.492root 11241100x8000000000000000293858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ab21a70125a5392023-02-08 09:52:09.492root 11241100x8000000000000000293857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f833c894d132e8c2023-02-08 09:52:09.492root 11241100x8000000000000000293856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc5479777a72ae52023-02-08 09:52:09.492root 11241100x8000000000000000293855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f705692c4e1a9c7e2023-02-08 09:52:09.492root 11241100x8000000000000000293854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.492{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbd7775060a170a2023-02-08 09:52:09.492root 11241100x8000000000000000293866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618c307fd4b3e14a2023-02-08 09:52:09.493root 11241100x8000000000000000293865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a15ca2826aa6392023-02-08 09:52:09.493root 11241100x8000000000000000293864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627242049359db3c2023-02-08 09:52:09.493root 11241100x8000000000000000293863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c945548c819e6ef2023-02-08 09:52:09.493root 11241100x8000000000000000293862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fbbfd1969dd8e42023-02-08 09:52:09.493root 11241100x8000000000000000293861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248b005fedc1a4232023-02-08 09:52:09.493root 11241100x8000000000000000293860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.493{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f20dcd6b18f6fb82023-02-08 09:52:09.493root 11241100x8000000000000000293869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ca9c0920e4c7d32023-02-08 09:52:09.494root 11241100x8000000000000000293868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aa1a05dcda1ed22023-02-08 09:52:09.494root 11241100x8000000000000000293867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.494{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab5700d306ee0fd2023-02-08 09:52:09.494root 11241100x8000000000000000293875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b5077ab84dca922023-02-08 09:52:09.984root 11241100x8000000000000000293874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b950802b008160222023-02-08 09:52:09.984root 11241100x8000000000000000293873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9929a646c8e43e2023-02-08 09:52:09.984root 11241100x8000000000000000293872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a84a6b7ad47097d2023-02-08 09:52:09.984root 11241100x8000000000000000293871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc2e86d64f538c42023-02-08 09:52:09.984root 11241100x8000000000000000293870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccaa6fe1fda57902023-02-08 09:52:09.984root 11241100x8000000000000000293881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a9c67405fbc2fc2023-02-08 09:52:09.985root 11241100x8000000000000000293880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b07631fa4ba6b572023-02-08 09:52:09.985root 11241100x8000000000000000293879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2a8b382188f35e2023-02-08 09:52:09.985root 11241100x8000000000000000293878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3b192a4a0aada2023-02-08 09:52:09.985root 11241100x8000000000000000293877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588c8c16c8c2d2d32023-02-08 09:52:09.985root 11241100x8000000000000000293876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea228c96b9a8ddf92023-02-08 09:52:09.985root 11241100x8000000000000000293888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c33d126cf4aee52023-02-08 09:52:09.986root 11241100x8000000000000000293887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2d70ecc2947412023-02-08 09:52:09.986root 11241100x8000000000000000293886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6f3844ee3168a52023-02-08 09:52:09.986root 11241100x8000000000000000293885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6423fc274306fc2023-02-08 09:52:09.986root 11241100x8000000000000000293884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b2b05cf2e3dd442023-02-08 09:52:09.986root 11241100x8000000000000000293883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5e5e66f8e1676e2023-02-08 09:52:09.986root 11241100x8000000000000000293882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fb240a8007387a2023-02-08 09:52:09.986root 11241100x8000000000000000293898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23151726ca9cdc092023-02-08 09:52:09.987root 11241100x8000000000000000293897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e40dd21d8aed5d2023-02-08 09:52:09.987root 11241100x8000000000000000293896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0591921880d15b2023-02-08 09:52:09.987root 11241100x8000000000000000293895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b14d1bcb7c94d812023-02-08 09:52:09.987root 11241100x8000000000000000293894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afc34bc7ff587dc2023-02-08 09:52:09.987root 11241100x8000000000000000293893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f0e8afa043c0082023-02-08 09:52:09.987root 11241100x8000000000000000293892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3923f206cd349a032023-02-08 09:52:09.987root 11241100x8000000000000000293891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d267e69ee2b581162023-02-08 09:52:09.987root 11241100x8000000000000000293890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da52d4c4541ca362023-02-08 09:52:09.987root 11241100x8000000000000000293889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016ccd449aa8357f2023-02-08 09:52:09.987root 11241100x8000000000000000293901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7be9d2e7c0c7522023-02-08 09:52:09.988root 11241100x8000000000000000293900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1219fc2cd8a7d0752023-02-08 09:52:09.988root 11241100x8000000000000000293899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf7e548edf84d3d2023-02-08 09:52:09.988root 11241100x8000000000000000293902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91397c67b181c8202023-02-08 09:52:09.989root 11241100x8000000000000000293910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bb6d83ef05582d2023-02-08 09:52:09.990root 11241100x8000000000000000293909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af93eb549e2f228d2023-02-08 09:52:09.990root 11241100x8000000000000000293908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcef16a43151fcd2023-02-08 09:52:09.990root 11241100x8000000000000000293907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92a7941cbb12da2023-02-08 09:52:09.990root 11241100x8000000000000000293906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f21fb98b709732023-02-08 09:52:09.990root 11241100x8000000000000000293905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c25915999140122023-02-08 09:52:09.990root 11241100x8000000000000000293904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5206b01199d0fa2023-02-08 09:52:09.990root 11241100x8000000000000000293903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.990{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195b49fbced14a802023-02-08 09:52:09.990root 11241100x8000000000000000293915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1919958a03155c82023-02-08 09:52:09.992root 11241100x8000000000000000293914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff35af08a00cbbb72023-02-08 09:52:09.992root 11241100x8000000000000000293913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30393438d9348742023-02-08 09:52:09.992root 11241100x8000000000000000293912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b724451367ec2562023-02-08 09:52:09.992root 11241100x8000000000000000293911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.992{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d14150ec50ed3b2023-02-08 09:52:09.992root 11241100x8000000000000000293924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28cd78ec67aca2b2023-02-08 09:52:09.993root 11241100x8000000000000000293923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffd5013454167eb2023-02-08 09:52:09.993root 11241100x8000000000000000293922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cabe86b073bdee62023-02-08 09:52:09.993root 11241100x8000000000000000293921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9971bb639fdcb32023-02-08 09:52:09.993root 11241100x8000000000000000293920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a761be5f174ce52023-02-08 09:52:09.993root 11241100x8000000000000000293919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fd26197af261042023-02-08 09:52:09.993root 11241100x8000000000000000293918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8d3e40a39bfb2a2023-02-08 09:52:09.993root 11241100x8000000000000000293917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e595beb99252a2023-02-08 09:52:09.993root 11241100x8000000000000000293916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.993{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54cbec9dfd830892023-02-08 09:52:09.993root 11241100x8000000000000000293928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc15bc0a5345e562023-02-08 09:52:09.994root 11241100x8000000000000000293927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a70456ae9de85992023-02-08 09:52:09.994root 11241100x8000000000000000293926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348a605009ba294a2023-02-08 09:52:09.994root 11241100x8000000000000000293925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:09.994{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04466e09a924c8fc2023-02-08 09:52:09.994root 154100x8000000000000000293929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.252{ec2a0601-70ca-63e3-6834-7a8a73550000}5943/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2404--- 11241100x8000000000000000293930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.253{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa4fd254798aeb52023-02-08 09:52:10.253root 11241100x8000000000000000293942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c7dbad9662b9572023-02-08 09:52:10.254root 11241100x8000000000000000293941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2332ae406f3db3a92023-02-08 09:52:10.254root 11241100x8000000000000000293940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7b157944033b0d2023-02-08 09:52:10.254root 11241100x8000000000000000293939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602f8d9a7ba37d1b2023-02-08 09:52:10.254root 11241100x8000000000000000293938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51134ffc79cae0392023-02-08 09:52:10.254root 11241100x8000000000000000293937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57adbda3eb4ffd32023-02-08 09:52:10.254root 11241100x8000000000000000293936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5f2d5df6d36c862023-02-08 09:52:10.254root 11241100x8000000000000000293935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b1c7880bb208372023-02-08 09:52:10.254root 11241100x8000000000000000293934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b738fc938a538a2023-02-08 09:52:10.254root 11241100x8000000000000000293933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800d13c5ffc2ab942023-02-08 09:52:10.254root 11241100x8000000000000000293932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12b7aacd2fd71142023-02-08 09:52:10.254root 11241100x8000000000000000293931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.254{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb733e080a84210d2023-02-08 09:52:10.254root 11241100x8000000000000000293956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a70a7526270c122023-02-08 09:52:10.255root 11241100x8000000000000000293955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b545c0c5baf422023-02-08 09:52:10.255root 11241100x8000000000000000293954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8470668df6c662672023-02-08 09:52:10.255root 11241100x8000000000000000293953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14711a8c8f68a3782023-02-08 09:52:10.255root 11241100x8000000000000000293952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf9cb7117fdb86f2023-02-08 09:52:10.255root 11241100x8000000000000000293951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba3c52bf3f253752023-02-08 09:52:10.255root 11241100x8000000000000000293950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fdec433983da772023-02-08 09:52:10.255root 11241100x8000000000000000293949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b58ecb882c1b412023-02-08 09:52:10.255root 11241100x8000000000000000293948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2691825a9a43032023-02-08 09:52:10.255root 11241100x8000000000000000293947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5869ed3ccf0ae52023-02-08 09:52:10.255root 11241100x8000000000000000293946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd472bcc28b58c6f2023-02-08 09:52:10.255root 11241100x8000000000000000293945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd18540b4b5a4162023-02-08 09:52:10.255root 11241100x8000000000000000293944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01cde8103dc2e042023-02-08 09:52:10.255root 11241100x8000000000000000293943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.255{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fa17e4714cd6dd2023-02-08 09:52:10.255root 11241100x8000000000000000293970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8578543a5668d312023-02-08 09:52:10.256root 11241100x8000000000000000293969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73290ae90babd1842023-02-08 09:52:10.256root 11241100x8000000000000000293968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a219ce13ded3192023-02-08 09:52:10.256root 11241100x8000000000000000293967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673236dd617999d12023-02-08 09:52:10.256root 11241100x8000000000000000293966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef55714112429a582023-02-08 09:52:10.256root 11241100x8000000000000000293965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f99d25e106268e82023-02-08 09:52:10.256root 11241100x8000000000000000293964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b065b71bd5660ee2023-02-08 09:52:10.256root 11241100x8000000000000000293963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9daa4763e55c5242023-02-08 09:52:10.256root 11241100x8000000000000000293962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a76ac946d7723c2023-02-08 09:52:10.256root 11241100x8000000000000000293961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c903b377d45b0de32023-02-08 09:52:10.256root 11241100x8000000000000000293960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10ac10659510ccc2023-02-08 09:52:10.256root 11241100x8000000000000000293959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62886ad04ae0d5e2023-02-08 09:52:10.256root 11241100x8000000000000000293958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6157897c189f82362023-02-08 09:52:10.256root 11241100x8000000000000000293957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.256{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad923bd2fcc6a2652023-02-08 09:52:10.256root 11241100x8000000000000000293982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0634b97e5f95df22023-02-08 09:52:10.257root 11241100x8000000000000000293981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57b5095c63ce6092023-02-08 09:52:10.257root 11241100x8000000000000000293980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a1a357f8db49322023-02-08 09:52:10.257root 11241100x8000000000000000293979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6869f511d2f28b2023-02-08 09:52:10.257root 11241100x8000000000000000293978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c7574fac5d00962023-02-08 09:52:10.257root 11241100x8000000000000000293977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67d4945d3bb8fe02023-02-08 09:52:10.257root 11241100x8000000000000000293976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed1ec58ebe6bbbc2023-02-08 09:52:10.257root 11241100x8000000000000000293975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60076ab77cd981e2023-02-08 09:52:10.257root 11241100x8000000000000000293974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db59f293906213072023-02-08 09:52:10.257root 11241100x8000000000000000293973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3945a1aa060702802023-02-08 09:52:10.257root 11241100x8000000000000000293972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1f7163c6cc807e2023-02-08 09:52:10.257root 11241100x8000000000000000293971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.257{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e363228d252706ff2023-02-08 09:52:10.257root 11241100x8000000000000000293983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.258{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7411b57123dae2b62023-02-08 09:52:10.258root 534500x8000000000000000293984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.266{ec2a0601-70ca-63e3-6834-7a8a73550000}5943/bin/psroot 11241100x8000000000000000293986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c747e8db64d86def2023-02-08 09:52:10.734root 11241100x8000000000000000293985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501946809baadca2023-02-08 09:52:10.734root 11241100x8000000000000000293993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223a92cd992076012023-02-08 09:52:10.735root 11241100x8000000000000000293992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee6915bc807500f2023-02-08 09:52:10.735root 11241100x8000000000000000293991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b548b40f8ca58d2023-02-08 09:52:10.735root 11241100x8000000000000000293990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bca0c73d9bcdb72023-02-08 09:52:10.735root 11241100x8000000000000000293989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276765c03e2a5ce42023-02-08 09:52:10.735root 11241100x8000000000000000293988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21270c7d01dcc172023-02-08 09:52:10.735root 11241100x8000000000000000293987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a637dc63a384a62023-02-08 09:52:10.735root 11241100x8000000000000000293999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c964021db19fc432023-02-08 09:52:10.736root 11241100x8000000000000000293998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8657df08ccdd48a92023-02-08 09:52:10.736root 11241100x8000000000000000293997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3202feb90bce7a2023-02-08 09:52:10.736root 11241100x8000000000000000293996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35e02094807bb302023-02-08 09:52:10.736root 11241100x8000000000000000293995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c63da82204c5a4b2023-02-08 09:52:10.736root 11241100x8000000000000000293994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7cb8d07ddb59ec2023-02-08 09:52:10.736root 11241100x8000000000000000294004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce8afd2c301267a2023-02-08 09:52:10.737root 11241100x8000000000000000294003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6d5be83c6fafde2023-02-08 09:52:10.737root 11241100x8000000000000000294002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e752454ad03051452023-02-08 09:52:10.737root 11241100x8000000000000000294001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b78c200e41431702023-02-08 09:52:10.737root 11241100x8000000000000000294000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a920ffa80e1676b32023-02-08 09:52:10.737root 11241100x8000000000000000294011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b91adc0c4261492023-02-08 09:52:10.738root 11241100x8000000000000000294010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304aaedcc0e2f4c2023-02-08 09:52:10.738root 11241100x8000000000000000294009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e9fd53dc292372023-02-08 09:52:10.738root 11241100x8000000000000000294008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbc7ee2b82963662023-02-08 09:52:10.738root 11241100x8000000000000000294007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb4f88682b60bb2023-02-08 09:52:10.738root 11241100x8000000000000000294006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5877f34d16c1e4b82023-02-08 09:52:10.738root 11241100x8000000000000000294005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a711d16702eb27c12023-02-08 09:52:10.738root 11241100x8000000000000000294018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3d469d0e96eb02023-02-08 09:52:10.739root 11241100x8000000000000000294017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57a98107405354c2023-02-08 09:52:10.739root 11241100x8000000000000000294016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a793b6d76a692c2023-02-08 09:52:10.739root 11241100x8000000000000000294015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511ee22e94e713742023-02-08 09:52:10.739root 11241100x8000000000000000294014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28b484898df6daa2023-02-08 09:52:10.739root 11241100x8000000000000000294013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0223fc284a1078b2023-02-08 09:52:10.739root 11241100x8000000000000000294012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0a6f4a71e1048b2023-02-08 09:52:10.739root 11241100x8000000000000000294032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a14b0535ad3a442023-02-08 09:52:10.740root 11241100x8000000000000000294031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8384c0473a005e62023-02-08 09:52:10.740root 11241100x8000000000000000294030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536ac6c0c0cd4de92023-02-08 09:52:10.740root 11241100x8000000000000000294029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af36c127a06dda2023-02-08 09:52:10.740root 11241100x8000000000000000294028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c18864f9155f6ad2023-02-08 09:52:10.740root 11241100x8000000000000000294027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0ea66530e394552023-02-08 09:52:10.740root 11241100x8000000000000000294026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225cf7efc379a3322023-02-08 09:52:10.740root 11241100x8000000000000000294025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367c6b9ebd40c9a82023-02-08 09:52:10.740root 11241100x8000000000000000294024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45937149636918ec2023-02-08 09:52:10.740root 11241100x8000000000000000294023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1a8fdbd4b0a9202023-02-08 09:52:10.740root 11241100x8000000000000000294022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f830656124ba89b92023-02-08 09:52:10.740root 11241100x8000000000000000294021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d21047b4a1c01092023-02-08 09:52:10.740root 11241100x8000000000000000294020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b415ff047d6ff50f2023-02-08 09:52:10.740root 11241100x8000000000000000294019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5772ddaaa6e358912023-02-08 09:52:10.740root 11241100x8000000000000000294037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3b36347a932cd32023-02-08 09:52:10.741root 11241100x8000000000000000294036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d2eb86170a64122023-02-08 09:52:10.741root 11241100x8000000000000000294035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af1ca982a5296752023-02-08 09:52:10.741root 11241100x8000000000000000294034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf2e129b3ef3f762023-02-08 09:52:10.741root 11241100x8000000000000000294033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:10.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc0fbdc42c062422023-02-08 09:52:10.741root 11241100x8000000000000000294040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a8a1c53770e3042023-02-08 09:52:11.234root 11241100x8000000000000000294039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a1d974394be262023-02-08 09:52:11.234root 11241100x8000000000000000294038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ce827750d6fa232023-02-08 09:52:11.234root 11241100x8000000000000000294045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380ef8b835e2af862023-02-08 09:52:11.235root 11241100x8000000000000000294044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b406f39bd1ee136e2023-02-08 09:52:11.235root 11241100x8000000000000000294043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eca3a57c9bd6e92023-02-08 09:52:11.235root 11241100x8000000000000000294042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0626731b275540f42023-02-08 09:52:11.235root 11241100x8000000000000000294041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af6df63a81ff402023-02-08 09:52:11.235root 11241100x8000000000000000294047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2893bb16cdb5fdcb2023-02-08 09:52:11.236root 11241100x8000000000000000294046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea7977c9c90fe822023-02-08 09:52:11.236root 11241100x8000000000000000294049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8a5e9163533f942023-02-08 09:52:11.237root 11241100x8000000000000000294048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c09a2745a25bda42023-02-08 09:52:11.237root 11241100x8000000000000000294057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70a994eabda2d8f2023-02-08 09:52:11.238root 11241100x8000000000000000294056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe30c7051de374292023-02-08 09:52:11.238root 11241100x8000000000000000294055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195a0de7a25be3dc2023-02-08 09:52:11.238root 11241100x8000000000000000294054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553b6f7225aa97ca2023-02-08 09:52:11.238root 11241100x8000000000000000294053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b009d4386fb0242023-02-08 09:52:11.238root 11241100x8000000000000000294052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed0c769b62d3f352023-02-08 09:52:11.238root 11241100x8000000000000000294051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51bf4b9bd37082f2023-02-08 09:52:11.238root 11241100x8000000000000000294050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.238{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e75359d08690ab2023-02-08 09:52:11.238root 11241100x8000000000000000294073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8674a1ea3da6ad152023-02-08 09:52:11.239root 11241100x8000000000000000294072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4d81e0f9dd5342023-02-08 09:52:11.239root 11241100x8000000000000000294071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998ce275437f44ba2023-02-08 09:52:11.239root 11241100x8000000000000000294070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab6f486bc8cd5252023-02-08 09:52:11.239root 11241100x8000000000000000294069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a003db15222e675f2023-02-08 09:52:11.239root 11241100x8000000000000000294068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7abe45e5cde47cc2023-02-08 09:52:11.239root 11241100x8000000000000000294067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1534596544424c722023-02-08 09:52:11.239root 11241100x8000000000000000294066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71234b0f576c6732023-02-08 09:52:11.239root 11241100x8000000000000000294065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9363564c2d52c9842023-02-08 09:52:11.239root 11241100x8000000000000000294064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d616e43b654f81f2023-02-08 09:52:11.239root 11241100x8000000000000000294063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd35df732ed50fd2023-02-08 09:52:11.239root 11241100x8000000000000000294062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bd18349ca2d6c72023-02-08 09:52:11.239root 11241100x8000000000000000294061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad94a1c7eaee9a932023-02-08 09:52:11.239root 11241100x8000000000000000294060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409955ae53c5ce5e2023-02-08 09:52:11.239root 11241100x8000000000000000294059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9069cb3ce1389452023-02-08 09:52:11.239root 11241100x8000000000000000294058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.239{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e26cb15615518b2023-02-08 09:52:11.239root 11241100x8000000000000000294078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e975b5053c723772023-02-08 09:52:11.240root 11241100x8000000000000000294077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e621dfd5a2d74b2023-02-08 09:52:11.240root 11241100x8000000000000000294076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16633b39e726afad2023-02-08 09:52:11.240root 11241100x8000000000000000294075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb47741759ff8ee52023-02-08 09:52:11.240root 11241100x8000000000000000294074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.240{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c75de169ca5f62b2023-02-08 09:52:11.240root 11241100x8000000000000000294083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae25d9f7521a56f32023-02-08 09:52:11.242root 11241100x8000000000000000294082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a484c7457347f292023-02-08 09:52:11.242root 11241100x8000000000000000294081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583983ce36d727fb2023-02-08 09:52:11.242root 11241100x8000000000000000294080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc28776fa21d2842023-02-08 09:52:11.242root 11241100x8000000000000000294079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.242{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc623fd7478ce5552023-02-08 09:52:11.242root 11241100x8000000000000000294100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37b5877a8ff80982023-02-08 09:52:11.243root 11241100x8000000000000000294099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9837fc09fc68d32023-02-08 09:52:11.243root 11241100x8000000000000000294098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc5156b1874ec3b2023-02-08 09:52:11.243root 11241100x8000000000000000294097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41d6f8c2cc8cea02023-02-08 09:52:11.243root 11241100x8000000000000000294096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6863323a105cb442023-02-08 09:52:11.243root 11241100x8000000000000000294095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c5a220f1f61f602023-02-08 09:52:11.243root 11241100x8000000000000000294094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee5a0d33002fe382023-02-08 09:52:11.243root 11241100x8000000000000000294093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdd1e450151a8b22023-02-08 09:52:11.243root 11241100x8000000000000000294092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38a63f18eb97a2a2023-02-08 09:52:11.243root 11241100x8000000000000000294091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be3f7b6b92c3472023-02-08 09:52:11.243root 11241100x8000000000000000294090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6574a009cb129542023-02-08 09:52:11.243root 11241100x8000000000000000294089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7685711139ea2fb42023-02-08 09:52:11.243root 11241100x8000000000000000294088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6d6ab10360d132023-02-08 09:52:11.243root 11241100x8000000000000000294087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c030dc415b85cc62023-02-08 09:52:11.243root 11241100x8000000000000000294086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a252507ce1b2c0682023-02-08 09:52:11.243root 11241100x8000000000000000294085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36e5587ebb32fd82023-02-08 09:52:11.243root 11241100x8000000000000000294084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.243{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ff99caae8bbc582023-02-08 09:52:11.243root 11241100x8000000000000000294102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c61c9c4f9a381c22023-02-08 09:52:11.734root 11241100x8000000000000000294101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41de7aa56852369a2023-02-08 09:52:11.734root 11241100x8000000000000000294106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30518fe7fd1484002023-02-08 09:52:11.735root 11241100x8000000000000000294105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f4bd4fdb06c98f2023-02-08 09:52:11.735root 11241100x8000000000000000294104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f44ecba0d3a2a332023-02-08 09:52:11.735root 11241100x8000000000000000294103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2940f0089b5a56d42023-02-08 09:52:11.735root 11241100x8000000000000000294110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964a2edf39ea890c2023-02-08 09:52:11.736root 11241100x8000000000000000294109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc6ed7520f4579d2023-02-08 09:52:11.736root 11241100x8000000000000000294108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c264b454a49e4ae32023-02-08 09:52:11.736root 11241100x8000000000000000294107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e611b9e82cd89d2023-02-08 09:52:11.736root 11241100x8000000000000000294112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a43ee58ae08cd8a2023-02-08 09:52:11.737root 11241100x8000000000000000294111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a8ee7941f48c892023-02-08 09:52:11.737root 11241100x8000000000000000294115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab59a6b00c3e87d2023-02-08 09:52:11.738root 11241100x8000000000000000294114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a7e97a75440b22023-02-08 09:52:11.738root 11241100x8000000000000000294113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.738{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354cc9637b0c7caa2023-02-08 09:52:11.738root 11241100x8000000000000000294121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f504a09773659dd2023-02-08 09:52:11.739root 11241100x8000000000000000294120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a426805d948fcaa2023-02-08 09:52:11.739root 11241100x8000000000000000294119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f0f71afe7772092023-02-08 09:52:11.739root 11241100x8000000000000000294118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6e3ae478c3a7d2023-02-08 09:52:11.739root 11241100x8000000000000000294117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9b3ea809dabc512023-02-08 09:52:11.739root 11241100x8000000000000000294116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.739{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e866a9526066d12023-02-08 09:52:11.739root 11241100x8000000000000000294128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd02313862d010d2023-02-08 09:52:11.740root 11241100x8000000000000000294127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdebbe21a39c3732023-02-08 09:52:11.740root 11241100x8000000000000000294126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9f3d3badc97fe32023-02-08 09:52:11.740root 11241100x8000000000000000294125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ced20798e19c792023-02-08 09:52:11.740root 11241100x8000000000000000294124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d136b28e1336cf2023-02-08 09:52:11.740root 11241100x8000000000000000294123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d749d266440af192023-02-08 09:52:11.740root 11241100x8000000000000000294122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.740{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7def98b92369192023-02-08 09:52:11.740root 11241100x8000000000000000294137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a989d724ba865ae2023-02-08 09:52:11.741root 11241100x8000000000000000294136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbffd06868bdd382023-02-08 09:52:11.741root 11241100x8000000000000000294135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ef959bf7d7def72023-02-08 09:52:11.741root 11241100x8000000000000000294134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7635bde6d3693a232023-02-08 09:52:11.741root 11241100x8000000000000000294133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7259000db909ac02023-02-08 09:52:11.741root 11241100x8000000000000000294132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc15e35424a21c2023-02-08 09:52:11.741root 11241100x8000000000000000294131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a083b50c7df90d72023-02-08 09:52:11.741root 11241100x8000000000000000294130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c383eeca231ae82023-02-08 09:52:11.741root 11241100x8000000000000000294129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.741{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99298959893d64682023-02-08 09:52:11.741root 11241100x8000000000000000294147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0068fb20b8bac52023-02-08 09:52:11.742root 11241100x8000000000000000294146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58aecdc9ba1430d2023-02-08 09:52:11.742root 11241100x8000000000000000294145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96241e7d94634c492023-02-08 09:52:11.742root 11241100x8000000000000000294144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6980d00f2dd39b332023-02-08 09:52:11.742root 11241100x8000000000000000294143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb36da43b77d3d2023-02-08 09:52:11.742root 11241100x8000000000000000294142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad728a216d9aeda12023-02-08 09:52:11.742root 11241100x8000000000000000294141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5d0f38ef4768aa2023-02-08 09:52:11.742root 11241100x8000000000000000294140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acace2efdf518ca92023-02-08 09:52:11.742root 11241100x8000000000000000294139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03dcc8c3b4436422023-02-08 09:52:11.742root 11241100x8000000000000000294138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.742{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6819fea146a5bd32023-02-08 09:52:11.742root 11241100x8000000000000000294155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebe13b9fb7a95272023-02-08 09:52:11.743root 11241100x8000000000000000294154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d44523d3202cc32023-02-08 09:52:11.743root 11241100x8000000000000000294153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e656bf6a09829e2023-02-08 09:52:11.743root 11241100x8000000000000000294152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb19f63bbd42b32023-02-08 09:52:11.743root 11241100x8000000000000000294151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6b2245985836f2023-02-08 09:52:11.743root 11241100x8000000000000000294150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f018138fb5ad590b2023-02-08 09:52:11.743root 11241100x8000000000000000294149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7f655f180961c72023-02-08 09:52:11.743root 11241100x8000000000000000294148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.743{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab85041a56d43a2023-02-08 09:52:11.743root 11241100x8000000000000000294164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5972479f5a00a52023-02-08 09:52:11.744root 11241100x8000000000000000294163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207fe43888578f22023-02-08 09:52:11.744root 11241100x8000000000000000294162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c3aff1b504eb522023-02-08 09:52:11.744root 11241100x8000000000000000294161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7986e0a59717c2023-02-08 09:52:11.744root 11241100x8000000000000000294160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5e25ba81b7e18d2023-02-08 09:52:11.744root 11241100x8000000000000000294159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7f4f7582a40552023-02-08 09:52:11.744root 11241100x8000000000000000294158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccedd11aae574cb22023-02-08 09:52:11.744root 11241100x8000000000000000294157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7802dcc63118c142023-02-08 09:52:11.744root 11241100x8000000000000000294156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:11.744{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4461172a23ced12023-02-08 09:52:11.744root 11241100x8000000000000000294167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6336ff2cae3ad2023-02-08 09:52:12.236root 11241100x8000000000000000294166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e12ec8f2d0641a2023-02-08 09:52:12.236root 11241100x8000000000000000294165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569fdb7d4aca1b8a2023-02-08 09:52:12.236root 11241100x8000000000000000294170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c3f3d451244f1f2023-02-08 09:52:12.237root 11241100x8000000000000000294169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03b95686ba1a5812023-02-08 09:52:12.237root 11241100x8000000000000000294168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:12.237{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be853c361c83743b2023-02-08 09:52:12.237root 354300x8000000000000000294219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:14.231{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-35280-false10.0.1.12-8000- 11241100x8000000000000000294220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:14.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98053fe881db71d2023-02-08 09:52:14.484root 11241100x8000000000000000294221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:14.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b142b7bcb1b78c82023-02-08 09:52:14.984root 11241100x8000000000000000294222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:15.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3935c068eb33c37b2023-02-08 09:52:15.484root 11241100x8000000000000000294223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:15.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c99d4eed750f11d2023-02-08 09:52:15.984root 11241100x8000000000000000294224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:16.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bb1fff163d3ee32023-02-08 09:52:16.484root 11241100x8000000000000000294225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:16.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e374b8facf461ce2023-02-08 09:52:16.984root 11241100x8000000000000000294226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:17.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a9c6887dd3e37f2023-02-08 09:52:17.484root 11241100x8000000000000000294227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:17.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23c829b1ccd42392023-02-08 09:52:17.984root 11241100x8000000000000000294228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:18.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0a74336e39f59d2023-02-08 09:52:18.484root 11241100x8000000000000000294229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:18.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c01ee5520dbf3c62023-02-08 09:52:18.984root 11241100x8000000000000000294230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:19.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0efe2f40cee52972023-02-08 09:52:19.484root 11241100x8000000000000000294231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:19.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a42afe78ce3dc2023-02-08 09:52:19.984root 354300x8000000000000000294232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:20.055{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34254-false10.0.1.12-8000- 11241100x8000000000000000294234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7d52742e534e002023-02-08 09:52:20.484root 11241100x8000000000000000294233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:20.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65ad0cf735a54382023-02-08 09:52:20.484root 11241100x8000000000000000294236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b9ea5eb88a07042023-02-08 09:52:20.984root 11241100x8000000000000000294235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:20.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76f17fba25191e92023-02-08 09:52:20.984root 11241100x8000000000000000294238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da8b7809de3b85d2023-02-08 09:52:21.484root 11241100x8000000000000000294237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:21.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95adecbff1dbd472023-02-08 09:52:21.484root 11241100x8000000000000000294240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1423af4ee9091d942023-02-08 09:52:21.984root 11241100x8000000000000000294239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:21.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddec8d48b9cf2ac92023-02-08 09:52:21.984root 11241100x8000000000000000294242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4d7b46626928d62023-02-08 09:52:22.484root 11241100x8000000000000000294241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:22.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae9387bf27acda72023-02-08 09:52:22.484root 11241100x8000000000000000294244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ec1061e0865f862023-02-08 09:52:22.984root 11241100x8000000000000000294243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:22.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292b592082eab6262023-02-08 09:52:22.984root 11241100x8000000000000000294246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3221532b3f6d23402023-02-08 09:52:23.484root 11241100x8000000000000000294245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:23.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dd7f5862202a932023-02-08 09:52:23.484root 11241100x8000000000000000294248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d85f1dbbda4e22023-02-08 09:52:23.984root 11241100x8000000000000000294247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:23.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3577a26e1b492f952023-02-08 09:52:23.984root 11241100x8000000000000000294250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22652921a0125d12023-02-08 09:52:24.484root 11241100x8000000000000000294249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:24.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1113a3b3439f122023-02-08 09:52:24.484root 11241100x8000000000000000294252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f092b2c2654b99e2023-02-08 09:52:24.984root 11241100x8000000000000000294251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:24.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ffc9f1ef77b0ae2023-02-08 09:52:24.984root 354300x8000000000000000294253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.072{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-34260-false10.0.1.12-8000- 11241100x8000000000000000294256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaaef249ec392912023-02-08 09:52:25.484root 11241100x8000000000000000294255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f1bb7180d906342023-02-08 09:52:25.484root 11241100x8000000000000000294254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f868a84f1898d9a92023-02-08 09:52:25.484root 11241100x8000000000000000294259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d07058ed888eb52023-02-08 09:52:25.984root 11241100x8000000000000000294258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfc52373ebdb2552023-02-08 09:52:25.984root 11241100x8000000000000000294257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:25.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f9eac8b2765fb02023-02-08 09:52:25.984root 11241100x8000000000000000294262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8a24a2d217d1fd2023-02-08 09:52:26.484root 11241100x8000000000000000294261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcae060736a50082023-02-08 09:52:26.484root 11241100x8000000000000000294260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19c19d21b462c5e2023-02-08 09:52:26.484root 11241100x8000000000000000294265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d1da06f647c3622023-02-08 09:52:26.984root 11241100x8000000000000000294264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56d4652d480d9d2023-02-08 09:52:26.984root 11241100x8000000000000000294263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:26.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becf944bf9a4de932023-02-08 09:52:26.984root 11241100x8000000000000000294268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb92325ccd6a642d2023-02-08 09:52:27.484root 11241100x8000000000000000294267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d209030bc09ea782023-02-08 09:52:27.484root 11241100x8000000000000000294266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f258abde3e79d26f2023-02-08 09:52:27.484root 11241100x8000000000000000294270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391571f2842c2c32023-02-08 09:52:27.984root 11241100x8000000000000000294269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa4bc1eb4af13a2023-02-08 09:52:27.984root 11241100x8000000000000000294271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:27.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab699739e699e44a2023-02-08 09:52:27.985root 11241100x8000000000000000294274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac30da910d5fa6c2023-02-08 09:52:28.484root 11241100x8000000000000000294273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95da204c433391532023-02-08 09:52:28.484root 11241100x8000000000000000294272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59fe3b26fcbea692023-02-08 09:52:28.484root 11241100x8000000000000000294277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84b935184a91c1d2023-02-08 09:52:28.984root 11241100x8000000000000000294276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadb4bfa6511b1a62023-02-08 09:52:28.984root 11241100x8000000000000000294275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:28.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50291fd1ca477b5d2023-02-08 09:52:28.984root 11241100x8000000000000000294280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73bd86b4510e8412023-02-08 09:52:29.484root 11241100x8000000000000000294279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed897922c13f42992023-02-08 09:52:29.484root 11241100x8000000000000000294278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfec939e76752c2023-02-08 09:52:29.484root 11241100x8000000000000000294283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ecd61fc75dd1662023-02-08 09:52:29.984root 11241100x8000000000000000294282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e022fe302125886f2023-02-08 09:52:29.984root 11241100x8000000000000000294281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:29.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca492617b4a23f2023-02-08 09:52:29.984root 11241100x8000000000000000294286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8300db9df491a4f2023-02-08 09:52:30.484root 11241100x8000000000000000294285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8117be3d56ca312023-02-08 09:52:30.484root 11241100x8000000000000000294284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e14ac85b228288e2023-02-08 09:52:30.484root 11241100x8000000000000000294289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7314e142144a9282023-02-08 09:52:30.984root 11241100x8000000000000000294288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48950f57d092e8ce2023-02-08 09:52:30.984root 11241100x8000000000000000294287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:30.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edfee70c10a2f942023-02-08 09:52:30.984root 354300x8000000000000000294290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.071{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50220-false10.0.1.12-8000- 11241100x8000000000000000294294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86be6def94cc7a22023-02-08 09:52:31.484root 11241100x8000000000000000294293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f035e9c0909ef02023-02-08 09:52:31.484root 11241100x8000000000000000294292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973245e309a42cfa2023-02-08 09:52:31.484root 11241100x8000000000000000294291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28858b301f8265c2023-02-08 09:52:31.484root 11241100x8000000000000000294298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131b91dd6ca52532023-02-08 09:52:31.984root 11241100x8000000000000000294297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d0f84028fa05e52023-02-08 09:52:31.984root 11241100x8000000000000000294296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337c1a8653724c502023-02-08 09:52:31.984root 11241100x8000000000000000294295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:31.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aee9df0c4bec282023-02-08 09:52:31.984root 11241100x8000000000000000294302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bff1504b40c962a2023-02-08 09:52:32.484root 11241100x8000000000000000294301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0491f6628062d52023-02-08 09:52:32.484root 11241100x8000000000000000294300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5aa0b823104ff22023-02-08 09:52:32.484root 11241100x8000000000000000294299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baede4710969ebaa2023-02-08 09:52:32.484root 11241100x8000000000000000294306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998d83bb4793c0952023-02-08 09:52:32.984root 11241100x8000000000000000294305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea6fa88191c173a2023-02-08 09:52:32.984root 11241100x8000000000000000294304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1347be687b9882023-02-08 09:52:32.984root 11241100x8000000000000000294303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:32.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8582b3fb50d62c0e2023-02-08 09:52:32.984root 11241100x8000000000000000294310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821050bb410a005c2023-02-08 09:52:33.484root 11241100x8000000000000000294309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b59bb8a6be4a71b2023-02-08 09:52:33.484root 11241100x8000000000000000294308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89f377a00623cad2023-02-08 09:52:33.484root 11241100x8000000000000000294307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf8175b149ad7d2023-02-08 09:52:33.484root 11241100x8000000000000000294314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee23d820ea1e3852023-02-08 09:52:33.984root 11241100x8000000000000000294313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa4f5429648d0a42023-02-08 09:52:33.984root 11241100x8000000000000000294312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5905b8873596d2023-02-08 09:52:33.984root 11241100x8000000000000000294311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:33.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703bd99b5018590d2023-02-08 09:52:33.984root 11241100x8000000000000000294318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e94ed684161f622023-02-08 09:52:34.484root 11241100x8000000000000000294317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41def5a64e9f3c2023-02-08 09:52:34.484root 11241100x8000000000000000294316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33edffbd20ac51052023-02-08 09:52:34.484root 11241100x8000000000000000294315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58cc928f7ec9a342023-02-08 09:52:34.484root 11241100x8000000000000000294321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7347f91a6e662d2023-02-08 09:52:34.984root 11241100x8000000000000000294320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3e89616031fd62023-02-08 09:52:34.984root 11241100x8000000000000000294319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979f0704d49e111a2023-02-08 09:52:34.984root 11241100x8000000000000000294322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:34.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb53f00869d141a2023-02-08 09:52:34.985root 11241100x8000000000000000294325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687bacea023875102023-02-08 09:52:35.484root 11241100x8000000000000000294324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a63c6f275f1ad0a2023-02-08 09:52:35.484root 11241100x8000000000000000294323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f19917c9b3c0e702023-02-08 09:52:35.484root 11241100x8000000000000000294326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b77e7ca2330f38d2023-02-08 09:52:35.485root 11241100x8000000000000000294330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868d736af0254292023-02-08 09:52:35.984root 11241100x8000000000000000294329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ed46a16c57be712023-02-08 09:52:35.984root 11241100x8000000000000000294328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccadeddc7a612e522023-02-08 09:52:35.984root 11241100x8000000000000000294327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:35.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395b596533257b0c2023-02-08 09:52:35.984root 354300x8000000000000000294331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.172{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-50234-false10.0.1.12-8000- 11241100x8000000000000000294332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:52:36.361root 11241100x8000000000000000294338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565e9d1c1b278aa2023-02-08 09:52:36.362root 11241100x8000000000000000294337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d81977088dd18b12023-02-08 09:52:36.362root 11241100x8000000000000000294336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c6ce9a8e5f864d2023-02-08 09:52:36.362root 11241100x8000000000000000294335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f81a0d24aab58b2023-02-08 09:52:36.362root 11241100x8000000000000000294334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31548f91892b79442023-02-08 09:52:36.362root 11241100x8000000000000000294333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010d00d87b15355d2023-02-08 09:52:36.362root 11241100x8000000000000000294344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7152ee212c04132023-02-08 09:52:36.734root 11241100x8000000000000000294343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907b3a8aae5ad0aa2023-02-08 09:52:36.734root 11241100x8000000000000000294342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e3666d0155ff72023-02-08 09:52:36.734root 11241100x8000000000000000294341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51940600104ba062023-02-08 09:52:36.734root 11241100x8000000000000000294340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90270e2cde014a572023-02-08 09:52:36.734root 11241100x8000000000000000294339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:36.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3e7fac300f6cb92023-02-08 09:52:36.734root 11241100x8000000000000000294350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fd335e583f3d112023-02-08 09:52:37.234root 11241100x8000000000000000294349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83afd6e74be903642023-02-08 09:52:37.234root 11241100x8000000000000000294348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f226e8ec221a85342023-02-08 09:52:37.234root 11241100x8000000000000000294347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21e4e61550df0362023-02-08 09:52:37.234root 11241100x8000000000000000294346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daacd7b3b8db7a6a2023-02-08 09:52:37.234root 11241100x8000000000000000294345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a35084e7cf1f7c2023-02-08 09:52:37.234root 11241100x8000000000000000294356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5de8f1bc2b62b42023-02-08 09:52:37.734root 11241100x8000000000000000294355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c487d6286659e4c2023-02-08 09:52:37.734root 11241100x8000000000000000294354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94707646071d6fd82023-02-08 09:52:37.734root 11241100x8000000000000000294353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9950230472bfed2023-02-08 09:52:37.734root 11241100x8000000000000000294352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfacfbdfef744b5f2023-02-08 09:52:37.734root 11241100x8000000000000000294351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:37.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86b48465ac415442023-02-08 09:52:37.734root 11241100x8000000000000000294362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c1fae338fc25e2023-02-08 09:52:38.234root 11241100x8000000000000000294361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0008d3badb44cb42023-02-08 09:52:38.234root 11241100x8000000000000000294360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e040ba18c749c2023-02-08 09:52:38.234root 11241100x8000000000000000294359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b83386896b5f372023-02-08 09:52:38.234root 11241100x8000000000000000294358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124676cd58c8a4f2023-02-08 09:52:38.234root 11241100x8000000000000000294357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2cdf3e9b2a63e2023-02-08 09:52:38.234root 11241100x8000000000000000294368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2cb17222adb4bc2023-02-08 09:52:38.734root 11241100x8000000000000000294367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fd2b68d4e1c34f2023-02-08 09:52:38.734root 11241100x8000000000000000294366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac781d29610e52942023-02-08 09:52:38.734root 11241100x8000000000000000294365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac722dc8efb95ee2023-02-08 09:52:38.734root 11241100x8000000000000000294364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7650554edd47482023-02-08 09:52:38.734root 11241100x8000000000000000294363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:38.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f64553f26b7cea2023-02-08 09:52:38.734root 11241100x8000000000000000294374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3970835c26254292023-02-08 09:52:39.234root 11241100x8000000000000000294373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3aa4d0ce76c13b2023-02-08 09:52:39.234root 11241100x8000000000000000294372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40af70220f06cd6d2023-02-08 09:52:39.234root 11241100x8000000000000000294371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6074402e5df432b92023-02-08 09:52:39.234root 11241100x8000000000000000294370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfff57f7d9b71792023-02-08 09:52:39.234root 11241100x8000000000000000294369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7635b8c97ca8d7e2023-02-08 09:52:39.234root 23542300x8000000000000000294375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.363{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000294382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c3b3a015616f172023-02-08 09:52:39.734root 11241100x8000000000000000294381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febcd732c76fec12023-02-08 09:52:39.734root 11241100x8000000000000000294380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57960f39dcde43ee2023-02-08 09:52:39.734root 11241100x8000000000000000294379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa1c162529586c72023-02-08 09:52:39.734root 11241100x8000000000000000294378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac03b9fbc71000b62023-02-08 09:52:39.734root 11241100x8000000000000000294377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2cc46fa1ed59492023-02-08 09:52:39.734root 11241100x8000000000000000294376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:39.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794bb18409851f622023-02-08 09:52:39.734root 11241100x8000000000000000294389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c76d3838b1aeaf42023-02-08 09:52:40.234root 11241100x8000000000000000294388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341e8d18879dd25c2023-02-08 09:52:40.234root 11241100x8000000000000000294387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8835f80fed43fb2023-02-08 09:52:40.234root 11241100x8000000000000000294386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75459f7d0f66d2822023-02-08 09:52:40.234root 11241100x8000000000000000294385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3178da2a48722a2023-02-08 09:52:40.234root 11241100x8000000000000000294384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f272783e0339f62023-02-08 09:52:40.234root 11241100x8000000000000000294383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7289250368909d442023-02-08 09:52:40.234root 11241100x8000000000000000294396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f666cb285752b722023-02-08 09:52:40.734root 11241100x8000000000000000294395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043ebaa0e552727f2023-02-08 09:52:40.734root 11241100x8000000000000000294394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144557164d6a07082023-02-08 09:52:40.734root 11241100x8000000000000000294393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b159785671878f02023-02-08 09:52:40.734root 11241100x8000000000000000294392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75453dca513a0072023-02-08 09:52:40.734root 11241100x8000000000000000294391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e058ea302beef1032023-02-08 09:52:40.734root 11241100x8000000000000000294390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:40.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1b36ffc794e85f2023-02-08 09:52:40.734root 11241100x8000000000000000294403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e82e481ff6d4f242023-02-08 09:52:41.234root 11241100x8000000000000000294402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcfe3418902418a2023-02-08 09:52:41.234root 11241100x8000000000000000294401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a958b33c4b07b92023-02-08 09:52:41.234root 11241100x8000000000000000294400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb376721020ee06e2023-02-08 09:52:41.234root 11241100x8000000000000000294399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b306188cb865e3e2023-02-08 09:52:41.234root 11241100x8000000000000000294398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8cab8ec01fc78b2023-02-08 09:52:41.234root 11241100x8000000000000000294397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0481be2b0c8b21802023-02-08 09:52:41.234root 11241100x8000000000000000294409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca277725d2fd93b82023-02-08 09:52:41.734root 11241100x8000000000000000294408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2371e0deb23bb2be2023-02-08 09:52:41.734root 11241100x8000000000000000294407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f804873823ea5fc2023-02-08 09:52:41.734root 11241100x8000000000000000294406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153560e3189193792023-02-08 09:52:41.734root 11241100x8000000000000000294405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f816f2b9c5d9d962023-02-08 09:52:41.734root 11241100x8000000000000000294404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bff66d7aa6bc6d2023-02-08 09:52:41.734root 11241100x8000000000000000294410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:41.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3703accab08629142023-02-08 09:52:41.735root 354300x8000000000000000294411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.026{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55438-false10.0.1.12-8000- 11241100x8000000000000000294413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.027{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fdff1d3585e7c32023-02-08 09:52:42.027root 11241100x8000000000000000294412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.027{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935950a269cd57492023-02-08 09:52:42.027root 11241100x8000000000000000294419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b37b658ff6c1e132023-02-08 09:52:42.028root 11241100x8000000000000000294418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e865ffe29170ac2023-02-08 09:52:42.028root 11241100x8000000000000000294417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8340819b48c1812023-02-08 09:52:42.028root 11241100x8000000000000000294416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5004b15423474b5e2023-02-08 09:52:42.028root 11241100x8000000000000000294415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45182d6d775e33e22023-02-08 09:52:42.028root 11241100x8000000000000000294414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.028{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262c82e6faffd5392023-02-08 09:52:42.028root 11241100x8000000000000000294426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8570035024867d72023-02-08 09:52:42.484root 11241100x8000000000000000294425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e020481087272b2023-02-08 09:52:42.484root 11241100x8000000000000000294424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cfb5bceb1877192023-02-08 09:52:42.484root 11241100x8000000000000000294423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73154020812f83502023-02-08 09:52:42.484root 11241100x8000000000000000294422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfee3cb330ad6aa2023-02-08 09:52:42.484root 11241100x8000000000000000294421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a337c21fc051dd012023-02-08 09:52:42.484root 11241100x8000000000000000294420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c255b5f086011452023-02-08 09:52:42.484root 11241100x8000000000000000294427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8cdfe5a56e41ff2023-02-08 09:52:42.485root 11241100x8000000000000000294435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219090d0573d28252023-02-08 09:52:42.984root 11241100x8000000000000000294434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91df4aaea49bf4ca2023-02-08 09:52:42.984root 11241100x8000000000000000294433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbc85bd8cd716f72023-02-08 09:52:42.984root 11241100x8000000000000000294432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c0173d81d0c0ec2023-02-08 09:52:42.984root 11241100x8000000000000000294431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3c2f3f9446f3eb2023-02-08 09:52:42.984root 11241100x8000000000000000294430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440362612f3e7bdb2023-02-08 09:52:42.984root 11241100x8000000000000000294429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e7ceed2032a4da2023-02-08 09:52:42.984root 11241100x8000000000000000294428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:42.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceeddf6191bf1a82023-02-08 09:52:42.984root 11241100x8000000000000000294443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b09363e603ce95e2023-02-08 09:52:43.484root 11241100x8000000000000000294442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1188587f53955032023-02-08 09:52:43.484root 11241100x8000000000000000294441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa73356af2c446882023-02-08 09:52:43.484root 11241100x8000000000000000294440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d939091d869654032023-02-08 09:52:43.484root 11241100x8000000000000000294439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabd8a25c1d6abee2023-02-08 09:52:43.484root 11241100x8000000000000000294438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6125b54efb17a6762023-02-08 09:52:43.484root 11241100x8000000000000000294437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c66bed8d5d114e22023-02-08 09:52:43.484root 11241100x8000000000000000294436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c604a26ae725e002023-02-08 09:52:43.484root 11241100x8000000000000000294449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646132275525fd282023-02-08 09:52:43.984root 11241100x8000000000000000294448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a401557a6b63682023-02-08 09:52:43.984root 11241100x8000000000000000294447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4862d5af49e5e2023-02-08 09:52:43.984root 11241100x8000000000000000294446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a08dac85ec96ab2023-02-08 09:52:43.984root 11241100x8000000000000000294445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80fbe757b27d263f2023-02-08 09:52:43.984root 11241100x8000000000000000294444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7265703b816b922023-02-08 09:52:43.984root 11241100x8000000000000000294451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45413ce606371c62023-02-08 09:52:43.985root 11241100x8000000000000000294450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:43.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8747bf3d5fdbd7842023-02-08 09:52:43.985root 11241100x8000000000000000294458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8a979ab5c952d52023-02-08 09:52:44.484root 11241100x8000000000000000294457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937fa3ecef12f6c12023-02-08 09:52:44.484root 11241100x8000000000000000294456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005f6c80d440b18f2023-02-08 09:52:44.484root 11241100x8000000000000000294455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c4daf5a9dcb2bb2023-02-08 09:52:44.484root 11241100x8000000000000000294454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6e50c322f8494a2023-02-08 09:52:44.484root 11241100x8000000000000000294453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b458884f72384a2023-02-08 09:52:44.484root 11241100x8000000000000000294452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44cc3eb64770b902023-02-08 09:52:44.484root 11241100x8000000000000000294459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835e22b0e67c7b472023-02-08 09:52:44.485root 11241100x8000000000000000294464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bfd30336cc6e322023-02-08 09:52:44.984root 11241100x8000000000000000294463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867bff00170955032023-02-08 09:52:44.984root 11241100x8000000000000000294462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d9aa6bfff6ea882023-02-08 09:52:44.984root 11241100x8000000000000000294461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed24b38a18bcf82023-02-08 09:52:44.984root 11241100x8000000000000000294460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea2ac2fdf163aa52023-02-08 09:52:44.984root 11241100x8000000000000000294467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fa4d4f39a598522023-02-08 09:52:44.985root 11241100x8000000000000000294466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8489e93370865cb2023-02-08 09:52:44.985root 11241100x8000000000000000294465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:44.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d930fc75edb3ca02023-02-08 09:52:44.985root 11241100x8000000000000000294472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dc30bb7d4ac8de2023-02-08 09:52:45.484root 11241100x8000000000000000294471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff5f58ac33d58982023-02-08 09:52:45.484root 11241100x8000000000000000294470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50b4d7342cf01f22023-02-08 09:52:45.484root 11241100x8000000000000000294469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46edc881b4c40862023-02-08 09:52:45.484root 11241100x8000000000000000294468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473caa8cbd96589d2023-02-08 09:52:45.484root 11241100x8000000000000000294475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8888701f00a186bd2023-02-08 09:52:45.485root 11241100x8000000000000000294474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8417b8ef3dd84d7c2023-02-08 09:52:45.485root 11241100x8000000000000000294473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45947a2530c0eb82023-02-08 09:52:45.485root 11241100x8000000000000000294479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49b92fa4434f55e2023-02-08 09:52:45.984root 11241100x8000000000000000294478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a66fa217c203a62023-02-08 09:52:45.984root 11241100x8000000000000000294477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e203bfca5f948d2023-02-08 09:52:45.984root 11241100x8000000000000000294476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e598ea551f3d606f2023-02-08 09:52:45.984root 11241100x8000000000000000294483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9b5e98bfbc12842023-02-08 09:52:45.985root 11241100x8000000000000000294482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71540d28fb7b56c12023-02-08 09:52:45.985root 11241100x8000000000000000294481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879da7718477abcd2023-02-08 09:52:45.985root 11241100x8000000000000000294480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:45.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803c1fa8f96f22c2023-02-08 09:52:45.985root 11241100x8000000000000000294491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b6c3709e91bec2023-02-08 09:52:46.484root 11241100x8000000000000000294490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6ae34049ee88b82023-02-08 09:52:46.484root 11241100x8000000000000000294489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed07b6d68c64ded2023-02-08 09:52:46.484root 11241100x8000000000000000294488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b2fa3ef4aa97162023-02-08 09:52:46.484root 11241100x8000000000000000294487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15492ce3d125deec2023-02-08 09:52:46.484root 11241100x8000000000000000294486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ac6e8fc1ac54b42023-02-08 09:52:46.484root 11241100x8000000000000000294485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744ff7170fb510652023-02-08 09:52:46.484root 11241100x8000000000000000294484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270b4789a8d2b8b52023-02-08 09:52:46.484root 11241100x8000000000000000294499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba237e2124d557d62023-02-08 09:52:46.984root 11241100x8000000000000000294498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c71281cfad35a42023-02-08 09:52:46.984root 11241100x8000000000000000294497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8359e07b3e3d08432023-02-08 09:52:46.984root 11241100x8000000000000000294496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b88609539f2aba72023-02-08 09:52:46.984root 11241100x8000000000000000294495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387b50146603e1b92023-02-08 09:52:46.984root 11241100x8000000000000000294494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1ecd5878afe9fd2023-02-08 09:52:46.984root 11241100x8000000000000000294493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208facd0e9bd519f2023-02-08 09:52:46.984root 11241100x8000000000000000294492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:46.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5723d058ef918b642023-02-08 09:52:46.984root 354300x8000000000000000294500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.073{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-55444-false10.0.1.12-8000- 11241100x8000000000000000294504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae2362fa7efecdc2023-02-08 09:52:47.484root 11241100x8000000000000000294503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a55537757e664382023-02-08 09:52:47.484root 11241100x8000000000000000294502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1415fb1027a0a7b2023-02-08 09:52:47.484root 11241100x8000000000000000294501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08185122b117fc62023-02-08 09:52:47.484root 11241100x8000000000000000294509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1054b5b67ed83b4d2023-02-08 09:52:47.485root 11241100x8000000000000000294508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cb85e75a60a8142023-02-08 09:52:47.485root 11241100x8000000000000000294507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ee5fb76d6243082023-02-08 09:52:47.485root 11241100x8000000000000000294506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe69dc8b562dc092023-02-08 09:52:47.485root 11241100x8000000000000000294505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039b68bfa47c48f2023-02-08 09:52:47.485root 11241100x8000000000000000294513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd87fa362bcd106a2023-02-08 09:52:47.984root 11241100x8000000000000000294512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b97e2611062552023-02-08 09:52:47.984root 11241100x8000000000000000294511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2537ac7399528fb92023-02-08 09:52:47.984root 11241100x8000000000000000294510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42117eb548993012023-02-08 09:52:47.984root 11241100x8000000000000000294518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4aed360176d5bd32023-02-08 09:52:47.985root 11241100x8000000000000000294517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23efe0d9ed2d67972023-02-08 09:52:47.985root 11241100x8000000000000000294516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba0927e1bb99a52023-02-08 09:52:47.985root 11241100x8000000000000000294515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee00e40e1d3322482023-02-08 09:52:47.985root 11241100x8000000000000000294514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:47.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55035819eba4d7e92023-02-08 09:52:47.985root 11241100x8000000000000000294523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c6f5583f40e7552023-02-08 09:52:48.484root 11241100x8000000000000000294522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118425c5251de2512023-02-08 09:52:48.484root 11241100x8000000000000000294521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc582571a1a82f2023-02-08 09:52:48.484root 11241100x8000000000000000294520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50452696a61e0ea82023-02-08 09:52:48.484root 11241100x8000000000000000294519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c5ed4ceaccaabd2023-02-08 09:52:48.484root 11241100x8000000000000000294527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce67658f00edcd92023-02-08 09:52:48.485root 11241100x8000000000000000294526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c79d4e97b1ceb562023-02-08 09:52:48.485root 11241100x8000000000000000294525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798c43444599ef822023-02-08 09:52:48.485root 11241100x8000000000000000294524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910845e3ead685b52023-02-08 09:52:48.485root 11241100x8000000000000000294532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b35bdf9cb3f04b62023-02-08 09:52:48.984root 11241100x8000000000000000294531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f96eb0588e311712023-02-08 09:52:48.984root 11241100x8000000000000000294530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b874ed8f863e522023-02-08 09:52:48.984root 11241100x8000000000000000294529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f67b5789ce569ff2023-02-08 09:52:48.984root 11241100x8000000000000000294528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afb8a2d5e1a86a12023-02-08 09:52:48.984root 11241100x8000000000000000294536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcebb171c608f7e22023-02-08 09:52:48.985root 11241100x8000000000000000294535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2767e6aac6b30ac2023-02-08 09:52:48.985root 11241100x8000000000000000294534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eef71e33b4cad5a2023-02-08 09:52:48.985root 11241100x8000000000000000294533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:48.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ba57f477bd16ec2023-02-08 09:52:48.985root 11241100x8000000000000000294541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61654b1dfe0801222023-02-08 09:52:49.484root 11241100x8000000000000000294540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0754c6662b70e2ad2023-02-08 09:52:49.484root 11241100x8000000000000000294539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a520232b8b46382023-02-08 09:52:49.484root 11241100x8000000000000000294538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be764cfcfadc031e2023-02-08 09:52:49.484root 11241100x8000000000000000294537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22359b2b9123c3342023-02-08 09:52:49.484root 11241100x8000000000000000294545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd73baae74d459f2023-02-08 09:52:49.485root 11241100x8000000000000000294544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38dea71fd43c1b82023-02-08 09:52:49.485root 11241100x8000000000000000294543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a149f17e7b64892023-02-08 09:52:49.485root 11241100x8000000000000000294542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3e4f300b368d7d2023-02-08 09:52:49.485root 11241100x8000000000000000294550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbea58f13d1eab392023-02-08 09:52:49.984root 11241100x8000000000000000294549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200c21dd3f10076f2023-02-08 09:52:49.984root 11241100x8000000000000000294548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137420730772e6f92023-02-08 09:52:49.984root 11241100x8000000000000000294547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a983a39beec4242023-02-08 09:52:49.984root 11241100x8000000000000000294546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e78a915a2cba362023-02-08 09:52:49.984root 11241100x8000000000000000294554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202954a34e9db562023-02-08 09:52:49.985root 11241100x8000000000000000294553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b70d94553473f1b2023-02-08 09:52:49.985root 11241100x8000000000000000294552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e6936369d619bd2023-02-08 09:52:49.985root 11241100x8000000000000000294551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:49.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fd3d1526c2bf412023-02-08 09:52:49.985root 11241100x8000000000000000294558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f6c82e122d8542023-02-08 09:52:50.484root 11241100x8000000000000000294557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3eaf596bc385b302023-02-08 09:52:50.484root 11241100x8000000000000000294556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601b87d1ce0a3ef22023-02-08 09:52:50.484root 11241100x8000000000000000294555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f381f5d1a520d42023-02-08 09:52:50.484root 11241100x8000000000000000294563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92cb799e126b8f92023-02-08 09:52:50.485root 11241100x8000000000000000294562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d1ad0ddf2e71f2023-02-08 09:52:50.485root 11241100x8000000000000000294561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db576388e6a634572023-02-08 09:52:50.485root 11241100x8000000000000000294560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277fd9d6fe23aef62023-02-08 09:52:50.485root 11241100x8000000000000000294559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604230c72fbc6352023-02-08 09:52:50.485root 11241100x8000000000000000294569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79212697e431aac32023-02-08 09:52:50.984root 11241100x8000000000000000294568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0c51d08dc0cd512023-02-08 09:52:50.984root 11241100x8000000000000000294567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791e70a7d6b7b94d2023-02-08 09:52:50.984root 11241100x8000000000000000294566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc9019aaa6b0af42023-02-08 09:52:50.984root 11241100x8000000000000000294565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3d3c25bf72f4652023-02-08 09:52:50.984root 11241100x8000000000000000294564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f3f0bf195c8e642023-02-08 09:52:50.984root 11241100x8000000000000000294572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345fde3f123044602023-02-08 09:52:50.985root 11241100x8000000000000000294571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd96d8e78e207da2023-02-08 09:52:50.985root 11241100x8000000000000000294570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:50.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e234e70060bd1d972023-02-08 09:52:50.985root 11241100x8000000000000000294580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ad03f26ffd1a232023-02-08 09:52:51.484root 11241100x8000000000000000294579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332e604afe8210222023-02-08 09:52:51.484root 11241100x8000000000000000294578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcf0ac67c888bcb2023-02-08 09:52:51.484root 11241100x8000000000000000294577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc9ba4f9544bb042023-02-08 09:52:51.484root 11241100x8000000000000000294576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a50c28a497b46ec2023-02-08 09:52:51.484root 11241100x8000000000000000294575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb759a0039290f472023-02-08 09:52:51.484root 11241100x8000000000000000294574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29432d6f1e65f9b2023-02-08 09:52:51.484root 11241100x8000000000000000294573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5898864324547632023-02-08 09:52:51.484root 11241100x8000000000000000294581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb399c20261c89252023-02-08 09:52:51.485root 11241100x8000000000000000294589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31ee144112b12b2023-02-08 09:52:51.984root 11241100x8000000000000000294588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0cdbcb73021a12023-02-08 09:52:51.984root 11241100x8000000000000000294587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4effa1a840424b2023-02-08 09:52:51.984root 11241100x8000000000000000294586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b56dbad53c6502023-02-08 09:52:51.984root 11241100x8000000000000000294585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fbfffe260432d52023-02-08 09:52:51.984root 11241100x8000000000000000294584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f71d28b776f33b2023-02-08 09:52:51.984root 11241100x8000000000000000294583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1203156efd54ceb72023-02-08 09:52:51.984root 11241100x8000000000000000294582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505392a2bae135c32023-02-08 09:52:51.984root 11241100x8000000000000000294590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:51.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7b487972f21b52023-02-08 09:52:51.985root 354300x8000000000000000294591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.106{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40028-false10.0.1.12-8000- 11241100x8000000000000000294598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50c2b28c242bfc2023-02-08 09:52:52.484root 11241100x8000000000000000294597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3136dc99e1b404162023-02-08 09:52:52.484root 11241100x8000000000000000294596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277f606e83d038bb2023-02-08 09:52:52.484root 11241100x8000000000000000294595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92af97708557b7ab2023-02-08 09:52:52.484root 11241100x8000000000000000294594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded993ebcf167f4e2023-02-08 09:52:52.484root 11241100x8000000000000000294593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c02aa21758e97e02023-02-08 09:52:52.484root 11241100x8000000000000000294592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e51b87e38b46d9d2023-02-08 09:52:52.484root 11241100x8000000000000000294601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f708a0258e9a16052023-02-08 09:52:52.485root 11241100x8000000000000000294600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efad7cfdbd1bef2023-02-08 09:52:52.485root 11241100x8000000000000000294599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88fef68f30654e02023-02-08 09:52:52.485root 11241100x8000000000000000294608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a367425e96a7adda2023-02-08 09:52:52.984root 11241100x8000000000000000294607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fe3ef8c4dcccf22023-02-08 09:52:52.984root 11241100x8000000000000000294606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc332cfa21a5b22023-02-08 09:52:52.984root 11241100x8000000000000000294605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05da65f0866f3abd2023-02-08 09:52:52.984root 11241100x8000000000000000294604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad564506d9c1ca02023-02-08 09:52:52.984root 11241100x8000000000000000294603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cb0086e3ba85b52023-02-08 09:52:52.984root 11241100x8000000000000000294602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dce10e56c2f7202023-02-08 09:52:52.984root 11241100x8000000000000000294611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5489faf7e65a9e9c2023-02-08 09:52:52.985root 11241100x8000000000000000294610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34caa248fee84bb62023-02-08 09:52:52.985root 11241100x8000000000000000294609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:52.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1542e6e095d4815a2023-02-08 09:52:52.985root 11241100x8000000000000000294618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfec2b1f3a10b0ae2023-02-08 09:52:53.484root 11241100x8000000000000000294617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe42e4b40365d622023-02-08 09:52:53.484root 11241100x8000000000000000294616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c517402c81669ec72023-02-08 09:52:53.484root 11241100x8000000000000000294615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a8a4332b740a382023-02-08 09:52:53.484root 11241100x8000000000000000294614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d4a3f6ae33c452023-02-08 09:52:53.484root 11241100x8000000000000000294613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9541bad52e9b3d672023-02-08 09:52:53.484root 11241100x8000000000000000294612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faffb9f7ca164df72023-02-08 09:52:53.484root 11241100x8000000000000000294621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fa272c5d5c93e22023-02-08 09:52:53.485root 11241100x8000000000000000294620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e7e4195ec1ea9d2023-02-08 09:52:53.485root 11241100x8000000000000000294619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a5439259eee6822023-02-08 09:52:53.485root 11241100x8000000000000000294628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be3dfaaf2ef6c472023-02-08 09:52:53.984root 11241100x8000000000000000294627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be87fb6be4c13d2e2023-02-08 09:52:53.984root 11241100x8000000000000000294626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac2c74633eac8912023-02-08 09:52:53.984root 11241100x8000000000000000294625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477285b846bfd4de2023-02-08 09:52:53.984root 11241100x8000000000000000294624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55da5d08d80c64c2023-02-08 09:52:53.984root 11241100x8000000000000000294623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca96d27f395ed2ac2023-02-08 09:52:53.984root 11241100x8000000000000000294622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d887d7a9dfce7952023-02-08 09:52:53.984root 11241100x8000000000000000294631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e33021c36735912023-02-08 09:52:53.985root 11241100x8000000000000000294630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb232a4823d5512023-02-08 09:52:53.985root 11241100x8000000000000000294629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:53.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778f4d0ea43778762023-02-08 09:52:53.985root 11241100x8000000000000000294637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c43cfcb2dd47eff2023-02-08 09:52:54.484root 11241100x8000000000000000294636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c419a6a27ab17182023-02-08 09:52:54.484root 11241100x8000000000000000294635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bacbbe0f7c2d6a2023-02-08 09:52:54.484root 11241100x8000000000000000294634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb9829aa043b6432023-02-08 09:52:54.484root 11241100x8000000000000000294633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b960a2b93dee29072023-02-08 09:52:54.484root 11241100x8000000000000000294632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f94330c451006c2023-02-08 09:52:54.484root 11241100x8000000000000000294641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8a6d350e138d42023-02-08 09:52:54.485root 11241100x8000000000000000294640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e54a74f27f3d2412023-02-08 09:52:54.485root 11241100x8000000000000000294639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93ded77c5797c402023-02-08 09:52:54.485root 11241100x8000000000000000294638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de0dddc2cb941fd2023-02-08 09:52:54.485root 154100x8000000000000000294642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.941{ec2a0601-70f6-63e3-087e-bfdbca550000}5944/usr/bin/sudo-----sudo sh -c echo 1 > /proc/sys/kernel/sysrq/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash-bashubuntu 11241100x8000000000000000294651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21d261dcfd19fed2023-02-08 09:52:54.943root 11241100x8000000000000000294650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fbfe30f2fcfe282023-02-08 09:52:54.943root 11241100x8000000000000000294649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1daa078371389c92023-02-08 09:52:54.943root 11241100x8000000000000000294648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37104e7193f01012023-02-08 09:52:54.943root 11241100x8000000000000000294647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6a8726740ba83d2023-02-08 09:52:54.943root 11241100x8000000000000000294646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab4aeaa943fc8442023-02-08 09:52:54.943root 11241100x8000000000000000294645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2a4c6f69c78aa2023-02-08 09:52:54.943root 11241100x8000000000000000294644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6789196af739a4552023-02-08 09:52:54.943root 11241100x8000000000000000294643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.943{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf698b2bf55d512023-02-08 09:52:54.943root 11241100x8000000000000000294653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3fbe4b43f34d9f2023-02-08 09:52:54.944root 11241100x8000000000000000294652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.944{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a360f4367418990d2023-02-08 09:52:54.944root 354300x8000000000000000294654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.945{ec2a0601-70f6-63e3-087e-bfdbca550000}5944/usr/bin/sudoubuntuudptruefalse127.0.0.1-46914-false127.0.0.53-53- 354300x8000000000000000294657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.946{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-55122-false10.0.0.2-53- 354300x8000000000000000294656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.946{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-50850-false10.0.0.2-53- 354300x8000000000000000294655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.946{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x8000000000000000294659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.947{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-46914- 354300x8000000000000000294658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.947{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-55122- 354300x8000000000000000294661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.950{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-44126- 354300x8000000000000000294660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.950{ec2a0601-70f6-63e3-087e-bfdbca550000}5944/usr/bin/sudoubuntuudptruefalse127.0.0.1-44126-false127.0.0.53-53- 154100x8000000000000000294662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.953{ec2a0601-70f6-63e3-6822-dc827c550000}5945/bin/dash-----sh -c echo 1 > /proc/sys/kernel/sysrq/home/ubunturoot{ec2a0601-0000-0000-0000-000000000000}05no level-{ec2a0601-70f6-63e3-087e-bfdbca550000}5944/usr/bin/sudosudoubuntu 534500x8000000000000000294663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.954{ec2a0601-70f6-63e3-6822-dc827c550000}5945/bin/dashroot 534500x8000000000000000294664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:54.955{ec2a0601-70f6-63e3-087e-bfdbca550000}5944/usr/bin/sudoroot 11241100x8000000000000000294672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e69c6f426514ffa2023-02-08 09:52:55.234root 11241100x8000000000000000294671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8690d1e57d85912023-02-08 09:52:55.234root 11241100x8000000000000000294670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0e06d1093179712023-02-08 09:52:55.234root 11241100x8000000000000000294669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03fdf3cdb053c702023-02-08 09:52:55.234root 11241100x8000000000000000294668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c631b720414f0fe12023-02-08 09:52:55.234root 11241100x8000000000000000294667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7a089457d168b52023-02-08 09:52:55.234root 11241100x8000000000000000294666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beea996f5242db8f2023-02-08 09:52:55.234root 11241100x8000000000000000294665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.234{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0671bfb92c20d4462023-02-08 09:52:55.234root 11241100x8000000000000000294681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29faca5b1e21d8c22023-02-08 09:52:55.235root 11241100x8000000000000000294680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d3df67a9f9b9b22023-02-08 09:52:55.235root 11241100x8000000000000000294679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aaed6d0fda76022023-02-08 09:52:55.235root 11241100x8000000000000000294678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a7c242df97e5f72023-02-08 09:52:55.235root 11241100x8000000000000000294677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b9b2a5bdf2177e2023-02-08 09:52:55.235root 11241100x8000000000000000294676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721221afc1ddb3c2023-02-08 09:52:55.235root 11241100x8000000000000000294675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03c196f62fe2042023-02-08 09:52:55.235root 11241100x8000000000000000294674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d603960048e38222023-02-08 09:52:55.235root 11241100x8000000000000000294673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c5d115f464a8a22023-02-08 09:52:55.235root 11241100x8000000000000000294688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2029b2fa3b886e712023-02-08 09:52:55.236root 11241100x8000000000000000294687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a646b5a1f5449fd2023-02-08 09:52:55.236root 11241100x8000000000000000294686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d984222f28754ad2023-02-08 09:52:55.236root 11241100x8000000000000000294685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d87aa76f84894c2023-02-08 09:52:55.236root 11241100x8000000000000000294684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de716c6003284aa62023-02-08 09:52:55.236root 11241100x8000000000000000294683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba073af7a97f7ac2023-02-08 09:52:55.236root 11241100x8000000000000000294682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59e3a6e6cddec042023-02-08 09:52:55.236root 11241100x8000000000000000294700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3265cf897058442023-02-08 09:52:55.735root 11241100x8000000000000000294699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c68133e19627372023-02-08 09:52:55.735root 11241100x8000000000000000294698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df97880229306e02023-02-08 09:52:55.735root 11241100x8000000000000000294697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4242199f49f1aa2023-02-08 09:52:55.735root 11241100x8000000000000000294696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff8aa2fe5375cf02023-02-08 09:52:55.735root 11241100x8000000000000000294695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5bf0a026a6e71f2023-02-08 09:52:55.735root 11241100x8000000000000000294694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9f3ca1b9e03832023-02-08 09:52:55.735root 11241100x8000000000000000294693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21693847b6b2e9a12023-02-08 09:52:55.735root 11241100x8000000000000000294692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d957880739eb92822023-02-08 09:52:55.735root 11241100x8000000000000000294691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b8ab5baa92e1f12023-02-08 09:52:55.735root 11241100x8000000000000000294690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e950953c3e83872023-02-08 09:52:55.735root 11241100x8000000000000000294689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29790f0977ab2f52023-02-08 09:52:55.735root 11241100x8000000000000000294710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66db6924354049722023-02-08 09:52:55.736root 11241100x8000000000000000294709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf3d6564dc61e952023-02-08 09:52:55.736root 11241100x8000000000000000294708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8bd2dd311db3172023-02-08 09:52:55.736root 11241100x8000000000000000294707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8df1c4d93b8d3ef2023-02-08 09:52:55.736root 11241100x8000000000000000294706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1da686ce9f1d62c2023-02-08 09:52:55.736root 11241100x8000000000000000294705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db31e56184c91a942023-02-08 09:52:55.736root 11241100x8000000000000000294704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58671233b59ea0b2023-02-08 09:52:55.736root 11241100x8000000000000000294703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f64bba1f76abf62023-02-08 09:52:55.736root 11241100x8000000000000000294702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc9f043d36e3bc32023-02-08 09:52:55.736root 11241100x8000000000000000294701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:55.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d000327e73e81d2023-02-08 09:52:55.736root 11241100x8000000000000000294724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f871c4237f833b2023-02-08 09:52:56.235root 11241100x8000000000000000294723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940e89d252bbfefd2023-02-08 09:52:56.235root 11241100x8000000000000000294722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0310bb70efc0add52023-02-08 09:52:56.235root 11241100x8000000000000000294721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2b30596f0663592023-02-08 09:52:56.235root 11241100x8000000000000000294720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eba929a652814b32023-02-08 09:52:56.235root 11241100x8000000000000000294719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a28e57872c4629b2023-02-08 09:52:56.235root 11241100x8000000000000000294718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef81c68f21800b12023-02-08 09:52:56.235root 11241100x8000000000000000294717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74d64fbd6f171182023-02-08 09:52:56.235root 11241100x8000000000000000294716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6350b7620460832023-02-08 09:52:56.235root 11241100x8000000000000000294715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3730f19811ee8b1a2023-02-08 09:52:56.235root 11241100x8000000000000000294714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33205e1e53f5f6f82023-02-08 09:52:56.235root 11241100x8000000000000000294713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0938492bce2e78f12023-02-08 09:52:56.235root 11241100x8000000000000000294712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c189fbfb099203cd2023-02-08 09:52:56.235root 11241100x8000000000000000294711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.235{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f8a745aea604a22023-02-08 09:52:56.235root 11241100x8000000000000000294732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee3cca41e24ac352023-02-08 09:52:56.236root 11241100x8000000000000000294731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63433f1e2800e4cb2023-02-08 09:52:56.236root 11241100x8000000000000000294730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f560876cf8ae62023-02-08 09:52:56.236root 11241100x8000000000000000294729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e41a5d20193742023-02-08 09:52:56.236root 11241100x8000000000000000294728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebae290819b2c2f62023-02-08 09:52:56.236root 11241100x8000000000000000294727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfe340d5ad8e1ce2023-02-08 09:52:56.236root 11241100x8000000000000000294726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2712d556e9f183342023-02-08 09:52:56.236root 11241100x8000000000000000294725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.236{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c113a90070e39a8c2023-02-08 09:52:56.236root 11241100x8000000000000000294733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.734{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c200b2f60327842023-02-08 09:52:56.734root 11241100x8000000000000000294746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8cb7adc38d67942023-02-08 09:52:56.735root 11241100x8000000000000000294745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a269c277fafd31cf2023-02-08 09:52:56.735root 11241100x8000000000000000294744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3a32b8fde2534f2023-02-08 09:52:56.735root 11241100x8000000000000000294743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcbd8215347375d2023-02-08 09:52:56.735root 11241100x8000000000000000294742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838955ca4dcddf782023-02-08 09:52:56.735root 11241100x8000000000000000294741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a0785e0c42e5452023-02-08 09:52:56.735root 11241100x8000000000000000294740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9598993f8bd08b2023-02-08 09:52:56.735root 11241100x8000000000000000294739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c936bb92f65c92023-02-08 09:52:56.735root 11241100x8000000000000000294738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82932d7c7da149772023-02-08 09:52:56.735root 11241100x8000000000000000294737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b4f88ebe395c9f2023-02-08 09:52:56.735root 11241100x8000000000000000294736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72f9d82040c99032023-02-08 09:52:56.735root 11241100x8000000000000000294735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9896594107ae5ed22023-02-08 09:52:56.735root 11241100x8000000000000000294734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0d4a6aa1fbd7b42023-02-08 09:52:56.735root 11241100x8000000000000000294754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a77d6579141638e2023-02-08 09:52:56.736root 11241100x8000000000000000294753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2448f63bb2b43bda2023-02-08 09:52:56.736root 11241100x8000000000000000294752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765d8c301a730c912023-02-08 09:52:56.736root 11241100x8000000000000000294751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab77dc0bbfbe9dbe2023-02-08 09:52:56.736root 11241100x8000000000000000294750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e092ed752548f142023-02-08 09:52:56.736root 11241100x8000000000000000294749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88be09f8eb799a2023-02-08 09:52:56.736root 11241100x8000000000000000294748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904aa97d941baa9c2023-02-08 09:52:56.736root 11241100x8000000000000000294747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:56.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868816e915a69fc2023-02-08 09:52:56.736root 354300x8000000000000000294755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.120{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-40044-false10.0.1.12-8000- 11241100x8000000000000000294756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.121{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43322212bae61c42023-02-08 09:52:57.121root 11241100x8000000000000000294765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36afa6822d5611322023-02-08 09:52:57.122root 11241100x8000000000000000294764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8670beaedfac6a2023-02-08 09:52:57.122root 11241100x8000000000000000294763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb04391965cd8e42023-02-08 09:52:57.122root 11241100x8000000000000000294762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214aa996b96685592023-02-08 09:52:57.122root 11241100x8000000000000000294761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f760f5819e3bf3c22023-02-08 09:52:57.122root 11241100x8000000000000000294760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a0cdf10e721d942023-02-08 09:52:57.122root 11241100x8000000000000000294759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3d0a6205c5a1ba2023-02-08 09:52:57.122root 11241100x8000000000000000294758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4034b9283b0a1dc92023-02-08 09:52:57.122root 11241100x8000000000000000294757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.122{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e55bcd6b9befb282023-02-08 09:52:57.122root 11241100x8000000000000000294775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eecf933b684bc362023-02-08 09:52:57.123root 11241100x8000000000000000294774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d37d9196c67d1e2023-02-08 09:52:57.123root 11241100x8000000000000000294773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87f353920dd090d2023-02-08 09:52:57.123root 11241100x8000000000000000294772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2941bc2b80a12c762023-02-08 09:52:57.123root 11241100x8000000000000000294771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddc661fd725cfec2023-02-08 09:52:57.123root 11241100x8000000000000000294770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2f5df0095342412023-02-08 09:52:57.123root 11241100x8000000000000000294769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708fd9bcdd93e6e82023-02-08 09:52:57.123root 11241100x8000000000000000294768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f41201192094c72023-02-08 09:52:57.123root 11241100x8000000000000000294767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32913b188326391c2023-02-08 09:52:57.123root 11241100x8000000000000000294766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.123{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46b8e10176e028d2023-02-08 09:52:57.123root 11241100x8000000000000000294781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e153f00e87fec692023-02-08 09:52:57.124root 11241100x8000000000000000294780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b958350a6c503252023-02-08 09:52:57.124root 11241100x8000000000000000294779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118cbd9f1dfc3f12023-02-08 09:52:57.124root 11241100x8000000000000000294778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6159a95b06dfd3fb2023-02-08 09:52:57.124root 11241100x8000000000000000294777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518ca42dbfd48aa52023-02-08 09:52:57.124root 11241100x8000000000000000294776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.124{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac61a0aea4668652023-02-08 09:52:57.124root 11241100x8000000000000000294782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5ffa0bdd6a3add2023-02-08 09:52:57.484root 11241100x8000000000000000294792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b797b26749f4e5ae2023-02-08 09:52:57.485root 11241100x8000000000000000294791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f1c4a99c72f2c82023-02-08 09:52:57.485root 11241100x8000000000000000294790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0807a9406d7b7f22023-02-08 09:52:57.485root 11241100x8000000000000000294789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10871c9b4bdcaf562023-02-08 09:52:57.485root 11241100x8000000000000000294788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91d2766ad67b2a52023-02-08 09:52:57.485root 11241100x8000000000000000294787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582dd4704c957edf2023-02-08 09:52:57.485root 11241100x8000000000000000294786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f213169033ce8e72023-02-08 09:52:57.485root 11241100x8000000000000000294785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085df5c3c5ed1abb2023-02-08 09:52:57.485root 11241100x8000000000000000294784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61f18e2ba8edc712023-02-08 09:52:57.485root 11241100x8000000000000000294783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4db20b12ffe7e32023-02-08 09:52:57.485root 11241100x8000000000000000294803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce6f2ba243959be2023-02-08 09:52:57.486root 11241100x8000000000000000294802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6320bbaf13cb6c072023-02-08 09:52:57.486root 11241100x8000000000000000294801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3439debca7bf6b5b2023-02-08 09:52:57.486root 11241100x8000000000000000294800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ba552ae3c584f52023-02-08 09:52:57.486root 11241100x8000000000000000294799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db159bab6201a8142023-02-08 09:52:57.486root 11241100x8000000000000000294798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d4afd1ec7618ef2023-02-08 09:52:57.486root 11241100x8000000000000000294797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67713289e99050282023-02-08 09:52:57.486root 11241100x8000000000000000294796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5b1dfcda55d4f02023-02-08 09:52:57.486root 11241100x8000000000000000294795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58761799f3a76f102023-02-08 09:52:57.486root 11241100x8000000000000000294794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f9ecc98b5cf682023-02-08 09:52:57.486root 11241100x8000000000000000294793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac2e5ec3c772a2c2023-02-08 09:52:57.486root 11241100x8000000000000000294804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8a468e3a5865c02023-02-08 09:52:57.487root 11241100x8000000000000000294807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2374c6b2e61c45a12023-02-08 09:52:57.985root 11241100x8000000000000000294806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7344d3eb866d4e812023-02-08 09:52:57.985root 11241100x8000000000000000294805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5632483b665701d22023-02-08 09:52:57.985root 11241100x8000000000000000294822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b1984e46e413012023-02-08 09:52:57.986root 11241100x8000000000000000294821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a0377430a562162023-02-08 09:52:57.986root 11241100x8000000000000000294820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6a168d05254c572023-02-08 09:52:57.986root 11241100x8000000000000000294819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6731271170b176fa2023-02-08 09:52:57.986root 11241100x8000000000000000294818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0719031d6bdeed2023-02-08 09:52:57.986root 11241100x8000000000000000294817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be696b12959f59992023-02-08 09:52:57.986root 11241100x8000000000000000294816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85975a5de47ed5e82023-02-08 09:52:57.986root 11241100x8000000000000000294815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee2965e091ba5e92023-02-08 09:52:57.986root 11241100x8000000000000000294814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0003008cf002e8a2023-02-08 09:52:57.986root 11241100x8000000000000000294813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e09ef4fc2f28c42023-02-08 09:52:57.986root 11241100x8000000000000000294812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a6dcae501939a2023-02-08 09:52:57.986root 11241100x8000000000000000294811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1934c7e912266d2023-02-08 09:52:57.986root 11241100x8000000000000000294810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a2d82675abb46b2023-02-08 09:52:57.986root 11241100x8000000000000000294809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9736c4abc867f1402023-02-08 09:52:57.986root 11241100x8000000000000000294808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91908b231b1d17692023-02-08 09:52:57.986root 11241100x8000000000000000294827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aece725abd330342023-02-08 09:52:57.987root 11241100x8000000000000000294826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4766bb97c7691f182023-02-08 09:52:57.987root 11241100x8000000000000000294825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb670a955a2d0522023-02-08 09:52:57.987root 11241100x8000000000000000294824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef252bdfa1a05d402023-02-08 09:52:57.987root 11241100x8000000000000000294823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:57.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84b7337006f6e932023-02-08 09:52:57.987root 11241100x8000000000000000294832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4980bdc54d9b05812023-02-08 09:52:58.484root 11241100x8000000000000000294831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcd604216755ea92023-02-08 09:52:58.484root 11241100x8000000000000000294830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f0d12b014ef5a02023-02-08 09:52:58.484root 11241100x8000000000000000294829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698652710acf53322023-02-08 09:52:58.484root 11241100x8000000000000000294828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c8b388278dc1552023-02-08 09:52:58.484root 11241100x8000000000000000294842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f2eb606624d28b2023-02-08 09:52:58.485root 11241100x8000000000000000294841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ddf55236a72632023-02-08 09:52:58.485root 11241100x8000000000000000294840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e8c10c477025462023-02-08 09:52:58.485root 11241100x8000000000000000294839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8605c72135ec59ed2023-02-08 09:52:58.485root 11241100x8000000000000000294838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812170371d504af42023-02-08 09:52:58.485root 11241100x8000000000000000294837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e95bf7f3d414e0f2023-02-08 09:52:58.485root 11241100x8000000000000000294836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc82633442e82db2023-02-08 09:52:58.485root 11241100x8000000000000000294835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c0545fc1506e172023-02-08 09:52:58.485root 11241100x8000000000000000294834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e4a7d31aa699752023-02-08 09:52:58.485root 11241100x8000000000000000294833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2f834312d381462023-02-08 09:52:58.485root 11241100x8000000000000000294850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ffb7950031a3502023-02-08 09:52:58.486root 11241100x8000000000000000294849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f302c800bc7ac4f2023-02-08 09:52:58.486root 11241100x8000000000000000294848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd6599c365a0fe82023-02-08 09:52:58.486root 11241100x8000000000000000294847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a2849502d68b372023-02-08 09:52:58.486root 11241100x8000000000000000294846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b6a1ede12f94ea2023-02-08 09:52:58.486root 11241100x8000000000000000294845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d52e40f1aeecb52023-02-08 09:52:58.486root 11241100x8000000000000000294844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d06c38d60c524e2023-02-08 09:52:58.486root 11241100x8000000000000000294843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67b8ec8b7b401032023-02-08 09:52:58.486root 11241100x8000000000000000294851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e73b642753d5392023-02-08 09:52:58.984root 11241100x8000000000000000294860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f5808770311f712023-02-08 09:52:58.985root 11241100x8000000000000000294859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475bc0430367aea12023-02-08 09:52:58.985root 11241100x8000000000000000294858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e2ae6acd73356b2023-02-08 09:52:58.985root 11241100x8000000000000000294857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfcad85ea7d86402023-02-08 09:52:58.985root 11241100x8000000000000000294856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4dce16c31a5d6f2023-02-08 09:52:58.985root 11241100x8000000000000000294855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e57c1a19d3dc552023-02-08 09:52:58.985root 11241100x8000000000000000294854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c59cd3a41943ef52023-02-08 09:52:58.985root 11241100x8000000000000000294853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a773266219fc65ca2023-02-08 09:52:58.985root 11241100x8000000000000000294852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b562ceb1fd58f72023-02-08 09:52:58.985root 11241100x8000000000000000294873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f316a514314849f12023-02-08 09:52:58.986root 11241100x8000000000000000294872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6e5045b83363ef2023-02-08 09:52:58.986root 11241100x8000000000000000294871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecc10dd2e1ef7782023-02-08 09:52:58.986root 11241100x8000000000000000294870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94b0225060217b32023-02-08 09:52:58.986root 11241100x8000000000000000294869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5054169e2e9e22b42023-02-08 09:52:58.986root 11241100x8000000000000000294868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d057431727d202023-02-08 09:52:58.986root 11241100x8000000000000000294867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b69c01a4fe7b5e72023-02-08 09:52:58.986root 11241100x8000000000000000294866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d81bbc25cd16e82023-02-08 09:52:58.986root 11241100x8000000000000000294865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8277f7196f40842023-02-08 09:52:58.986root 11241100x8000000000000000294864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2408c8181c5ec4d12023-02-08 09:52:58.986root 11241100x8000000000000000294863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb12975aba4ba0d2023-02-08 09:52:58.986root 11241100x8000000000000000294862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b321180bab13b92023-02-08 09:52:58.986root 11241100x8000000000000000294861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:58.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d96ab66d64fbdc2023-02-08 09:52:58.986root 11241100x8000000000000000294881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0abdfc5027a7e2023-02-08 09:52:59.484root 11241100x8000000000000000294880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be3f7d1a27f3e322023-02-08 09:52:59.484root 11241100x8000000000000000294879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b6217f2ffa2992023-02-08 09:52:59.484root 11241100x8000000000000000294878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c4c8bc64bc5d212023-02-08 09:52:59.484root 11241100x8000000000000000294877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c53d83f987d95b2023-02-08 09:52:59.484root 11241100x8000000000000000294876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b6feaa87b6cea72023-02-08 09:52:59.484root 11241100x8000000000000000294875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bcbabf420ab1fd2023-02-08 09:52:59.484root 11241100x8000000000000000294874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3272950bfe79a52023-02-08 09:52:59.484root 11241100x8000000000000000294893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3b3ae824fdf22e2023-02-08 09:52:59.485root 11241100x8000000000000000294892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e46e8961f5dbb52023-02-08 09:52:59.485root 11241100x8000000000000000294891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5951117e2ba186792023-02-08 09:52:59.485root 11241100x8000000000000000294890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d11e01559408c42023-02-08 09:52:59.485root 11241100x8000000000000000294889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca4831013bb06602023-02-08 09:52:59.485root 11241100x8000000000000000294888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4f106f9232a0262023-02-08 09:52:59.485root 11241100x8000000000000000294887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedbb2ea9addb7ba2023-02-08 09:52:59.485root 11241100x8000000000000000294886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b902c8e0aab3d2023-02-08 09:52:59.485root 11241100x8000000000000000294885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e5e21de19f58322023-02-08 09:52:59.485root 11241100x8000000000000000294884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecd39a3484df06c2023-02-08 09:52:59.485root 11241100x8000000000000000294883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1568a9da53385912023-02-08 09:52:59.485root 11241100x8000000000000000294882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d92e51481574fc2023-02-08 09:52:59.485root 11241100x8000000000000000294900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e753e2950f8f78f2023-02-08 09:52:59.486root 11241100x8000000000000000294899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae0027363adce232023-02-08 09:52:59.486root 11241100x8000000000000000294898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d00423133c189f2023-02-08 09:52:59.486root 11241100x8000000000000000294897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1c93b2b39f35d52023-02-08 09:52:59.486root 11241100x8000000000000000294896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03002a662069357e2023-02-08 09:52:59.486root 11241100x8000000000000000294895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6e61a665d2c5d62023-02-08 09:52:59.486root 11241100x8000000000000000294894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205dd6f69695150d2023-02-08 09:52:59.486root 11241100x8000000000000000294901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba07d83c53631302023-02-08 09:52:59.984root 11241100x8000000000000000294909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26977f506b509fd2023-02-08 09:52:59.985root 11241100x8000000000000000294908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e1b123742c41392023-02-08 09:52:59.985root 11241100x8000000000000000294907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28a6b52a56815f82023-02-08 09:52:59.985root 11241100x8000000000000000294906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96127ed7f10023292023-02-08 09:52:59.985root 11241100x8000000000000000294905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedf7eb3984981712023-02-08 09:52:59.985root 11241100x8000000000000000294904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208edc9a47b8fb962023-02-08 09:52:59.985root 11241100x8000000000000000294903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc67bf39f4aab3b2023-02-08 09:52:59.985root 11241100x8000000000000000294902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c4ba65768b89282023-02-08 09:52:59.985root 11241100x8000000000000000294919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735b673cbd1406ff2023-02-08 09:52:59.986root 11241100x8000000000000000294918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e509e18e8db8df2023-02-08 09:52:59.986root 11241100x8000000000000000294917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e160798d7cd10882023-02-08 09:52:59.986root 11241100x8000000000000000294916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dca766bf587b8042023-02-08 09:52:59.986root 11241100x8000000000000000294915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdf37822304df1e2023-02-08 09:52:59.986root 11241100x8000000000000000294914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61feb84463260f9a2023-02-08 09:52:59.986root 11241100x8000000000000000294913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8913f99996c3229e2023-02-08 09:52:59.986root 11241100x8000000000000000294912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b77527f0e5e88142023-02-08 09:52:59.986root 11241100x8000000000000000294911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e96948dd7315e2c2023-02-08 09:52:59.986root 11241100x8000000000000000294910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95de1fc0d39cc9f32023-02-08 09:52:59.986root 11241100x8000000000000000294923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163cf3699e8be5a2023-02-08 09:52:59.987root 11241100x8000000000000000294922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c6dd23d15018f12023-02-08 09:52:59.987root 11241100x8000000000000000294921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c21f5380f263d22023-02-08 09:52:59.987root 11241100x8000000000000000294920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:52:59.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa66fb4dd262a52023-02-08 09:52:59.987root 11241100x8000000000000000294927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5b9ecdaeb1e8c2023-02-08 09:53:00.484root 11241100x8000000000000000294926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662e93e746a6929f2023-02-08 09:53:00.484root 11241100x8000000000000000294925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad343c8ee8c2a2b22023-02-08 09:53:00.484root 11241100x8000000000000000294924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7351737b7e18092023-02-08 09:53:00.484root 11241100x8000000000000000294938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ffb27468fab50c2023-02-08 09:53:00.485root 11241100x8000000000000000294937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa79fc53e859cf2e2023-02-08 09:53:00.485root 11241100x8000000000000000294936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672824969cfff1e2023-02-08 09:53:00.485root 11241100x8000000000000000294935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36840c22bf1176b2023-02-08 09:53:00.485root 11241100x8000000000000000294934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83540a653f8bc6262023-02-08 09:53:00.485root 11241100x8000000000000000294933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a880ffa5a854d942023-02-08 09:53:00.485root 11241100x8000000000000000294932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b161e1a3850fe262023-02-08 09:53:00.485root 11241100x8000000000000000294931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02ecb3c0113e502023-02-08 09:53:00.485root 11241100x8000000000000000294930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df01bd4fa01231d2023-02-08 09:53:00.485root 11241100x8000000000000000294929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51afbf5af4736d022023-02-08 09:53:00.485root 11241100x8000000000000000294928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d933162a4e75a42023-02-08 09:53:00.485root 11241100x8000000000000000294947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d059457f757736442023-02-08 09:53:00.486root 11241100x8000000000000000294946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cf04c13a5d20b32023-02-08 09:53:00.486root 11241100x8000000000000000294945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2911ab0ad699d5ae2023-02-08 09:53:00.486root 11241100x8000000000000000294944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e18f0278fa2d902023-02-08 09:53:00.486root 11241100x8000000000000000294943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d41d87ecc90a2032023-02-08 09:53:00.486root 11241100x8000000000000000294942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce502df3c1fbb5b2023-02-08 09:53:00.486root 11241100x8000000000000000294941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b63c0c737e617d2023-02-08 09:53:00.486root 11241100x8000000000000000294940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a262324afe6f2f5b2023-02-08 09:53:00.486root 11241100x8000000000000000294939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c69b9e6964c56402023-02-08 09:53:00.486root 11241100x8000000000000000294952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7825acce29dbe3922023-02-08 09:53:00.984root 11241100x8000000000000000294951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c56574db9af9952023-02-08 09:53:00.984root 11241100x8000000000000000294950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ae4a3e40197bd82023-02-08 09:53:00.984root 11241100x8000000000000000294949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b60b117f7120fd72023-02-08 09:53:00.984root 11241100x8000000000000000294948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb8f546994677ee2023-02-08 09:53:00.984root 11241100x8000000000000000294960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469a856e49b7bdd22023-02-08 09:53:00.985root 11241100x8000000000000000294959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4c418861c6019c2023-02-08 09:53:00.985root 11241100x8000000000000000294958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abebddf6a74c1042023-02-08 09:53:00.985root 11241100x8000000000000000294957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf7cb275d21989b2023-02-08 09:53:00.985root 11241100x8000000000000000294956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a917405bb0a12552023-02-08 09:53:00.985root 11241100x8000000000000000294955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c412ddc360cc2b2023-02-08 09:53:00.985root 11241100x8000000000000000294954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79557a3704128982023-02-08 09:53:00.985root 11241100x8000000000000000294953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf241304c68d5fce2023-02-08 09:53:00.985root 11241100x8000000000000000294971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083211db2ad4c7a92023-02-08 09:53:00.986root 11241100x8000000000000000294970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeb2d8573c60a5a2023-02-08 09:53:00.986root 11241100x8000000000000000294969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e0bd4bfdcf9db62023-02-08 09:53:00.986root 11241100x8000000000000000294968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5d0431c121dac12023-02-08 09:53:00.986root 11241100x8000000000000000294967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb8a3b11e413582023-02-08 09:53:00.986root 11241100x8000000000000000294966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3637208ac6e9192023-02-08 09:53:00.986root 11241100x8000000000000000294965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e4e281a169f6c02023-02-08 09:53:00.986root 11241100x8000000000000000294964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb04b0d3dd01207a2023-02-08 09:53:00.986root 11241100x8000000000000000294963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93cd072fec66082023-02-08 09:53:00.986root 11241100x8000000000000000294962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8bc5e5e0c99b6f2023-02-08 09:53:00.986root 11241100x8000000000000000294961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d04d9fa01b9052023-02-08 09:53:00.986root 11241100x8000000000000000294973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc521b181ca3a4a2023-02-08 09:53:00.987root 11241100x8000000000000000294972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:00.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ce444d8c60eae2023-02-08 09:53:00.987root 11241100x8000000000000000294976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b029ef550ba77c62023-02-08 09:53:01.484root 11241100x8000000000000000294975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e70598acb7ba9362023-02-08 09:53:01.484root 11241100x8000000000000000294974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f638be5e7770452023-02-08 09:53:01.484root 11241100x8000000000000000294986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc716de629c24f012023-02-08 09:53:01.485root 11241100x8000000000000000294985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a198b1dcbf7a6f2023-02-08 09:53:01.485root 11241100x8000000000000000294984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09686a58ba256df92023-02-08 09:53:01.485root 11241100x8000000000000000294983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d34ee05e09fde222023-02-08 09:53:01.485root 11241100x8000000000000000294982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f57c2a1c8405e352023-02-08 09:53:01.485root 11241100x8000000000000000294981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9095863f0e6da062023-02-08 09:53:01.485root 11241100x8000000000000000294980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de86f1a18aea28e2023-02-08 09:53:01.485root 11241100x8000000000000000294979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5a005bde79dee2023-02-08 09:53:01.485root 11241100x8000000000000000294978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4826318c724c2c5f2023-02-08 09:53:01.485root 11241100x8000000000000000294977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12df10410769bf922023-02-08 09:53:01.485root 11241100x8000000000000000294996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93511650dba2b4822023-02-08 09:53:01.486root 11241100x8000000000000000294995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e137dc4be672e66f2023-02-08 09:53:01.486root 11241100x8000000000000000294994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e1435b3af61d042023-02-08 09:53:01.486root 11241100x8000000000000000294993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0b9eaa80eff8a72023-02-08 09:53:01.486root 11241100x8000000000000000294992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bbba381c1973462023-02-08 09:53:01.486root 11241100x8000000000000000294991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d00ec087f13502023-02-08 09:53:01.486root 11241100x8000000000000000294990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4293f7a65aa554d2023-02-08 09:53:01.486root 11241100x8000000000000000294989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e6ef9d01149e202023-02-08 09:53:01.486root 11241100x8000000000000000294988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3edfbf3790403932023-02-08 09:53:01.486root 11241100x8000000000000000294987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0638f937d40f5eb2023-02-08 09:53:01.486root 11241100x8000000000000000294997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4f4d13208d27ad2023-02-08 09:53:01.984root 11241100x8000000000000000295005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0448db91a9425932023-02-08 09:53:01.985root 11241100x8000000000000000295004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc000939d9d2672023-02-08 09:53:01.985root 11241100x8000000000000000295003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29123053bcbfca382023-02-08 09:53:01.985root 11241100x8000000000000000295002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e290f4205d9840232023-02-08 09:53:01.985root 11241100x8000000000000000295001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c5e72cd78aca5c2023-02-08 09:53:01.985root 11241100x8000000000000000295000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52788f2ec44ddca92023-02-08 09:53:01.985root 11241100x8000000000000000294999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f183925b02c0382023-02-08 09:53:01.985root 11241100x8000000000000000294998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f206a839523731822023-02-08 09:53:01.985root 11241100x8000000000000000295017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab82778a3b9580c12023-02-08 09:53:01.986root 11241100x8000000000000000295016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc6ed4dd207090f2023-02-08 09:53:01.986root 11241100x8000000000000000295015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0025c415c12543a2023-02-08 09:53:01.986root 11241100x8000000000000000295014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5837d8f3f461b82023-02-08 09:53:01.986root 11241100x8000000000000000295013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc51a28ca72dbe22023-02-08 09:53:01.986root 11241100x8000000000000000295012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2009a66720d49fe2023-02-08 09:53:01.986root 11241100x8000000000000000295011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebaa79e840159682023-02-08 09:53:01.986root 11241100x8000000000000000295010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd3612476a8f97a2023-02-08 09:53:01.986root 11241100x8000000000000000295009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9535fa109ec2ffdc2023-02-08 09:53:01.986root 11241100x8000000000000000295008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c828d7427fb1dd2023-02-08 09:53:01.986root 11241100x8000000000000000295007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13195d557857e352023-02-08 09:53:01.986root 11241100x8000000000000000295006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05309541a1597df2023-02-08 09:53:01.986root 11241100x8000000000000000295019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002f33660be6a6de2023-02-08 09:53:01.987root 11241100x8000000000000000295018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:01.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bda1a2179427e52023-02-08 09:53:01.987root 354300x8000000000000000295020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.145{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43498-false10.0.1.12-8000- 11241100x8000000000000000295026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6434ce2065e2bf762023-02-08 09:53:02.484root 11241100x8000000000000000295025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27698cc6c47325c12023-02-08 09:53:02.484root 11241100x8000000000000000295024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0238705e08268662023-02-08 09:53:02.484root 11241100x8000000000000000295023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7306a868af5b2d2023-02-08 09:53:02.484root 11241100x8000000000000000295022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03770e66745b8d52023-02-08 09:53:02.484root 11241100x8000000000000000295021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfc0200a96da2222023-02-08 09:53:02.484root 11241100x8000000000000000295035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32f939cd5319022023-02-08 09:53:02.485root 11241100x8000000000000000295034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138e7ee3c63d20922023-02-08 09:53:02.485root 11241100x8000000000000000295033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fad829199e11e352023-02-08 09:53:02.485root 11241100x8000000000000000295032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c06c1d168f8bd72023-02-08 09:53:02.485root 11241100x8000000000000000295031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91ea1db5b731f042023-02-08 09:53:02.485root 11241100x8000000000000000295030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6239e8b34772b082023-02-08 09:53:02.485root 11241100x8000000000000000295029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9584414a0fd33c792023-02-08 09:53:02.485root 11241100x8000000000000000295028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8762243f2faf26692023-02-08 09:53:02.485root 11241100x8000000000000000295027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2c3fe9cc1a700b2023-02-08 09:53:02.485root 11241100x8000000000000000295045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1117f50660d0c2202023-02-08 09:53:02.486root 11241100x8000000000000000295044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d78674fbebe13252023-02-08 09:53:02.486root 11241100x8000000000000000295043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc1df3906300d552023-02-08 09:53:02.486root 11241100x8000000000000000295042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6fb9561c9340f02023-02-08 09:53:02.486root 11241100x8000000000000000295041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cfd1c24343977a2023-02-08 09:53:02.486root 11241100x8000000000000000295040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbeba31fa6d68c942023-02-08 09:53:02.486root 11241100x8000000000000000295039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb626ca59eee182023-02-08 09:53:02.486root 11241100x8000000000000000295038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1941876234e84b12023-02-08 09:53:02.486root 11241100x8000000000000000295037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a377bb7164d1282023-02-08 09:53:02.486root 11241100x8000000000000000295036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917d8d7a29502fc62023-02-08 09:53:02.486root 11241100x8000000000000000295050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884baf910d9289d82023-02-08 09:53:02.487root 11241100x8000000000000000295049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436147dc28c686ff2023-02-08 09:53:02.487root 11241100x8000000000000000295048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915bb25833b8ced52023-02-08 09:53:02.487root 11241100x8000000000000000295047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe93dc2915d1052c2023-02-08 09:53:02.487root 11241100x8000000000000000295046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133564ec4fede2d2023-02-08 09:53:02.487root 11241100x8000000000000000295051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a781241657ad6372023-02-08 09:53:02.984root 11241100x8000000000000000295058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f4f5751301d52d2023-02-08 09:53:02.985root 11241100x8000000000000000295057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa81fc6afa82f5282023-02-08 09:53:02.985root 11241100x8000000000000000295056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51229837ce7c8aa22023-02-08 09:53:02.985root 11241100x8000000000000000295055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a683bae70f3836862023-02-08 09:53:02.985root 11241100x8000000000000000295054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceeff77586708512023-02-08 09:53:02.985root 11241100x8000000000000000295053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb236c5c981da312023-02-08 09:53:02.985root 11241100x8000000000000000295052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3917eae87e5ecd2023-02-08 09:53:02.985root 11241100x8000000000000000295067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5726fbd12fa9b40d2023-02-08 09:53:02.986root 11241100x8000000000000000295066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40ab0c3bdd9c78e2023-02-08 09:53:02.986root 11241100x8000000000000000295065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9218144593c7c0b02023-02-08 09:53:02.986root 11241100x8000000000000000295064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d060a2b08d3fc1202023-02-08 09:53:02.986root 11241100x8000000000000000295063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed982b39ca07ba8a2023-02-08 09:53:02.986root 11241100x8000000000000000295062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5dbde98ccdec42023-02-08 09:53:02.986root 11241100x8000000000000000295061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c41a540fc304602023-02-08 09:53:02.986root 11241100x8000000000000000295060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd287987d8f822ce2023-02-08 09:53:02.986root 11241100x8000000000000000295059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdf21c491914bb72023-02-08 09:53:02.986root 11241100x8000000000000000295070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a268dc1a851953a32023-02-08 09:53:02.987root 11241100x8000000000000000295069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9e53859c0d5c1c2023-02-08 09:53:02.987root 11241100x8000000000000000295068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778d21c0aea2b3222023-02-08 09:53:02.987root 11241100x8000000000000000295074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5a4c5cb13776e2023-02-08 09:53:02.988root 11241100x8000000000000000295073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b00731b734a4b702023-02-08 09:53:02.988root 11241100x8000000000000000295072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625be9a9f3a165eb2023-02-08 09:53:02.988root 11241100x8000000000000000295071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:02.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a3b4efef2b6b592023-02-08 09:53:02.988root 11241100x8000000000000000295083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b533b64bec2429a2023-02-08 09:53:03.485root 11241100x8000000000000000295082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d18fb126ba79012023-02-08 09:53:03.485root 11241100x8000000000000000295081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fee68ebd96d8552023-02-08 09:53:03.485root 11241100x8000000000000000295080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b934d7d45e49457d2023-02-08 09:53:03.485root 11241100x8000000000000000295079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567d8bae403352dd2023-02-08 09:53:03.485root 11241100x8000000000000000295078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eca5a7344bfc1392023-02-08 09:53:03.485root 11241100x8000000000000000295077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ab409142430f202023-02-08 09:53:03.485root 11241100x8000000000000000295076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9413f74e5a158ae2023-02-08 09:53:03.485root 11241100x8000000000000000295075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cd4dff271880522023-02-08 09:53:03.485root 11241100x8000000000000000295093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e68896f8869e16a2023-02-08 09:53:03.486root 11241100x8000000000000000295092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b098dbdd1333f672023-02-08 09:53:03.486root 11241100x8000000000000000295091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b20545fe27c2b02023-02-08 09:53:03.486root 11241100x8000000000000000295090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2334e07bc0f934192023-02-08 09:53:03.486root 11241100x8000000000000000295089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e6d449d18ed60d2023-02-08 09:53:03.486root 11241100x8000000000000000295088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931c0e792f4c3ec2023-02-08 09:53:03.486root 11241100x8000000000000000295087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b420384e6aa3b7082023-02-08 09:53:03.486root 11241100x8000000000000000295086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4cd06a4a9705b32023-02-08 09:53:03.486root 11241100x8000000000000000295085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f66fdc65f8c282023-02-08 09:53:03.486root 11241100x8000000000000000295084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca69bed73d22b2852023-02-08 09:53:03.486root 11241100x8000000000000000295098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702ee5033da0f8a42023-02-08 09:53:03.487root 11241100x8000000000000000295097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854639526e40d4852023-02-08 09:53:03.487root 11241100x8000000000000000295096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6bc354ecadbd0b2023-02-08 09:53:03.487root 11241100x8000000000000000295095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b6f526caae89422023-02-08 09:53:03.487root 11241100x8000000000000000295094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4063cd699030c9f52023-02-08 09:53:03.487root 11241100x8000000000000000295099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d7fea9909b1f5c2023-02-08 09:53:03.984root 11241100x8000000000000000295107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1aae88ddd497532023-02-08 09:53:03.985root 11241100x8000000000000000295106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ddc60de0bbd6002023-02-08 09:53:03.985root 11241100x8000000000000000295105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a47c9063531dd622023-02-08 09:53:03.985root 11241100x8000000000000000295104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956ca97dcf534bf72023-02-08 09:53:03.985root 11241100x8000000000000000295103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32fae655ea158c12023-02-08 09:53:03.985root 11241100x8000000000000000295102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102cf1ccf99ff6f72023-02-08 09:53:03.985root 11241100x8000000000000000295101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea67da4a19d16cb32023-02-08 09:53:03.985root 11241100x8000000000000000295100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0bed6de6b2222e2023-02-08 09:53:03.985root 11241100x8000000000000000295113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3c0f1bceb1964b2023-02-08 09:53:03.986root 11241100x8000000000000000295112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e827d5fa554bea9e2023-02-08 09:53:03.986root 11241100x8000000000000000295111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ce51201d15d92b2023-02-08 09:53:03.986root 11241100x8000000000000000295110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f23563b6b067afe2023-02-08 09:53:03.986root 11241100x8000000000000000295109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84fccdd57d914062023-02-08 09:53:03.986root 11241100x8000000000000000295108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9374e58adf4025d92023-02-08 09:53:03.986root 11241100x8000000000000000295119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f839625f26bd1b2023-02-08 09:53:03.987root 11241100x8000000000000000295118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6d31041fce85f92023-02-08 09:53:03.987root 11241100x8000000000000000295117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1143e22e7f8124cb2023-02-08 09:53:03.987root 11241100x8000000000000000295116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2901610d824ecc2023-02-08 09:53:03.987root 11241100x8000000000000000295115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b449d2354ab530b2023-02-08 09:53:03.987root 11241100x8000000000000000295114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f744a3453fb8df02023-02-08 09:53:03.987root 11241100x8000000000000000295122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754876e6629374fb2023-02-08 09:53:03.988root 11241100x8000000000000000295121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c63744b453bd292023-02-08 09:53:03.988root 11241100x8000000000000000295120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:03.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b0610c1458a0e62023-02-08 09:53:03.988root 11241100x8000000000000000295125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a58582b7bfb159c2023-02-08 09:53:04.484root 11241100x8000000000000000295124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639422e0cdaca9582023-02-08 09:53:04.484root 11241100x8000000000000000295123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f12a00278f99f2023-02-08 09:53:04.484root 11241100x8000000000000000295136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767737e622a4743e2023-02-08 09:53:04.485root 11241100x8000000000000000295135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1708ef772625935b2023-02-08 09:53:04.485root 11241100x8000000000000000295134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92cf4cddc931a432023-02-08 09:53:04.485root 11241100x8000000000000000295133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed8ee3892dea0e2023-02-08 09:53:04.485root 11241100x8000000000000000295132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a646f306e51dc1a2023-02-08 09:53:04.485root 11241100x8000000000000000295131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d51d6fb9195cdd02023-02-08 09:53:04.485root 11241100x8000000000000000295130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f547e90ce20e5d2023-02-08 09:53:04.485root 11241100x8000000000000000295129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dc0802573b5c1f2023-02-08 09:53:04.485root 11241100x8000000000000000295128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc486d424727fef52023-02-08 09:53:04.485root 11241100x8000000000000000295127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cf21298beabddf2023-02-08 09:53:04.485root 11241100x8000000000000000295126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f9aecd4b96f5b2023-02-08 09:53:04.485root 11241100x8000000000000000295143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f306b75930bdf8272023-02-08 09:53:04.486root 11241100x8000000000000000295142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad0a131ec225a582023-02-08 09:53:04.486root 11241100x8000000000000000295141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bb7f438e982b2d2023-02-08 09:53:04.486root 11241100x8000000000000000295140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201d293c2c525f382023-02-08 09:53:04.486root 11241100x8000000000000000295139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60547289d670e92023-02-08 09:53:04.486root 11241100x8000000000000000295138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba30e1762463462023-02-08 09:53:04.486root 11241100x8000000000000000295137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d513808c43cc8712023-02-08 09:53:04.486root 11241100x8000000000000000295146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d6825f857a2f172023-02-08 09:53:04.487root 11241100x8000000000000000295145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b970bdf7a8d92462023-02-08 09:53:04.487root 11241100x8000000000000000295144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eef31153311c7a2023-02-08 09:53:04.487root 11241100x8000000000000000295148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dac705bf5f2f1e2023-02-08 09:53:04.488root 11241100x8000000000000000295147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2798e4da5ba8d432023-02-08 09:53:04.488root 11241100x8000000000000000295150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742bd1a44b34217e2023-02-08 09:53:04.984root 11241100x8000000000000000295149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f345fc4630beb0582023-02-08 09:53:04.984root 11241100x8000000000000000295162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8132d4ddbe3ce52023-02-08 09:53:04.985root 11241100x8000000000000000295161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31df48eae502ad52023-02-08 09:53:04.985root 11241100x8000000000000000295160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c769e1b429552aeb2023-02-08 09:53:04.985root 11241100x8000000000000000295159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c6495850a395fb2023-02-08 09:53:04.985root 11241100x8000000000000000295158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff8d2bd722b4d082023-02-08 09:53:04.985root 11241100x8000000000000000295157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f574330dd762d8d2023-02-08 09:53:04.985root 11241100x8000000000000000295156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6c71ae59693f852023-02-08 09:53:04.985root 11241100x8000000000000000295155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad63dd7de8a15c72023-02-08 09:53:04.985root 11241100x8000000000000000295154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255babd5ff8da5c02023-02-08 09:53:04.985root 11241100x8000000000000000295153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78985f065f8727f32023-02-08 09:53:04.985root 11241100x8000000000000000295152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9652dd6baa74a6c12023-02-08 09:53:04.985root 11241100x8000000000000000295151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0379ded6a52b9182023-02-08 09:53:04.985root 11241100x8000000000000000295172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6da8b7c628c56c22023-02-08 09:53:04.986root 11241100x8000000000000000295171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ac9e7217a0c072023-02-08 09:53:04.986root 11241100x8000000000000000295170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cded947ea35f27ab2023-02-08 09:53:04.986root 11241100x8000000000000000295169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61912b35574392e2023-02-08 09:53:04.986root 11241100x8000000000000000295168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5f1d46099118c12023-02-08 09:53:04.986root 11241100x8000000000000000295167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ac196cdbb9418c2023-02-08 09:53:04.986root 11241100x8000000000000000295166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b583385621549842023-02-08 09:53:04.986root 11241100x8000000000000000295165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce7256bed75c1282023-02-08 09:53:04.986root 11241100x8000000000000000295164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ca72817735ea02023-02-08 09:53:04.986root 11241100x8000000000000000295163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:04.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8128de2dfebb29362023-02-08 09:53:04.986root 11241100x8000000000000000295184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807eb99d51a734fb2023-02-08 09:53:05.485root 11241100x8000000000000000295183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8236bed0c4cf23ef2023-02-08 09:53:05.485root 11241100x8000000000000000295182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379cb71aabd721f2023-02-08 09:53:05.485root 11241100x8000000000000000295181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00846e318d7b11112023-02-08 09:53:05.485root 11241100x8000000000000000295180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a110b10afa99862023-02-08 09:53:05.485root 11241100x8000000000000000295179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3d89a8b95669c2023-02-08 09:53:05.485root 11241100x8000000000000000295178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da19dbf9aca7bb342023-02-08 09:53:05.485root 11241100x8000000000000000295177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccb36c9af9b7b622023-02-08 09:53:05.485root 11241100x8000000000000000295176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3383a772295b8e4a2023-02-08 09:53:05.485root 11241100x8000000000000000295175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a190f9253ee2bfc2023-02-08 09:53:05.485root 11241100x8000000000000000295174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd9b496965d19502023-02-08 09:53:05.485root 11241100x8000000000000000295173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d81753b3d57df72023-02-08 09:53:05.485root 11241100x8000000000000000295196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b404ab4d6e2ea72023-02-08 09:53:05.486root 11241100x8000000000000000295195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c228adcb8957ebfe2023-02-08 09:53:05.486root 11241100x8000000000000000295194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ccbef8e59005162023-02-08 09:53:05.486root 11241100x8000000000000000295193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180dae49c55bd6542023-02-08 09:53:05.486root 11241100x8000000000000000295192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f494eb7fc5947292023-02-08 09:53:05.486root 11241100x8000000000000000295191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4929c0f5226919082023-02-08 09:53:05.486root 11241100x8000000000000000295190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2cbfe168e03c652023-02-08 09:53:05.486root 11241100x8000000000000000295189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faaec36a83c7b372023-02-08 09:53:05.486root 11241100x8000000000000000295188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9199bdd6f3be6bca2023-02-08 09:53:05.486root 11241100x8000000000000000295187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cdbafa21ce16702023-02-08 09:53:05.486root 11241100x8000000000000000295186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ee084d3deb4192023-02-08 09:53:05.486root 11241100x8000000000000000295185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae3095adf60cdba2023-02-08 09:53:05.486root 11241100x8000000000000000295202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fe8097fd9da2cd2023-02-08 09:53:05.984root 11241100x8000000000000000295201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1563fdaf8b35d9c2023-02-08 09:53:05.984root 11241100x8000000000000000295200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b30783d0479ff82023-02-08 09:53:05.984root 11241100x8000000000000000295199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eff2321f2cbc2332023-02-08 09:53:05.984root 11241100x8000000000000000295198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799864946607f122023-02-08 09:53:05.984root 11241100x8000000000000000295197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee319c40d8a307f2023-02-08 09:53:05.984root 11241100x8000000000000000295215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004e802ec415fc492023-02-08 09:53:05.985root 11241100x8000000000000000295214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509b06eb4984e5f92023-02-08 09:53:05.985root 11241100x8000000000000000295213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d450aa9c4a6de8ff2023-02-08 09:53:05.985root 11241100x8000000000000000295212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d42f526a806e84e2023-02-08 09:53:05.985root 11241100x8000000000000000295211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0106cb8c14515d582023-02-08 09:53:05.985root 11241100x8000000000000000295210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55ee74ff9350eab2023-02-08 09:53:05.985root 11241100x8000000000000000295209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8c830f2c2de7202023-02-08 09:53:05.985root 11241100x8000000000000000295208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114a5ca7e4c112bf2023-02-08 09:53:05.985root 11241100x8000000000000000295207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa305093f2ab39af2023-02-08 09:53:05.985root 11241100x8000000000000000295206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3938cfad9921d72023-02-08 09:53:05.985root 11241100x8000000000000000295205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f7bfe457765dc52023-02-08 09:53:05.985root 11241100x8000000000000000295204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057829fe361d06f02023-02-08 09:53:05.985root 11241100x8000000000000000295203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb6c264ce6b0fc02023-02-08 09:53:05.985root 11241100x8000000000000000295220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace25834dfde30c42023-02-08 09:53:05.986root 11241100x8000000000000000295219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c1cb407a0eb752023-02-08 09:53:05.986root 11241100x8000000000000000295218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499bab64bb4cf45b2023-02-08 09:53:05.986root 11241100x8000000000000000295217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48233738550343792023-02-08 09:53:05.986root 11241100x8000000000000000295216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:05.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae05c9d43daacd82023-02-08 09:53:05.986root 11241100x8000000000000000295221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.361{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2023-02-08 09:53:06.361root 11241100x8000000000000000295234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb5f30409008a662023-02-08 09:53:06.362root 11241100x8000000000000000295233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d05328d02371c5a2023-02-08 09:53:06.362root 11241100x8000000000000000295232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb1b9a27e569f5c2023-02-08 09:53:06.362root 11241100x8000000000000000295231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e0ed22d70949a2023-02-08 09:53:06.362root 11241100x8000000000000000295230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3609da8014f1b3562023-02-08 09:53:06.362root 11241100x8000000000000000295229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb41ab5e9d8cb1fd2023-02-08 09:53:06.362root 11241100x8000000000000000295228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d703d0f0ce09192023-02-08 09:53:06.362root 11241100x8000000000000000295227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccb0187cce00f8a2023-02-08 09:53:06.362root 11241100x8000000000000000295226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930f687b8714f7122023-02-08 09:53:06.362root 11241100x8000000000000000295225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb599e79753785f2023-02-08 09:53:06.362root 11241100x8000000000000000295224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfce26d79a9dc262023-02-08 09:53:06.362root 11241100x8000000000000000295223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1084677195177ed72023-02-08 09:53:06.362root 11241100x8000000000000000295222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.362{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11285d931a48467b2023-02-08 09:53:06.362root 11241100x8000000000000000295246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2766dd0489e6871f2023-02-08 09:53:06.363root 11241100x8000000000000000295245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f123d2d919885f2023-02-08 09:53:06.363root 11241100x8000000000000000295244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d4a46db10c5c42023-02-08 09:53:06.363root 11241100x8000000000000000295243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b29ff7d32797c202023-02-08 09:53:06.363root 11241100x8000000000000000295242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b555cf0ffeabbea2023-02-08 09:53:06.363root 11241100x8000000000000000295241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189499e03e6ebc8f2023-02-08 09:53:06.363root 11241100x8000000000000000295240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dc7fb926650ecc2023-02-08 09:53:06.363root 11241100x8000000000000000295239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f56f5dbc902b61b2023-02-08 09:53:06.363root 11241100x8000000000000000295238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369684a5aae5bcd2023-02-08 09:53:06.363root 11241100x8000000000000000295237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71cca8ad1290fca2023-02-08 09:53:06.363root 11241100x8000000000000000295236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea32a39c6ebfce2023-02-08 09:53:06.363root 11241100x8000000000000000295235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.363{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7393e8eac2ff462023-02-08 09:53:06.363root 11241100x8000000000000000295255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c29c7c24a715e92023-02-08 09:53:06.735root 11241100x8000000000000000295254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647444cc234a28d72023-02-08 09:53:06.735root 11241100x8000000000000000295253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc66115608076002023-02-08 09:53:06.735root 11241100x8000000000000000295252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041ed0f0223d054b2023-02-08 09:53:06.735root 11241100x8000000000000000295251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5241155d798e9b662023-02-08 09:53:06.735root 11241100x8000000000000000295250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32088fc2124f7ff12023-02-08 09:53:06.735root 11241100x8000000000000000295249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200caafc00a7f3402023-02-08 09:53:06.735root 11241100x8000000000000000295248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb52e4febd025b2023-02-08 09:53:06.735root 11241100x8000000000000000295247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.735{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cec809036185c72023-02-08 09:53:06.735root 11241100x8000000000000000295263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aca092039d19b22023-02-08 09:53:06.736root 11241100x8000000000000000295262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcbb7a7bad1f1012023-02-08 09:53:06.736root 11241100x8000000000000000295261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8736eb7a7e27b92023-02-08 09:53:06.736root 11241100x8000000000000000295260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b71c60036e87602023-02-08 09:53:06.736root 11241100x8000000000000000295259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0492a211cb9b1d682023-02-08 09:53:06.736root 11241100x8000000000000000295258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f08b134b55434b2023-02-08 09:53:06.736root 11241100x8000000000000000295257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c715534b2fd6ab42023-02-08 09:53:06.736root 11241100x8000000000000000295256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.736{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27121a0df91253f52023-02-08 09:53:06.736root 11241100x8000000000000000295271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62c82815f2d0b842023-02-08 09:53:06.737root 11241100x8000000000000000295270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc77c17ab09b32b2023-02-08 09:53:06.737root 11241100x8000000000000000295269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0bfcafd5377c602023-02-08 09:53:06.737root 11241100x8000000000000000295268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5316bc132199df2023-02-08 09:53:06.737root 11241100x8000000000000000295267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c46a0465b1207d62023-02-08 09:53:06.737root 11241100x8000000000000000295266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7c40f139b2310a2023-02-08 09:53:06.737root 11241100x8000000000000000295265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0882f8cd415b4fc42023-02-08 09:53:06.737root 11241100x8000000000000000295264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.737{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a80cc0420a375ea2023-02-08 09:53:06.737root 354300x8000000000000000295272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:06.759{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-44024-false10.0.1.12-8089- 354300x8000000000000000295273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.156{ec2a0601-5e47-63e3-d9ff-4d0400000000}5654/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43500-false10.0.1.12-8000- 11241100x8000000000000000295280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03723bcbfc6dd4c2023-02-08 09:53:07.157root 11241100x8000000000000000295279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6266c228a3f90b42023-02-08 09:53:07.157root 11241100x8000000000000000295278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1db4f6604de9aee2023-02-08 09:53:07.157root 11241100x8000000000000000295277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d07e6988af953032023-02-08 09:53:07.157root 11241100x8000000000000000295276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1360eb513555d92023-02-08 09:53:07.157root 11241100x8000000000000000295275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1e9e3d1b40a0272023-02-08 09:53:07.157root 11241100x8000000000000000295274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.157{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4de21a53a2b1d2023-02-08 09:53:07.157root 11241100x8000000000000000295295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054de950996d573a2023-02-08 09:53:07.158root 11241100x8000000000000000295294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f811f7c8db55342023-02-08 09:53:07.158root 11241100x8000000000000000295293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe3ad43920817f92023-02-08 09:53:07.158root 11241100x8000000000000000295292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cee178f376869f2023-02-08 09:53:07.158root 11241100x8000000000000000295291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935058311a1ca13f2023-02-08 09:53:07.158root 11241100x8000000000000000295290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2e5259bf7b88d2023-02-08 09:53:07.158root 11241100x8000000000000000295289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4e15561d517ea92023-02-08 09:53:07.158root 11241100x8000000000000000295288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d155deeb060edd2023-02-08 09:53:07.158root 11241100x8000000000000000295287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5414d96ecc7117232023-02-08 09:53:07.158root 11241100x8000000000000000295286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7f8c4f7c33df42023-02-08 09:53:07.158root 11241100x8000000000000000295285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f86a8400e21b92023-02-08 09:53:07.158root 11241100x8000000000000000295284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f773b9e20aace752023-02-08 09:53:07.158root 11241100x8000000000000000295283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac5917cb8c4c8a12023-02-08 09:53:07.158root 11241100x8000000000000000295282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ba112a1f1d48be2023-02-08 09:53:07.158root 11241100x8000000000000000295281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.158{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4660d55597a509e2023-02-08 09:53:07.158root 11241100x8000000000000000295310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aef625426abbf62023-02-08 09:53:07.159root 11241100x8000000000000000295309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36b70a6f9622a6a2023-02-08 09:53:07.159root 11241100x8000000000000000295308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df64ba1279ec4102023-02-08 09:53:07.159root 11241100x8000000000000000295307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd16bb3461a357072023-02-08 09:53:07.159root 11241100x8000000000000000295306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47627d6c74ca42942023-02-08 09:53:07.159root 11241100x8000000000000000295305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c42cc21cb87ebe2023-02-08 09:53:07.159root 11241100x8000000000000000295304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb6d2c5a26b88e52023-02-08 09:53:07.159root 11241100x8000000000000000295303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa12b7b5e1aee3d2023-02-08 09:53:07.159root 11241100x8000000000000000295302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc42ad7f97d41e52023-02-08 09:53:07.159root 11241100x8000000000000000295301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26454ea04a35aad92023-02-08 09:53:07.159root 11241100x8000000000000000295300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cad12000653b562023-02-08 09:53:07.159root 11241100x8000000000000000295299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0432c58ca7af3a502023-02-08 09:53:07.159root 11241100x8000000000000000295298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed8beffca6cb00c2023-02-08 09:53:07.159root 11241100x8000000000000000295297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd1f09b3e9794b22023-02-08 09:53:07.159root 11241100x8000000000000000295296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.159{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d364b4a4e36675f2023-02-08 09:53:07.159root 11241100x8000000000000000295325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b4e890a25092f12023-02-08 09:53:07.160root 11241100x8000000000000000295324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc91fb307e85e312023-02-08 09:53:07.160root 11241100x8000000000000000295323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48611a3693a5af2023-02-08 09:53:07.160root 11241100x8000000000000000295322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a83c8741451b8442023-02-08 09:53:07.160root 11241100x8000000000000000295321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d65223ad5127eaa2023-02-08 09:53:07.160root 11241100x8000000000000000295320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d43279c3e271952023-02-08 09:53:07.160root 11241100x8000000000000000295319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019ceaf6fafd19de2023-02-08 09:53:07.160root 11241100x8000000000000000295318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d1e9a5a9d0466f2023-02-08 09:53:07.160root 11241100x8000000000000000295317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6981110887e138802023-02-08 09:53:07.160root 11241100x8000000000000000295316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7351c9ca086c662023-02-08 09:53:07.160root 11241100x8000000000000000295315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c928cf78eb6e77112023-02-08 09:53:07.160root 11241100x8000000000000000295314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5068ec91ee7293d72023-02-08 09:53:07.160root 11241100x8000000000000000295313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b925213e78993a12023-02-08 09:53:07.160root 11241100x8000000000000000295312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65b9443789305f2023-02-08 09:53:07.160root 11241100x8000000000000000295311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.160{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9652efe35d38a5082023-02-08 09:53:07.160root 11241100x8000000000000000295332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78683dd70856f372023-02-08 09:53:07.161root 11241100x8000000000000000295331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093da3654bc70a902023-02-08 09:53:07.161root 11241100x8000000000000000295330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83eb5b48b72540c02023-02-08 09:53:07.161root 11241100x8000000000000000295329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56498e55c02a84712023-02-08 09:53:07.161root 11241100x8000000000000000295328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf897e9e2db6a02023-02-08 09:53:07.161root 11241100x8000000000000000295327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306b5329278891512023-02-08 09:53:07.161root 11241100x8000000000000000295326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.161{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84010d53f12ba76b2023-02-08 09:53:07.161root 11241100x8000000000000000295335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6f87e80840117a2023-02-08 09:53:07.484root 11241100x8000000000000000295334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92fc4aa64528aa02023-02-08 09:53:07.484root 11241100x8000000000000000295333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c792a5ae0f541382023-02-08 09:53:07.484root 11241100x8000000000000000295345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687141feffc1414b2023-02-08 09:53:07.485root 11241100x8000000000000000295344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347e45fdc037360a2023-02-08 09:53:07.485root 11241100x8000000000000000295343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c257f05332919c2023-02-08 09:53:07.485root 11241100x8000000000000000295342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b18495f888299d2023-02-08 09:53:07.485root 11241100x8000000000000000295341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d5a8bc1959ff22023-02-08 09:53:07.485root 11241100x8000000000000000295340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbabab8e60b24c742023-02-08 09:53:07.485root 11241100x8000000000000000295339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3036b4bfd3936b072023-02-08 09:53:07.485root 11241100x8000000000000000295338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511abb1c17930ce12023-02-08 09:53:07.485root 11241100x8000000000000000295337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ae8c342451494d2023-02-08 09:53:07.485root 11241100x8000000000000000295336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf1ff9c8156dd602023-02-08 09:53:07.485root 11241100x8000000000000000295356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a863d093ea03f472023-02-08 09:53:07.486root 11241100x8000000000000000295355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8e8634e786f1352023-02-08 09:53:07.486root 11241100x8000000000000000295354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90649cedce123c572023-02-08 09:53:07.486root 11241100x8000000000000000295353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442f9694366eb2352023-02-08 09:53:07.486root 11241100x8000000000000000295352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86b59fe671e1fbe2023-02-08 09:53:07.486root 11241100x8000000000000000295351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef168c89e3df0d62023-02-08 09:53:07.486root 11241100x8000000000000000295350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9af7511fb2072a72023-02-08 09:53:07.486root 11241100x8000000000000000295349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2631c3618abdbf2023-02-08 09:53:07.486root 11241100x8000000000000000295348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0194a9a26514242023-02-08 09:53:07.486root 11241100x8000000000000000295347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc704a673df37f062023-02-08 09:53:07.486root 11241100x8000000000000000295346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bc2482667476072023-02-08 09:53:07.486root 11241100x8000000000000000295359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93f889c531435302023-02-08 09:53:07.487root 11241100x8000000000000000295358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ed4c3710f9d2b32023-02-08 09:53:07.487root 11241100x8000000000000000295357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c561412315c68cc12023-02-08 09:53:07.487root 11241100x8000000000000000295363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9606c1f72d5e2a2023-02-08 09:53:07.984root 11241100x8000000000000000295362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa3eb8ed2f23d6e2023-02-08 09:53:07.984root 11241100x8000000000000000295361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99a1e9f6cdad8262023-02-08 09:53:07.984root 11241100x8000000000000000295360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32305d038003ea42023-02-08 09:53:07.984root 11241100x8000000000000000295374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9383ac5e42542342023-02-08 09:53:07.985root 11241100x8000000000000000295373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330f3ff40c258252023-02-08 09:53:07.985root 11241100x8000000000000000295372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ccb38f68dc278d2023-02-08 09:53:07.985root 11241100x8000000000000000295371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f014b18f7f64a112023-02-08 09:53:07.985root 11241100x8000000000000000295370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22580fbe91431f982023-02-08 09:53:07.985root 11241100x8000000000000000295369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3b6ee29d2791242023-02-08 09:53:07.985root 11241100x8000000000000000295368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd8b4460385f0c2023-02-08 09:53:07.985root 11241100x8000000000000000295367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08a948ea713ba3a2023-02-08 09:53:07.985root 11241100x8000000000000000295366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d73d7a1d2a11ab2023-02-08 09:53:07.985root 11241100x8000000000000000295365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a27b00a90e6a1d2023-02-08 09:53:07.985root 11241100x8000000000000000295364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0c4a616240ccfc2023-02-08 09:53:07.985root 11241100x8000000000000000295384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933e1ee3a1a556a32023-02-08 09:53:07.986root 11241100x8000000000000000295383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a531161a647ceb2023-02-08 09:53:07.986root 11241100x8000000000000000295382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb235bac183895482023-02-08 09:53:07.986root 11241100x8000000000000000295381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58300e0bee9314722023-02-08 09:53:07.986root 11241100x8000000000000000295380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7a4077aa50f9022023-02-08 09:53:07.986root 11241100x8000000000000000295379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9c2a809c5b38cd2023-02-08 09:53:07.986root 11241100x8000000000000000295378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465965c169ff92dd2023-02-08 09:53:07.986root 11241100x8000000000000000295377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0520f66f15952ad2023-02-08 09:53:07.986root 11241100x8000000000000000295376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f2f23401a44fe02023-02-08 09:53:07.986root 11241100x8000000000000000295375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d535163a3f1f1982023-02-08 09:53:07.986root 11241100x8000000000000000295400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6d437ff4b3a95a2023-02-08 09:53:07.987root 11241100x8000000000000000295399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935b9e3c51432c082023-02-08 09:53:07.987root 11241100x8000000000000000295398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d3b339d3f144b92023-02-08 09:53:07.987root 11241100x8000000000000000295397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f239dfd31b3cdb62023-02-08 09:53:07.987root 11241100x8000000000000000295396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2202eb3e7176832023-02-08 09:53:07.987root 11241100x8000000000000000295395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cde6cd06b2d7852023-02-08 09:53:07.987root 11241100x8000000000000000295394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b05cdf46c5a2b32023-02-08 09:53:07.987root 11241100x8000000000000000295393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777c5507a00e98a02023-02-08 09:53:07.987root 11241100x8000000000000000295392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9373da84d45ad6042023-02-08 09:53:07.987root 11241100x8000000000000000295391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444fa986b3da47c82023-02-08 09:53:07.987root 11241100x8000000000000000295390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcb566c18d1be8b2023-02-08 09:53:07.987root 11241100x8000000000000000295389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdff1e1ab27a06062023-02-08 09:53:07.987root 11241100x8000000000000000295388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7e440042190092023-02-08 09:53:07.987root 11241100x8000000000000000295387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fae4893f46d8d302023-02-08 09:53:07.987root 11241100x8000000000000000295386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a691bb536406fbd2023-02-08 09:53:07.987root 11241100x8000000000000000295385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4e592eb7d3f0c72023-02-08 09:53:07.987root 11241100x8000000000000000295401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:07.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06590770e1e1dd892023-02-08 09:53:07.988root 11241100x8000000000000000295404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a774c8346ccc202023-02-08 09:53:08.484root 11241100x8000000000000000295403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a99352b1e0ca612023-02-08 09:53:08.484root 11241100x8000000000000000295402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deda7035ae604b0d2023-02-08 09:53:08.484root 11241100x8000000000000000295417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60df520a285f386f2023-02-08 09:53:08.485root 11241100x8000000000000000295416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f14cd77a338a0f2023-02-08 09:53:08.485root 11241100x8000000000000000295415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8feb6ca1bfa30a792023-02-08 09:53:08.485root 11241100x8000000000000000295414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f71d71963d13192023-02-08 09:53:08.485root 11241100x8000000000000000295413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512004fbd429fc3b2023-02-08 09:53:08.485root 11241100x8000000000000000295412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c9aad1b3f4353c2023-02-08 09:53:08.485root 11241100x8000000000000000295411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd851eef92eb90d2023-02-08 09:53:08.485root 11241100x8000000000000000295410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce264050b7e0f5882023-02-08 09:53:08.485root 11241100x8000000000000000295409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677acf0185bd44782023-02-08 09:53:08.485root 11241100x8000000000000000295408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3669d7ce608d732023-02-08 09:53:08.485root 11241100x8000000000000000295407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105413ad462d26552023-02-08 09:53:08.485root 11241100x8000000000000000295406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258dbf8ccb6de2a42023-02-08 09:53:08.485root 11241100x8000000000000000295405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7892b0ea5dd5e32023-02-08 09:53:08.485root 11241100x8000000000000000295433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940c53c20325f5bb2023-02-08 09:53:08.486root 11241100x8000000000000000295432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4928d460361bfbd2023-02-08 09:53:08.486root 11241100x8000000000000000295431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852003fb8d9bbf012023-02-08 09:53:08.486root 11241100x8000000000000000295430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06218e4bdfeca6b92023-02-08 09:53:08.486root 11241100x8000000000000000295429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b0a63e1bf445532023-02-08 09:53:08.486root 11241100x8000000000000000295428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebf61adae8a34532023-02-08 09:53:08.486root 11241100x8000000000000000295427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3316013c6481d0462023-02-08 09:53:08.486root 11241100x8000000000000000295426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3ba796a36c782f2023-02-08 09:53:08.486root 11241100x8000000000000000295425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91778a45127add042023-02-08 09:53:08.486root 11241100x8000000000000000295424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7854e3ecd376d7e92023-02-08 09:53:08.486root 11241100x8000000000000000295423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0341cbf7a3a60ead2023-02-08 09:53:08.486root 11241100x8000000000000000295422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d4630061a677802023-02-08 09:53:08.486root 11241100x8000000000000000295421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1119a5785ffc7e92023-02-08 09:53:08.486root 11241100x8000000000000000295420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231ca1174e35ad812023-02-08 09:53:08.486root 11241100x8000000000000000295419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcce1670fca3d62b2023-02-08 09:53:08.486root 11241100x8000000000000000295418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8c4cb9cc0b14d42023-02-08 09:53:08.486root 11241100x8000000000000000295437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7c34a1a75a50b62023-02-08 09:53:08.487root 11241100x8000000000000000295436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c29cf4434bc4db72023-02-08 09:53:08.487root 11241100x8000000000000000295435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9011a6be47257b1b2023-02-08 09:53:08.487root 11241100x8000000000000000295434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda601e86e986e1b2023-02-08 09:53:08.487root 11241100x8000000000000000295447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0066acff6d88a7f2023-02-08 09:53:08.984root 11241100x8000000000000000295446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3492262b1584d2023-02-08 09:53:08.984root 11241100x8000000000000000295445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad023f0cfec0e02f2023-02-08 09:53:08.984root 11241100x8000000000000000295444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682eb6e3ce7c977d2023-02-08 09:53:08.984root 11241100x8000000000000000295443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1ea611a54d3de72023-02-08 09:53:08.984root 11241100x8000000000000000295442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f1ae89eb297dca2023-02-08 09:53:08.984root 11241100x8000000000000000295441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f303da4a146a7de12023-02-08 09:53:08.984root 11241100x8000000000000000295440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89054c6fe2e83092023-02-08 09:53:08.984root 11241100x8000000000000000295439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6014e1392f7be2f2023-02-08 09:53:08.984root 11241100x8000000000000000295438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd28b7a982351242023-02-08 09:53:08.984root 11241100x8000000000000000295458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838c51298fc126672023-02-08 09:53:08.985root 11241100x8000000000000000295457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338493765d35ec5c2023-02-08 09:53:08.985root 11241100x8000000000000000295456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ea533892a9aec82023-02-08 09:53:08.985root 11241100x8000000000000000295455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e32507164d27142023-02-08 09:53:08.985root 11241100x8000000000000000295454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9192e99c7e4c02023-02-08 09:53:08.985root 11241100x8000000000000000295453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0ac3293d93a1212023-02-08 09:53:08.985root 11241100x8000000000000000295452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b17a62a4cf0c7e92023-02-08 09:53:08.985root 11241100x8000000000000000295451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c84fe4e82fd4e802023-02-08 09:53:08.985root 11241100x8000000000000000295450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247646e0f637a6ae2023-02-08 09:53:08.985root 11241100x8000000000000000295449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f32fd9d129591b82023-02-08 09:53:08.985root 11241100x8000000000000000295448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff027c5a5cc68f2023-02-08 09:53:08.985root 11241100x8000000000000000295465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be29c816a844a1ad2023-02-08 09:53:08.986root 11241100x8000000000000000295464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9b49bbee5fbfa2023-02-08 09:53:08.986root 11241100x8000000000000000295463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7b06d9fb1340622023-02-08 09:53:08.986root 11241100x8000000000000000295462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418b557d34ab108d2023-02-08 09:53:08.986root 11241100x8000000000000000295461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa2a77570b33592023-02-08 09:53:08.986root 11241100x8000000000000000295460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0da5caec1e8d0392023-02-08 09:53:08.986root 11241100x8000000000000000295459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67198f40e65c6edb2023-02-08 09:53:08.986root 11241100x8000000000000000295470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77e5dd51e8e3a32023-02-08 09:53:08.988root 11241100x8000000000000000295469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558819e6d32764a02023-02-08 09:53:08.988root 11241100x8000000000000000295468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7d9b26160b60502023-02-08 09:53:08.988root 11241100x8000000000000000295467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2944916574b4da162023-02-08 09:53:08.988root 11241100x8000000000000000295466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b51e855f4d83332023-02-08 09:53:08.988root 11241100x8000000000000000295477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aec0cf6a343da12023-02-08 09:53:08.989root 11241100x8000000000000000295476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525119e84b1fb7632023-02-08 09:53:08.989root 11241100x8000000000000000295475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b07e62f9655e0c2023-02-08 09:53:08.989root 11241100x8000000000000000295474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f4f945ca886982023-02-08 09:53:08.989root 11241100x8000000000000000295473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07591ed91f67419a2023-02-08 09:53:08.989root 11241100x8000000000000000295472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259dc96cdc2ea3fc2023-02-08 09:53:08.989root 11241100x8000000000000000295471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:08.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171f83bc7edfc4892023-02-08 09:53:08.989root 23542300x8000000000000000295478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.193{ec2a0601-5e40-63e3-60ac-22b1c3550000}5581root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000295480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f7a3d147a169392023-02-08 09:53:09.484root 11241100x8000000000000000295479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.484{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce84f390f101f302023-02-08 09:53:09.484root 11241100x8000000000000000295486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e88adefa04921e2023-02-08 09:53:09.485root 11241100x8000000000000000295485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e0d719074cb4cf2023-02-08 09:53:09.485root 11241100x8000000000000000295484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fde74d1462be212023-02-08 09:53:09.485root 11241100x8000000000000000295483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fb005b6d0f42072023-02-08 09:53:09.485root 11241100x8000000000000000295482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed11e208de992c472023-02-08 09:53:09.485root 11241100x8000000000000000295481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.485{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7750dccc4679812023-02-08 09:53:09.485root 11241100x8000000000000000295494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fd9bbb289280a92023-02-08 09:53:09.486root 11241100x8000000000000000295493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af05c7c8bc4e05072023-02-08 09:53:09.486root 11241100x8000000000000000295492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f001d8d5bbe3ad2023-02-08 09:53:09.486root 11241100x8000000000000000295491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532b8a90d41d0ebc2023-02-08 09:53:09.486root 11241100x8000000000000000295490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5c05824029ca412023-02-08 09:53:09.486root 11241100x8000000000000000295489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83361b0f02f7d4e72023-02-08 09:53:09.486root 11241100x8000000000000000295488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f6cad363a6b4ba2023-02-08 09:53:09.486root 11241100x8000000000000000295487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.486{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea968ee00ab0615e2023-02-08 09:53:09.486root 11241100x8000000000000000295503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3488ab9208d87ca92023-02-08 09:53:09.487root 11241100x8000000000000000295502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42096d1d2ed0b2c52023-02-08 09:53:09.487root 11241100x8000000000000000295501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ebcf8a731471972023-02-08 09:53:09.487root 11241100x8000000000000000295500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177669714dd42bc72023-02-08 09:53:09.487root 11241100x8000000000000000295499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60c55c48962a3f02023-02-08 09:53:09.487root 11241100x8000000000000000295498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95cfccbc2ae50bb2023-02-08 09:53:09.487root 11241100x8000000000000000295497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b865d2bb15ca5b32023-02-08 09:53:09.487root 11241100x8000000000000000295496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b355bead014e9d8d2023-02-08 09:53:09.487root 11241100x8000000000000000295495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.487{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48973ced3fc1d49e2023-02-08 09:53:09.487root 11241100x8000000000000000295508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2bf4ed78341bf02023-02-08 09:53:09.488root 11241100x8000000000000000295507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1226c7ca4cd4f1d2023-02-08 09:53:09.488root 11241100x8000000000000000295506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a792920c98d2ff832023-02-08 09:53:09.488root 11241100x8000000000000000295505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899f63e03a1021d52023-02-08 09:53:09.488root 11241100x8000000000000000295504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.488{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b499b335527312023-02-08 09:53:09.488root 11241100x8000000000000000295511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c960783e5e64c02023-02-08 09:53:09.984root 11241100x8000000000000000295510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71e0a5a0b282d042023-02-08 09:53:09.984root 11241100x8000000000000000295509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.984{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8257362292ebcf2023-02-08 09:53:09.984root 11241100x8000000000000000295516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954629bfc8a279e42023-02-08 09:53:09.985root 11241100x8000000000000000295515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9086a6b30ddc6b32023-02-08 09:53:09.985root 11241100x8000000000000000295514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ff2c2ea2421f572023-02-08 09:53:09.985root 11241100x8000000000000000295513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02cab895d69e9022023-02-08 09:53:09.985root 11241100x8000000000000000295512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.985{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d61040b5a3b1d2023-02-08 09:53:09.985root 11241100x8000000000000000295520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b06c279bf3944c52023-02-08 09:53:09.986root 11241100x8000000000000000295519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ae40ac3bea54652023-02-08 09:53:09.986root 11241100x8000000000000000295518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb1f1b42d74846a2023-02-08 09:53:09.986root 11241100x8000000000000000295517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.986{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59519a1bfadcc7072023-02-08 09:53:09.986root 11241100x8000000000000000295526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a6afb81ce64322023-02-08 09:53:09.987root 11241100x8000000000000000295525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97cb1a57931605e2023-02-08 09:53:09.987root 11241100x8000000000000000295524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94313fe783abe9422023-02-08 09:53:09.987root 11241100x8000000000000000295523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d965a47100467bd62023-02-08 09:53:09.987root 11241100x8000000000000000295522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f018f9d048ea52023-02-08 09:53:09.987root 11241100x8000000000000000295521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.987{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9751f3e82fc7462023-02-08 09:53:09.987root 11241100x8000000000000000295537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd18f72ad8ac5e1c2023-02-08 09:53:09.988root 11241100x8000000000000000295536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4d696449cdca632023-02-08 09:53:09.988root 11241100x8000000000000000295535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef872a9451a444e2023-02-08 09:53:09.988root 11241100x8000000000000000295534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9d8a63ecdc4e0e2023-02-08 09:53:09.988root 11241100x8000000000000000295533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea8b0deae6104a2023-02-08 09:53:09.988root 11241100x8000000000000000295532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582bf28caa359382023-02-08 09:53:09.988root 11241100x8000000000000000295531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d31fe4c064d282023-02-08 09:53:09.988root 11241100x8000000000000000295530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd6653666408c422023-02-08 09:53:09.988root 11241100x8000000000000000295529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142e7c993aec5a342023-02-08 09:53:09.988root 11241100x8000000000000000295528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15cc927cf9b540a2023-02-08 09:53:09.988root 11241100x8000000000000000295527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.988{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8274a1f4df5d61742023-02-08 09:53:09.988root 11241100x8000000000000000295542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038ff1cd8b467bd2023-02-08 09:53:09.989root 11241100x8000000000000000295541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703952a46953e86f2023-02-08 09:53:09.989root 11241100x8000000000000000295540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e300c0dc069e93a2023-02-08 09:53:09.989root 11241100x8000000000000000295539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4523f6653c5ca12c2023-02-08 09:53:09.989root 11241100x8000000000000000295538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:09.989{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f038d7e4a0af052023-02-08 09:53:09.989root 154100x8000000000000000295543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.387{ec2a0601-7106-63e3-083e-fccae7550000}5946/usr/bin/sudo-----sudo sh -c echo b > /proc/sysrq-trigger/home/ubuntuubuntu{ec2a0601-6f9f-63e3-e803-000000000000}10005no level-{ec2a0601-6f9f-63e3-4804-3e6ad1550000}5906/bin/bash-bashubuntu 11241100x8000000000000000295547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.388{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9210d636c69f882023-02-08 09:53:10.388root 11241100x8000000000000000295546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.388{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91327d20fe5acad72023-02-08 09:53:10.388root 11241100x8000000000000000295545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.388{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ce09e1bc70c6092023-02-08 09:53:10.388root 11241100x8000000000000000295544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.388{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc66a2c0b353a912023-02-08 09:53:10.388root 11241100x8000000000000000295556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef29faa1e6a209922023-02-08 09:53:10.389root 11241100x8000000000000000295555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f08cd3125899b22023-02-08 09:53:10.389root 11241100x8000000000000000295554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6094afde223152023-02-08 09:53:10.389root 11241100x8000000000000000295553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d65cc56b2112742023-02-08 09:53:10.389root 11241100x8000000000000000295552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628e44213e2ce8032023-02-08 09:53:10.389root 11241100x8000000000000000295551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393f1a5242be81422023-02-08 09:53:10.389root 11241100x8000000000000000295550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca302af214ea89d2023-02-08 09:53:10.389root 11241100x8000000000000000295549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6370ccb886e61ce62023-02-08 09:53:10.389root 11241100x8000000000000000295548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.389{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9e4c60059ffc022023-02-08 09:53:10.389root 11241100x8000000000000000295562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76ae4fd92a0c18a2023-02-08 09:53:10.390root 11241100x8000000000000000295561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8553a04f3a4774b32023-02-08 09:53:10.390root 11241100x8000000000000000295560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1000e36ff6f4c3d2023-02-08 09:53:10.390root 11241100x8000000000000000295559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8e8bf69e482d22023-02-08 09:53:10.390root 11241100x8000000000000000295558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7674b07d974f9122023-02-08 09:53:10.390root 11241100x8000000000000000295557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.390{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf11120e18c035d2023-02-08 09:53:10.390root 11241100x8000000000000000295576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb08d30c03e9d802023-02-08 09:53:10.391root 354300x8000000000000000295574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-7106-63e3-083e-fccae7550000}5946/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-55804- 354300x8000000000000000295573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-60947- 11241100x8000000000000000295572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116234d05d3fc53b2023-02-08 09:53:10.391root 11241100x8000000000000000295571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beae9c346a752f6d2023-02-08 09:53:10.391root 11241100x8000000000000000295570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37010ea7505e4e8b2023-02-08 09:53:10.391root 11241100x8000000000000000295569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74abab32628ce822023-02-08 09:53:10.391root 11241100x8000000000000000295568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d5fba6987fcb9e2023-02-08 09:53:10.391root 11241100x8000000000000000295567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7e661cf1dcc8c22023-02-08 09:53:10.391root 354300x8000000000000000295566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-7106-63e3-083e-fccae7550000}5946/usr/bin/sudoubuntuudptruefalse127.0.0.1-60947-false127.0.0.53-53- 11241100x8000000000000000295565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733c147c5c01dda02023-02-08 09:53:10.391root 11241100x8000000000000000295564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e61ae4dc0119fa2023-02-08 09:53:10.391root 11241100x8000000000000000295563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.391{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b4a64e14cb11b12023-02-08 09:53:10.391root 11241100x8000000000000000295588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f3b70516c057502023-02-08 09:53:10.392root 354300x8000000000000000295587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5c51-63e3-60a8-c8d675550000}2785/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-55804- 11241100x8000000000000000295586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55bdd7861a0b8bb2023-02-08 09:53:10.392root 11241100x8000000000000000295585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628992afab8fad562023-02-08 09:53:10.392root 11241100x8000000000000000295584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970e0a2f3b9fa3732023-02-08 09:53:10.392root 11241100x8000000000000000295583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6960227b09bc88632023-02-08 09:53:10.392root 11241100x8000000000000000295582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ecc94707de8a72023-02-08 09:53:10.392root 11241100x8000000000000000295581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e85b537a6f463e02023-02-08 09:53:10.392root 11241100x8000000000000000295580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1058b4fc0de824812023-02-08 09:53:10.392root 11241100x8000000000000000295579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cdc831295c63762023-02-08 09:53:10.392root 11241100x8000000000000000295578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e461d1f3eefc0e2023-02-08 09:53:10.392root 11241100x8000000000000000295577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45914d5386f138682023-02-08 09:53:10.392root 354300x8000000000000000295575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.392{ec2a0601-7106-63e3-083e-fccae7550000}5946/usr/bin/sudoubuntuudptruefalse127.0.0.1-55804-false127.0.0.53-53- 11241100x8000000000000000295593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.393{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe185b37205cec592023-02-08 09:53:10.393root 11241100x8000000000000000295592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.393{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc135601fa495d52023-02-08 09:53:10.393root 11241100x8000000000000000295591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.393{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303e2e83bc8c83542023-02-08 09:53:10.393root 11241100x8000000000000000295590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.393{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52246e55ce972e782023-02-08 09:53:10.393root 11241100x8000000000000000295589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:10.393{ec2a0601-5e44-63e3-60dc-a6d0d1550000}5649/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a4cc18b97d3b92023-02-08 09:53:10.393root 534500x8000000000000000294790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:34.761{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroot 534500x8000000000000000294791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:34.887{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroot 354300x8000000000000000294792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:34.979{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-47588-false10.0.1.12-9997- 154100x8000000000000000294794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.182{ec2a0601-7121-63e3-6842-77d801560000}1723/bin/dash-----/bin/sh -c /opt/splunkforwarder/bin/splunkd journald-modinput '$@'/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{ec2a0601-711b-63e3-606c-3fcabc550000}1554/opt/splunkforwarder/bin/splunkd[splunkd pid=1545] splunkd -p 8089 start [process-runner]root 11241100x8000000000000000294793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.182{ec2a0601-7121-63e3-606c-3fcabc550000}1723/opt/splunkforwarder/bin/splunkd/proc/1723/oom_score_adj2023-02-08 09:53:37.182root 11241100x8000000000000000294795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.183{ec2a0601-711b-63e3-606c-3fcabc550000}1554/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/run/splunk/splunkd.pid.tmp2023-02-08 09:53:37.183root 154100x8000000000000000294796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd-----/opt/splunkforwarder/bin/splunkd journald-modinput $@/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{ec2a0601-7121-63e3-6842-77d801560000}1723/bin/dash/bin/shroot 11241100x8000000000000000294797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.238{ec2a0601-7121-63e3-600c-b92a45560000}1725/opt/splunkforwarder/bin/splunkd/proc/1725/oom_score_adj2023-02-08 09:53:37.238root 154100x8000000000000000294799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.243{ec2a0601-7121-63e3-601a-a45e1d560000}1727/bin/journalctl-----journalctl -f -o json _SYSTEMD_UNIT=sysmon.service -q --output-fields PRIORITY,_SYSTEMD_UNIT,_SYSTEMD_CGROUP,_TRANSPORT,_PID,_UID,_MACHINE_ID,_GID,_COMM,_EXE,MESSAGE/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{ec2a0601-7121-63e3-600c-b92a45560000}1725/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/bin/splunkd journald-modinput $@root 11241100x8000000000000000294798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.243{ec2a0601-7121-63e3-601a-a45e1d560000}1727/opt/splunkforwarder/bin/splunkd/proc/1727/oom_score_adj2023-02-08 09:53:37.243root 11241100x8000000000000000294802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.330{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f4e1399ecd9d812023-02-08 09:53:37.330root 11241100x8000000000000000294801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.330{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c369b1029d1271ef2023-02-08 09:53:37.330root 11241100x8000000000000000294800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.330{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b002fc50c1704a2023-02-08 09:53:37.330root 11241100x8000000000000000294808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336fb7acb8f67ef52023-02-08 09:53:37.331root 11241100x8000000000000000294807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57967c94f8e9235f2023-02-08 09:53:37.331root 11241100x8000000000000000294806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7488539f66d86892023-02-08 09:53:37.331root 11241100x8000000000000000294805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b5e37be0f71d692023-02-08 09:53:37.331root 11241100x8000000000000000294804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7189d2c1e338fc2023-02-08 09:53:37.331root 11241100x8000000000000000294803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.331{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d050c56b6bf1c32023-02-08 09:53:37.331root 11241100x8000000000000000294809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.332{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2755420bb049ee922023-02-08 09:53:37.332root 11241100x8000000000000000294812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.683{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53061b0317f9daf2023-02-08 09:53:37.683root 11241100x8000000000000000294811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.683{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77df14f80bead872023-02-08 09:53:37.683root 11241100x8000000000000000294810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.683{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9991cd35c98fe652023-02-08 09:53:37.683root 11241100x8000000000000000294815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.684{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02338c10476d5912023-02-08 09:53:37.684root 11241100x8000000000000000294814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.684{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943691fbd05ac632023-02-08 09:53:37.684root 11241100x8000000000000000294813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.684{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcbbaa5949722532023-02-08 09:53:37.684root 11241100x8000000000000000294818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd74666b5a4c8172023-02-08 09:53:37.685root 11241100x8000000000000000294817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f753035e99972c1c2023-02-08 09:53:37.685root 11241100x8000000000000000294816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029edc4bdffafb8e2023-02-08 09:53:37.685root 11241100x8000000000000000294821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.686{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039344e0041e6a972023-02-08 09:53:37.686root 11241100x8000000000000000294820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.686{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24559ccea22b8ed2023-02-08 09:53:37.686root 11241100x8000000000000000294819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:37.686{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55adedd814a6a45a2023-02-08 09:53:37.686root 11241100x8000000000000000294831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15af45254ee2bb82023-02-08 09:53:38.184root 11241100x8000000000000000294830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2350c9cebd612ca22023-02-08 09:53:38.184root 11241100x8000000000000000294829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc50eaecdaeb4d912023-02-08 09:53:38.184root 11241100x8000000000000000294828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efc253a3356fc212023-02-08 09:53:38.184root 11241100x8000000000000000294827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79db3b41d9567e692023-02-08 09:53:38.184root 11241100x8000000000000000294826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8841acd5bfa6912023-02-08 09:53:38.184root 11241100x8000000000000000294825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dffe40ffbf02ae2023-02-08 09:53:38.184root 11241100x8000000000000000294824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e22dcca2491412023-02-08 09:53:38.184root 11241100x8000000000000000294823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff321d12d7875c0f2023-02-08 09:53:38.184root 11241100x8000000000000000294822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.184{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7172f3a5c4fdf982023-02-08 09:53:38.184root 11241100x8000000000000000294841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a48349fb1684672023-02-08 09:53:38.685root 11241100x8000000000000000294840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817b21dfe6ae535f2023-02-08 09:53:38.685root 11241100x8000000000000000294839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d507e88470dfda52023-02-08 09:53:38.685root 11241100x8000000000000000294838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d1f9b6e9bef882023-02-08 09:53:38.685root 11241100x8000000000000000294837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac73492d7d27152023-02-08 09:53:38.685root 11241100x8000000000000000294836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ccd94f65a9ef1552023-02-08 09:53:38.685root 11241100x8000000000000000294835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9d6c8e926588f02023-02-08 09:53:38.685root 11241100x8000000000000000294834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.913b55acbd2eece12023-02-08 09:53:38.685root 11241100x8000000000000000294833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc0031d76d335772023-02-08 09:53:38.685root 11241100x8000000000000000294832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:38.685{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0a95df0c6c08732023-02-08 09:53:38.685root 11241100x8000000000000000294845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.186{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d743342b85dd4ac2023-02-08 09:53:39.186root 11241100x8000000000000000294844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.186{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0669876858e75da12023-02-08 09:53:39.186root 11241100x8000000000000000294843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.186{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71e9e0142a7fd712023-02-08 09:53:39.186root 11241100x8000000000000000294842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.186{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d263a456a8da69c2023-02-08 09:53:39.186root 11241100x8000000000000000294849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.187{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15d70159fbec8be2023-02-08 09:53:39.187root 11241100x8000000000000000294848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.187{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647ab6f4342b5ff2023-02-08 09:53:39.187root 11241100x8000000000000000294847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.187{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785b5a720f10323d2023-02-08 09:53:39.187root 11241100x8000000000000000294846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.187{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4c7edb457689b32023-02-08 09:53:39.187root 11241100x8000000000000000294854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.188{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1998a483a7c7e32023-02-08 09:53:39.188root 11241100x8000000000000000294853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.188{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1ed311d39776ce2023-02-08 09:53:39.188root 11241100x8000000000000000294852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.188{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cce4ae0c14a794b2023-02-08 09:53:39.188root 11241100x8000000000000000294851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.188{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760030634ba714e2023-02-08 09:53:39.188root 11241100x8000000000000000294850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.188{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fc7f41da8d07542023-02-08 09:53:39.188root 11241100x8000000000000000294855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.189{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e9b238e017e4a42023-02-08 09:53:39.189root 11241100x8000000000000000294865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/27/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/29/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/30/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/34/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/28/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/31/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/33/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/24/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/26/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.523{ec2a0601-7118-63e3-d049-9a73ad550000}1013/usr/sbin/irqbalance/proc/irq/25/smp_affinity2023-02-08 09:53:39.523root 11241100x8000000000000000294868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.524{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e149ea15392fd842023-02-08 09:53:39.524root 11241100x8000000000000000294867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.524{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9660ab4467f2184b2023-02-08 09:53:39.524root 11241100x8000000000000000294866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.524{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626e538a288eaf3c2023-02-08 09:53:39.524root 11241100x8000000000000000294873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.525{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4816954dd399c62023-02-08 09:53:39.525root 11241100x8000000000000000294872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.525{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab07869fa281e22023-02-08 09:53:39.525root 11241100x8000000000000000294871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.525{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6595a0e0ff41e152023-02-08 09:53:39.525root 11241100x8000000000000000294870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.525{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194085ff8123c67b2023-02-08 09:53:39.525root 11241100x8000000000000000294869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.525{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee08c05368dfac712023-02-08 09:53:39.525root 11241100x8000000000000000294880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-711b-63e3-606c-3fcabc550000}1554/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/run/splunk/splunkd.pid.tmp2023-02-08 09:53:39.526root 154100x8000000000000000294879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7123-63e3-6872-813320560000}1728/bin/dash-----/bin/sh -c /opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwd/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{ec2a0601-711b-63e3-606c-3fcabc550000}1554/opt/splunkforwarder/bin/splunkd[splunkd pid=1545] splunkd -p 8089 start [process-runner]root 11241100x8000000000000000294878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1635fcda7c2d84a2023-02-08 09:53:39.526root 11241100x8000000000000000294877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9552c2cb54a8de5d2023-02-08 09:53:39.526root 11241100x8000000000000000294876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec543c36c9090c912023-02-08 09:53:39.526root 11241100x8000000000000000294875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7123-63e3-606c-3fcabc550000}1728/opt/splunkforwarder/bin/splunkd/proc/1728/oom_score_adj2023-02-08 09:53:39.526root 11241100x8000000000000000294874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.526{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f964dcb49a4cd2023-02-08 09:53:39.526root 154100x8000000000000000294884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.527{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwd-----/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwd/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{ec2a0601-7123-63e3-6872-813320560000}1728/bin/dash/bin/shroot 11241100x8000000000000000294883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc24e267da44f7452023-02-08 09:53:39.527root 11241100x8000000000000000294882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94b8140f81d9ccd2023-02-08 09:53:39.527root 11241100x8000000000000000294881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163496b7db4161cf2023-02-08 09:53:39.527root 11241100x8000000000000000294889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cb48093731dec82023-02-08 09:53:39.528root 11241100x8000000000000000294888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a86273614d522da2023-02-08 09:53:39.528root 11241100x8000000000000000294887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd218582b20df9b2023-02-08 09:53:39.528root 11241100x8000000000000000294886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8c387dd70046202023-02-08 09:53:39.528root 11241100x8000000000000000294885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b3eed9a19379a72023-02-08 09:53:39.528root 354300x8000000000000000294893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.608{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdrootudptruefalse127.0.0.1-54875-false127.0.0.53-53- 354300x8000000000000000294892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.608{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdrootudpfalsefalse127.0.0.53-53-false127.0.0.1-54875- 354300x8000000000000000294891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.608{ec2a0601-7115-63e3-6068-5d0e26560000}888/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-33139- 354300x8000000000000000294890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.608{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdrootudptruefalse127.0.0.1-33139-false127.0.0.53-53- 11241100x8000000000000000294895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.609{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:39.609root 354300x8000000000000000294894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.609{ec2a0601-7115-63e3-6068-5d0e26560000}888/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-54875- 23542300x8000000000000000294896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.610{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000294897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.611{ec2a0601-711d-63e3-0000-000000000000}1730-root 354300x8000000000000000294898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:39.616{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-32980-false10.0.1.12-8000- 11241100x8000000000000000294903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.025{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c561e8fda328f4a2023-02-08 09:53:40.025root 11241100x8000000000000000294902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.025{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763512152d35a0f22023-02-08 09:53:40.025root 11241100x8000000000000000294901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.025{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33c4f5865373d02023-02-08 09:53:40.025root 11241100x8000000000000000294900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.025{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1191351d9450e32023-02-08 09:53:40.025root 11241100x8000000000000000294899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.025{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc0f125bff5af292023-02-08 09:53:40.025root 11241100x8000000000000000294917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a0d4ce68b0b32a2023-02-08 09:53:40.026root 11241100x8000000000000000294916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931bd0de1bff7e432023-02-08 09:53:40.026root 11241100x8000000000000000294915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d922b4f5d5126372023-02-08 09:53:40.026root 11241100x8000000000000000294914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4804358d0c9bf46e2023-02-08 09:53:40.026root 11241100x8000000000000000294913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56541b9acd09ed182023-02-08 09:53:40.026root 11241100x8000000000000000294912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df03ffbf5f0b877f2023-02-08 09:53:40.026root 11241100x8000000000000000294911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eaa89f6804fb9d2023-02-08 09:53:40.026root 11241100x8000000000000000294910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f401e9d20db9b61c2023-02-08 09:53:40.026root 11241100x8000000000000000294909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4c639f2527558a2023-02-08 09:53:40.026root 11241100x8000000000000000294908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec33370eeb519a2c2023-02-08 09:53:40.026root 11241100x8000000000000000294907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcce0b0846404d862023-02-08 09:53:40.026root 11241100x8000000000000000294906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f427452460a1062023-02-08 09:53:40.026root 11241100x8000000000000000294905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c567144f9edc5b222023-02-08 09:53:40.026root 11241100x8000000000000000294904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.026{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198474e36fc0e1b2023-02-08 09:53:40.026root 11241100x8000000000000000294928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71017233ab10b0782023-02-08 09:53:40.027root 11241100x8000000000000000294927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bd0134d3ee13112023-02-08 09:53:40.027root 11241100x8000000000000000294926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efd9b9e527f82b12023-02-08 09:53:40.027root 11241100x8000000000000000294925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f9c3a68bed1c0e2023-02-08 09:53:40.027root 11241100x8000000000000000294924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c1dbbdc9f510332023-02-08 09:53:40.027root 11241100x8000000000000000294923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ccadc2c459aeb12023-02-08 09:53:40.027root 11241100x8000000000000000294922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e62449b4dfd6cb2023-02-08 09:53:40.027root 11241100x8000000000000000294921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef89d103e62f922023-02-08 09:53:40.027root 11241100x8000000000000000294920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8509e1112073a4b82023-02-08 09:53:40.027root 11241100x8000000000000000294919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306d841724b597682023-02-08 09:53:40.027root 11241100x8000000000000000294918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.027{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62fc008f1156182023-02-08 09:53:40.027root 11241100x8000000000000000294931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.028{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e99328e59aeccb2023-02-08 09:53:40.028root 11241100x8000000000000000294930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.028{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d046f68c5083352023-02-08 09:53:40.028root 11241100x8000000000000000294929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.028{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e832480998dafa2023-02-08 09:53:40.028root 354300x8000000000000000294932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.168{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-32990-false10.0.1.12-8000- 11241100x8000000000000000294935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c9c656795cb062023-02-08 09:53:40.527root 11241100x8000000000000000294934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ab928c9e2bd7b72023-02-08 09:53:40.527root 11241100x8000000000000000294933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.527{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c7e122f8cf17212023-02-08 09:53:40.527root 11241100x8000000000000000294948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf2672078c77b62023-02-08 09:53:40.528root 11241100x8000000000000000294947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7b1ad6d0140dd92023-02-08 09:53:40.528root 11241100x8000000000000000294946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699e2729a69cb0612023-02-08 09:53:40.528root 11241100x8000000000000000294945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e20cd01817cdf2023-02-08 09:53:40.528root 11241100x8000000000000000294944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af50f63ad4edf572023-02-08 09:53:40.528root 11241100x8000000000000000294943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cacfd643d035c22023-02-08 09:53:40.528root 11241100x8000000000000000294942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67d37463e675b82023-02-08 09:53:40.528root 11241100x8000000000000000294941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4796d0e5b7ac062023-02-08 09:53:40.528root 11241100x8000000000000000294940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4742037a601cc82b2023-02-08 09:53:40.528root 11241100x8000000000000000294939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448925b081a597192023-02-08 09:53:40.528root 11241100x8000000000000000294938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8e3f7deac96d632023-02-08 09:53:40.528root 11241100x8000000000000000294937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894982c5537f9c5b2023-02-08 09:53:40.528root 11241100x8000000000000000294936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.528{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7f3cd6a159c1b92023-02-08 09:53:40.528root 11241100x8000000000000000294956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d64447913d59b8d2023-02-08 09:53:40.529root 11241100x8000000000000000294955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afdbcc5c05ca333f2023-02-08 09:53:40.529root 11241100x8000000000000000294954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7496dfdb416258aa2023-02-08 09:53:40.529root 11241100x8000000000000000294953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc66866c7a5f9b72023-02-08 09:53:40.529root 11241100x8000000000000000294952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6760d5b1c3bd8a3a2023-02-08 09:53:40.529root 11241100x8000000000000000294951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e8e2922655370f2023-02-08 09:53:40.529root 11241100x8000000000000000294950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e57bb41140e01c2023-02-08 09:53:40.529root 11241100x8000000000000000294949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.529{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c954cc225dc9f8e2023-02-08 09:53:40.529root 11241100x8000000000000000294966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef08666e50d4dae2023-02-08 09:53:40.530root 11241100x8000000000000000294965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba49bca3460fac32023-02-08 09:53:40.530root 11241100x8000000000000000294964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd5669ef8a5049c2023-02-08 09:53:40.530root 11241100x8000000000000000294963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7648402371e4c9e92023-02-08 09:53:40.530root 11241100x8000000000000000294962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346d6dbc4e61259d2023-02-08 09:53:40.530root 11241100x8000000000000000294961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8e0a83dc562e7e2023-02-08 09:53:40.530root 11241100x8000000000000000294960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2de2f14b8ac722023-02-08 09:53:40.530root 11241100x8000000000000000294959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3365d274becb01f2023-02-08 09:53:40.530root 11241100x8000000000000000294958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7300aa9a3a7c502023-02-08 09:53:40.530root 11241100x8000000000000000294957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.530{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a82a38107192942023-02-08 09:53:40.530root 354300x8000000000000000294967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.707{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33004-false10.0.1.12-8000- 354300x8000000000000000294968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.893{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkd-tcpfalsefalse107.155.55.108-35034-false10.0.1.20-8089- 11241100x8000000000000000294969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.895{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704d77d9a0f54dc2023-02-08 09:53:40.895root 11241100x8000000000000000294972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.896{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319e0294d3f492d72023-02-08 09:53:40.896root 11241100x8000000000000000294971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.896{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d521abf0eda5ee6f2023-02-08 09:53:40.896root 11241100x8000000000000000294970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.896{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172c6146ac2c42dd2023-02-08 09:53:40.896root 11241100x8000000000000000294974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.897{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3802da73d2ee51812023-02-08 09:53:40.897root 11241100x8000000000000000294973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.897{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f713096a78b7da2023-02-08 09:53:40.897root 11241100x8000000000000000294977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.898{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c3fbae983b7ad2023-02-08 09:53:40.898root 11241100x8000000000000000294976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.898{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c73c7f3dbfb5442023-02-08 09:53:40.898root 11241100x8000000000000000294975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.898{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1a04876713ae7d2023-02-08 09:53:40.898root 11241100x8000000000000000294979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.899{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62832a2d758c71d02023-02-08 09:53:40.899root 11241100x8000000000000000294978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.899{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be645ff4b2db28e42023-02-08 09:53:40.899root 11241100x8000000000000000294982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.900{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c775f2d25b96f5252023-02-08 09:53:40.900root 11241100x8000000000000000294981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.900{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85e0d8f513fe2562023-02-08 09:53:40.900root 11241100x8000000000000000294980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.900{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9544d712d085d82023-02-08 09:53:40.900root 11241100x8000000000000000294990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bf90532d5e39cd2023-02-08 09:53:40.901root 11241100x8000000000000000294989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fafcff25768255a2023-02-08 09:53:40.901root 11241100x8000000000000000294988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061d4962e3c685a12023-02-08 09:53:40.901root 11241100x8000000000000000294987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9cdb5a61a8dfe72023-02-08 09:53:40.901root 11241100x8000000000000000294986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17103d0bc82df6ca2023-02-08 09:53:40.901root 11241100x8000000000000000294985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2be900488b6f32023-02-08 09:53:40.901root 11241100x8000000000000000294984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0426a920d9a1a22023-02-08 09:53:40.901root 11241100x8000000000000000294983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.901{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758da789e83ca09d2023-02-08 09:53:40.901root 11241100x8000000000000000294996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388bbffbcb4191242023-02-08 09:53:40.902root 11241100x8000000000000000294995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af474f5112ac94152023-02-08 09:53:40.902root 11241100x8000000000000000294994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b7a75ba5fa8c302023-02-08 09:53:40.902root 11241100x8000000000000000294993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d239d855650d02a42023-02-08 09:53:40.902root 11241100x8000000000000000294992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca3cb8e842b92482023-02-08 09:53:40.902root 11241100x8000000000000000294991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.902{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c07ad309cf5ae922023-02-08 09:53:40.902root 11241100x8000000000000000295003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c977a624170cd84f2023-02-08 09:53:40.903root 11241100x8000000000000000295002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a8c2c62eecf7112023-02-08 09:53:40.903root 11241100x8000000000000000295001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d26d1c09611af02023-02-08 09:53:40.903root 11241100x8000000000000000295000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71aeffb6fc43a0612023-02-08 09:53:40.903root 11241100x8000000000000000294999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f17715f631f75592023-02-08 09:53:40.903root 11241100x8000000000000000294998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31cd42553b5c9982023-02-08 09:53:40.903root 11241100x8000000000000000294997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.903{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cf2a42ef1cc9fd2023-02-08 09:53:40.903root 11241100x8000000000000000295004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:40.904{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac30eb663427b3d02023-02-08 09:53:40.904root 354300x8000000000000000295005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.224{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33016-false10.0.1.12-8000- 11241100x8000000000000000295015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44231f298e8cb0782023-02-08 09:53:41.225root 11241100x8000000000000000295014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d889d617560bb82023-02-08 09:53:41.225root 11241100x8000000000000000295013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea248e758d0125332023-02-08 09:53:41.225root 11241100x8000000000000000295012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b895e2dc750e52023-02-08 09:53:41.225root 11241100x8000000000000000295011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8588255b81eefeac2023-02-08 09:53:41.225root 11241100x8000000000000000295010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60666d413325c78b2023-02-08 09:53:41.225root 11241100x8000000000000000295009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39021ff4461af052023-02-08 09:53:41.225root 11241100x8000000000000000295008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe1dc5ed0fa9d92023-02-08 09:53:41.225root 11241100x8000000000000000295007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b894cc2e4f4440ba2023-02-08 09:53:41.225root 11241100x8000000000000000295006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.225{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3964c5fae6754f2023-02-08 09:53:41.225root 11241100x8000000000000000295021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2f67cad9204282023-02-08 09:53:41.226root 11241100x8000000000000000295020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3988fb8f546e5e742023-02-08 09:53:41.226root 11241100x8000000000000000295019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6f3d50d652e2232023-02-08 09:53:41.226root 11241100x8000000000000000295018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd43b83bdd559b2023-02-08 09:53:41.226root 11241100x8000000000000000295017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6a5220db24314c2023-02-08 09:53:41.226root 11241100x8000000000000000295016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.226{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38db150aea0d7e422023-02-08 09:53:41.226root 11241100x8000000000000000295025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.227{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b5bf71c21ae522023-02-08 09:53:41.227root 11241100x8000000000000000295024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.227{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dd8681756082f32023-02-08 09:53:41.227root 11241100x8000000000000000295023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.227{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357aaa42aad969e2023-02-08 09:53:41.227root 11241100x8000000000000000295022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.227{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4488ce906f628f972023-02-08 09:53:41.227root 11241100x8000000000000000295029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.228{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c982bcf63499ed2023-02-08 09:53:41.228root 11241100x8000000000000000295028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.228{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2f1871f67e99702023-02-08 09:53:41.228root 11241100x8000000000000000295027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.228{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e96dec8274b7d262023-02-08 09:53:41.228root 11241100x8000000000000000295026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.228{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9eb103a0603d292023-02-08 09:53:41.228root 11241100x8000000000000000295033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.229{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22442e1c301284772023-02-08 09:53:41.229root 11241100x8000000000000000295032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.229{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d66ce75068f4bf42023-02-08 09:53:41.229root 11241100x8000000000000000295031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.229{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e3343292e50faa2023-02-08 09:53:41.229root 11241100x8000000000000000295030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.229{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc1ea42f5dd6d5e2023-02-08 09:53:41.229root 11241100x8000000000000000295041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78d8cbf08ed6b3a2023-02-08 09:53:41.230root 11241100x8000000000000000295040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f5c596b095a08a2023-02-08 09:53:41.230root 11241100x8000000000000000295039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc4a1f20482d8f2023-02-08 09:53:41.230root 11241100x8000000000000000295038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc7966c882856072023-02-08 09:53:41.230root 11241100x8000000000000000295037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f315a625231a0c2023-02-08 09:53:41.230root 11241100x8000000000000000295036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94285a952ecf61e2023-02-08 09:53:41.230root 11241100x8000000000000000295035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b012a9d733dc152023-02-08 09:53:41.230root 11241100x8000000000000000295034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd3d576a0e2f7f02023-02-08 09:53:41.230root 11241100x8000000000000000295052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6e226b2dc744772023-02-08 09:53:41.231root 11241100x8000000000000000295051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c580f8672a6f2b82023-02-08 09:53:41.231root 11241100x8000000000000000295050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3fe4c99eefe7542023-02-08 09:53:41.231root 11241100x8000000000000000295049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26697fabbe3e448d2023-02-08 09:53:41.231root 11241100x8000000000000000295048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f29d4f8689d7d2023-02-08 09:53:41.231root 11241100x8000000000000000295047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b9569033ea5f8d2023-02-08 09:53:41.231root 11241100x8000000000000000295046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cc64b86dfe0f242023-02-08 09:53:41.231root 11241100x8000000000000000295045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3707414d68e985a32023-02-08 09:53:41.231root 11241100x8000000000000000295044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4e5986561454ac2023-02-08 09:53:41.231root 11241100x8000000000000000295043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f95f9299e2649e2023-02-08 09:53:41.231root 11241100x8000000000000000295042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c7db5383dfbfeb2023-02-08 09:53:41.231root 11241100x8000000000000000295061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61107181e445b6b12023-02-08 09:53:41.232root 11241100x8000000000000000295060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264b484fb409ff312023-02-08 09:53:41.232root 11241100x8000000000000000295059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de51539f56c5f2d2023-02-08 09:53:41.232root 11241100x8000000000000000295058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18f5badd7094c192023-02-08 09:53:41.232root 11241100x8000000000000000295057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a441efc7258307682023-02-08 09:53:41.232root 11241100x8000000000000000295056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccda17a9b363a2862023-02-08 09:53:41.232root 11241100x8000000000000000295055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de45fe6baec227992023-02-08 09:53:41.232root 11241100x8000000000000000295054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa87027e314108952023-02-08 09:53:41.232root 11241100x8000000000000000295053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f4235696212f8c2023-02-08 09:53:41.232root 11241100x8000000000000000295062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.725{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4797f102cba146d2023-02-08 09:53:41.725root 11241100x8000000000000000295076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc069854d24f0922023-02-08 09:53:41.726root 11241100x8000000000000000295075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe40c06d0f754172023-02-08 09:53:41.726root 11241100x8000000000000000295074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78df745050d24b652023-02-08 09:53:41.726root 11241100x8000000000000000295073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef0fee59406ef7d2023-02-08 09:53:41.726root 11241100x8000000000000000295072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3488ec19c744c3112023-02-08 09:53:41.726root 11241100x8000000000000000295071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a1c3ae320320d2023-02-08 09:53:41.726root 11241100x8000000000000000295070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539d961eaa6a18242023-02-08 09:53:41.726root 11241100x8000000000000000295069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7c0ad0b3709d892023-02-08 09:53:41.726root 11241100x8000000000000000295068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fb5b17f40360a02023-02-08 09:53:41.726root 11241100x8000000000000000295067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce22c5be9eb57f82023-02-08 09:53:41.726root 11241100x8000000000000000295066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2750de6aaa1bead2023-02-08 09:53:41.726root 11241100x8000000000000000295065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b689d0f4584b9e9b2023-02-08 09:53:41.726root 11241100x8000000000000000295064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ab52a8c5bb16932023-02-08 09:53:41.726root 11241100x8000000000000000295063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.726{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3d6e55cfd890cc2023-02-08 09:53:41.726root 11241100x8000000000000000295085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06ae9e8d31648b62023-02-08 09:53:41.727root 11241100x8000000000000000295084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4629d0c7fa5871a2023-02-08 09:53:41.727root 11241100x8000000000000000295083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b01e64302cd7102023-02-08 09:53:41.727root 11241100x8000000000000000295082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af76df9281319ea2023-02-08 09:53:41.727root 11241100x8000000000000000295081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72804b2ae90f7cd2023-02-08 09:53:41.727root 11241100x8000000000000000295080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbcf216ae9b1ae12023-02-08 09:53:41.727root 11241100x8000000000000000295079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7bfd0b28e496072023-02-08 09:53:41.727root 11241100x8000000000000000295078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61de256f95e6fac42023-02-08 09:53:41.727root 11241100x8000000000000000295077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.727{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c5b059087ec9f52023-02-08 09:53:41.727root 11241100x8000000000000000295091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce087dafe15842f2023-02-08 09:53:41.728root 11241100x8000000000000000295090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e8db3bcfb272e2023-02-08 09:53:41.728root 11241100x8000000000000000295089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3255b5ff229e962023-02-08 09:53:41.728root 11241100x8000000000000000295088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99a9f980a149f742023-02-08 09:53:41.728root 11241100x8000000000000000295087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5dfe50219cda1b2023-02-08 09:53:41.728root 11241100x8000000000000000295086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.728{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ba24fc206654642023-02-08 09:53:41.728root 11241100x8000000000000000295093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.729{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb9c3199e63106f2023-02-08 09:53:41.729root 11241100x8000000000000000295092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.729{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77dbba1176f31bc2023-02-08 09:53:41.729root 11241100x8000000000000000295101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da044b4f907b0ec72023-02-08 09:53:41.730root 11241100x8000000000000000295100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b08382d4c78bd102023-02-08 09:53:41.730root 11241100x8000000000000000295099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e9b8f8f29606d92023-02-08 09:53:41.730root 11241100x8000000000000000295098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4debf17a5fb8db152023-02-08 09:53:41.730root 11241100x8000000000000000295097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5177541a59849e92023-02-08 09:53:41.730root 11241100x8000000000000000295096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366300e943cc48072023-02-08 09:53:41.730root 11241100x8000000000000000295095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d36f214bb5df4562023-02-08 09:53:41.730root 11241100x8000000000000000295094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6bbece29c529022023-02-08 09:53:41.730root 11241100x8000000000000000295105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77736a0042671ff2023-02-08 09:53:41.731root 11241100x8000000000000000295104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b669b1013928f742023-02-08 09:53:41.731root 11241100x8000000000000000295103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3146de4d8099562023-02-08 09:53:41.731root 11241100x8000000000000000295102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0885dff4564bb9202023-02-08 09:53:41.731root 11241100x8000000000000000295114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f9a036376de3f42023-02-08 09:53:41.732root 11241100x8000000000000000295113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165dc901ba56f282023-02-08 09:53:41.732root 11241100x8000000000000000295112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c103c860683859882023-02-08 09:53:41.732root 11241100x8000000000000000295111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c5cded04a95c352023-02-08 09:53:41.732root 11241100x8000000000000000295110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6b5b47acf800802023-02-08 09:53:41.732root 11241100x8000000000000000295109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ae26c77fb5f9f42023-02-08 09:53:41.732root 11241100x8000000000000000295108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3031c1c05f133b2023-02-08 09:53:41.732root 11241100x8000000000000000295107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb7b84bd8c2ab722023-02-08 09:53:41.732root 11241100x8000000000000000295106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac3bb2a9b2d4d0c2023-02-08 09:53:41.732root 11241100x8000000000000000295124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7debc2ac7cb6d42023-02-08 09:53:41.733root 11241100x8000000000000000295123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2ba42477accffc2023-02-08 09:53:41.733root 11241100x8000000000000000295122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0905be3d17d59f4f2023-02-08 09:53:41.733root 11241100x8000000000000000295121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f40b3e345b49152023-02-08 09:53:41.733root 11241100x8000000000000000295120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a72235138122b692023-02-08 09:53:41.733root 11241100x8000000000000000295119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34f21b77bfb24302023-02-08 09:53:41.733root 11241100x8000000000000000295118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdc1e9fd832b11b2023-02-08 09:53:41.733root 11241100x8000000000000000295117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bcab8a2b8223be2023-02-08 09:53:41.733root 11241100x8000000000000000295116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c874b828688c3ab82023-02-08 09:53:41.733root 11241100x8000000000000000295115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.733{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7bce91d3a5f5d22023-02-08 09:53:41.733root 11241100x8000000000000000295127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.734{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a291577dea587d2023-02-08 09:53:41.734root 11241100x8000000000000000295126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.734{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efce57d836c33ce2023-02-08 09:53:41.734root 11241100x8000000000000000295125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.734{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f92487bc7b3b4e2023-02-08 09:53:41.734root 534500x8000000000000000295129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.945{00000000-0000-0000-0000-000000000000}1737<unknown process>root 11241100x8000000000000000295128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.945{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:41.945root 534500x8000000000000000295131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.947{ec2a0601-711d-63e3-0000-000000000000}1739-root 23542300x8000000000000000295130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.947{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000295133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.950{00000000-0000-0000-0000-000000000000}1738<unknown process>root 11241100x8000000000000000295132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.950{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:41.950root 23542300x8000000000000000295134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.951{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000295135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.952{ec2a0601-711d-63e3-0000-000000000000}1740-root 11241100x8000000000000000295136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.954{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:41.954root 534500x8000000000000000295137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.955{00000000-0000-0000-0000-000000000000}1741<unknown process>root 534500x8000000000000000295139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.956{ec2a0601-7125-63e3-0000-000000000000}1742-root 23542300x8000000000000000295138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:41.956{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 11241100x8000000000000000295142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd042064a4e419c2023-02-08 09:53:42.230root 11241100x8000000000000000295141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72b88fcf624e6db2023-02-08 09:53:42.230root 11241100x8000000000000000295140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.230{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7056c59cbe6fc5ad2023-02-08 09:53:42.230root 11241100x8000000000000000295147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4355e33dd3f5f90d2023-02-08 09:53:42.231root 11241100x8000000000000000295146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5241256657169c2023-02-08 09:53:42.231root 11241100x8000000000000000295145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b2c2aa1ecf952d2023-02-08 09:53:42.231root 11241100x8000000000000000295144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d490c23534652a2023-02-08 09:53:42.231root 11241100x8000000000000000295143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.231{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be13bd3d4f864cf62023-02-08 09:53:42.231root 11241100x8000000000000000295148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.232{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85879cac7d545dcd2023-02-08 09:53:42.232root 11241100x8000000000000000295149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.233{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b1a19ee49b8e592023-02-08 09:53:42.233root 11241100x8000000000000000295150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.234{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d6b452d8a0f962023-02-08 09:53:42.234root 11241100x8000000000000000295154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.235{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0582dd3e7ba5bf2023-02-08 09:53:42.235root 11241100x8000000000000000295153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.235{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a297a5a03cde72622023-02-08 09:53:42.235root 11241100x8000000000000000295152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.235{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc04cedf2d76080f2023-02-08 09:53:42.235root 11241100x8000000000000000295151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.235{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcccc58eef5344302023-02-08 09:53:42.235root 11241100x8000000000000000295155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.236{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47923a9cb53567e62023-02-08 09:53:42.236root 11241100x8000000000000000295161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8648acbec0f5b1902023-02-08 09:53:42.237root 11241100x8000000000000000295160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4616337a2c7a33862023-02-08 09:53:42.237root 11241100x8000000000000000295159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce55b3031b85e5782023-02-08 09:53:42.237root 11241100x8000000000000000295158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099fb1c6e86efb382023-02-08 09:53:42.237root 11241100x8000000000000000295157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee9fe19d3eb71a52023-02-08 09:53:42.237root 11241100x8000000000000000295156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.237{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f0c81a9b48b37d2023-02-08 09:53:42.237root 11241100x8000000000000000295170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3ddea97259024c2023-02-08 09:53:42.238root 11241100x8000000000000000295169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ffe705dd094b1e2023-02-08 09:53:42.238root 11241100x8000000000000000295168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bbed377caf1b0d2023-02-08 09:53:42.238root 11241100x8000000000000000295167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0be2e7cd37d0f2023-02-08 09:53:42.238root 11241100x8000000000000000295166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704c34caabbd152f2023-02-08 09:53:42.238root 11241100x8000000000000000295165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a21821dcd0d4b582023-02-08 09:53:42.238root 11241100x8000000000000000295164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a753b6d49c1ea032023-02-08 09:53:42.238root 11241100x8000000000000000295163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2320d2f62f81672023-02-08 09:53:42.238root 11241100x8000000000000000295162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.238{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a576be62177d4f52023-02-08 09:53:42.238root 11241100x8000000000000000295179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8883b8ec2afd87622023-02-08 09:53:42.239root 11241100x8000000000000000295178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1440117cacc6e36c2023-02-08 09:53:42.239root 11241100x8000000000000000295177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74bb5ab57e0914b2023-02-08 09:53:42.239root 11241100x8000000000000000295176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9c38853bd8d8b22023-02-08 09:53:42.239root 11241100x8000000000000000295175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dacaa68a22215f2023-02-08 09:53:42.239root 11241100x8000000000000000295174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bdf443ef1812a32023-02-08 09:53:42.239root 11241100x8000000000000000295173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a6e92e0034156e2023-02-08 09:53:42.239root 11241100x8000000000000000295172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9a4219caff7df2023-02-08 09:53:42.239root 11241100x8000000000000000295171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.239{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577c026a0c684d172023-02-08 09:53:42.239root 11241100x8000000000000000295187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889ddd33ab871d862023-02-08 09:53:42.240root 11241100x8000000000000000295186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c881461b38b8b7a12023-02-08 09:53:42.240root 11241100x8000000000000000295185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceffc64953452fb2023-02-08 09:53:42.240root 11241100x8000000000000000295184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea805055ddc9b61c2023-02-08 09:53:42.240root 11241100x8000000000000000295183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb28fa327a7266c32023-02-08 09:53:42.240root 11241100x8000000000000000295182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b5e6c324bcdcb42023-02-08 09:53:42.240root 11241100x8000000000000000295181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bb817344e178f42023-02-08 09:53:42.240root 11241100x8000000000000000295180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.240{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6c4b3fbc2be47f2023-02-08 09:53:42.240root 11241100x8000000000000000295190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.241{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773600ad59e20b342023-02-08 09:53:42.241root 11241100x8000000000000000295189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.241{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57137f150156d03e2023-02-08 09:53:42.241root 11241100x8000000000000000295188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.241{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887dbbe56ca65e772023-02-08 09:53:42.241root 11241100x8000000000000000295192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cf48debe3f5c082023-02-08 09:53:42.730root 11241100x8000000000000000295191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.730{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3388dda047569762023-02-08 09:53:42.730root 11241100x8000000000000000295209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:42.731root 11241100x8000000000000000295197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ede630be84c2292023-02-08 09:53:42.731root 11241100x8000000000000000295196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ae63662b1133722023-02-08 09:53:42.731root 11241100x8000000000000000295195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70623b0006cfe1712023-02-08 09:53:42.731root 11241100x8000000000000000295194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d5d11744600992023-02-08 09:53:42.731root 11241100x8000000000000000295193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.731{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45c8f7941f63eed2023-02-08 09:53:42.731root 11241100x8000000000000000295208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e355d067a8ca0e842023-02-08 09:53:42.732root 11241100x8000000000000000295207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba89304bd6bce9102023-02-08 09:53:42.732root 11241100x8000000000000000295206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e506e090cf2af12023-02-08 09:53:42.732root 11241100x8000000000000000295205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b292bd34afd43ef2023-02-08 09:53:42.732root 11241100x8000000000000000295204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbc58b26593c7e42023-02-08 09:53:42.732root 11241100x8000000000000000295203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e76354f0abfd5d2023-02-08 09:53:42.732root 11241100x8000000000000000295202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d950f2c504cee5ee2023-02-08 09:53:42.732root 11241100x8000000000000000295201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df0ec989c6b63822023-02-08 09:53:42.732root 11241100x8000000000000000295200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d754904c1cb75ac32023-02-08 09:53:42.732root 11241100x8000000000000000295199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6fca9e87cf0d002023-02-08 09:53:42.732root 11241100x8000000000000000295198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.732{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2218c2fe8de7285e2023-02-08 09:53:42.732root 534500x8000000000000000295224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.734{00000000-0000-0000-0000-000000000000}1745<unknown process>root 23542300x8000000000000000295210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.734{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 11241100x8000000000000000295214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.736{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d7abf7f63e824b2023-02-08 09:53:42.736root 11241100x8000000000000000295213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.736{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffb6847cc3888ff2023-02-08 09:53:42.736root 11241100x8000000000000000295212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.736{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e8256432bbcd882023-02-08 09:53:42.736root 11241100x8000000000000000295211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.736{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf0ef5fcf83cc642023-02-08 09:53:42.736root 11241100x8000000000000000295220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b05b8d78220752023-02-08 09:53:42.737root 11241100x8000000000000000295219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264fcc85828108fb2023-02-08 09:53:42.737root 11241100x8000000000000000295218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ffb439ee33f3a92023-02-08 09:53:42.737root 11241100x8000000000000000295217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cb5aaf8e97202c2023-02-08 09:53:42.737root 11241100x8000000000000000295216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3669e1e119b69e2023-02-08 09:53:42.737root 11241100x8000000000000000295215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.737{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e799b14dc31f29c2023-02-08 09:53:42.737root 11241100x8000000000000000295228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43247c693ee38f122023-02-08 09:53:42.738root 11241100x8000000000000000295227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f802d1194472db4c2023-02-08 09:53:42.738root 11241100x8000000000000000295226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db173bee28d417472023-02-08 09:53:42.738root 11241100x8000000000000000295225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4540d3ef2bc3ffca2023-02-08 09:53:42.738root 11241100x8000000000000000295223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96952819f0deb1a2023-02-08 09:53:42.738root 11241100x8000000000000000295222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6e6aba40d91ee92023-02-08 09:53:42.738root 11241100x8000000000000000295221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.738{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8627e6be6b6ca9bf2023-02-08 09:53:42.738root 11241100x8000000000000000295242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db860a531834eb2023-02-08 09:53:42.739root 11241100x8000000000000000295241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bac05ba3ec77522023-02-08 09:53:42.739root 11241100x8000000000000000295240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e875d09de3e886182023-02-08 09:53:42.739root 11241100x8000000000000000295239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d19fc3627a2d722023-02-08 09:53:42.739root 11241100x8000000000000000295238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bef923cbea431e72023-02-08 09:53:42.739root 11241100x8000000000000000295237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2b87c2851b192b2023-02-08 09:53:42.739root 11241100x8000000000000000295236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0906b11e364a97592023-02-08 09:53:42.739root 11241100x8000000000000000295235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febeb2070a6486b52023-02-08 09:53:42.739root 11241100x8000000000000000295234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd131b73146619d62023-02-08 09:53:42.739root 11241100x8000000000000000295233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ed523f5946f5f72023-02-08 09:53:42.739root 11241100x8000000000000000295232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201815b6e7d0a84b2023-02-08 09:53:42.739root 11241100x8000000000000000295231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33761826d118e52023-02-08 09:53:42.739root 11241100x8000000000000000295230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c1dd3dbbf50b562023-02-08 09:53:42.739root 11241100x8000000000000000295229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.739{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea5bcec022ab4082023-02-08 09:53:42.739root 11241100x8000000000000000295257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98e4f1a973c54122023-02-08 09:53:42.740root 11241100x8000000000000000295256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6e5381f943c8972023-02-08 09:53:42.740root 11241100x8000000000000000295255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165652c29e6636042023-02-08 09:53:42.740root 11241100x8000000000000000295254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb3815675f6c532023-02-08 09:53:42.740root 11241100x8000000000000000295253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79b583d245475032023-02-08 09:53:42.740root 11241100x8000000000000000295252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f02de760e8c7fb2023-02-08 09:53:42.740root 11241100x8000000000000000295251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c48627df635f6ba2023-02-08 09:53:42.740root 11241100x8000000000000000295250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18733a49636f9e92023-02-08 09:53:42.740root 11241100x8000000000000000295249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28a3b9926f0cd2b2023-02-08 09:53:42.740root 11241100x8000000000000000295248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c24ac1de31e50122023-02-08 09:53:42.740root 11241100x8000000000000000295247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfaaa7dc5825b6e2023-02-08 09:53:42.740root 11241100x8000000000000000295246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5158ad37d90d88bb2023-02-08 09:53:42.740root 11241100x8000000000000000295245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62244083f9ab1b362023-02-08 09:53:42.740root 11241100x8000000000000000295244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa5db36d1f610d02023-02-08 09:53:42.740root 11241100x8000000000000000295243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.740{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce095098e52f39e2023-02-08 09:53:42.740root 11241100x8000000000000000295264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97a85816ec53b902023-02-08 09:53:42.741root 11241100x8000000000000000295263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682f33d894854f0d2023-02-08 09:53:42.741root 11241100x8000000000000000295262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e8a0f7677d74892023-02-08 09:53:42.741root 11241100x8000000000000000295261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95573b0a84187462023-02-08 09:53:42.741root 11241100x8000000000000000295260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0da9f3867d83dc02023-02-08 09:53:42.741root 11241100x8000000000000000295259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63d3c4a2afb1eaa2023-02-08 09:53:42.741root 11241100x8000000000000000295258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.741{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f5cc22710ecd902023-02-08 09:53:42.741root 354300x8000000000000000295265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:42.860{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-36210-false10.0.1.20-8089- 354300x8000000000000000295269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.054{ec2a0601-7115-63e3-6068-5d0e26560000}888/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52108- 354300x8000000000000000295268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.054{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdrootudptruefalse127.0.0.1-52108-false127.0.0.53-53- 354300x8000000000000000295267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.054{ec2a0601-7115-63e3-6068-5d0e26560000}888/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-47104- 354300x8000000000000000295266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.054{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdrootudptruefalse127.0.0.1-47104-false127.0.0.53-53- 11241100x8000000000000000295274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48639915a26b6c22023-02-08 09:53:43.055root 11241100x8000000000000000295273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b469157de29acf92023-02-08 09:53:43.055root 11241100x8000000000000000295272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fade978940e9882023-02-08 09:53:43.055root 11241100x8000000000000000295271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2049896798a0cb842023-02-08 09:53:43.055root 11241100x8000000000000000295270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80837beee3a91282023-02-08 09:53:43.055root 11241100x8000000000000000295279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164a630a1101633e2023-02-08 09:53:43.056root 11241100x8000000000000000295278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7952a41de9e6892023-02-08 09:53:43.056root 11241100x8000000000000000295277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2202b127898442742023-02-08 09:53:43.056root 11241100x8000000000000000295276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c989f69415abac02023-02-08 09:53:43.056root 11241100x8000000000000000295275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd51bf17473d3e182023-02-08 09:53:43.056root 11241100x8000000000000000295285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941cf18370b7f8892023-02-08 09:53:43.057root 11241100x8000000000000000295284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b07e1994a66ae2023-02-08 09:53:43.057root 11241100x8000000000000000295283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f992f3dd3fb6f5f12023-02-08 09:53:43.057root 11241100x8000000000000000295282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d91c0773c88082023-02-08 09:53:43.057root 11241100x8000000000000000295281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291c398ad604912c2023-02-08 09:53:43.057root 11241100x8000000000000000295280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19a7408b71626422023-02-08 09:53:43.057root 11241100x8000000000000000295297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70ab596f1ead1452023-02-08 09:53:43.058root 11241100x8000000000000000295296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699a59856b479c5e2023-02-08 09:53:43.058root 11241100x8000000000000000295295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834d00babc4049612023-02-08 09:53:43.058root 11241100x8000000000000000295294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262607bac69131312023-02-08 09:53:43.058root 11241100x8000000000000000295293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fd4bdd8a8c67312023-02-08 09:53:43.058root 11241100x8000000000000000295292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83310ded0aa5b7992023-02-08 09:53:43.058root 11241100x8000000000000000295291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c2d9a7e5da48f52023-02-08 09:53:43.058root 11241100x8000000000000000295290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f398772162147eaf2023-02-08 09:53:43.058root 11241100x8000000000000000295289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f1fb5f2bbde8492023-02-08 09:53:43.058root 11241100x8000000000000000295288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590433c1766d13f92023-02-08 09:53:43.058root 11241100x8000000000000000295287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96160e0beac7fe7e2023-02-08 09:53:43.058root 11241100x8000000000000000295286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017803d15b6badf42023-02-08 09:53:43.058root 11241100x8000000000000000295302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcd38d7a5aaf0002023-02-08 09:53:43.059root 11241100x8000000000000000295301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08a8b47609978432023-02-08 09:53:43.059root 11241100x8000000000000000295300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4c72682d9f16c2023-02-08 09:53:43.059root 11241100x8000000000000000295299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3cce278603463c2023-02-08 09:53:43.059root 11241100x8000000000000000295298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97caea1a519bcd52023-02-08 09:53:43.059root 11241100x8000000000000000295314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8933b936d9f4d22023-02-08 09:53:43.060root 11241100x8000000000000000295313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acde270746361fe2023-02-08 09:53:43.060root 11241100x8000000000000000295312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b059cdd01f95d02023-02-08 09:53:43.060root 11241100x8000000000000000295311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42709934289c7aa32023-02-08 09:53:43.060root 11241100x8000000000000000295310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5e6c4ebfe09ef2023-02-08 09:53:43.060root 11241100x8000000000000000295309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59953bed74c482ad2023-02-08 09:53:43.060root 11241100x8000000000000000295308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5eaa927443f5392023-02-08 09:53:43.060root 11241100x8000000000000000295307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381373906645d0c72023-02-08 09:53:43.060root 11241100x8000000000000000295306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47850d1a758e1b152023-02-08 09:53:43.060root 11241100x8000000000000000295305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2efea9a5cee80b62023-02-08 09:53:43.060root 11241100x8000000000000000295304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f877ff61f450362023-02-08 09:53:43.060root 11241100x8000000000000000295303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0aa95dd74940732023-02-08 09:53:43.060root 11241100x8000000000000000295328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dac2d73e4bd0602023-02-08 09:53:43.061root 11241100x8000000000000000295327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9d3b3c6c48a3ad2023-02-08 09:53:43.061root 11241100x8000000000000000295326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d981c164ccad4b2023-02-08 09:53:43.061root 11241100x8000000000000000295325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac7323ec4b824052023-02-08 09:53:43.061root 11241100x8000000000000000295324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de16aa84c25230d2023-02-08 09:53:43.061root 11241100x8000000000000000295323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a1ffa03467e432023-02-08 09:53:43.061root 11241100x8000000000000000295322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63ce7577716d81e2023-02-08 09:53:43.061root 11241100x8000000000000000295321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dffc1c0109095272023-02-08 09:53:43.061root 11241100x8000000000000000295320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9cd674a2738d22023-02-08 09:53:43.061root 11241100x8000000000000000295319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27fd5ac39db8b842023-02-08 09:53:43.061root 11241100x8000000000000000295318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c257fe6fe0365d2023-02-08 09:53:43.061root 11241100x8000000000000000295317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac77f396e2787ef62023-02-08 09:53:43.061root 11241100x8000000000000000295316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4042b8fa2b719f8e2023-02-08 09:53:43.061root 11241100x8000000000000000295315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e1a190329c10062023-02-08 09:53:43.061root 11241100x8000000000000000295336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14035626c10869e2023-02-08 09:53:43.062root 11241100x8000000000000000295335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff40462e0cd3ca692023-02-08 09:53:43.062root 11241100x8000000000000000295334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b5bd557b856d8d2023-02-08 09:53:43.062root 11241100x8000000000000000295333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05aa54e13150c9732023-02-08 09:53:43.062root 11241100x8000000000000000295332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c292a062904ee62023-02-08 09:53:43.062root 11241100x8000000000000000295331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3891743dc58616a2023-02-08 09:53:43.062root 11241100x8000000000000000295330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1106bb4d691b422023-02-08 09:53:43.062root 11241100x8000000000000000295329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ae1cef7a61ff812023-02-08 09:53:43.062root 11241100x8000000000000000295344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5065611026c6e9c2023-02-08 09:53:43.063root 11241100x8000000000000000295343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c55edcbefa09b62023-02-08 09:53:43.063root 11241100x8000000000000000295342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f555ddaa317f09df2023-02-08 09:53:43.063root 11241100x8000000000000000295341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542c590f512a4d562023-02-08 09:53:43.063root 11241100x8000000000000000295340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41317c2fabd4c5da2023-02-08 09:53:43.063root 11241100x8000000000000000295339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cafad2d3d129e42023-02-08 09:53:43.063root 11241100x8000000000000000295338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc03404c13fdf142023-02-08 09:53:43.063root 11241100x8000000000000000295337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f9a49440b9fd32023-02-08 09:53:43.063root 11241100x8000000000000000295352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a513f87c584669c2023-02-08 09:53:43.064root 11241100x8000000000000000295351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1618ac9fd6227e132023-02-08 09:53:43.064root 11241100x8000000000000000295350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7094edb5a314972023-02-08 09:53:43.064root 11241100x8000000000000000295349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc4224fbd7552aa2023-02-08 09:53:43.064root 11241100x8000000000000000295348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666af71325d57ce32023-02-08 09:53:43.064root 11241100x8000000000000000295347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1100da934bdb2ff52023-02-08 09:53:43.064root 11241100x8000000000000000295346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87147dedd60630f2023-02-08 09:53:43.064root 11241100x8000000000000000295345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6594c4cf4eff66792023-02-08 09:53:43.064root 11241100x8000000000000000295359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bf182bcd5fe2cb2023-02-08 09:53:43.065root 11241100x8000000000000000295358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabbee01e91fab52023-02-08 09:53:43.065root 11241100x8000000000000000295357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b58414a133ddadd2023-02-08 09:53:43.065root 11241100x8000000000000000295356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28636f3d82cab73b2023-02-08 09:53:43.065root 11241100x8000000000000000295355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2ef51f5ae625ce2023-02-08 09:53:43.065root 11241100x8000000000000000295354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f75493be14c4d72023-02-08 09:53:43.065root 11241100x8000000000000000295353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521649caad78acb82023-02-08 09:53:43.065root 11241100x8000000000000000295366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b878815643976ae2023-02-08 09:53:43.066root 11241100x8000000000000000295365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eb3e42a15f46242023-02-08 09:53:43.066root 11241100x8000000000000000295364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ebcdf449313f732023-02-08 09:53:43.066root 11241100x8000000000000000295363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6ff65f1c6214412023-02-08 09:53:43.066root 11241100x8000000000000000295362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f35c02ec78f4f8e2023-02-08 09:53:43.066root 11241100x8000000000000000295361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b85435dd2214092023-02-08 09:53:43.066root 11241100x8000000000000000295360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025831c0471d59d2023-02-08 09:53:43.066root 11241100x8000000000000000295376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd39ddffbe971bf2023-02-08 09:53:43.067root 11241100x8000000000000000295375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f5cb968457bb92023-02-08 09:53:43.067root 11241100x8000000000000000295374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1b278b3cedd7452023-02-08 09:53:43.067root 11241100x8000000000000000295373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6fd97a91212e172023-02-08 09:53:43.067root 11241100x8000000000000000295372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f511046cc06cee12023-02-08 09:53:43.067root 11241100x8000000000000000295371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01034e2a3eab1c6e2023-02-08 09:53:43.067root 11241100x8000000000000000295370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f27715433ea3ce2023-02-08 09:53:43.067root 11241100x8000000000000000295369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95030fcba3b719e62023-02-08 09:53:43.067root 11241100x8000000000000000295368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db319f4cbfce71a82023-02-08 09:53:43.067root 11241100x8000000000000000295367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88ec4fbf65447f52023-02-08 09:53:43.067root 11241100x8000000000000000295388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc75b7d5487a1fb2023-02-08 09:53:43.068root 11241100x8000000000000000295387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb915786257532902023-02-08 09:53:43.068root 11241100x8000000000000000295386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db099355a249b842023-02-08 09:53:43.068root 11241100x8000000000000000295385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0c7f4d9a9201ab2023-02-08 09:53:43.068root 11241100x8000000000000000295384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b708d5b7542522023-02-08 09:53:43.068root 11241100x8000000000000000295383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee35a633ee58affa2023-02-08 09:53:43.068root 11241100x8000000000000000295382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f465b54199200d12023-02-08 09:53:43.068root 11241100x8000000000000000295381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c57969ecd405292023-02-08 09:53:43.068root 11241100x8000000000000000295380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d399c1bf3378f42023-02-08 09:53:43.068root 11241100x8000000000000000295379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b62029d852cc6592023-02-08 09:53:43.068root 11241100x8000000000000000295378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3baab5ed857365c2023-02-08 09:53:43.068root 11241100x8000000000000000295377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0801617032fd26ea2023-02-08 09:53:43.068root 11241100x8000000000000000295401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8ea58763193b6e2023-02-08 09:53:43.069root 11241100x8000000000000000295400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f788229e644282023-02-08 09:53:43.069root 11241100x8000000000000000295399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d712ffe8b08a6cfa2023-02-08 09:53:43.069root 11241100x8000000000000000295398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88425ad32fc5e2a12023-02-08 09:53:43.069root 11241100x8000000000000000295397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa65481c6757603a2023-02-08 09:53:43.069root 11241100x8000000000000000295396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc85119ec0f31d92023-02-08 09:53:43.069root 11241100x8000000000000000295395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f80281364b4c522023-02-08 09:53:43.069root 11241100x8000000000000000295394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502a55ae15da1d172023-02-08 09:53:43.069root 11241100x8000000000000000295393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae473dd39464ea2023-02-08 09:53:43.069root 11241100x8000000000000000295392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c117a149f1027812023-02-08 09:53:43.069root 11241100x8000000000000000295391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ae4803df4766f2023-02-08 09:53:43.069root 11241100x8000000000000000295390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf2f21f17317f6e2023-02-08 09:53:43.069root 11241100x8000000000000000295389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fbfbe6910457222023-02-08 09:53:43.069root 11241100x8000000000000000295414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433ee0a61a2732042023-02-08 09:53:43.070root 11241100x8000000000000000295413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9641c9e71f114bd2023-02-08 09:53:43.070root 11241100x8000000000000000295412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0afdec781c7a6252023-02-08 09:53:43.070root 11241100x8000000000000000295411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e9950a9a33347d2023-02-08 09:53:43.070root 11241100x8000000000000000295410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7437a09c92a6b9492023-02-08 09:53:43.070root 11241100x8000000000000000295409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa131dd114d27d52023-02-08 09:53:43.070root 11241100x8000000000000000295408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba5cc4121e212f22023-02-08 09:53:43.070root 11241100x8000000000000000295407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc526ea33491c8782023-02-08 09:53:43.070root 11241100x8000000000000000295406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b878143597459072023-02-08 09:53:43.070root 11241100x8000000000000000295405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30575510c547c24b2023-02-08 09:53:43.070root 11241100x8000000000000000295404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0f84cb166a214b2023-02-08 09:53:43.070root 11241100x8000000000000000295403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf14eecc6ae7a9272023-02-08 09:53:43.070root 11241100x8000000000000000295402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d50b06c96db2f72023-02-08 09:53:43.070root 11241100x8000000000000000295425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12c457b1674662d2023-02-08 09:53:43.071root 11241100x8000000000000000295424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843b307d8e9e84382023-02-08 09:53:43.071root 11241100x8000000000000000295423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbb279520b1cc352023-02-08 09:53:43.071root 11241100x8000000000000000295422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c4cc04fc372a072023-02-08 09:53:43.071root 11241100x8000000000000000295421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6697a5c264511e1e2023-02-08 09:53:43.071root 11241100x8000000000000000295420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3810a86db53fe342023-02-08 09:53:43.071root 11241100x8000000000000000295419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c209a643322d06022023-02-08 09:53:43.071root 11241100x8000000000000000295418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dc108facd1b8cf2023-02-08 09:53:43.071root 11241100x8000000000000000295417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4c6c4a555646342023-02-08 09:53:43.071root 11241100x8000000000000000295416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544378e95eeb5adc2023-02-08 09:53:43.071root 11241100x8000000000000000295415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc72466d6bfec3b2023-02-08 09:53:43.071root 11241100x8000000000000000295436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5493482b8f21d12023-02-08 09:53:43.072root 11241100x8000000000000000295435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d53fc930c51f6092023-02-08 09:53:43.072root 11241100x8000000000000000295434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd8057154aa00cd2023-02-08 09:53:43.072root 11241100x8000000000000000295433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562b9802bcacf9a92023-02-08 09:53:43.072root 11241100x8000000000000000295432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936fd1763c3b1bbc2023-02-08 09:53:43.072root 11241100x8000000000000000295431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59bee30e077d8b72023-02-08 09:53:43.072root 11241100x8000000000000000295430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f74e9b7eeee3d0c2023-02-08 09:53:43.072root 11241100x8000000000000000295429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b003db797ba3632023-02-08 09:53:43.072root 11241100x8000000000000000295428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e689a43ccaa453a82023-02-08 09:53:43.072root 11241100x8000000000000000295427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cc433617b073c02023-02-08 09:53:43.072root 11241100x8000000000000000295426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1198dc92d8a006402023-02-08 09:53:43.072root 11241100x8000000000000000295446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef4201097a6c9c02023-02-08 09:53:43.073root 11241100x8000000000000000295445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be089b3e34335f572023-02-08 09:53:43.073root 11241100x8000000000000000295444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcbdcb24d3e4fbb2023-02-08 09:53:43.073root 11241100x8000000000000000295443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6383bd8d6e6826f32023-02-08 09:53:43.073root 11241100x8000000000000000295442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e36a8c80afdbc992023-02-08 09:53:43.073root 11241100x8000000000000000295441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db99653f8d1ee232023-02-08 09:53:43.073root 11241100x8000000000000000295440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688964935d3f67522023-02-08 09:53:43.073root 11241100x8000000000000000295439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be698feddc140ca22023-02-08 09:53:43.073root 11241100x8000000000000000295438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41206c5004bc506b2023-02-08 09:53:43.073root 11241100x8000000000000000295437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69d1d81cb3640d2023-02-08 09:53:43.073root 11241100x8000000000000000295455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68642e5fb1feb76d2023-02-08 09:53:43.074root 11241100x8000000000000000295454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774f4918e153972d2023-02-08 09:53:43.074root 11241100x8000000000000000295453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f122457754d2af5f2023-02-08 09:53:43.074root 11241100x8000000000000000295452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2990316e0332f9132023-02-08 09:53:43.074root 11241100x8000000000000000295451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b724b345d11758f2023-02-08 09:53:43.074root 11241100x8000000000000000295450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8185013652d5712023-02-08 09:53:43.074root 11241100x8000000000000000295449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f468ee4567451da2023-02-08 09:53:43.074root 11241100x8000000000000000295448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf9700f3bb586792023-02-08 09:53:43.074root 11241100x8000000000000000295447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb26fb56c9b48b722023-02-08 09:53:43.074root 11241100x8000000000000000295459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.555{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307a220e2b4d0efb2023-02-08 09:53:43.555root 11241100x8000000000000000295458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.555{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c021254e97a374372023-02-08 09:53:43.555root 11241100x8000000000000000295457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.555{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8254d611700b42e2023-02-08 09:53:43.555root 11241100x8000000000000000295456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.555{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc8d9e89e28a17f2023-02-08 09:53:43.555root 11241100x8000000000000000295472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4401fa020583527c2023-02-08 09:53:43.556root 11241100x8000000000000000295471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41a639acd233782023-02-08 09:53:43.556root 11241100x8000000000000000295470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536e0d7cbe9da97a2023-02-08 09:53:43.556root 11241100x8000000000000000295469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdea4f30c78ece42023-02-08 09:53:43.556root 11241100x8000000000000000295468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cbfdb59afcdda92023-02-08 09:53:43.556root 11241100x8000000000000000295467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b124b6699fd57b2023-02-08 09:53:43.556root 11241100x8000000000000000295466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6d0cf2129cc2582023-02-08 09:53:43.556root 11241100x8000000000000000295465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe3176e846de62a2023-02-08 09:53:43.556root 11241100x8000000000000000295464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c9433fdc3906b72023-02-08 09:53:43.556root 11241100x8000000000000000295463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7635bd212100052023-02-08 09:53:43.556root 11241100x8000000000000000295462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0609a6f926cd46922023-02-08 09:53:43.556root 11241100x8000000000000000295461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2f14fd790fe8df2023-02-08 09:53:43.556root 11241100x8000000000000000295460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.556{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1395d3cdb107c00e2023-02-08 09:53:43.556root 11241100x8000000000000000295484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbc6d83b31de5372023-02-08 09:53:43.557root 11241100x8000000000000000295483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2108c5f5fd8ab922023-02-08 09:53:43.557root 11241100x8000000000000000295482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ecad024c7397802023-02-08 09:53:43.557root 11241100x8000000000000000295481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4f95fb6444c7442023-02-08 09:53:43.557root 11241100x8000000000000000295480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641c03a03b1eb412023-02-08 09:53:43.557root 11241100x8000000000000000295479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f31057871b567c2023-02-08 09:53:43.557root 11241100x8000000000000000295478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5133d7782d116a282023-02-08 09:53:43.557root 11241100x8000000000000000295477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c23d621fb6914572023-02-08 09:53:43.557root 11241100x8000000000000000295476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c14fd4dadc64fb2023-02-08 09:53:43.557root 11241100x8000000000000000295475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c3dd9e306496b52023-02-08 09:53:43.557root 11241100x8000000000000000295474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38da39a000aec3c02023-02-08 09:53:43.557root 11241100x8000000000000000295473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.557{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e34f4bc431b1e22023-02-08 09:53:43.557root 11241100x8000000000000000295497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab678a9211a593d2023-02-08 09:53:43.558root 11241100x8000000000000000295496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799f917c0c27f3222023-02-08 09:53:43.558root 11241100x8000000000000000295495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc9a7d5d50cb3d2023-02-08 09:53:43.558root 11241100x8000000000000000295494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13e9aea54f784fe2023-02-08 09:53:43.558root 11241100x8000000000000000295493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed54d37cbd1a39bf2023-02-08 09:53:43.558root 11241100x8000000000000000295492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4148b04c419dcb2d2023-02-08 09:53:43.558root 11241100x8000000000000000295491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560251d6430cb7002023-02-08 09:53:43.558root 11241100x8000000000000000295490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e244e8b6db941e2023-02-08 09:53:43.558root 11241100x8000000000000000295489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34864c4d33cd851e2023-02-08 09:53:43.558root 11241100x8000000000000000295488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f520d66500a672023-02-08 09:53:43.558root 11241100x8000000000000000295487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b64b9a277ed3f272023-02-08 09:53:43.558root 11241100x8000000000000000295486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c843326298d5baf2023-02-08 09:53:43.558root 11241100x8000000000000000295485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.558{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a50dedc13859b52023-02-08 09:53:43.558root 11241100x8000000000000000295509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fc857c4e50ee962023-02-08 09:53:43.559root 11241100x8000000000000000295508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9215ac98d704db0d2023-02-08 09:53:43.559root 11241100x8000000000000000295507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12305172407fbd7a2023-02-08 09:53:43.559root 11241100x8000000000000000295506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48aeca5498ebbf292023-02-08 09:53:43.559root 11241100x8000000000000000295505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef66e26748ae02e92023-02-08 09:53:43.559root 11241100x8000000000000000295504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13846dee5b36f9cc2023-02-08 09:53:43.559root 11241100x8000000000000000295503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14b5d16245f37052023-02-08 09:53:43.559root 11241100x8000000000000000295502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c879178ba062f32023-02-08 09:53:43.559root 11241100x8000000000000000295501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51c3f23e6236d6d2023-02-08 09:53:43.559root 11241100x8000000000000000295500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df2634aeb7f18852023-02-08 09:53:43.559root 11241100x8000000000000000295499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8b421f806905982023-02-08 09:53:43.559root 11241100x8000000000000000295498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.559{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee403335c41521352023-02-08 09:53:43.559root 11241100x8000000000000000295522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67f6e1107b4e7092023-02-08 09:53:43.560root 11241100x8000000000000000295521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34582b381244f6182023-02-08 09:53:43.560root 11241100x8000000000000000295520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ae9dbd15fc24e2023-02-08 09:53:43.560root 11241100x8000000000000000295519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82067332a24b6e4a2023-02-08 09:53:43.560root 11241100x8000000000000000295518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855de40ffbbb68c2023-02-08 09:53:43.560root 11241100x8000000000000000295517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6019f8c60eb087b92023-02-08 09:53:43.560root 11241100x8000000000000000295516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495abb4e7f51901d2023-02-08 09:53:43.560root 11241100x8000000000000000295515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08717318be4f76292023-02-08 09:53:43.560root 11241100x8000000000000000295514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9336c5c04d56f31a2023-02-08 09:53:43.560root 11241100x8000000000000000295513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ccff027ceb15e72023-02-08 09:53:43.560root 11241100x8000000000000000295512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05849a6a093fdf12023-02-08 09:53:43.560root 11241100x8000000000000000295511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d665a71ef995052023-02-08 09:53:43.560root 11241100x8000000000000000295510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.560{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eea4eb73cad8062023-02-08 09:53:43.560root 11241100x8000000000000000295534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4d8265eb77aaf72023-02-08 09:53:43.561root 11241100x8000000000000000295533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9970f1d76b48092023-02-08 09:53:43.561root 11241100x8000000000000000295532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2b2538df390222023-02-08 09:53:43.561root 11241100x8000000000000000295531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738747f61d1dec502023-02-08 09:53:43.561root 11241100x8000000000000000295530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2802358d66e37f6f2023-02-08 09:53:43.561root 11241100x8000000000000000295529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d69fb0eb68d8682023-02-08 09:53:43.561root 11241100x8000000000000000295528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c5cfb7c9c1aed2023-02-08 09:53:43.561root 11241100x8000000000000000295527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620d2ff3fd10367e2023-02-08 09:53:43.561root 11241100x8000000000000000295526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfe8a01a7a80c9c2023-02-08 09:53:43.561root 11241100x8000000000000000295525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315ca03772710daf2023-02-08 09:53:43.561root 11241100x8000000000000000295524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f080ce15a29e0852023-02-08 09:53:43.561root 11241100x8000000000000000295523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.561{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b91d012110ae852023-02-08 09:53:43.561root 11241100x8000000000000000295543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c83daa16222624c2023-02-08 09:53:43.562root 11241100x8000000000000000295542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64348fd11ad5202f2023-02-08 09:53:43.562root 11241100x8000000000000000295541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185a7a743809fe9f2023-02-08 09:53:43.562root 11241100x8000000000000000295540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772881241a635d732023-02-08 09:53:43.562root 11241100x8000000000000000295539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c20bdc9dd955f992023-02-08 09:53:43.562root 11241100x8000000000000000295538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaef777e923f5a32023-02-08 09:53:43.562root 11241100x8000000000000000295537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4b73600e86bdb72023-02-08 09:53:43.562root 11241100x8000000000000000295536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f461edd5e5c9b2722023-02-08 09:53:43.562root 11241100x8000000000000000295535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.562{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5272ad3de85068bf2023-02-08 09:53:43.562root 11241100x8000000000000000295549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bdc72b8f09fe0f2023-02-08 09:53:43.563root 11241100x8000000000000000295548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c5c8be0f3ab30c2023-02-08 09:53:43.563root 11241100x8000000000000000295547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab28b120502a2d62023-02-08 09:53:43.563root 11241100x8000000000000000295546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb94c4c4edfc8522023-02-08 09:53:43.563root 11241100x8000000000000000295545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540396bff7a912a72023-02-08 09:53:43.563root 11241100x8000000000000000295544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.563{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6afaf49d71f1b802023-02-08 09:53:43.563root 11241100x8000000000000000295555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d79ecc470264632023-02-08 09:53:43.564root 11241100x8000000000000000295554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8854b04d450925fd2023-02-08 09:53:43.564root 11241100x8000000000000000295553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655acbc73bec9ff02023-02-08 09:53:43.564root 11241100x8000000000000000295552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d8ecf31a7c0bc2023-02-08 09:53:43.564root 11241100x8000000000000000295551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90d3d859e8966432023-02-08 09:53:43.564root 11241100x8000000000000000295550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.564{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb27c6f19f80142023-02-08 09:53:43.564root 11241100x8000000000000000295562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e6b31abe73cf32023-02-08 09:53:43.565root 11241100x8000000000000000295561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38de431c0cc2ebfc2023-02-08 09:53:43.565root 11241100x8000000000000000295560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885932348df4b2812023-02-08 09:53:43.565root 11241100x8000000000000000295559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f9677eff33150c2023-02-08 09:53:43.565root 11241100x8000000000000000295558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d0cf239e53fff92023-02-08 09:53:43.565root 11241100x8000000000000000295557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50c7791d49ebfd22023-02-08 09:53:43.565root 11241100x8000000000000000295556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.565{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fb8deb2ac413982023-02-08 09:53:43.565root 11241100x8000000000000000295571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1cd2eee6e4559c2023-02-08 09:53:43.566root 11241100x8000000000000000295570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c5efb630f72ebe2023-02-08 09:53:43.566root 11241100x8000000000000000295569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e66ecb50cf8a79c2023-02-08 09:53:43.566root 11241100x8000000000000000295568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67abf974d1a418c32023-02-08 09:53:43.566root 11241100x8000000000000000295567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecc4cf6ba299a842023-02-08 09:53:43.566root 11241100x8000000000000000295566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6865ae88cb650452023-02-08 09:53:43.566root 11241100x8000000000000000295565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f9e29340b4f2dd2023-02-08 09:53:43.566root 11241100x8000000000000000295564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961431e4009e7e7c2023-02-08 09:53:43.566root 11241100x8000000000000000295563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.566{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8144d1f84844afa2023-02-08 09:53:43.566root 11241100x8000000000000000295581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1441d188e73ef8602023-02-08 09:53:43.567root 11241100x8000000000000000295580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d01d948f7788a102023-02-08 09:53:43.567root 11241100x8000000000000000295579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2177c0703ce6ff4d2023-02-08 09:53:43.567root 11241100x8000000000000000295578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b33836547929722023-02-08 09:53:43.567root 11241100x8000000000000000295577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b4bd1f33ef22c2023-02-08 09:53:43.567root 11241100x8000000000000000295576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed079776e5ed20112023-02-08 09:53:43.567root 11241100x8000000000000000295575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9fb4d77f55f5bd2023-02-08 09:53:43.567root 11241100x8000000000000000295574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbcf424681f2f32023-02-08 09:53:43.567root 11241100x8000000000000000295573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c7afe3bf686462023-02-08 09:53:43.567root 11241100x8000000000000000295572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.567{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1b67b51b357f662023-02-08 09:53:43.567root 11241100x8000000000000000295592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac1328521681c3a2023-02-08 09:53:43.568root 11241100x8000000000000000295591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb70e20f7adfd72023-02-08 09:53:43.568root 11241100x8000000000000000295590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a98eafadab9fc252023-02-08 09:53:43.568root 11241100x8000000000000000295589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae73628ee9f7b582023-02-08 09:53:43.568root 11241100x8000000000000000295588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53296a830f289372023-02-08 09:53:43.568root 11241100x8000000000000000295587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64452f53300338cc2023-02-08 09:53:43.568root 11241100x8000000000000000295586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b5db27423422a72023-02-08 09:53:43.568root 11241100x8000000000000000295585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8b11748bef88062023-02-08 09:53:43.568root 11241100x8000000000000000295584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f98e4c56eae9482023-02-08 09:53:43.568root 11241100x8000000000000000295583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4a6193e77a5de52023-02-08 09:53:43.568root 11241100x8000000000000000295582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.568{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88811988353635932023-02-08 09:53:43.568root 11241100x8000000000000000295601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d449196f133872023-02-08 09:53:43.569root 11241100x8000000000000000295600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7cc05ef79601162023-02-08 09:53:43.569root 11241100x8000000000000000295599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1aac2ce34e213242023-02-08 09:53:43.569root 11241100x8000000000000000295598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b399643f124f732023-02-08 09:53:43.569root 11241100x8000000000000000295597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b941609be0de471c2023-02-08 09:53:43.569root 11241100x8000000000000000295596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae058f7cea7cdbbb2023-02-08 09:53:43.569root 11241100x8000000000000000295595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717bb08532b884552023-02-08 09:53:43.569root 11241100x8000000000000000295594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80eeead3f62da7fe2023-02-08 09:53:43.569root 11241100x8000000000000000295593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.569{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1be76a2e4215872023-02-08 09:53:43.569root 11241100x8000000000000000295610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a054246c0f450bfc2023-02-08 09:53:43.570root 11241100x8000000000000000295609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa1ee6643454532023-02-08 09:53:43.570root 11241100x8000000000000000295608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22cba67190fa06d2023-02-08 09:53:43.570root 11241100x8000000000000000295607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5285e7fa2fa747f2023-02-08 09:53:43.570root 11241100x8000000000000000295606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d291296e2400b152023-02-08 09:53:43.570root 11241100x8000000000000000295605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89645ad7c6185dc12023-02-08 09:53:43.570root 11241100x8000000000000000295604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e574b90276274ed2023-02-08 09:53:43.570root 11241100x8000000000000000295603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d1a10fc8adf8e02023-02-08 09:53:43.570root 11241100x8000000000000000295602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.570{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2b678cb4e12c292023-02-08 09:53:43.570root 11241100x8000000000000000295615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.571{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f0563fdb2f05842023-02-08 09:53:43.571root 11241100x8000000000000000295614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.571{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3590026c178ce4362023-02-08 09:53:43.571root 11241100x8000000000000000295613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.571{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b52e9d606081312023-02-08 09:53:43.571root 11241100x8000000000000000295612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.571{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd1143f1a439dd2023-02-08 09:53:43.571root 11241100x8000000000000000295611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.571{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0878469975bc0a942023-02-08 09:53:43.571root 11241100x8000000000000000295620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.572{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d0c077dea5d5042023-02-08 09:53:43.572root 11241100x8000000000000000295619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.572{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24db4bc492daacc22023-02-08 09:53:43.572root 11241100x8000000000000000295618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.572{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6ba12cdd13e7612023-02-08 09:53:43.572root 11241100x8000000000000000295617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.572{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c346860f4973672023-02-08 09:53:43.572root 11241100x8000000000000000295616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.572{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dbaffe93169ab72023-02-08 09:53:43.572root 11241100x8000000000000000295624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.573{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf206f8c8f1dd9fa2023-02-08 09:53:43.573root 11241100x8000000000000000295623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.573{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc969284c4df63892023-02-08 09:53:43.573root 11241100x8000000000000000295622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.573{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91030f63bdb4fdba2023-02-08 09:53:43.573root 11241100x8000000000000000295621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.573{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4242c4b97539a3012023-02-08 09:53:43.573root 11241100x8000000000000000295630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4410b5b468c7fee2023-02-08 09:53:43.574root 11241100x8000000000000000295629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb2901bb35abf92023-02-08 09:53:43.574root 11241100x8000000000000000295628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9789206fb598fa322023-02-08 09:53:43.574root 11241100x8000000000000000295627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b275b7df624cdd2023-02-08 09:53:43.574root 11241100x8000000000000000295626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e793468de7ea00412023-02-08 09:53:43.574root 11241100x8000000000000000295625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.574{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65d71ceaa6724ec2023-02-08 09:53:43.574root 11241100x8000000000000000295634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.575{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e96949e671fd9b32023-02-08 09:53:43.575root 11241100x8000000000000000295633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.575{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fa6e032ef0f53a2023-02-08 09:53:43.575root 11241100x8000000000000000295632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.575{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55cc9a80baeb1902023-02-08 09:53:43.575root 11241100x8000000000000000295631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.575{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0e98c326e9d8c2023-02-08 09:53:43.575root 11241100x8000000000000000295639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.576{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b9ac5572b46c412023-02-08 09:53:43.576root 11241100x8000000000000000295638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.576{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470cf7b92bdd79e62023-02-08 09:53:43.576root 11241100x8000000000000000295637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.576{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc46af29ee01a8c32023-02-08 09:53:43.576root 11241100x8000000000000000295636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.576{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69333a8b336888e72023-02-08 09:53:43.576root 11241100x8000000000000000295635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.576{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678cc5eb25b4eea72023-02-08 09:53:43.576root 11241100x8000000000000000295643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.577{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23ca7d0ab1c1a12023-02-08 09:53:43.577root 11241100x8000000000000000295642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.577{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a875ce3b650aa162023-02-08 09:53:43.577root 11241100x8000000000000000295641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.577{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ca5164b47a95512023-02-08 09:53:43.577root 11241100x8000000000000000295640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.577{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35cf205fb0dc7422023-02-08 09:53:43.577root 11241100x8000000000000000295647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.578{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f805c15eb53c4762023-02-08 09:53:43.578root 11241100x8000000000000000295646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.578{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1536270385355df2023-02-08 09:53:43.578root 11241100x8000000000000000295645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.578{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53295953fbda652023-02-08 09:53:43.578root 11241100x8000000000000000295644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.578{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1944450ca6e96fa62023-02-08 09:53:43.578root 11241100x8000000000000000295651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.579{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1810a41422709aa72023-02-08 09:53:43.579root 11241100x8000000000000000295650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.579{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3968138a92c02002023-02-08 09:53:43.579root 11241100x8000000000000000295649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.579{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364858a22eb474812023-02-08 09:53:43.579root 11241100x8000000000000000295648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.579{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb0401a5f9d0522023-02-08 09:53:43.579root 11241100x8000000000000000295656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.580{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e27be24fd40702023-02-08 09:53:43.580root 11241100x8000000000000000295655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.580{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b9cf37a0d6fbfa2023-02-08 09:53:43.580root 11241100x8000000000000000295654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.580{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666992e09dd45c7b2023-02-08 09:53:43.580root 11241100x8000000000000000295653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.580{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329f50e29feaa4192023-02-08 09:53:43.580root 11241100x8000000000000000295652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.580{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334f638045ae72d72023-02-08 09:53:43.580root 11241100x8000000000000000295660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.581{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4d66f1a3acacbb2023-02-08 09:53:43.581root 11241100x8000000000000000295659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.581{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a680043c795dae2023-02-08 09:53:43.581root 11241100x8000000000000000295658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.581{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2058e52cf2fe4752023-02-08 09:53:43.581root 11241100x8000000000000000295657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.581{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5df59a4a8a5e802023-02-08 09:53:43.581root 11241100x8000000000000000295669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80692e615ea8aa82023-02-08 09:53:43.582root 11241100x8000000000000000295668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5794a8ab99e59f432023-02-08 09:53:43.582root 11241100x8000000000000000295667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e76f93d75c3c912023-02-08 09:53:43.582root 11241100x8000000000000000295666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f726d262acd2e2592023-02-08 09:53:43.582root 11241100x8000000000000000295665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af253f5a0901b0232023-02-08 09:53:43.582root 11241100x8000000000000000295664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a7b5186b686052023-02-08 09:53:43.582root 11241100x8000000000000000295663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfde0308b4e6c3d92023-02-08 09:53:43.582root 11241100x8000000000000000295662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a16401ebae4554f2023-02-08 09:53:43.582root 11241100x8000000000000000295661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.582{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e817f0c33034a42023-02-08 09:53:43.582root 11241100x8000000000000000295682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2edc90ec690a442023-02-08 09:53:43.583root 11241100x8000000000000000295681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b346947cdab71e32023-02-08 09:53:43.583root 11241100x8000000000000000295680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201ae4c76d0f5172023-02-08 09:53:43.583root 11241100x8000000000000000295679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd900054e36ea262023-02-08 09:53:43.583root 11241100x8000000000000000295678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737364bb9d12a8132023-02-08 09:53:43.583root 11241100x8000000000000000295677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1f4a9255b7eab42023-02-08 09:53:43.583root 11241100x8000000000000000295676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcd680d90c24cde2023-02-08 09:53:43.583root 11241100x8000000000000000295675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749a1217d1c83a6e2023-02-08 09:53:43.583root 11241100x8000000000000000295674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eacd806872e6672023-02-08 09:53:43.583root 11241100x8000000000000000295673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c69d1236eaa1a22023-02-08 09:53:43.583root 11241100x8000000000000000295672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5792dda97f34b6ed2023-02-08 09:53:43.583root 11241100x8000000000000000295671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41ee6269e14174a2023-02-08 09:53:43.583root 11241100x8000000000000000295670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.583{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f75deeafb8181ed2023-02-08 09:53:43.583root 11241100x8000000000000000295687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.584{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15b158c9e82c50e2023-02-08 09:53:43.584root 11241100x8000000000000000295686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.584{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f4e8ad4c433b912023-02-08 09:53:43.584root 11241100x8000000000000000295685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.584{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74de1ca573623082023-02-08 09:53:43.584root 11241100x8000000000000000295684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.584{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5c815ad0182c772023-02-08 09:53:43.584root 11241100x8000000000000000295683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.584{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2bf06c092066692023-02-08 09:53:43.584root 11241100x8000000000000000295690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.585{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17799819866cd0612023-02-08 09:53:43.585root 11241100x8000000000000000295689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.585{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4171e180bbb84dad2023-02-08 09:53:43.585root 11241100x8000000000000000295688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.585{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9325c31ffe182b4c2023-02-08 09:53:43.585root 11241100x8000000000000000295693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.586{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec034f9530565de2023-02-08 09:53:43.586root 11241100x8000000000000000295692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.586{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a9e596c1cfec32023-02-08 09:53:43.586root 11241100x8000000000000000295691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.586{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce389302c7b1d742023-02-08 09:53:43.586root 11241100x8000000000000000295696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.587{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa0c489e4e3601b2023-02-08 09:53:43.587root 11241100x8000000000000000295695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.587{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f330909b5d792ac2023-02-08 09:53:43.587root 11241100x8000000000000000295694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.587{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8aa9a2d67aa5982023-02-08 09:53:43.587root 11241100x8000000000000000295700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40b92a7c9d68b682023-02-08 09:53:43.588root 11241100x8000000000000000295699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ed701558f7669a2023-02-08 09:53:43.588root 11241100x8000000000000000295698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99848eee4a23b11f2023-02-08 09:53:43.588root 11241100x8000000000000000295697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff206f194ace71cf2023-02-08 09:53:43.588root 11241100x8000000000000000295705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80aa7cbc8c07e442023-02-08 09:53:43.589root 11241100x8000000000000000295704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f572397f969f03142023-02-08 09:53:43.589root 11241100x8000000000000000295703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d47b19e492ef1a2023-02-08 09:53:43.589root 11241100x8000000000000000295702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6953c7316e6fb22023-02-08 09:53:43.589root 11241100x8000000000000000295701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b12ed777d130f92023-02-08 09:53:43.589root 11241100x8000000000000000295709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9daccd0542fd7a02023-02-08 09:53:43.590root 11241100x8000000000000000295708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa46505c9540e1162023-02-08 09:53:43.590root 11241100x8000000000000000295707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e483307bd110182023-02-08 09:53:43.590root 11241100x8000000000000000295706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c058d94a3432d2023-02-08 09:53:43.590root 11241100x8000000000000000295718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c850c92dd424bb982023-02-08 09:53:43.591root 11241100x8000000000000000295717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3942b64368e1e96f2023-02-08 09:53:43.591root 11241100x8000000000000000295716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e83bbe1938787962023-02-08 09:53:43.591root 11241100x8000000000000000295715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f16ff0f1f4f1d972023-02-08 09:53:43.591root 11241100x8000000000000000295714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870c713434fa16b82023-02-08 09:53:43.591root 11241100x8000000000000000295713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c87864f6a179622023-02-08 09:53:43.591root 11241100x8000000000000000295712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfd75fdbcd4b5862023-02-08 09:53:43.591root 11241100x8000000000000000295711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd4e1778da9550a2023-02-08 09:53:43.591root 11241100x8000000000000000295710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011c5363cbcd9dc2023-02-08 09:53:43.591root 11241100x8000000000000000295732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ee7ee96dbc03942023-02-08 09:53:43.592root 11241100x8000000000000000295731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e617cde61130af1a2023-02-08 09:53:43.592root 11241100x8000000000000000295730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed41e4ef0c988c692023-02-08 09:53:43.592root 11241100x8000000000000000295729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353d2e4f99d56542023-02-08 09:53:43.592root 11241100x8000000000000000295728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0034630994ae9b82023-02-08 09:53:43.592root 11241100x8000000000000000295727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a945160335bd4df2023-02-08 09:53:43.592root 11241100x8000000000000000295726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908c0908c65f18b2023-02-08 09:53:43.592root 11241100x8000000000000000295725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c85d4e6a9b85552023-02-08 09:53:43.592root 11241100x8000000000000000295724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45309c2b90490b2023-02-08 09:53:43.592root 11241100x8000000000000000295723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ef62e7c66f5822023-02-08 09:53:43.592root 11241100x8000000000000000295722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f665c30548f11b32023-02-08 09:53:43.592root 11241100x8000000000000000295721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e93f1ab91720102023-02-08 09:53:43.592root 11241100x8000000000000000295720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc344c8db910b92023-02-08 09:53:43.592root 11241100x8000000000000000295719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78204c096f1ff92d2023-02-08 09:53:43.592root 11241100x8000000000000000295733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:43.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2051709f2077012023-02-08 09:53:43.593root 534500x8000000000000000295734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.482{ec2a0601-7118-63e3-503c-f97b43560000}1033/usr/lib/accountsservice/accounts-daemonroot 534500x8000000000000000295735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.532{ec2a0601-7119-63e3-b042-614717560000}1114/usr/lib/policykit-1/polkitdroot 11241100x8000000000000000295737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0f89aee2cec4072023-02-08 09:53:44.588root 11241100x8000000000000000295736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.588{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dafcabcfd7333c2023-02-08 09:53:44.588root 11241100x8000000000000000295743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a094e3294237bd2023-02-08 09:53:44.589root 11241100x8000000000000000295742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01a18868e7afa2d2023-02-08 09:53:44.589root 11241100x8000000000000000295741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225529974fe950882023-02-08 09:53:44.589root 11241100x8000000000000000295740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3054574c2897e67d2023-02-08 09:53:44.589root 11241100x8000000000000000295739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492124f171e20ade2023-02-08 09:53:44.589root 11241100x8000000000000000295738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.589{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f66faf26af7a322023-02-08 09:53:44.589root 11241100x8000000000000000295747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f9ce9a68ed3c212023-02-08 09:53:44.590root 11241100x8000000000000000295746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bea85996faca47d2023-02-08 09:53:44.590root 11241100x8000000000000000295745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def9692da2dd97dd2023-02-08 09:53:44.590root 11241100x8000000000000000295744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.590{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5486728d405a04022023-02-08 09:53:44.590root 11241100x8000000000000000295748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.591{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e03fbf0f55a1e872023-02-08 09:53:44.591root 11241100x8000000000000000295755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c696387d63eb682023-02-08 09:53:44.592root 11241100x8000000000000000295754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15847d4726cc7f262023-02-08 09:53:44.592root 11241100x8000000000000000295753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b8138898081cba2023-02-08 09:53:44.592root 11241100x8000000000000000295752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf60ede17bf3682023-02-08 09:53:44.592root 11241100x8000000000000000295751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef47e8289ba642ac2023-02-08 09:53:44.592root 11241100x8000000000000000295750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499042eb94a55aa2023-02-08 09:53:44.592root 11241100x8000000000000000295749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.592{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fd126b2430d11d2023-02-08 09:53:44.592root 11241100x8000000000000000295760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93750f22028e0f22023-02-08 09:53:44.593root 11241100x8000000000000000295759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40b935065d9a0f2023-02-08 09:53:44.593root 11241100x8000000000000000295758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867b559a94352f572023-02-08 09:53:44.593root 11241100x8000000000000000295757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292aa6a682bff90e2023-02-08 09:53:44.593root 11241100x8000000000000000295756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.593{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95d912e877d41a82023-02-08 09:53:44.593root 11241100x8000000000000000295766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a48a14152f74b752023-02-08 09:53:44.594root 11241100x8000000000000000295765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874177a306e327fb2023-02-08 09:53:44.594root 11241100x8000000000000000295764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4bd74c3638e7eb2023-02-08 09:53:44.594root 11241100x8000000000000000295763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08d06d63bbef2f02023-02-08 09:53:44.594root 11241100x8000000000000000295762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24108e2e9e86f12023-02-08 09:53:44.594root 11241100x8000000000000000295761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.594{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7309289fe3e40bc12023-02-08 09:53:44.594root 11241100x8000000000000000295768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.595{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a6bb949e06089e2023-02-08 09:53:44.595root 11241100x8000000000000000295767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.595{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932573a8fd31b0ce2023-02-08 09:53:44.595root 11241100x8000000000000000295770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.596{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7945e5824f3b66e12023-02-08 09:53:44.596root 11241100x8000000000000000295769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.596{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955cb89f3b189bd2023-02-08 09:53:44.596root 11241100x8000000000000000295772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.597{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bed7fd8deca44162023-02-08 09:53:44.597root 11241100x8000000000000000295771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.597{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8bc140f56526292023-02-08 09:53:44.597root 11241100x8000000000000000295774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.598{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7d5c92aa306ec92023-02-08 09:53:44.598root 11241100x8000000000000000295773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.598{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8706ff8b409de2023-02-08 09:53:44.598root 11241100x8000000000000000295776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.599{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547abd65b31277e62023-02-08 09:53:44.599root 11241100x8000000000000000295775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.599{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69e6f7a32f051992023-02-08 09:53:44.599root 11241100x8000000000000000295777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.600{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320602299f1826552023-02-08 09:53:44.600root 11241100x8000000000000000295780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.601{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bdc9f412c995e92023-02-08 09:53:44.601root 11241100x8000000000000000295779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.601{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed982a0c5d96f1c2023-02-08 09:53:44.601root 11241100x8000000000000000295778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.601{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f09c1d8f9e59a62023-02-08 09:53:44.601root 11241100x8000000000000000295782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.602{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e510e69ebf33da92023-02-08 09:53:44.602root 11241100x8000000000000000295781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.602{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f50d837205577c2023-02-08 09:53:44.602root 11241100x8000000000000000295784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.603{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26d8218e5929652023-02-08 09:53:44.603root 11241100x8000000000000000295783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.603{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86db4693d4c555052023-02-08 09:53:44.603root 11241100x8000000000000000295786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.604{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c069ee1512d45a2b2023-02-08 09:53:44.604root 11241100x8000000000000000295785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.604{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ab1a8718bef5822023-02-08 09:53:44.604root 11241100x8000000000000000295787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.605{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61d2ac1df458d592023-02-08 09:53:44.605root 11241100x8000000000000000295798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa6f342be9d96c2023-02-08 09:53:44.606root 11241100x8000000000000000295797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a0ef0ce2c594d2023-02-08 09:53:44.606root 11241100x8000000000000000295796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debe77c6abcfce632023-02-08 09:53:44.606root 11241100x8000000000000000295795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfa76d167f302492023-02-08 09:53:44.606root 11241100x8000000000000000295794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6605124b8b82a3272023-02-08 09:53:44.606root 11241100x8000000000000000295793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a4b3090db9f2202023-02-08 09:53:44.606root 11241100x8000000000000000295792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6368ff30b2aa42a72023-02-08 09:53:44.606root 11241100x8000000000000000295791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de427393f903f612023-02-08 09:53:44.606root 11241100x8000000000000000295790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8db2563618545a2023-02-08 09:53:44.606root 11241100x8000000000000000295789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f22a86d6668e122023-02-08 09:53:44.606root 11241100x8000000000000000295788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.606{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6094a3d917a0db2023-02-08 09:53:44.606root 11241100x8000000000000000295814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322032029b94ff8b2023-02-08 09:53:44.607root 11241100x8000000000000000295813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d84f512b18ff732023-02-08 09:53:44.607root 11241100x8000000000000000295812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1052f2abb6187a92023-02-08 09:53:44.607root 11241100x8000000000000000295811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98066b8e252fc4b82023-02-08 09:53:44.607root 11241100x8000000000000000295810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a2df8d02d7d4ec2023-02-08 09:53:44.607root 11241100x8000000000000000295809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78301a7a25b22eaa2023-02-08 09:53:44.607root 11241100x8000000000000000295808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0b54a46e7385352023-02-08 09:53:44.607root 11241100x8000000000000000295807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f7143d8ac195822023-02-08 09:53:44.607root 11241100x8000000000000000295806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4684e36d2388c2c92023-02-08 09:53:44.607root 11241100x8000000000000000295805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2780b7ff2a14359e2023-02-08 09:53:44.607root 11241100x8000000000000000295804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3da88619c10ce7c2023-02-08 09:53:44.607root 11241100x8000000000000000295803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a35630876740852023-02-08 09:53:44.607root 11241100x8000000000000000295802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d057afc12f823f6a2023-02-08 09:53:44.607root 11241100x8000000000000000295801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd624813955edf82023-02-08 09:53:44.607root 11241100x8000000000000000295800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9748a132a2abf1632023-02-08 09:53:44.607root 11241100x8000000000000000295799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a817a7d3a5b696d2023-02-08 09:53:44.607root 11241100x8000000000000000295823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf152d8010de5df2023-02-08 09:53:44.608root 11241100x8000000000000000295822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027e43f4bcea97392023-02-08 09:53:44.608root 11241100x8000000000000000295821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9de7c50fc239f882023-02-08 09:53:44.608root 11241100x8000000000000000295820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d587d26d76b5e472023-02-08 09:53:44.608root 11241100x8000000000000000295819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b17c61fb48dbe2023-02-08 09:53:44.608root 11241100x8000000000000000295818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0432c7b71a962c72023-02-08 09:53:44.608root 11241100x8000000000000000295817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee1156c38823222023-02-08 09:53:44.608root 11241100x8000000000000000295816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcc8bb47b239eca2023-02-08 09:53:44.608root 11241100x8000000000000000295815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48261e298ea6a13f2023-02-08 09:53:44.608root 11241100x8000000000000000295828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f4119b9b27b24e2023-02-08 09:53:44.609root 11241100x8000000000000000295827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f59a305f9ad7552023-02-08 09:53:44.609root 11241100x8000000000000000295826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab81d9c93369725d2023-02-08 09:53:44.609root 11241100x8000000000000000295825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a822af9d12210e762023-02-08 09:53:44.609root 11241100x8000000000000000295824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:44.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6908a04f62a7fa972023-02-08 09:53:44.609root 354300x8000000000000000295829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.056{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-33030-false10.0.1.12-8000- 11241100x8000000000000000295832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1e15a81b03c71f2023-02-08 09:53:45.607root 11241100x8000000000000000295831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664cdcc41a470d0d2023-02-08 09:53:45.607root 11241100x8000000000000000295830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.607{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd51e157e4f76f82023-02-08 09:53:45.607root 11241100x8000000000000000295836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b15bb5dafb05c2023-02-08 09:53:45.608root 11241100x8000000000000000295835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005946666c436a12023-02-08 09:53:45.608root 11241100x8000000000000000295834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737beb2dc4b5d0282023-02-08 09:53:45.608root 11241100x8000000000000000295833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.608{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375f1be07c9bd9b52023-02-08 09:53:45.608root 11241100x8000000000000000295841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c08f7f029049a712023-02-08 09:53:45.609root 11241100x8000000000000000295840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b60e9892fdd5ef2023-02-08 09:53:45.609root 11241100x8000000000000000295839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ad07c0881abb422023-02-08 09:53:45.609root 11241100x8000000000000000295838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f4856fcd8f453a2023-02-08 09:53:45.609root 11241100x8000000000000000295837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.609{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ffa0b429de9c7a2023-02-08 09:53:45.609root 11241100x8000000000000000295848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df25e35fb48f3252023-02-08 09:53:45.610root 11241100x8000000000000000295847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52eb607cc12a7672023-02-08 09:53:45.610root 11241100x8000000000000000295846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae962e9d504edd672023-02-08 09:53:45.610root 11241100x8000000000000000295845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c516ea5601aa83a2023-02-08 09:53:45.610root 11241100x8000000000000000295844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304b9da14062b6052023-02-08 09:53:45.610root 11241100x8000000000000000295843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693174de1dfc01352023-02-08 09:53:45.610root 11241100x8000000000000000295842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.610{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085145ca0051df72023-02-08 09:53:45.610root 11241100x8000000000000000295857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695d652ade2c680a2023-02-08 09:53:45.611root 11241100x8000000000000000295856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ce32c102bfec992023-02-08 09:53:45.611root 11241100x8000000000000000295855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784e369e1e63e3fc2023-02-08 09:53:45.611root 11241100x8000000000000000295854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72ba3ed78368bd02023-02-08 09:53:45.611root 11241100x8000000000000000295853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55ba6ef6c9144512023-02-08 09:53:45.611root 11241100x8000000000000000295852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97bead322ab2f5e2023-02-08 09:53:45.611root 11241100x8000000000000000295851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f562e0980302ac1b2023-02-08 09:53:45.611root 11241100x8000000000000000295850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5423adf552979ddb2023-02-08 09:53:45.611root 11241100x8000000000000000295849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.611{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f39d97eb9f1ad502023-02-08 09:53:45.611root 11241100x8000000000000000295868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e0c0752b8b21d2023-02-08 09:53:45.612root 11241100x8000000000000000295867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9817fd854691b62023-02-08 09:53:45.612root 11241100x8000000000000000295866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea4210c88f4a9da2023-02-08 09:53:45.612root 11241100x8000000000000000295865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3458bb5bf16b1162023-02-08 09:53:45.612root 11241100x8000000000000000295864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a1e4a49e604c7b2023-02-08 09:53:45.612root 11241100x8000000000000000295863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a9bbab989fc6692023-02-08 09:53:45.612root 11241100x8000000000000000295862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e86f8a09f967b32023-02-08 09:53:45.612root 11241100x8000000000000000295861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46af0593e940102023-02-08 09:53:45.612root 11241100x8000000000000000295860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd9f83bbc2208a42023-02-08 09:53:45.612root 11241100x8000000000000000295859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9531d00b50817c732023-02-08 09:53:45.612root 11241100x8000000000000000295858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.612{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582d9afa37b53bb02023-02-08 09:53:45.612root 11241100x8000000000000000295879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2d775ba11443d02023-02-08 09:53:45.613root 11241100x8000000000000000295878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b753a333f197242023-02-08 09:53:45.613root 11241100x8000000000000000295877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db92e52cbd14d7022023-02-08 09:53:45.613root 11241100x8000000000000000295876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3dfcbd727064172023-02-08 09:53:45.613root 11241100x8000000000000000295875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b100068511bb8222023-02-08 09:53:45.613root 11241100x8000000000000000295874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3257aca464c184522023-02-08 09:53:45.613root 11241100x8000000000000000295873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385231ab2aa02d792023-02-08 09:53:45.613root 11241100x8000000000000000295872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a4be8dd6bec6ed2023-02-08 09:53:45.613root 11241100x8000000000000000295871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9e821747eee482023-02-08 09:53:45.613root 11241100x8000000000000000295870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd1aed36f1b0112023-02-08 09:53:45.613root 11241100x8000000000000000295869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.613{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568bb7a1c3d5fbd82023-02-08 09:53:45.613root 11241100x8000000000000000295890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deecdc5e850040a92023-02-08 09:53:45.614root 11241100x8000000000000000295889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28b9d7a3696fbd82023-02-08 09:53:45.614root 11241100x8000000000000000295888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588680c2e897f36a2023-02-08 09:53:45.614root 11241100x8000000000000000295887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d497ba6aecfd242023-02-08 09:53:45.614root 11241100x8000000000000000295886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353b7169f486fd6e2023-02-08 09:53:45.614root 11241100x8000000000000000295885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eb08d6358c86962023-02-08 09:53:45.614root 11241100x8000000000000000295884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9026ef45ad03de312023-02-08 09:53:45.614root 11241100x8000000000000000295883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba4a9365535725d2023-02-08 09:53:45.614root 11241100x8000000000000000295882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143422955ac9d9bf2023-02-08 09:53:45.614root 11241100x8000000000000000295881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a940c06a7dd96c832023-02-08 09:53:45.614root 11241100x8000000000000000295880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.614{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50253b6700b00f3e2023-02-08 09:53:45.614root 11241100x8000000000000000295892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.615{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42da3a7fc697c762023-02-08 09:53:45.615root 11241100x8000000000000000295891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.615{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c0a68a76a83ee62023-02-08 09:53:45.615root 11241100x8000000000000000295899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ab657bd38beed02023-02-08 09:53:45.616root 11241100x8000000000000000295898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0894868eade2ba22023-02-08 09:53:45.616root 11241100x8000000000000000295897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0193be0ba6fd6d7b2023-02-08 09:53:45.616root 11241100x8000000000000000295896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90db735fc54c1fba2023-02-08 09:53:45.616root 11241100x8000000000000000295895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7702c347b18e662023-02-08 09:53:45.616root 11241100x8000000000000000295894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7b5a9c4f3653002023-02-08 09:53:45.616root 11241100x8000000000000000295893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e452d3074052251f2023-02-08 09:53:45.616root 11241100x8000000000000000295905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf3c1aa1e4d89e2023-02-08 09:53:45.617root 11241100x8000000000000000295904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a824e69365ffffa2023-02-08 09:53:45.617root 11241100x8000000000000000295903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9e0d241e65e8172023-02-08 09:53:45.617root 11241100x8000000000000000295902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea36c98fa1bdb7232023-02-08 09:53:45.617root 11241100x8000000000000000295901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f472f4fa1e944f9c2023-02-08 09:53:45.617root 11241100x8000000000000000295900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b33f7ff5cba202023-02-08 09:53:45.617root 11241100x8000000000000000295914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece673c6ef2e23922023-02-08 09:53:45.618root 11241100x8000000000000000295913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db04058edfe88902023-02-08 09:53:45.618root 11241100x8000000000000000295912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c25f72dcb16e192023-02-08 09:53:45.618root 11241100x8000000000000000295911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6391247f220cfb22023-02-08 09:53:45.618root 11241100x8000000000000000295910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623219cb00fd7e582023-02-08 09:53:45.618root 11241100x8000000000000000295909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f67dd5ef0292d02023-02-08 09:53:45.618root 11241100x8000000000000000295908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84496d2df2a56e2c2023-02-08 09:53:45.618root 11241100x8000000000000000295907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeb94c561cf52322023-02-08 09:53:45.618root 11241100x8000000000000000295906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4e9e4959ff590f2023-02-08 09:53:45.618root 11241100x8000000000000000295930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13956f99600777712023-02-08 09:53:45.619root 11241100x8000000000000000295929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c4c6aaafb9ceb2023-02-08 09:53:45.619root 11241100x8000000000000000295928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9038c0e0240947542023-02-08 09:53:45.619root 11241100x8000000000000000295927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944ee9bdb56ca7862023-02-08 09:53:45.619root 11241100x8000000000000000295926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bf4721bcadbb242023-02-08 09:53:45.619root 11241100x8000000000000000295925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49994cd388d3c9502023-02-08 09:53:45.619root 11241100x8000000000000000295924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf16e9be9d521402023-02-08 09:53:45.619root 11241100x8000000000000000295923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a447e7398636b1862023-02-08 09:53:45.619root 11241100x8000000000000000295922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f165f7951eb0a152023-02-08 09:53:45.619root 11241100x8000000000000000295921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10dd27ff395a62a2023-02-08 09:53:45.619root 11241100x8000000000000000295920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd3738b3e2c76362023-02-08 09:53:45.619root 11241100x8000000000000000295919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d24d8122d94a2ca2023-02-08 09:53:45.619root 11241100x8000000000000000295918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefe7c97b20d7c7d2023-02-08 09:53:45.619root 11241100x8000000000000000295917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb00b8de34fa3892023-02-08 09:53:45.619root 11241100x8000000000000000295916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5101ab0966286872023-02-08 09:53:45.619root 11241100x8000000000000000295915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3782a8ebb5920f82023-02-08 09:53:45.619root 11241100x8000000000000000295931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:45.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193a95f8a339f8c12023-02-08 09:53:45.620root 11241100x8000000000000000295932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.616{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f38d4832d15ddd62023-02-08 09:53:46.616root 11241100x8000000000000000295938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986e599040d57292023-02-08 09:53:46.617root 11241100x8000000000000000295937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efce5a8e2b62dc8d2023-02-08 09:53:46.617root 11241100x8000000000000000295936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f451cf6a192d8a92023-02-08 09:53:46.617root 11241100x8000000000000000295935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af73d4306ab9d9d52023-02-08 09:53:46.617root 11241100x8000000000000000295934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca81b55b05c8432023-02-08 09:53:46.617root 11241100x8000000000000000295933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.617{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10dd47acedaf51d2023-02-08 09:53:46.617root 11241100x8000000000000000295945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349808b804a1f58b2023-02-08 09:53:46.618root 11241100x8000000000000000295944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e435310a60f180b82023-02-08 09:53:46.618root 11241100x8000000000000000295943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f3d3fda72faaf12023-02-08 09:53:46.618root 11241100x8000000000000000295942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eab0ea50aa042982023-02-08 09:53:46.618root 11241100x8000000000000000295941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31303c6e8a5d0a7b2023-02-08 09:53:46.618root 11241100x8000000000000000295940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0526df712cb14af72023-02-08 09:53:46.618root 11241100x8000000000000000295939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.618{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3f4b02f7e72d7d2023-02-08 09:53:46.618root 11241100x8000000000000000295953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deda4a10215fc84f2023-02-08 09:53:46.619root 11241100x8000000000000000295952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8a86975ba45602023-02-08 09:53:46.619root 11241100x8000000000000000295951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e19db0a24a5e382023-02-08 09:53:46.619root 11241100x8000000000000000295950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04071b911a5f2542023-02-08 09:53:46.619root 11241100x8000000000000000295949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad139297ec65feb2023-02-08 09:53:46.619root 11241100x8000000000000000295948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab2e5b43504fcac2023-02-08 09:53:46.619root 11241100x8000000000000000295947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e75f564cad0a72d2023-02-08 09:53:46.619root 11241100x8000000000000000295946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.619{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ccca6f214f04142023-02-08 09:53:46.619root 11241100x8000000000000000295960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97935aeeaa3a0282023-02-08 09:53:46.620root 11241100x8000000000000000295959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adde37158ac4b7022023-02-08 09:53:46.620root 11241100x8000000000000000295958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad70363152a473ab2023-02-08 09:53:46.620root 11241100x8000000000000000295957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd0b6c18b93b9f52023-02-08 09:53:46.620root 11241100x8000000000000000295956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51284b903d4fe7572023-02-08 09:53:46.620root 11241100x8000000000000000295955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44ccd4d832ec872023-02-08 09:53:46.620root 11241100x8000000000000000295954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.620{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224d0dae1c5e75392023-02-08 09:53:46.620root 11241100x8000000000000000295965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.621{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e68ccc4aa870b2023-02-08 09:53:46.621root 11241100x8000000000000000295964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.621{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e03675ef86826692023-02-08 09:53:46.621root 11241100x8000000000000000295963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.621{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d0b1bb87810f72023-02-08 09:53:46.621root 11241100x8000000000000000295962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.621{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f983fd065120135a2023-02-08 09:53:46.621root 11241100x8000000000000000295961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.621{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9493927ec972a2562023-02-08 09:53:46.621root 11241100x8000000000000000295970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.622{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1311a7769e020c2a2023-02-08 09:53:46.622root 11241100x8000000000000000295969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.622{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7904c970810800ed2023-02-08 09:53:46.622root 11241100x8000000000000000295968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.622{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1ac0b8365dbb902023-02-08 09:53:46.622root 11241100x8000000000000000295967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.622{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4beab7cdeee27e12023-02-08 09:53:46.622root 11241100x8000000000000000295966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.622{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec21c55ae31d4382023-02-08 09:53:46.622root 11241100x8000000000000000295973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.623{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e11ab75fe7ccdc2023-02-08 09:53:46.623root 11241100x8000000000000000295972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.623{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd3418e6fa7aad42023-02-08 09:53:46.623root 11241100x8000000000000000295971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.623{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1805136c1ebcd2023-02-08 09:53:46.623root 11241100x8000000000000000295978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.624{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fdeb4eadf6a2912023-02-08 09:53:46.624root 11241100x8000000000000000295977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.624{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24298f946333e08c2023-02-08 09:53:46.624root 11241100x8000000000000000295976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.624{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d34713c1a58d6cb2023-02-08 09:53:46.624root 11241100x8000000000000000295975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.624{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c955bce68d2256a12023-02-08 09:53:46.624root 11241100x8000000000000000295974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.624{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12a66251d094dd2023-02-08 09:53:46.624root 11241100x8000000000000000295981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.625{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add0139f38885d3e2023-02-08 09:53:46.625root 11241100x8000000000000000295980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.625{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84c62f60a6b18052023-02-08 09:53:46.625root 11241100x8000000000000000295979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:46.625{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2e48a0e55603d52023-02-08 09:53:46.625root 11241100x8000000000000000295982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.041{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1c5c2bd02c4752023-02-08 09:53:47.041root 11241100x8000000000000000295989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78d8387c796b08e2023-02-08 09:53:47.042root 11241100x8000000000000000295988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e6f441e47d46c42023-02-08 09:53:47.042root 11241100x8000000000000000295987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4aa208fd0a553532023-02-08 09:53:47.042root 11241100x8000000000000000295986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f638fa51d0b512f22023-02-08 09:53:47.042root 11241100x8000000000000000295985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3651f8c087cfb5e22023-02-08 09:53:47.042root 11241100x8000000000000000295984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b74c909045fcd42023-02-08 09:53:47.042root 11241100x8000000000000000295983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.042{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0a83b952a9fd6a2023-02-08 09:53:47.042root 11241100x8000000000000000295995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3533426634f4742c2023-02-08 09:53:47.043root 11241100x8000000000000000295994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5c931c134584ba2023-02-08 09:53:47.043root 11241100x8000000000000000295993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a28ec3c1b594712023-02-08 09:53:47.043root 11241100x8000000000000000295992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca5dd3c20df5e762023-02-08 09:53:47.043root 11241100x8000000000000000295991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132cc780b53c674d2023-02-08 09:53:47.043root 11241100x8000000000000000295990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.043{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab752e6dbdba1192023-02-08 09:53:47.043root 11241100x8000000000000000296001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84549a230296a5a12023-02-08 09:53:47.044root 11241100x8000000000000000296000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8978f8ad8e9a7232023-02-08 09:53:47.044root 11241100x8000000000000000295999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30349f2d7fcd4ce82023-02-08 09:53:47.044root 11241100x8000000000000000295998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54553ced7b7f1c4d2023-02-08 09:53:47.044root 11241100x8000000000000000295997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b92f91bb1ad65272023-02-08 09:53:47.044root 11241100x8000000000000000295996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.044{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9fd42ee98a667e2023-02-08 09:53:47.044root 11241100x8000000000000000296006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.045{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd11217620e4b8a02023-02-08 09:53:47.045root 11241100x8000000000000000296005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.045{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d326b7b0aceb68da2023-02-08 09:53:47.045root 11241100x8000000000000000296004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.045{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5654bcb5c809292023-02-08 09:53:47.045root 11241100x8000000000000000296003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.045{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16b40cee7c253e52023-02-08 09:53:47.045root 11241100x8000000000000000296002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.045{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78346e923fee1de72023-02-08 09:53:47.045root 11241100x8000000000000000296010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.046{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fd4153d8a0b76d2023-02-08 09:53:47.046root 11241100x8000000000000000296009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.046{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33a3d7dcdac0e362023-02-08 09:53:47.046root 11241100x8000000000000000296008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.046{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a82b69155edc412023-02-08 09:53:47.046root 11241100x8000000000000000296007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.046{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb1b301fb1ae22d2023-02-08 09:53:47.046root 11241100x8000000000000000296014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.047{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40be6eb33385c882023-02-08 09:53:47.047root 11241100x8000000000000000296013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.047{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9345e72d3bc14b12023-02-08 09:53:47.047root 11241100x8000000000000000296012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.047{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef20758007664e02023-02-08 09:53:47.047root 11241100x8000000000000000296011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.047{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a09394e02faf4802023-02-08 09:53:47.047root 11241100x8000000000000000296020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12182ebcf4443a2023-02-08 09:53:47.048root 11241100x8000000000000000296019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0af956c7f3f3742023-02-08 09:53:47.048root 11241100x8000000000000000296018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59776fc455e585612023-02-08 09:53:47.048root 11241100x8000000000000000296017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89dfd7fdb4b1f5c2023-02-08 09:53:47.048root 11241100x8000000000000000296016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4b30b8ada100832023-02-08 09:53:47.048root 11241100x8000000000000000296015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.048{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530f823a4bdbce12023-02-08 09:53:47.048root 11241100x8000000000000000296025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.049{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f95ba666198e7962023-02-08 09:53:47.049root 11241100x8000000000000000296024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.049{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97d78a2ffaf60022023-02-08 09:53:47.049root 11241100x8000000000000000296023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.049{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb491306274eeefa2023-02-08 09:53:47.049root 11241100x8000000000000000296022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.049{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d421c6af18c21a2023-02-08 09:53:47.049root 11241100x8000000000000000296021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.049{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a73d259a32a36292023-02-08 09:53:47.049root 11241100x8000000000000000296030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.050{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02f6aab0a612902023-02-08 09:53:47.050root 11241100x8000000000000000296029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.050{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4909058c95fc88352023-02-08 09:53:47.050root 11241100x8000000000000000296028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.050{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada38112281e658a2023-02-08 09:53:47.050root 11241100x8000000000000000296027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.050{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64985882d1d825b22023-02-08 09:53:47.050root 11241100x8000000000000000296026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.050{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3143c3a0a1160f7a2023-02-08 09:53:47.050root 11241100x8000000000000000296036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01ed604f840faee2023-02-08 09:53:47.051root 11241100x8000000000000000296035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da321ec20536aeb72023-02-08 09:53:47.051root 11241100x8000000000000000296034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb6c88bfc64031c2023-02-08 09:53:47.051root 11241100x8000000000000000296033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d984a96c20a171d32023-02-08 09:53:47.051root 11241100x8000000000000000296032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8897be5a2792582023-02-08 09:53:47.051root 11241100x8000000000000000296031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.051{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ae1abf4fad84df2023-02-08 09:53:47.051root 11241100x8000000000000000296042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d82a3668e50a9f2023-02-08 09:53:47.052root 11241100x8000000000000000296041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f520d8dbb335a92023-02-08 09:53:47.052root 11241100x8000000000000000296040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de35c87f9abd9ea62023-02-08 09:53:47.052root 11241100x8000000000000000296039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dccd942226ac29f2023-02-08 09:53:47.052root 11241100x8000000000000000296038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21f6c0a212393dd2023-02-08 09:53:47.052root 11241100x8000000000000000296037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.052{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd5e2f11d001e222023-02-08 09:53:47.052root 11241100x8000000000000000296045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.053{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e003dd4aa5e2062023-02-08 09:53:47.053root 11241100x8000000000000000296044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.053{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ed638d88ea69e2023-02-08 09:53:47.053root 11241100x8000000000000000296043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.053{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21196ae30dd24c32023-02-08 09:53:47.053root 11241100x8000000000000000296051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02d680e8201f6862023-02-08 09:53:47.054root 11241100x8000000000000000296050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215bead4acac27602023-02-08 09:53:47.054root 11241100x8000000000000000296049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf39b17d1a50dc42023-02-08 09:53:47.054root 11241100x8000000000000000296048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5449917b2e171ae92023-02-08 09:53:47.054root 11241100x8000000000000000296047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9608a66e68952e92023-02-08 09:53:47.054root 11241100x8000000000000000296046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.054{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3c3e5bb20a7bbb2023-02-08 09:53:47.054root 11241100x8000000000000000296055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff856d3af628bdc2023-02-08 09:53:47.055root 11241100x8000000000000000296054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be0de43f509cc52023-02-08 09:53:47.055root 11241100x8000000000000000296053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac3782c471c91d2023-02-08 09:53:47.055root 11241100x8000000000000000296052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.055{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd92ce030768310b2023-02-08 09:53:47.055root 11241100x8000000000000000296058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738aa87d832c07402023-02-08 09:53:47.056root 11241100x8000000000000000296057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce33981f880f572023-02-08 09:53:47.056root 11241100x8000000000000000296056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.056{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca98f582a70ad4f52023-02-08 09:53:47.056root 11241100x8000000000000000296062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d391a17f4722ad8e2023-02-08 09:53:47.057root 11241100x8000000000000000296061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516cf76a0fa18d072023-02-08 09:53:47.057root 11241100x8000000000000000296060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b87de6c5b36e8b32023-02-08 09:53:47.057root 11241100x8000000000000000296059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.057{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dde2bd99d55a442023-02-08 09:53:47.057root 11241100x8000000000000000296068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f068d984f3018ed2023-02-08 09:53:47.058root 11241100x8000000000000000296067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce83d19064a3c872023-02-08 09:53:47.058root 11241100x8000000000000000296066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7aac939bba1aa62023-02-08 09:53:47.058root 11241100x8000000000000000296065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9888ec56f71a9db2023-02-08 09:53:47.058root 11241100x8000000000000000296064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa0ead29019e6352023-02-08 09:53:47.058root 11241100x8000000000000000296063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.058{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afc0a6b381166732023-02-08 09:53:47.058root 11241100x8000000000000000296076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68fac0f9b6f8c3b2023-02-08 09:53:47.059root 11241100x8000000000000000296075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e485f3ceec0fc62023-02-08 09:53:47.059root 11241100x8000000000000000296074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d77da7b0ad5b22023-02-08 09:53:47.059root 11241100x8000000000000000296073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52faba7d8ac4fb2c2023-02-08 09:53:47.059root 11241100x8000000000000000296072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f831db0f089800f2023-02-08 09:53:47.059root 11241100x8000000000000000296071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36315230f4fecd2023-02-08 09:53:47.059root 11241100x8000000000000000296070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f224289717524d82023-02-08 09:53:47.059root 11241100x8000000000000000296069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.059{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc016e3b9c4bbb32023-02-08 09:53:47.059root 11241100x8000000000000000296082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f19912725e19532023-02-08 09:53:47.060root 11241100x8000000000000000296081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f58df6067e37832023-02-08 09:53:47.060root 11241100x8000000000000000296080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee28b84357747d32023-02-08 09:53:47.060root 11241100x8000000000000000296079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393210634912627e2023-02-08 09:53:47.060root 11241100x8000000000000000296078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da111f29571f3222023-02-08 09:53:47.060root 11241100x8000000000000000296077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.060{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56de2fff71eee3062023-02-08 09:53:47.060root 11241100x8000000000000000296089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d721a6fe4bb9fa52023-02-08 09:53:47.061root 11241100x8000000000000000296088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028a75238ab47b462023-02-08 09:53:47.061root 11241100x8000000000000000296087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29529c26f8e539652023-02-08 09:53:47.061root 11241100x8000000000000000296086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182c912565b919632023-02-08 09:53:47.061root 11241100x8000000000000000296085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebc88df867d84c32023-02-08 09:53:47.061root 11241100x8000000000000000296084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb331739486cc0812023-02-08 09:53:47.061root 11241100x8000000000000000296083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.061{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5f543f623dd272023-02-08 09:53:47.061root 11241100x8000000000000000296097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d20e110269afb0b2023-02-08 09:53:47.062root 11241100x8000000000000000296096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d1e4c39a0f2f912023-02-08 09:53:47.062root 11241100x8000000000000000296095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2ea8406adac13a2023-02-08 09:53:47.062root 11241100x8000000000000000296094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e4a724eba60bc82023-02-08 09:53:47.062root 11241100x8000000000000000296093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3fb90c8cfc13782023-02-08 09:53:47.062root 11241100x8000000000000000296092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3057fd39237ed12023-02-08 09:53:47.062root 11241100x8000000000000000296091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e637a70df23d13532023-02-08 09:53:47.062root 11241100x8000000000000000296090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.062{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1a5cbe723db2b12023-02-08 09:53:47.062root 11241100x8000000000000000296101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0022b6eb61b725ec2023-02-08 09:53:47.063root 11241100x8000000000000000296100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d016e4e5ca64a6932023-02-08 09:53:47.063root 11241100x8000000000000000296099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e509a72e404fe3d2023-02-08 09:53:47.063root 11241100x8000000000000000296098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.063{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7906d7df655386f2023-02-08 09:53:47.063root 11241100x8000000000000000296107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4491bfdbb79dc23b2023-02-08 09:53:47.064root 11241100x8000000000000000296106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8db66456b72d2222023-02-08 09:53:47.064root 11241100x8000000000000000296105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7667be6d51249db22023-02-08 09:53:47.064root 11241100x8000000000000000296104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b54e7533ab3da62023-02-08 09:53:47.064root 11241100x8000000000000000296103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57631fc2df382382023-02-08 09:53:47.064root 11241100x8000000000000000296102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.064{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365bb3d175e65d522023-02-08 09:53:47.064root 11241100x8000000000000000296112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed074ee47b9dcb562023-02-08 09:53:47.065root 11241100x8000000000000000296111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cab7f82bd08c2d62023-02-08 09:53:47.065root 11241100x8000000000000000296110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c638932d2de929672023-02-08 09:53:47.065root 11241100x8000000000000000296109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ea114a270be2582023-02-08 09:53:47.065root 11241100x8000000000000000296108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.065{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084b4dde49ffb7b2023-02-08 09:53:47.065root 11241100x8000000000000000296118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f421cba4ebedc2023-02-08 09:53:47.066root 11241100x8000000000000000296117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f590d980f754a02023-02-08 09:53:47.066root 11241100x8000000000000000296116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126feee472889c12023-02-08 09:53:47.066root 11241100x8000000000000000296115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4e36c29e6ef4962023-02-08 09:53:47.066root 11241100x8000000000000000296114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782ffbf5a7f51fc2023-02-08 09:53:47.066root 11241100x8000000000000000296113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.066{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a98740a5ec17bc62023-02-08 09:53:47.066root 11241100x8000000000000000296125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a2231cce3490042023-02-08 09:53:47.067root 11241100x8000000000000000296124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de07e84795c48be2023-02-08 09:53:47.067root 11241100x8000000000000000296123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f223cd24be9ed152023-02-08 09:53:47.067root 11241100x8000000000000000296122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22b061c148eaaf2023-02-08 09:53:47.067root 11241100x8000000000000000296121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a52d7c663329ce72023-02-08 09:53:47.067root 11241100x8000000000000000296120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eee9bc2c0db13f2023-02-08 09:53:47.067root 11241100x8000000000000000296119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.067{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ef400fbc3b13692023-02-08 09:53:47.067root 11241100x8000000000000000296129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ed5dbeddab0042023-02-08 09:53:47.068root 11241100x8000000000000000296128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25f08e55cd360f82023-02-08 09:53:47.068root 11241100x8000000000000000296127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039092a28fa1b1f92023-02-08 09:53:47.068root 11241100x8000000000000000296126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.068{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e4b000ddf963532023-02-08 09:53:47.068root 11241100x8000000000000000296135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5d04865c54b5b92023-02-08 09:53:47.069root 11241100x8000000000000000296134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2a076e3a641c092023-02-08 09:53:47.069root 11241100x8000000000000000296133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fddd126240d88b82023-02-08 09:53:47.069root 11241100x8000000000000000296132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fddc79452710da02023-02-08 09:53:47.069root 11241100x8000000000000000296131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea1256fab2179312023-02-08 09:53:47.069root 11241100x8000000000000000296130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.069{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641de504c5d5be4d2023-02-08 09:53:47.069root 11241100x8000000000000000296140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b458d7fd4428c712023-02-08 09:53:47.070root 11241100x8000000000000000296139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e93683ee89fdc62023-02-08 09:53:47.070root 11241100x8000000000000000296138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936c5663fe6281792023-02-08 09:53:47.070root 11241100x8000000000000000296137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7963bf2d3c5366192023-02-08 09:53:47.070root 11241100x8000000000000000296136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.070{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa863b46039bfc1d2023-02-08 09:53:47.070root 11241100x8000000000000000296144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1165c00657aa6a442023-02-08 09:53:47.071root 11241100x8000000000000000296143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b784faa0b9f5252023-02-08 09:53:47.071root 11241100x8000000000000000296142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e397b7187b78432023-02-08 09:53:47.071root 11241100x8000000000000000296141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.071{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63a3e1a5af6b042023-02-08 09:53:47.071root 11241100x8000000000000000296148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8b6377fac9b0ab2023-02-08 09:53:47.072root 11241100x8000000000000000296147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf350e04e41b2d822023-02-08 09:53:47.072root 11241100x8000000000000000296146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bcdabd730271ba2023-02-08 09:53:47.072root 11241100x8000000000000000296145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.072{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d5d4cb7d6f7d922023-02-08 09:53:47.072root 11241100x8000000000000000296153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae9cf46ef50fc3c2023-02-08 09:53:47.073root 11241100x8000000000000000296152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f59910caa659c342023-02-08 09:53:47.073root 11241100x8000000000000000296151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58058bcbbeeb1dae2023-02-08 09:53:47.073root 11241100x8000000000000000296150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682242d9967516e02023-02-08 09:53:47.073root 11241100x8000000000000000296149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.073{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6fec7a2ad222a52023-02-08 09:53:47.073root 11241100x8000000000000000296163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c85b14e20de2e12023-02-08 09:53:47.074root 11241100x8000000000000000296162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9339e125e643de352023-02-08 09:53:47.074root 11241100x8000000000000000296161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58286a3fc803e1702023-02-08 09:53:47.074root 11241100x8000000000000000296160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3fe65cfbe6bbf72023-02-08 09:53:47.074root 11241100x8000000000000000296159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8be0500221fddd2023-02-08 09:53:47.074root 11241100x8000000000000000296158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b8bbd6e1112a682023-02-08 09:53:47.074root 11241100x8000000000000000296157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba02a7db6da511802023-02-08 09:53:47.074root 11241100x8000000000000000296156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505b758092f46e082023-02-08 09:53:47.074root 11241100x8000000000000000296155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fbc0d73c1c8a5f2023-02-08 09:53:47.074root 11241100x8000000000000000296154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.074{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fd0a657947b9d42023-02-08 09:53:47.074root 11241100x8000000000000000296171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad29fecf6217d0862023-02-08 09:53:47.075root 11241100x8000000000000000296170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe14646f9e607b2023-02-08 09:53:47.075root 11241100x8000000000000000296169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ccde50f5e0a4662023-02-08 09:53:47.075root 11241100x8000000000000000296168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c739f2bbe5bbb7fc2023-02-08 09:53:47.075root 11241100x8000000000000000296167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210b8994b876f0c52023-02-08 09:53:47.075root 11241100x8000000000000000296166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a88899a61afea2023-02-08 09:53:47.075root 11241100x8000000000000000296165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787a19b1722711d92023-02-08 09:53:47.075root 11241100x8000000000000000296164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.075{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92be93b27a794dff2023-02-08 09:53:47.075root 11241100x8000000000000000296177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e70d4bf20621b72023-02-08 09:53:47.076root 11241100x8000000000000000296176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3b823f7ffdedc82023-02-08 09:53:47.076root 11241100x8000000000000000296175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bc84c29e2ab0532023-02-08 09:53:47.076root 11241100x8000000000000000296174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740ec2012b2de60f2023-02-08 09:53:47.076root 11241100x8000000000000000296173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832acefaa69dad392023-02-08 09:53:47.076root 11241100x8000000000000000296172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.076{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbceb66f2b31a4ef2023-02-08 09:53:47.076root 11241100x8000000000000000296182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.077{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620b9c4a5bd239e12023-02-08 09:53:47.077root 11241100x8000000000000000296181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.077{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3c90cf514060532023-02-08 09:53:47.077root 11241100x8000000000000000296180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.077{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0ed992b684afc22023-02-08 09:53:47.077root 11241100x8000000000000000296179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.077{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c00083ade5f9d12023-02-08 09:53:47.077root 11241100x8000000000000000296178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.077{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178e601b8d1aa5532023-02-08 09:53:47.077root 11241100x8000000000000000296191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790deca97537e2d52023-02-08 09:53:47.078root 11241100x8000000000000000296190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22d2eb025e0ad302023-02-08 09:53:47.078root 11241100x8000000000000000296189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10b24e904b4d8c62023-02-08 09:53:47.078root 11241100x8000000000000000296188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9d1347a65f5a322023-02-08 09:53:47.078root 11241100x8000000000000000296187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d872963caabd18932023-02-08 09:53:47.078root 11241100x8000000000000000296186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f54a7605b4c8382023-02-08 09:53:47.078root 11241100x8000000000000000296185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850f000b9f7bbdf2023-02-08 09:53:47.078root 11241100x8000000000000000296184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24ee8992d6c7062023-02-08 09:53:47.078root 11241100x8000000000000000296183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99918d2092313a2023-02-08 09:53:47.078root 11241100x8000000000000000296199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0ce5a30f4940312023-02-08 09:53:47.079root 11241100x8000000000000000296198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d1aa96ed3dfb412023-02-08 09:53:47.079root 11241100x8000000000000000296197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed81a7d81a021c4d2023-02-08 09:53:47.079root 11241100x8000000000000000296196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e026ad48ccfbfe12023-02-08 09:53:47.079root 11241100x8000000000000000296195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bd5886bfba214c2023-02-08 09:53:47.079root 11241100x8000000000000000296194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90d8428fec69f1e2023-02-08 09:53:47.079root 11241100x8000000000000000296193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492d3a575dfc3f342023-02-08 09:53:47.079root 11241100x8000000000000000296192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff9cc983b8420d2023-02-08 09:53:47.079root 11241100x8000000000000000296205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57e2523be4779c32023-02-08 09:53:47.080root 11241100x8000000000000000296204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e60339402044d92023-02-08 09:53:47.080root 11241100x8000000000000000296203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bc653a66f8e7da2023-02-08 09:53:47.080root 11241100x8000000000000000296202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff50c69961232d492023-02-08 09:53:47.080root 11241100x8000000000000000296201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5770510c962e9bc02023-02-08 09:53:47.080root 11241100x8000000000000000296200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c6e9dc8a7a6b2f2023-02-08 09:53:47.080root 11241100x8000000000000000296213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78d759ac825b0702023-02-08 09:53:47.081root 11241100x8000000000000000296212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0682bc2340cc14d2023-02-08 09:53:47.081root 11241100x8000000000000000296211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405620a5749a3e652023-02-08 09:53:47.081root 11241100x8000000000000000296210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e30cf209d920f62023-02-08 09:53:47.081root 11241100x8000000000000000296209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364f965921270eff2023-02-08 09:53:47.081root 11241100x8000000000000000296208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bce09b503e11c522023-02-08 09:53:47.081root 11241100x8000000000000000296207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4239952aef8c0482023-02-08 09:53:47.081root 11241100x8000000000000000296206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fd180d1defcf392023-02-08 09:53:47.081root 11241100x8000000000000000296217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974ce481e26ece502023-02-08 09:53:47.082root 11241100x8000000000000000296216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43ae70b00f785de2023-02-08 09:53:47.082root 11241100x8000000000000000296215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460acd69543fd66b2023-02-08 09:53:47.082root 11241100x8000000000000000296214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:47.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ba108c1bacbfa2023-02-08 09:53:47.082root 11241100x8000000000000000296225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25470ad980817eb02023-02-08 09:53:48.078root 11241100x8000000000000000296224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f561df2057603602023-02-08 09:53:48.078root 11241100x8000000000000000296223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a14a99a688fd9c2023-02-08 09:53:48.078root 11241100x8000000000000000296222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e467b9414a6af9f2023-02-08 09:53:48.078root 11241100x8000000000000000296221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51105daddf332e332023-02-08 09:53:48.078root 11241100x8000000000000000296220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2773e377d3256792023-02-08 09:53:48.078root 11241100x8000000000000000296219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88e06daca2c26d42023-02-08 09:53:48.078root 11241100x8000000000000000296218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.078{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ed674c017f176f2023-02-08 09:53:48.078root 11241100x8000000000000000296236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e17e5e35cb732b2023-02-08 09:53:48.079root 11241100x8000000000000000296235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e3fa0b915377a2023-02-08 09:53:48.079root 11241100x8000000000000000296234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915afa4db0e3f9ee2023-02-08 09:53:48.079root 11241100x8000000000000000296233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21220ef2c58cc4632023-02-08 09:53:48.079root 11241100x8000000000000000296232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa059aec664752842023-02-08 09:53:48.079root 11241100x8000000000000000296231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d186cbe833592a2023-02-08 09:53:48.079root 11241100x8000000000000000296230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d65b1aae28194092023-02-08 09:53:48.079root 11241100x8000000000000000296229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b819572c8e60bf132023-02-08 09:53:48.079root 11241100x8000000000000000296228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea820b28172dad32023-02-08 09:53:48.079root 11241100x8000000000000000296227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7463f571dcaf90d22023-02-08 09:53:48.079root 11241100x8000000000000000296226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.079{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0b237d9b7e93e42023-02-08 09:53:48.079root 11241100x8000000000000000296242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c5152e3e1b14782023-02-08 09:53:48.080root 11241100x8000000000000000296241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f752625f2b41402023-02-08 09:53:48.080root 11241100x8000000000000000296240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f0de7c581e26622023-02-08 09:53:48.080root 11241100x8000000000000000296239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20feb16278bcad0d2023-02-08 09:53:48.080root 11241100x8000000000000000296238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1809cd0271539bdd2023-02-08 09:53:48.080root 11241100x8000000000000000296237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.080{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3db392e73fb9712023-02-08 09:53:48.080root 11241100x8000000000000000296249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f3a09b8a771cbc2023-02-08 09:53:48.081root 11241100x8000000000000000296248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dac3b1575a589e72023-02-08 09:53:48.081root 11241100x8000000000000000296247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc84de948e0dff7f2023-02-08 09:53:48.081root 11241100x8000000000000000296246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c359e0d268b915372023-02-08 09:53:48.081root 11241100x8000000000000000296245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d615a159caee362023-02-08 09:53:48.081root 11241100x8000000000000000296244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674e34bd6cf6b73a2023-02-08 09:53:48.081root 11241100x8000000000000000296243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.081{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15872fd1c47365f82023-02-08 09:53:48.081root 11241100x8000000000000000296255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2f08ca5eefd142023-02-08 09:53:48.082root 11241100x8000000000000000296254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46a0de364140aa92023-02-08 09:53:48.082root 11241100x8000000000000000296253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5606a7c8151632c62023-02-08 09:53:48.082root 11241100x8000000000000000296252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9002a3543711cf1a2023-02-08 09:53:48.082root 11241100x8000000000000000296251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcbafb2f8abc9f52023-02-08 09:53:48.082root 11241100x8000000000000000296250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.082{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267e22137518488f2023-02-08 09:53:48.082root 11241100x8000000000000000296257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.083{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0608bf0ba9d9462023-02-08 09:53:48.083root 11241100x8000000000000000296256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.083{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484f151cf9320b92023-02-08 09:53:48.083root 11241100x8000000000000000296260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.084{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110241f28d9840b2023-02-08 09:53:48.084root 11241100x8000000000000000296259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.084{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760eca58e30e05822023-02-08 09:53:48.084root 11241100x8000000000000000296258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.084{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a528db545b0bdb42023-02-08 09:53:48.084root 11241100x8000000000000000296267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c7d81fce5e4f672023-02-08 09:53:48.085root 11241100x8000000000000000296266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1ffda735b4c5a82023-02-08 09:53:48.085root 11241100x8000000000000000296265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec3ad23425cc3ed2023-02-08 09:53:48.085root 11241100x8000000000000000296264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ac5f249b4e67142023-02-08 09:53:48.085root 11241100x8000000000000000296263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d938fb6b94f54d12023-02-08 09:53:48.085root 11241100x8000000000000000296262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fec700e594f54c32023-02-08 09:53:48.085root 11241100x8000000000000000296261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.085{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367ae98461fe7af82023-02-08 09:53:48.085root 11241100x8000000000000000296276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aa734209ceca522023-02-08 09:53:48.086root 11241100x8000000000000000296275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a64b44f6b251942023-02-08 09:53:48.086root 11241100x8000000000000000296274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdf0dd0bf72a3022023-02-08 09:53:48.086root 11241100x8000000000000000296273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9813d39f3a0e1782023-02-08 09:53:48.086root 11241100x8000000000000000296272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e0a06b6e0117212023-02-08 09:53:48.086root 11241100x8000000000000000296271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4ab297a1a5062023-02-08 09:53:48.086root 11241100x8000000000000000296270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c674a77f5f52812023-02-08 09:53:48.086root 11241100x8000000000000000296269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da05bfdc132a66c2023-02-08 09:53:48.086root 11241100x8000000000000000296268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.086{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766d63237eb5e192023-02-08 09:53:48.086root 11241100x8000000000000000296285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56e707b11b472c2023-02-08 09:53:48.087root 11241100x8000000000000000296284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54b6caaec2328312023-02-08 09:53:48.087root 11241100x8000000000000000296283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa84db946c146042023-02-08 09:53:48.087root 11241100x8000000000000000296282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d35b908b0b5dc782023-02-08 09:53:48.087root 11241100x8000000000000000296281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c946373691070a32023-02-08 09:53:48.087root 11241100x8000000000000000296280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b67d6da07211e062023-02-08 09:53:48.087root 11241100x8000000000000000296279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc484c774ae685af2023-02-08 09:53:48.087root 11241100x8000000000000000296278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1e0a7b4ef4e9352023-02-08 09:53:48.087root 11241100x8000000000000000296277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.087{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d509d3b85fec7c52023-02-08 09:53:48.087root 11241100x8000000000000000296291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8990b6d395cee7e32023-02-08 09:53:48.088root 11241100x8000000000000000296290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbaa99d3a7dd5022023-02-08 09:53:48.088root 11241100x8000000000000000296289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f844955a40a6ef92023-02-08 09:53:48.088root 11241100x8000000000000000296288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57090923babf8472023-02-08 09:53:48.088root 11241100x8000000000000000296287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d75e1b5956580d2023-02-08 09:53:48.088root 11241100x8000000000000000296286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.088{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8ced78bc1d51f02023-02-08 09:53:48.088root 11241100x8000000000000000296298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b237afcbe0dab6622023-02-08 09:53:48.089root 11241100x8000000000000000296297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9d6987ed3e084c2023-02-08 09:53:48.089root 11241100x8000000000000000296296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31dfda665083da72023-02-08 09:53:48.089root 11241100x8000000000000000296295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4537a7173066759f2023-02-08 09:53:48.089root 11241100x8000000000000000296294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30305bbb3d75cee22023-02-08 09:53:48.089root 11241100x8000000000000000296293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72733072fd961c312023-02-08 09:53:48.089root 11241100x8000000000000000296292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.089{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f53699b55fbc9352023-02-08 09:53:48.089root 11241100x8000000000000000296306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75c7370870ada9c2023-02-08 09:53:48.090root 11241100x8000000000000000296305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74c55d34b0710a52023-02-08 09:53:48.090root 11241100x8000000000000000296304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96f603826947ec02023-02-08 09:53:48.090root 11241100x8000000000000000296303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9214c21789f906f12023-02-08 09:53:48.090root 11241100x8000000000000000296302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b9b4f5dc96238e2023-02-08 09:53:48.090root 11241100x8000000000000000296301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffd91aac56d3d912023-02-08 09:53:48.090root 11241100x8000000000000000296300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e39ad7dd96a825a2023-02-08 09:53:48.090root 11241100x8000000000000000296299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.090{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c963dd61fd9e42023-02-08 09:53:48.090root 11241100x8000000000000000296310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.743{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0992147c5092ded82023-02-08 09:53:48.743root 11241100x8000000000000000296309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.743{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c690e97b252d8f5c2023-02-08 09:53:48.743root 11241100x8000000000000000296308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.743{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9c5819121902592023-02-08 09:53:48.743root 11241100x8000000000000000296307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.743{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d545a8fe72bba5f2023-02-08 09:53:48.743root 11241100x8000000000000000296321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de059b082176817b2023-02-08 09:53:48.744root 11241100x8000000000000000296320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ed167a6f31f5442023-02-08 09:53:48.744root 11241100x8000000000000000296319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f455c19ee9c77352023-02-08 09:53:48.744root 11241100x8000000000000000296318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8935ac6c4bc1d2023-02-08 09:53:48.744root 11241100x8000000000000000296317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc4f614f29768942023-02-08 09:53:48.744root 11241100x8000000000000000296316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c5cecc2ee7038f2023-02-08 09:53:48.744root 11241100x8000000000000000296315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdcb1fb4e16a5fe2023-02-08 09:53:48.744root 11241100x8000000000000000296314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ddbc79221e02e02023-02-08 09:53:48.744root 11241100x8000000000000000296313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b4ffb714595cc82023-02-08 09:53:48.744root 11241100x8000000000000000296312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500367a6a6d6eaf22023-02-08 09:53:48.744root 11241100x8000000000000000296311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.744{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f44f669c996f9de2023-02-08 09:53:48.744root 11241100x8000000000000000296330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbb8d6715e3517f2023-02-08 09:53:48.745root 11241100x8000000000000000296329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555af76902bc35c22023-02-08 09:53:48.745root 11241100x8000000000000000296328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c19f7a6aebc3d2023-02-08 09:53:48.745root 11241100x8000000000000000296327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059522135a0f40b92023-02-08 09:53:48.745root 11241100x8000000000000000296326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188b9a37add7e7232023-02-08 09:53:48.745root 11241100x8000000000000000296325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f733c10e72cf5e2023-02-08 09:53:48.745root 11241100x8000000000000000296324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1881b9e8412be9772023-02-08 09:53:48.745root 11241100x8000000000000000296323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d28f94378bb7552023-02-08 09:53:48.745root 11241100x8000000000000000296322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.745{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991cc3b8904efd412023-02-08 09:53:48.745root 11241100x8000000000000000296344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e579db2d04db95b2023-02-08 09:53:48.746root 11241100x8000000000000000296343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d385f518d61a44a2023-02-08 09:53:48.746root 11241100x8000000000000000296342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86faf969ff2f5042023-02-08 09:53:48.746root 11241100x8000000000000000296341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a664607cd824f82a2023-02-08 09:53:48.746root 11241100x8000000000000000296340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd4427899aad96f2023-02-08 09:53:48.746root 11241100x8000000000000000296339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e46574a0dc86ae02023-02-08 09:53:48.746root 11241100x8000000000000000296338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76d16b6b31445c2023-02-08 09:53:48.746root 11241100x8000000000000000296337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6837d9e2e20112023-02-08 09:53:48.746root 11241100x8000000000000000296336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa638dc44c23f56e2023-02-08 09:53:48.746root 11241100x8000000000000000296335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b876b103bacbcbe52023-02-08 09:53:48.746root 11241100x8000000000000000296334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56300fbc74990532023-02-08 09:53:48.746root 11241100x8000000000000000296333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527b8a27b930ba882023-02-08 09:53:48.746root 11241100x8000000000000000296332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d07f1a70758e9d2023-02-08 09:53:48.746root 11241100x8000000000000000296331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.746{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a93899fb44ec382023-02-08 09:53:48.746root 11241100x8000000000000000296346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.747{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fc17259b6826492023-02-08 09:53:48.747root 11241100x8000000000000000296345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.747{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479f1bcf2bf5aba2023-02-08 09:53:48.747root 11241100x8000000000000000296352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8716d66e564502023-02-08 09:53:48.748root 11241100x8000000000000000296351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acacefd0cff2041b2023-02-08 09:53:48.748root 11241100x8000000000000000296350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b946c0bc1d46fc2023-02-08 09:53:48.748root 11241100x8000000000000000296349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a81ef7290b461c82023-02-08 09:53:48.748root 11241100x8000000000000000296348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968ef5ebc58c9e0a2023-02-08 09:53:48.748root 11241100x8000000000000000296347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.748{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f068ef62f25ef2023-02-08 09:53:48.748root 11241100x8000000000000000296358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db55c6eaa81bdf62023-02-08 09:53:48.749root 11241100x8000000000000000296357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da395ef873e98b52023-02-08 09:53:48.749root 11241100x8000000000000000296356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbf540d3d0bbd8f2023-02-08 09:53:48.749root 11241100x8000000000000000296355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0724546626d2e392023-02-08 09:53:48.749root 11241100x8000000000000000296354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6327cd9bfb3042562023-02-08 09:53:48.749root 11241100x8000000000000000296353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.749{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3bcc6c0d34d5f2023-02-08 09:53:48.749root 11241100x8000000000000000296362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.750{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198317e21aee62d72023-02-08 09:53:48.750root 11241100x8000000000000000296361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.750{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d3596a0222236d2023-02-08 09:53:48.750root 11241100x8000000000000000296360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.750{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aa222519642ffc2023-02-08 09:53:48.750root 11241100x8000000000000000296359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.750{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdbde8cd82e08d22023-02-08 09:53:48.750root 11241100x8000000000000000296364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.751{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ba846517a57eb32023-02-08 09:53:48.751root 11241100x8000000000000000296363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.751{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100b82ff661d85662023-02-08 09:53:48.751root 11241100x8000000000000000296370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb495edcaeb0e6362023-02-08 09:53:48.752root 11241100x8000000000000000296369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b110d047de48fa2023-02-08 09:53:48.752root 11241100x8000000000000000296368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3556f4664c3545d42023-02-08 09:53:48.752root 11241100x8000000000000000296367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ba144451fd2b752023-02-08 09:53:48.752root 11241100x8000000000000000296366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd34fab52f90a552023-02-08 09:53:48.752root 11241100x8000000000000000296365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.752{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7bfa8b77886dec2023-02-08 09:53:48.752root 11241100x8000000000000000296378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1270d75a018e774c2023-02-08 09:53:48.753root 11241100x8000000000000000296377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aa6c082bd728172023-02-08 09:53:48.753root 11241100x8000000000000000296376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd4200035af7ab2023-02-08 09:53:48.753root 11241100x8000000000000000296375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe7b99627d1bbd72023-02-08 09:53:48.753root 11241100x8000000000000000296374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0530422712382f2023-02-08 09:53:48.753root 11241100x8000000000000000296373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548be160f19c04562023-02-08 09:53:48.753root 11241100x8000000000000000296372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768dc6dd34197f92023-02-08 09:53:48.753root 11241100x8000000000000000296371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.753{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e884c5cd655bdf862023-02-08 09:53:48.753root 11241100x8000000000000000296380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.754{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c6da20c320cd3c2023-02-08 09:53:48.754root 11241100x8000000000000000296379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.754{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b3206c367d9522023-02-08 09:53:48.754root 11241100x8000000000000000296381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.755{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0bfd2aa5f0d8582023-02-08 09:53:48.755root 11241100x8000000000000000296386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.756{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e206238fd789c92023-02-08 09:53:48.756root 11241100x8000000000000000296385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.756{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838735242b8f413f2023-02-08 09:53:48.756root 11241100x8000000000000000296384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.756{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f140f1dbaa9a430d2023-02-08 09:53:48.756root 11241100x8000000000000000296383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.756{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8650fd8e17b25082023-02-08 09:53:48.756root 11241100x8000000000000000296382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.756{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeab8f1bfe91e062023-02-08 09:53:48.756root 11241100x8000000000000000296390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.757{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0d1cbb5c9acb792023-02-08 09:53:48.757root 11241100x8000000000000000296389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.757{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7033b1bf40de607b2023-02-08 09:53:48.757root 11241100x8000000000000000296388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.757{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35641e7a906b20b02023-02-08 09:53:48.757root 11241100x8000000000000000296387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.757{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95289161f2037f592023-02-08 09:53:48.757root 11241100x8000000000000000296393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.758{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5754d14c7f154a2023-02-08 09:53:48.758root 11241100x8000000000000000296392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.758{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff84b98a9d3e072023-02-08 09:53:48.758root 11241100x8000000000000000296391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.758{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee199129abedc22023-02-08 09:53:48.758root 11241100x8000000000000000296398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.759{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51917463a9c7ab442023-02-08 09:53:48.759root 11241100x8000000000000000296397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.759{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da21b421037a7c672023-02-08 09:53:48.759root 11241100x8000000000000000296396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.759{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501d44d70c7900b2023-02-08 09:53:48.759root 11241100x8000000000000000296395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.759{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c9688e5ddebad32023-02-08 09:53:48.759root 11241100x8000000000000000296394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.759{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2364ff8ba9ad2fce2023-02-08 09:53:48.759root 11241100x8000000000000000296401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.760{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4577f9140cf79e12023-02-08 09:53:48.760root 11241100x8000000000000000296400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.760{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755920de5e042a502023-02-08 09:53:48.760root 11241100x8000000000000000296399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.760{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a65124528fe72cb2023-02-08 09:53:48.760root 11241100x8000000000000000296406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.761{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f667e9c425eb1992023-02-08 09:53:48.761root 11241100x8000000000000000296405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.761{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b044bb1f7b3ab2023-02-08 09:53:48.761root 11241100x8000000000000000296404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.761{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d147327c116c1d2023-02-08 09:53:48.761root 11241100x8000000000000000296403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.761{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f163005be1e0f25f2023-02-08 09:53:48.761root 11241100x8000000000000000296402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.761{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d4edcb98e9cf82023-02-08 09:53:48.761root 11241100x8000000000000000296409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.762{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84590042dc537edf2023-02-08 09:53:48.762root 11241100x8000000000000000296408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.762{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa428d048247b5532023-02-08 09:53:48.762root 11241100x8000000000000000296407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.762{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964997acce5bf5f2023-02-08 09:53:48.762root 11241100x8000000000000000296414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.763{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d87b0743a7176492023-02-08 09:53:48.763root 11241100x8000000000000000296413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.763{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7899079f3d4c92023-02-08 09:53:48.763root 11241100x8000000000000000296412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.763{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd92889ff95ad0982023-02-08 09:53:48.763root 11241100x8000000000000000296411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.763{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d75ae3e4d20902023-02-08 09:53:48.763root 11241100x8000000000000000296410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.763{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3dd9dc567428422023-02-08 09:53:48.763root 11241100x8000000000000000296417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.764{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b733392cdfa122023-02-08 09:53:48.764root 11241100x8000000000000000296416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.764{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc89ea85453c7db2023-02-08 09:53:48.764root 11241100x8000000000000000296415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.764{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab85a7f40bec6ee2023-02-08 09:53:48.764root 11241100x8000000000000000296422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.765{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f35467450fa7e382023-02-08 09:53:48.765root 11241100x8000000000000000296421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.765{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5ac1fbf57abe172023-02-08 09:53:48.765root 11241100x8000000000000000296420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.765{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6eeed2a1ee13e92023-02-08 09:53:48.765root 11241100x8000000000000000296419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.765{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac21e9d51948772023-02-08 09:53:48.765root 11241100x8000000000000000296418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.765{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a39f966bc3cb7d2023-02-08 09:53:48.765root 11241100x8000000000000000296429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5e15a4eaa859942023-02-08 09:53:48.766root 11241100x8000000000000000296428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dde1523bf118462023-02-08 09:53:48.766root 11241100x8000000000000000296427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d8880075be6f4a2023-02-08 09:53:48.766root 11241100x8000000000000000296426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea721ece17af2b3f2023-02-08 09:53:48.766root 11241100x8000000000000000296425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025b2ee8bc8a4f752023-02-08 09:53:48.766root 11241100x8000000000000000296424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804241a143fa64232023-02-08 09:53:48.766root 11241100x8000000000000000296423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.766{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6f9fd2ff474bd62023-02-08 09:53:48.766root 11241100x8000000000000000296437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c34a98172875a092023-02-08 09:53:48.767root 11241100x8000000000000000296436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cba13c924cca9a2023-02-08 09:53:48.767root 11241100x8000000000000000296435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6ee7debfcb818d2023-02-08 09:53:48.767root 11241100x8000000000000000296434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a720245d854df2023-02-08 09:53:48.767root 11241100x8000000000000000296433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c51139705c261802023-02-08 09:53:48.767root 11241100x8000000000000000296432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce643a69059f2add2023-02-08 09:53:48.767root 11241100x8000000000000000296431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f680399d5690f0e2023-02-08 09:53:48.767root 11241100x8000000000000000296430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.767{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65978ed8534326fc2023-02-08 09:53:48.767root 11241100x8000000000000000296444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e20a8a0019958ad2023-02-08 09:53:48.768root 11241100x8000000000000000296443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67f24b4a40293d12023-02-08 09:53:48.768root 11241100x8000000000000000296442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb74b8d275cb54e2023-02-08 09:53:48.768root 11241100x8000000000000000296441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f4c43cdc47bfd02023-02-08 09:53:48.768root 11241100x8000000000000000296440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e8c41118a2733d2023-02-08 09:53:48.768root 11241100x8000000000000000296439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886c930c28ca4ca2023-02-08 09:53:48.768root 11241100x8000000000000000296438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.768{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee0661ad3f81cd2023-02-08 09:53:48.768root 11241100x8000000000000000296445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.769{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be45a08563b83ec22023-02-08 09:53:48.769root 11241100x8000000000000000296453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169b60cf175aaf912023-02-08 09:53:48.770root 11241100x8000000000000000296452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5baaeeb56cd0aa32023-02-08 09:53:48.770root 11241100x8000000000000000296451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be02c1cfadf3cff92023-02-08 09:53:48.770root 11241100x8000000000000000296450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24692605dbdbf4792023-02-08 09:53:48.770root 11241100x8000000000000000296449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790d1064542d79ff2023-02-08 09:53:48.770root 11241100x8000000000000000296448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30420e7c54ff2c52023-02-08 09:53:48.770root 11241100x8000000000000000296447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fef9fc59b8ccf82023-02-08 09:53:48.770root 11241100x8000000000000000296446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.770{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91be8c841f1f64ae2023-02-08 09:53:48.770root 11241100x8000000000000000296461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f2d3b6120d925d2023-02-08 09:53:48.771root 11241100x8000000000000000296460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e594704cff2c4c2023-02-08 09:53:48.771root 11241100x8000000000000000296459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09155ebeef899f1c2023-02-08 09:53:48.771root 11241100x8000000000000000296458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d8c8900dc2de262023-02-08 09:53:48.771root 11241100x8000000000000000296457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb86eb343e75f042023-02-08 09:53:48.771root 11241100x8000000000000000296456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ce829967d67bb72023-02-08 09:53:48.771root 11241100x8000000000000000296455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e117c7b2142541e2023-02-08 09:53:48.771root 11241100x8000000000000000296454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.771{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71935a80b62028502023-02-08 09:53:48.771root 11241100x8000000000000000296471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a284e5f8e6cd062023-02-08 09:53:48.772root 11241100x8000000000000000296470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8679f5e68bc13f2023-02-08 09:53:48.772root 11241100x8000000000000000296469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc6423bdebf89542023-02-08 09:53:48.772root 11241100x8000000000000000296468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92285fccf3c5613c2023-02-08 09:53:48.772root 11241100x8000000000000000296467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b2c3f4c934b8562023-02-08 09:53:48.772root 11241100x8000000000000000296466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb12c08640a5572e2023-02-08 09:53:48.772root 11241100x8000000000000000296465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b88b58b7013f502023-02-08 09:53:48.772root 11241100x8000000000000000296464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cdf7913aa81b1b2023-02-08 09:53:48.772root 11241100x8000000000000000296463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9e0881d69c916f2023-02-08 09:53:48.772root 11241100x8000000000000000296462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.772{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2923e29dcac027932023-02-08 09:53:48.772root 11241100x8000000000000000296477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3dfee3416864282023-02-08 09:53:48.773root 11241100x8000000000000000296476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9270ffdada793d2023-02-08 09:53:48.773root 11241100x8000000000000000296475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90faa2ee36d9716e2023-02-08 09:53:48.773root 11241100x8000000000000000296474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23907913a84858fd2023-02-08 09:53:48.773root 11241100x8000000000000000296473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c10508506a7de2f2023-02-08 09:53:48.773root 11241100x8000000000000000296472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.773{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbf7b319c39d5342023-02-08 09:53:48.773root 11241100x8000000000000000296484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18be2256fa2b95e2023-02-08 09:53:48.774root 11241100x8000000000000000296483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a1fd7b814337b02023-02-08 09:53:48.774root 11241100x8000000000000000296482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee80ddefe5f5e19f2023-02-08 09:53:48.774root 11241100x8000000000000000296481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7e8710f32e5fc2023-02-08 09:53:48.774root 11241100x8000000000000000296480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75da231c5130e9fc2023-02-08 09:53:48.774root 11241100x8000000000000000296479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fef41cf79e8ea92023-02-08 09:53:48.774root 11241100x8000000000000000296478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.774{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86902d97c776efc2023-02-08 09:53:48.774root 11241100x8000000000000000296492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559db8de507385ec2023-02-08 09:53:48.775root 11241100x8000000000000000296491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9848c023a0c7ae0f2023-02-08 09:53:48.775root 11241100x8000000000000000296490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1942c2357166792023-02-08 09:53:48.775root 11241100x8000000000000000296489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a68645a061a4a932023-02-08 09:53:48.775root 11241100x8000000000000000296488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39ae367ea655322023-02-08 09:53:48.775root 11241100x8000000000000000296487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03221ee42a0142d42023-02-08 09:53:48.775root 11241100x8000000000000000296486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52b04fc54f12ba42023-02-08 09:53:48.775root 11241100x8000000000000000296485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.775{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28802e5a657febf2023-02-08 09:53:48.775root 11241100x8000000000000000296494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.776{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42e405aa502674a2023-02-08 09:53:48.776root 11241100x8000000000000000296493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:48.776{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f4c992375bf9e62023-02-08 09:53:48.776root 11241100x8000000000000000296501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513f9baedabc1b432023-02-08 09:53:49.477root 11241100x8000000000000000296500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa91feec4bdde282023-02-08 09:53:49.477root 11241100x8000000000000000296499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1a9a60a3406fa22023-02-08 09:53:49.477root 11241100x8000000000000000296498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf7dc7d5b7da4242023-02-08 09:53:49.477root 11241100x8000000000000000296497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c81e3120d6b2afb2023-02-08 09:53:49.477root 11241100x8000000000000000296496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3903f6c5371591112023-02-08 09:53:49.477root 11241100x8000000000000000296495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.477{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068559c636bea9082023-02-08 09:53:49.477root 11241100x8000000000000000296511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c967c645a33a222023-02-08 09:53:49.478root 11241100x8000000000000000296510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b47428db3195422023-02-08 09:53:49.478root 11241100x8000000000000000296509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7887a096c2b6bf62023-02-08 09:53:49.478root 11241100x8000000000000000296508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a2fc7aa9ce73e2023-02-08 09:53:49.478root 11241100x8000000000000000296507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d2998345e6b3e62023-02-08 09:53:49.478root 11241100x8000000000000000296506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0835cafec6b8e42c2023-02-08 09:53:49.478root 11241100x8000000000000000296505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef917584847c82f2023-02-08 09:53:49.478root 11241100x8000000000000000296504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4e6d081ee307d42023-02-08 09:53:49.478root 11241100x8000000000000000296503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2db17898aa3d5f2023-02-08 09:53:49.478root 11241100x8000000000000000296502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f6ad62e9b50bae2023-02-08 09:53:49.478root 11241100x8000000000000000296523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32afa16c237f2b72023-02-08 09:53:49.479root 11241100x8000000000000000296522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b6f4ef639764d22023-02-08 09:53:49.479root 11241100x8000000000000000296521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d09357f02a4002d2023-02-08 09:53:49.479root 11241100x8000000000000000296520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0603ee4c698e192023-02-08 09:53:49.479root 11241100x8000000000000000296519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b519cb423aa45732023-02-08 09:53:49.479root 11241100x8000000000000000296518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e285a1c87536f42023-02-08 09:53:49.479root 11241100x8000000000000000296517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6de9ab19c9656462023-02-08 09:53:49.479root 11241100x8000000000000000296516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f613672d2b2ae12023-02-08 09:53:49.479root 11241100x8000000000000000296515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fae65d179bb68762023-02-08 09:53:49.479root 11241100x8000000000000000296514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a159c1c2e59352023-02-08 09:53:49.479root 11241100x8000000000000000296513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd8573221152d1a2023-02-08 09:53:49.479root 11241100x8000000000000000296512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bc779d9e79d0d32023-02-08 09:53:49.479root 11241100x8000000000000000296534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1084b2ec8479fca92023-02-08 09:53:49.480root 11241100x8000000000000000296533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f1828f8cc9b1362023-02-08 09:53:49.480root 11241100x8000000000000000296532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52346f3c66323a02023-02-08 09:53:49.480root 11241100x8000000000000000296531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45056d0871a22442023-02-08 09:53:49.480root 11241100x8000000000000000296530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4d095d901c34b32023-02-08 09:53:49.480root 11241100x8000000000000000296529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2806b7a515e2990f2023-02-08 09:53:49.480root 11241100x8000000000000000296528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04cc4174b46e202023-02-08 09:53:49.480root 11241100x8000000000000000296527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f103ba85330ffc52023-02-08 09:53:49.480root 11241100x8000000000000000296526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cda1798dc97c2de2023-02-08 09:53:49.480root 11241100x8000000000000000296525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a882a814c3dd4152023-02-08 09:53:49.480root 11241100x8000000000000000296524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d5aeba441657552023-02-08 09:53:49.480root 11241100x8000000000000000296544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ff9af376ba9a0f2023-02-08 09:53:49.481root 11241100x8000000000000000296543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6a4e7b640cd772023-02-08 09:53:49.481root 11241100x8000000000000000296542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121765ceda3797a52023-02-08 09:53:49.481root 11241100x8000000000000000296541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa1c44ec846c7232023-02-08 09:53:49.481root 11241100x8000000000000000296540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1376e9ad9fe1bb7c2023-02-08 09:53:49.481root 11241100x8000000000000000296539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc254fde4f08392023-02-08 09:53:49.481root 11241100x8000000000000000296538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2be600b6be73022023-02-08 09:53:49.481root 11241100x8000000000000000296537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7208890ae064f22023-02-08 09:53:49.481root 11241100x8000000000000000296536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9fd526cbf28d472023-02-08 09:53:49.481root 11241100x8000000000000000296535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b32913e72d2f12023-02-08 09:53:49.481root 11241100x8000000000000000296559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e3321b7e2eb0662023-02-08 09:53:49.482root 11241100x8000000000000000296558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2172c1d481bc02ea2023-02-08 09:53:49.482root 11241100x8000000000000000296557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906b6955fb04bda2023-02-08 09:53:49.482root 11241100x8000000000000000296556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea842f19dc0d912a2023-02-08 09:53:49.482root 11241100x8000000000000000296555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffdd93791bd844a2023-02-08 09:53:49.482root 11241100x8000000000000000296554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9491d275fea01902023-02-08 09:53:49.482root 11241100x8000000000000000296553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788d72c3dbfe75e2023-02-08 09:53:49.482root 11241100x8000000000000000296552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47504de3362978a42023-02-08 09:53:49.482root 11241100x8000000000000000296551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f73651fad8a34ee2023-02-08 09:53:49.482root 11241100x8000000000000000296550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1be15a49ec0ea762023-02-08 09:53:49.482root 11241100x8000000000000000296549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9c25bfcb250c562023-02-08 09:53:49.482root 11241100x8000000000000000296548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658d5fd9a775b00a2023-02-08 09:53:49.482root 11241100x8000000000000000296547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a390d6168f57162023-02-08 09:53:49.482root 11241100x8000000000000000296546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72f148e32fab6f2023-02-08 09:53:49.482root 11241100x8000000000000000296545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de3e61934c24fa42023-02-08 09:53:49.482root 11241100x8000000000000000296575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f8517839faafac2023-02-08 09:53:49.483root 11241100x8000000000000000296574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275200d2269356962023-02-08 09:53:49.483root 11241100x8000000000000000296573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a550560d936f5ea2023-02-08 09:53:49.483root 11241100x8000000000000000296572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692067883e6e77e2023-02-08 09:53:49.483root 11241100x8000000000000000296571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f678ecd5f399612023-02-08 09:53:49.483root 11241100x8000000000000000296570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f53fffcd6a6a39d2023-02-08 09:53:49.483root 11241100x8000000000000000296569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da34b543e1265e2023-02-08 09:53:49.483root 11241100x8000000000000000296568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec07f105bcbddf52023-02-08 09:53:49.483root 11241100x8000000000000000296567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c0419f552e41882023-02-08 09:53:49.483root 11241100x8000000000000000296566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fe3bc68d4fc7282023-02-08 09:53:49.483root 11241100x8000000000000000296565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572a758d45ca1ea72023-02-08 09:53:49.483root 11241100x8000000000000000296564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7ce5328ee72772023-02-08 09:53:49.483root 11241100x8000000000000000296563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff348881ce6b2d82023-02-08 09:53:49.483root 11241100x8000000000000000296562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e30fd920d925af02023-02-08 09:53:49.483root 11241100x8000000000000000296561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d378ba0dbbaf96942023-02-08 09:53:49.483root 11241100x8000000000000000296560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720ee628a6f38d1f2023-02-08 09:53:49.483root 11241100x8000000000000000296585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea953de3477f19d2023-02-08 09:53:49.484root 11241100x8000000000000000296584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d9396e43eec59c2023-02-08 09:53:49.484root 11241100x8000000000000000296583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66859ac5a7831cd42023-02-08 09:53:49.484root 11241100x8000000000000000296582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81a85da30c21d8d2023-02-08 09:53:49.484root 11241100x8000000000000000296581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7b4765a75de9cf2023-02-08 09:53:49.484root 11241100x8000000000000000296580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247abfd6c532c8122023-02-08 09:53:49.484root 11241100x8000000000000000296579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce4bd421c52ff342023-02-08 09:53:49.484root 11241100x8000000000000000296578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fb77dc68acc0fa2023-02-08 09:53:49.484root 11241100x8000000000000000296577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d434e16e88da9922023-02-08 09:53:49.484root 11241100x8000000000000000296576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764c6551cc3647df2023-02-08 09:53:49.484root 11241100x8000000000000000296596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46055a674d4f232023-02-08 09:53:49.978root 11241100x8000000000000000296595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8ca3049b620cc02023-02-08 09:53:49.978root 11241100x8000000000000000296594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157d0a5f5c8f0cb42023-02-08 09:53:49.978root 11241100x8000000000000000296593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5df08c5abfae92023-02-08 09:53:49.978root 11241100x8000000000000000296592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d9015bceef7a512023-02-08 09:53:49.978root 11241100x8000000000000000296591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794119960c4c4dee2023-02-08 09:53:49.978root 11241100x8000000000000000296590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd44b54d6f6af472023-02-08 09:53:49.978root 11241100x8000000000000000296589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c2fbf409832e422023-02-08 09:53:49.978root 11241100x8000000000000000296588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130db6995a62328f2023-02-08 09:53:49.978root 11241100x8000000000000000296587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3f0e6aa697312f2023-02-08 09:53:49.978root 11241100x8000000000000000296586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0cbfb6de7714d62023-02-08 09:53:49.978root 11241100x8000000000000000296611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cd0420b873a6752023-02-08 09:53:49.979root 11241100x8000000000000000296610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bc53e2733315172023-02-08 09:53:49.979root 11241100x8000000000000000296609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec1f2b0da44b2762023-02-08 09:53:49.979root 11241100x8000000000000000296608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883b693dd2eae9c62023-02-08 09:53:49.979root 11241100x8000000000000000296607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b019803c51672ab12023-02-08 09:53:49.979root 11241100x8000000000000000296606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73537ac67bb8cc6d2023-02-08 09:53:49.979root 11241100x8000000000000000296605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11facf5010fdb8c32023-02-08 09:53:49.979root 11241100x8000000000000000296604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c686b8461334de2023-02-08 09:53:49.979root 11241100x8000000000000000296603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a16a4a89794582023-02-08 09:53:49.979root 11241100x8000000000000000296602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd35dbafca20c172023-02-08 09:53:49.979root 11241100x8000000000000000296601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4920e9056033282023-02-08 09:53:49.979root 11241100x8000000000000000296600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc35a41decec5cfa2023-02-08 09:53:49.979root 11241100x8000000000000000296599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb180fb435258092023-02-08 09:53:49.979root 11241100x8000000000000000296598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5a5ce585664d952023-02-08 09:53:49.979root 11241100x8000000000000000296597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ab3db8c984824d2023-02-08 09:53:49.979root 11241100x8000000000000000296626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f3e0744ff119d42023-02-08 09:53:49.980root 11241100x8000000000000000296625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a035360fa24267232023-02-08 09:53:49.980root 11241100x8000000000000000296624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81277a282972150b2023-02-08 09:53:49.980root 11241100x8000000000000000296623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefaa799408591992023-02-08 09:53:49.980root 11241100x8000000000000000296622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f9b668a7e88312023-02-08 09:53:49.980root 11241100x8000000000000000296621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c09c091bd6099b2023-02-08 09:53:49.980root 11241100x8000000000000000296620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb73705a41d69f12023-02-08 09:53:49.980root 11241100x8000000000000000296619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24793f0dfabbab72023-02-08 09:53:49.980root 11241100x8000000000000000296618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6837ae01427f83742023-02-08 09:53:49.980root 11241100x8000000000000000296617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60519d56363852472023-02-08 09:53:49.980root 11241100x8000000000000000296616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846d043b4886567b2023-02-08 09:53:49.980root 11241100x8000000000000000296615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6525b1d2d6ae5c632023-02-08 09:53:49.980root 11241100x8000000000000000296614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542c220572e65daa2023-02-08 09:53:49.980root 11241100x8000000000000000296613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c96d9d06e20c9282023-02-08 09:53:49.980root 11241100x8000000000000000296612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d519c329a0361a8e2023-02-08 09:53:49.980root 11241100x8000000000000000296641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6840e4ee29ecf52023-02-08 09:53:49.981root 11241100x8000000000000000296640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983172fbb3a95d7e2023-02-08 09:53:49.981root 11241100x8000000000000000296639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdfa1332cb341932023-02-08 09:53:49.981root 11241100x8000000000000000296638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2a0a9458f86ad82023-02-08 09:53:49.981root 11241100x8000000000000000296637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84568f6798f7d2c2023-02-08 09:53:49.981root 11241100x8000000000000000296636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8939389f0c1cd92023-02-08 09:53:49.981root 11241100x8000000000000000296635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bea38e84296dc12023-02-08 09:53:49.981root 11241100x8000000000000000296634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc5408a0d9e2c462023-02-08 09:53:49.981root 11241100x8000000000000000296633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67b273b3a040a022023-02-08 09:53:49.981root 11241100x8000000000000000296632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e6819ec570d3a72023-02-08 09:53:49.981root 11241100x8000000000000000296631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99345cfc92a66fbb2023-02-08 09:53:49.981root 11241100x8000000000000000296630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbd6c085504c6b92023-02-08 09:53:49.981root 11241100x8000000000000000296629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5b779ccd5582902023-02-08 09:53:49.981root 11241100x8000000000000000296628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d3ea38ab5476962023-02-08 09:53:49.981root 11241100x8000000000000000296627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6d2febbce19a202023-02-08 09:53:49.981root 11241100x8000000000000000296656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2a36a1e6cd33022023-02-08 09:53:49.982root 11241100x8000000000000000296655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f13bb9c620f9a22023-02-08 09:53:49.982root 11241100x8000000000000000296654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e3438dae6ee10f2023-02-08 09:53:49.982root 11241100x8000000000000000296653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a6aa053eea36882023-02-08 09:53:49.982root 11241100x8000000000000000296652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe296a2cd55be5aa2023-02-08 09:53:49.982root 11241100x8000000000000000296651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f1d5c92dd391ff2023-02-08 09:53:49.982root 11241100x8000000000000000296650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5107a80aa51514052023-02-08 09:53:49.982root 11241100x8000000000000000296649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8346ee2e18b21b2023-02-08 09:53:49.982root 11241100x8000000000000000296648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18360eac8164b872023-02-08 09:53:49.982root 11241100x8000000000000000296647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736894e2f709f3932023-02-08 09:53:49.982root 11241100x8000000000000000296646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93658479621e8942023-02-08 09:53:49.982root 11241100x8000000000000000296645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a46c62e362fc162023-02-08 09:53:49.982root 11241100x8000000000000000296644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f8edf5040718942023-02-08 09:53:49.982root 11241100x8000000000000000296643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbd101bed7c2e5a2023-02-08 09:53:49.982root 11241100x8000000000000000296642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12baaccbe2ef23ce2023-02-08 09:53:49.982root 11241100x8000000000000000296660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80311a15455bd2a2023-02-08 09:53:49.983root 11241100x8000000000000000296659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de56a44d3cfa67c2023-02-08 09:53:49.983root 11241100x8000000000000000296658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f42b34e293e0a3c2023-02-08 09:53:49.983root 11241100x8000000000000000296657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:49.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7ad7f2b41e4c22023-02-08 09:53:49.983root 354300x8000000000000000296661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.118{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59096-false10.0.1.12-8000- 11241100x8000000000000000296662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.478{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61ecedcbece0e812023-02-08 09:53:50.478root 11241100x8000000000000000296668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de7298fc4d2e98e2023-02-08 09:53:50.479root 11241100x8000000000000000296667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16fb144698571ca2023-02-08 09:53:50.479root 11241100x8000000000000000296666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01832178d131c092023-02-08 09:53:50.479root 11241100x8000000000000000296665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b6f3be051b322f2023-02-08 09:53:50.479root 11241100x8000000000000000296664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7331f41cd705a512023-02-08 09:53:50.479root 11241100x8000000000000000296663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.479{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb2f3262dba44c2023-02-08 09:53:50.479root 11241100x8000000000000000296673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5dd763a7d9dfd72023-02-08 09:53:50.480root 11241100x8000000000000000296672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034490310a7c5b232023-02-08 09:53:50.480root 11241100x8000000000000000296671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f9b2b3912cea992023-02-08 09:53:50.480root 11241100x8000000000000000296670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3582af4dcac0ed3f2023-02-08 09:53:50.480root 11241100x8000000000000000296669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.480{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72048909aa5a99c2023-02-08 09:53:50.480root 11241100x8000000000000000296678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380bbeecd538f5a72023-02-08 09:53:50.481root 11241100x8000000000000000296677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cc731e32d943b92023-02-08 09:53:50.481root 11241100x8000000000000000296676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fa5f777f7dad7d2023-02-08 09:53:50.481root 11241100x8000000000000000296675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b4cb0b26c1c2542023-02-08 09:53:50.481root 11241100x8000000000000000296674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.481{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1781e7c400d6f03c2023-02-08 09:53:50.481root 11241100x8000000000000000296692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacea1fc51b0c3dc2023-02-08 09:53:50.482root 11241100x8000000000000000296691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caeccb0e35cc6362023-02-08 09:53:50.482root 11241100x8000000000000000296690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656ae13ec83bf472023-02-08 09:53:50.482root 11241100x8000000000000000296689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd1fd267c65918e2023-02-08 09:53:50.482root 11241100x8000000000000000296688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412a7f3dbc19bd92023-02-08 09:53:50.482root 11241100x8000000000000000296687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb59a6b9fb361272023-02-08 09:53:50.482root 11241100x8000000000000000296686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34483cdc174211c72023-02-08 09:53:50.482root 11241100x8000000000000000296685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee78403be4e0e112023-02-08 09:53:50.482root 11241100x8000000000000000296684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23a985f6ce67e9f2023-02-08 09:53:50.482root 11241100x8000000000000000296683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c10f2ae9b7680a2023-02-08 09:53:50.482root 11241100x8000000000000000296682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69a072d39da47ec2023-02-08 09:53:50.482root 11241100x8000000000000000296681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5b275842985bf62023-02-08 09:53:50.482root 11241100x8000000000000000296680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6406a672ee22254a2023-02-08 09:53:50.482root 11241100x8000000000000000296679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.482{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2362cfbd1d4e792023-02-08 09:53:50.482root 11241100x8000000000000000296699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a196c1ba76672b2023-02-08 09:53:50.483root 11241100x8000000000000000296698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293fbce403c05ce22023-02-08 09:53:50.483root 11241100x8000000000000000296697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b94586d3625dbb2023-02-08 09:53:50.483root 11241100x8000000000000000296696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbdb6626ae31b002023-02-08 09:53:50.483root 11241100x8000000000000000296695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ac9bd285a155c92023-02-08 09:53:50.483root 11241100x8000000000000000296694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec387ade84c89962023-02-08 09:53:50.483root 11241100x8000000000000000296693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.483{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b4084adf6eb46f2023-02-08 09:53:50.483root 11241100x8000000000000000296713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e14d8a52deb2362023-02-08 09:53:50.484root 11241100x8000000000000000296712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8903d47dfdac7d482023-02-08 09:53:50.484root 11241100x8000000000000000296711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fea78b19e93a392023-02-08 09:53:50.484root 11241100x8000000000000000296710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd792ddab877f42023-02-08 09:53:50.484root 11241100x8000000000000000296709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7dc1917b1d224e2023-02-08 09:53:50.484root 11241100x8000000000000000296708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a59013896bdfa402023-02-08 09:53:50.484root 11241100x8000000000000000296707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff92267f7a7a1182023-02-08 09:53:50.484root 11241100x8000000000000000296706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7177c51dfed50702023-02-08 09:53:50.484root 11241100x8000000000000000296705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48098a3ca674bf922023-02-08 09:53:50.484root 11241100x8000000000000000296704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b04f41d9d3fa712023-02-08 09:53:50.484root 11241100x8000000000000000296703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db535ee9e1048dcb2023-02-08 09:53:50.484root 11241100x8000000000000000296702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd1cf1e0ddda5612023-02-08 09:53:50.484root 11241100x8000000000000000296701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2779ab65ed6171102023-02-08 09:53:50.484root 11241100x8000000000000000296700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.484{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada71fa21fd295ff2023-02-08 09:53:50.484root 11241100x8000000000000000296727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f493b5f9666feb2023-02-08 09:53:50.485root 11241100x8000000000000000296726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc12dbb37aaeb682023-02-08 09:53:50.485root 11241100x8000000000000000296725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814e2db227e40d8a2023-02-08 09:53:50.485root 11241100x8000000000000000296724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c8f0f8ff6d6c542023-02-08 09:53:50.485root 11241100x8000000000000000296723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fa5bf57938f9192023-02-08 09:53:50.485root 11241100x8000000000000000296722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99791f04ad665672023-02-08 09:53:50.485root 11241100x8000000000000000296721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd89284c19da0ee2023-02-08 09:53:50.485root 11241100x8000000000000000296720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b83d632c5218ed2023-02-08 09:53:50.485root 11241100x8000000000000000296719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192adee85d21affc2023-02-08 09:53:50.485root 11241100x8000000000000000296718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6b49f81e574a582023-02-08 09:53:50.485root 11241100x8000000000000000296717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f16f4f319b186f2023-02-08 09:53:50.485root 11241100x8000000000000000296716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372b2142a0122ae72023-02-08 09:53:50.485root 11241100x8000000000000000296715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413bb72399efd1552023-02-08 09:53:50.485root 11241100x8000000000000000296714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.485{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4b666a70977f282023-02-08 09:53:50.485root 11241100x8000000000000000296737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e43e7aed0496372023-02-08 09:53:50.486root 11241100x8000000000000000296736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00a2abb5c1ebb912023-02-08 09:53:50.486root 11241100x8000000000000000296735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c68be4810c446822023-02-08 09:53:50.486root 11241100x8000000000000000296734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc0e55aebc07232023-02-08 09:53:50.486root 11241100x8000000000000000296733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01363ebe9e83c5122023-02-08 09:53:50.486root 11241100x8000000000000000296732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308695097ea966182023-02-08 09:53:50.486root 11241100x8000000000000000296731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d6fac18ea40eb62023-02-08 09:53:50.486root 11241100x8000000000000000296730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137e8b656a2ace092023-02-08 09:53:50.486root 11241100x8000000000000000296729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b2bf91f85b36272023-02-08 09:53:50.486root 11241100x8000000000000000296728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.486{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f938c931672f022023-02-08 09:53:50.486root 11241100x8000000000000000296747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711c5809c8fadc162023-02-08 09:53:50.487root 11241100x8000000000000000296746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef258ea89eb97b62023-02-08 09:53:50.487root 11241100x8000000000000000296745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a495d1351ec243892023-02-08 09:53:50.487root 11241100x8000000000000000296744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41219344a4c5ad92023-02-08 09:53:50.487root 11241100x8000000000000000296743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac5ba89b3d89c192023-02-08 09:53:50.487root 11241100x8000000000000000296742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6299705eb0148a02023-02-08 09:53:50.487root 11241100x8000000000000000296741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925d25c028f0f2392023-02-08 09:53:50.487root 11241100x8000000000000000296740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcee269e1f5772262023-02-08 09:53:50.487root 11241100x8000000000000000296739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c4c32f085f6db2023-02-08 09:53:50.487root 11241100x8000000000000000296738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.487{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f462c01b4c6de32023-02-08 09:53:50.487root 11241100x8000000000000000296758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6113ad2fed108862023-02-08 09:53:50.488root 11241100x8000000000000000296757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa511acdb9d1d052023-02-08 09:53:50.488root 11241100x8000000000000000296756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd54a3dc7555d322023-02-08 09:53:50.488root 11241100x8000000000000000296755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e5bc118a5dd5522023-02-08 09:53:50.488root 11241100x8000000000000000296754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe4bacec7e6eaba2023-02-08 09:53:50.488root 11241100x8000000000000000296753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6257e7a6d7a25a7e2023-02-08 09:53:50.488root 11241100x8000000000000000296752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73efee52be6cdf302023-02-08 09:53:50.488root 11241100x8000000000000000296751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7c5f8f9f7153662023-02-08 09:53:50.488root 11241100x8000000000000000296750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6697845d8e35b8cc2023-02-08 09:53:50.488root 11241100x8000000000000000296749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9a204b6c7b76782023-02-08 09:53:50.488root 11241100x8000000000000000296748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.488{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7d347341cfcc852023-02-08 09:53:50.488root 11241100x8000000000000000296768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6bfd432348cdca2023-02-08 09:53:50.489root 11241100x8000000000000000296767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7756980f4cab11202023-02-08 09:53:50.489root 11241100x8000000000000000296766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f46009601df8c882023-02-08 09:53:50.489root 11241100x8000000000000000296765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c440bdb6ebcf672023-02-08 09:53:50.489root 11241100x8000000000000000296764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1e20192ada488c2023-02-08 09:53:50.489root 11241100x8000000000000000296763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d449899325dd1472023-02-08 09:53:50.489root 11241100x8000000000000000296762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d902543560e3fce62023-02-08 09:53:50.489root 11241100x8000000000000000296761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4d603a54995bc32023-02-08 09:53:50.489root 11241100x8000000000000000296760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5098f0505f62b7522023-02-08 09:53:50.489root 11241100x8000000000000000296759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.489{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e46c3546095782023-02-08 09:53:50.489root 11241100x8000000000000000296780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b6b4a3b254c742023-02-08 09:53:50.490root 11241100x8000000000000000296779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4eb6b2f717338b2023-02-08 09:53:50.490root 11241100x8000000000000000296778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af13d925f4f1022023-02-08 09:53:50.490root 11241100x8000000000000000296777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a803f4b45af086052023-02-08 09:53:50.490root 11241100x8000000000000000296776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5426eba038abe0c2023-02-08 09:53:50.490root 11241100x8000000000000000296775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d114451d32d1d22023-02-08 09:53:50.490root 11241100x8000000000000000296774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c190d3797e9629ac2023-02-08 09:53:50.490root 11241100x8000000000000000296773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218a87dd93229412023-02-08 09:53:50.490root 11241100x8000000000000000296772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b9eaca54815d32023-02-08 09:53:50.490root 11241100x8000000000000000296771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec12c9fb6b6ea032023-02-08 09:53:50.490root 11241100x8000000000000000296770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757d332311ba07512023-02-08 09:53:50.490root 11241100x8000000000000000296769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.490{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b805a96d1364d62023-02-08 09:53:50.490root 11241100x8000000000000000296792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf66b3ad31f1d71c2023-02-08 09:53:50.491root 11241100x8000000000000000296791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f59b964868a27c2023-02-08 09:53:50.491root 11241100x8000000000000000296790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acca9de88719f0952023-02-08 09:53:50.491root 11241100x8000000000000000296789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098cd99f718ef6af2023-02-08 09:53:50.491root 11241100x8000000000000000296788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499f7b00789756712023-02-08 09:53:50.491root 11241100x8000000000000000296787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721e6bbdab7572dc2023-02-08 09:53:50.491root 11241100x8000000000000000296786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684d167e5d30afb02023-02-08 09:53:50.491root 11241100x8000000000000000296785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b75b42a290e16f2023-02-08 09:53:50.491root 11241100x8000000000000000296784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c8b9109bb8f5b12023-02-08 09:53:50.491root 11241100x8000000000000000296783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac2951c2771cff42023-02-08 09:53:50.491root 11241100x8000000000000000296782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4d1f1d205f26702023-02-08 09:53:50.491root 11241100x8000000000000000296781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.491{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5465d0a8c9c8e9222023-02-08 09:53:50.491root 11241100x8000000000000000296804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f9c317642cba4c2023-02-08 09:53:50.492root 11241100x8000000000000000296803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca326df3352a7892023-02-08 09:53:50.492root 11241100x8000000000000000296802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0adfaf443a2ef4c2023-02-08 09:53:50.492root 11241100x8000000000000000296801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ae3dfbba878cbd2023-02-08 09:53:50.492root 11241100x8000000000000000296800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3dff7d61e803072023-02-08 09:53:50.492root 11241100x8000000000000000296799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b453a1ece53ec922023-02-08 09:53:50.492root 11241100x8000000000000000296798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fece39b9196bae562023-02-08 09:53:50.492root 11241100x8000000000000000296797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e352837d1885ab42023-02-08 09:53:50.492root 11241100x8000000000000000296796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d20d8b1fc80394c2023-02-08 09:53:50.492root 11241100x8000000000000000296795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb617eeccc12ae02023-02-08 09:53:50.492root 11241100x8000000000000000296794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc20709649522e82023-02-08 09:53:50.492root 11241100x8000000000000000296793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.492{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4574edfcdad5892023-02-08 09:53:50.492root 11241100x8000000000000000296815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e905b239de165e652023-02-08 09:53:50.493root 11241100x8000000000000000296814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a572d903db48332023-02-08 09:53:50.493root 11241100x8000000000000000296813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8cb23e78c2e912023-02-08 09:53:50.493root 11241100x8000000000000000296812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec1654e82b03b852023-02-08 09:53:50.493root 11241100x8000000000000000296811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6784ff871e994b2023-02-08 09:53:50.493root 11241100x8000000000000000296810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11c156c0a2bbed52023-02-08 09:53:50.493root 11241100x8000000000000000296809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550a4ff0f87faff12023-02-08 09:53:50.493root 11241100x8000000000000000296808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014d61832024e5ab2023-02-08 09:53:50.493root 11241100x8000000000000000296807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ffafd0f3e7e2b22023-02-08 09:53:50.493root 11241100x8000000000000000296806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ff07c2eef3baa32023-02-08 09:53:50.493root 11241100x8000000000000000296805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.493{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c55477d9755e82023-02-08 09:53:50.493root 11241100x8000000000000000296825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bc2e298820414a2023-02-08 09:53:50.494root 11241100x8000000000000000296824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e14a3665d91d3642023-02-08 09:53:50.494root 11241100x8000000000000000296823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40275b88495e8ed62023-02-08 09:53:50.494root 11241100x8000000000000000296822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e081d5b74475ed2023-02-08 09:53:50.494root 11241100x8000000000000000296821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8311e306eb98c5332023-02-08 09:53:50.494root 11241100x8000000000000000296820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf2fbaec185793c2023-02-08 09:53:50.494root 11241100x8000000000000000296819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffad247fa587578b2023-02-08 09:53:50.494root 11241100x8000000000000000296818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef61bfc50f1dcd2023-02-08 09:53:50.494root 11241100x8000000000000000296817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73206d02c42d3aa92023-02-08 09:53:50.494root 11241100x8000000000000000296816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.494{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a65426c688b192023-02-08 09:53:50.494root 11241100x8000000000000000296838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd67e7b3f54714c82023-02-08 09:53:50.495root 11241100x8000000000000000296837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946d1a323f75a29c2023-02-08 09:53:50.495root 11241100x8000000000000000296836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4ec9dfb22aadc32023-02-08 09:53:50.495root 11241100x8000000000000000296835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c405b04454d51aa2023-02-08 09:53:50.495root 11241100x8000000000000000296834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772435ec6b0e6d852023-02-08 09:53:50.495root 11241100x8000000000000000296833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f4ade00992503c2023-02-08 09:53:50.495root 11241100x8000000000000000296832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e706cff22697e22023-02-08 09:53:50.495root 11241100x8000000000000000296831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254f95af3001dd082023-02-08 09:53:50.495root 11241100x8000000000000000296830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0db4d4f11110642023-02-08 09:53:50.495root 11241100x8000000000000000296829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f598d92cefcb972f2023-02-08 09:53:50.495root 11241100x8000000000000000296828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fc89f4fce3db0b2023-02-08 09:53:50.495root 11241100x8000000000000000296827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a9f097bbe3b3172023-02-08 09:53:50.495root 11241100x8000000000000000296826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.495{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a032deb4ffa96972023-02-08 09:53:50.495root 11241100x8000000000000000296853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddd957c5fe2ba7e2023-02-08 09:53:50.496root 11241100x8000000000000000296852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0bd5712d9d729f2023-02-08 09:53:50.496root 11241100x8000000000000000296851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd0bd92ebac56f2023-02-08 09:53:50.496root 11241100x8000000000000000296850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d16a675f4e43c4d2023-02-08 09:53:50.496root 11241100x8000000000000000296849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfd74488f02d1e02023-02-08 09:53:50.496root 11241100x8000000000000000296848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1095d18d9d7ae7a12023-02-08 09:53:50.496root 11241100x8000000000000000296847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14be366c19353bb92023-02-08 09:53:50.496root 11241100x8000000000000000296846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd094e924634b74a2023-02-08 09:53:50.496root 11241100x8000000000000000296845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6843ac08cb43bb912023-02-08 09:53:50.496root 11241100x8000000000000000296844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4727ad6cae3e5e062023-02-08 09:53:50.496root 11241100x8000000000000000296843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8393077e114072c2023-02-08 09:53:50.496root 11241100x8000000000000000296842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9527784ec7416d2023-02-08 09:53:50.496root 11241100x8000000000000000296841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16734eb8e1aaf202023-02-08 09:53:50.496root 11241100x8000000000000000296840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e41d785a05ded32023-02-08 09:53:50.496root 11241100x8000000000000000296839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.496{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d38609d224ad2652023-02-08 09:53:50.496root 11241100x8000000000000000296866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eb30252dc1adac2023-02-08 09:53:50.497root 11241100x8000000000000000296865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c245468ac396d92023-02-08 09:53:50.497root 11241100x8000000000000000296864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1ee8f27d21d8722023-02-08 09:53:50.497root 11241100x8000000000000000296863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412447b3230f68382023-02-08 09:53:50.497root 11241100x8000000000000000296862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc4373ad7bf3352023-02-08 09:53:50.497root 11241100x8000000000000000296861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6072fb1946d832023-02-08 09:53:50.497root 11241100x8000000000000000296860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3600489bc98276e52023-02-08 09:53:50.497root 11241100x8000000000000000296859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04383eecb10719a62023-02-08 09:53:50.497root 11241100x8000000000000000296858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e31c4671f513af92023-02-08 09:53:50.497root 11241100x8000000000000000296857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fa30d5b1f117632023-02-08 09:53:50.497root 11241100x8000000000000000296856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c92d37b54ecbc52023-02-08 09:53:50.497root 11241100x8000000000000000296855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330622defc4d34282023-02-08 09:53:50.497root 11241100x8000000000000000296854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.497{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd61aa0f6e712952023-02-08 09:53:50.497root 11241100x8000000000000000296867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.498{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955a1388fbf11292023-02-08 09:53:50.498root 11241100x8000000000000000296876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5ea9745a650d4d2023-02-08 09:53:50.960root 11241100x8000000000000000296875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fe59a680a1523a2023-02-08 09:53:50.960root 11241100x8000000000000000296874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7391f0a858d7e2023-02-08 09:53:50.960root 11241100x8000000000000000296873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7284d79f42243472023-02-08 09:53:50.960root 11241100x8000000000000000296872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b154bc2414b7b32023-02-08 09:53:50.960root 11241100x8000000000000000296871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb1289d027841b2023-02-08 09:53:50.960root 11241100x8000000000000000296870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ea76b4bc1079fe2023-02-08 09:53:50.960root 11241100x8000000000000000296869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8b3de2deb6777e2023-02-08 09:53:50.960root 11241100x8000000000000000296868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.960{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81792c76ff42319d2023-02-08 09:53:50.960root 11241100x8000000000000000296887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59126c243b2c07312023-02-08 09:53:50.961root 11241100x8000000000000000296886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c08078ec709d6a2023-02-08 09:53:50.961root 11241100x8000000000000000296885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38746f9084a9a1092023-02-08 09:53:50.961root 11241100x8000000000000000296884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c90f9ee9e846072023-02-08 09:53:50.961root 11241100x8000000000000000296883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff015503c61b9262023-02-08 09:53:50.961root 11241100x8000000000000000296882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bde750841d3a5162023-02-08 09:53:50.961root 11241100x8000000000000000296881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e7dc3f1739a3ac2023-02-08 09:53:50.961root 11241100x8000000000000000296880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2227ccc07167092023-02-08 09:53:50.961root 11241100x8000000000000000296879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b451bc074e5b112d2023-02-08 09:53:50.961root 11241100x8000000000000000296878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823fc5b364afa7d72023-02-08 09:53:50.961root 11241100x8000000000000000296877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.961{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207fb7fa7d8e81c2023-02-08 09:53:50.961root 11241100x8000000000000000296898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129ea33a7cfb75d32023-02-08 09:53:50.962root 11241100x8000000000000000296897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f7438ee574e1ae2023-02-08 09:53:50.962root 11241100x8000000000000000296896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b845a5d85f73c4b2023-02-08 09:53:50.962root 11241100x8000000000000000296895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9041fc4f46381f8d2023-02-08 09:53:50.962root 11241100x8000000000000000296894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2178a992bcebc832023-02-08 09:53:50.962root 11241100x8000000000000000296893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74475c8e618ce3bc2023-02-08 09:53:50.962root 11241100x8000000000000000296892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6708cf119f703c2023-02-08 09:53:50.962root 11241100x8000000000000000296891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f9930aff2521572023-02-08 09:53:50.962root 11241100x8000000000000000296890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929ba73f1e917c62023-02-08 09:53:50.962root 11241100x8000000000000000296889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a131b7b3f088562023-02-08 09:53:50.962root 11241100x8000000000000000296888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.962{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e9adc4c023c532023-02-08 09:53:50.962root 11241100x8000000000000000296909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841acc91e427357c2023-02-08 09:53:50.963root 11241100x8000000000000000296908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53dd1f64102dfa62023-02-08 09:53:50.963root 11241100x8000000000000000296907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f58b47a539587f72023-02-08 09:53:50.963root 11241100x8000000000000000296906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca7744694e9e5312023-02-08 09:53:50.963root 11241100x8000000000000000296905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0625ce665117862023-02-08 09:53:50.963root 11241100x8000000000000000296904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811acb6c643e865b2023-02-08 09:53:50.963root 11241100x8000000000000000296903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652e5110976669f12023-02-08 09:53:50.963root 11241100x8000000000000000296902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2959a8d7e66b0342023-02-08 09:53:50.963root 11241100x8000000000000000296901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fafff6e4efa9622023-02-08 09:53:50.963root 11241100x8000000000000000296900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32868527c2ecc3e32023-02-08 09:53:50.963root 11241100x8000000000000000296899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.963{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53e12a17cd92c022023-02-08 09:53:50.963root 11241100x8000000000000000296917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d750e3795dd4c80b2023-02-08 09:53:50.964root 11241100x8000000000000000296916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb36910bad8dce12023-02-08 09:53:50.964root 11241100x8000000000000000296915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2219951380e0cc662023-02-08 09:53:50.964root 11241100x8000000000000000296914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3116beef03d3dd952023-02-08 09:53:50.964root 11241100x8000000000000000296913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bb2b56179fd9b62023-02-08 09:53:50.964root 11241100x8000000000000000296912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1162ec83a904d36d2023-02-08 09:53:50.964root 11241100x8000000000000000296911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760d3ba10631ddd2023-02-08 09:53:50.964root 11241100x8000000000000000296910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.964{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c8f7ffc39c7a402023-02-08 09:53:50.964root 11241100x8000000000000000296923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1af3c37c93d85a2023-02-08 09:53:50.965root 11241100x8000000000000000296922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3d750fe9598e542023-02-08 09:53:50.965root 11241100x8000000000000000296921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c24c00a2f589be62023-02-08 09:53:50.965root 11241100x8000000000000000296920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12e7adf6645911c2023-02-08 09:53:50.965root 11241100x8000000000000000296919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6fbd61136854c22023-02-08 09:53:50.965root 11241100x8000000000000000296918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.965{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64590f45766698fd2023-02-08 09:53:50.965root 11241100x8000000000000000296925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.966{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa194bcf79e0a4902023-02-08 09:53:50.966root 11241100x8000000000000000296924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.966{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcd0fa3747e699e2023-02-08 09:53:50.966root 11241100x8000000000000000296929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.967{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74277814154dec1a2023-02-08 09:53:50.967root 11241100x8000000000000000296928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.967{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e6f2b9eae3f9272023-02-08 09:53:50.967root 11241100x8000000000000000296927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.967{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b263b460bcb3d5b2023-02-08 09:53:50.967root 11241100x8000000000000000296926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.967{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfe71427a4006f12023-02-08 09:53:50.967root 11241100x8000000000000000296933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.968{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94944195b975d8d2023-02-08 09:53:50.968root 11241100x8000000000000000296932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.968{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb61a5faf457a8d02023-02-08 09:53:50.968root 11241100x8000000000000000296931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.968{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14deaf399539a2122023-02-08 09:53:50.968root 11241100x8000000000000000296930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.968{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05325873f28567352023-02-08 09:53:50.968root 11241100x8000000000000000296936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.969{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97080b901846c28b2023-02-08 09:53:50.969root 11241100x8000000000000000296935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.969{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bbdf22f0686c3e2023-02-08 09:53:50.969root 11241100x8000000000000000296934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.969{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1281286a677cb82023-02-08 09:53:50.969root 11241100x8000000000000000296938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.970{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2411dd5dd472f0372023-02-08 09:53:50.970root 11241100x8000000000000000296937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.970{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a4090bc640f4b52023-02-08 09:53:50.970root 11241100x8000000000000000296940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.971{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621376d0e778282f2023-02-08 09:53:50.971root 11241100x8000000000000000296939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.971{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f8b6ca41efc00b2023-02-08 09:53:50.971root 11241100x8000000000000000296942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.972{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f50b3b6986eab892023-02-08 09:53:50.972root 11241100x8000000000000000296941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.972{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcd51fa7ab3c2ac2023-02-08 09:53:50.972root 11241100x8000000000000000296944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.973{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076118e9a45d45b52023-02-08 09:53:50.973root 11241100x8000000000000000296943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.973{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfa3d1d9f001b692023-02-08 09:53:50.973root 11241100x8000000000000000296948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.974{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a622c275af5e5f952023-02-08 09:53:50.974root 11241100x8000000000000000296947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.974{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3749b989c959f7a2023-02-08 09:53:50.974root 11241100x8000000000000000296946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.974{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3e1ee76f999312023-02-08 09:53:50.974root 11241100x8000000000000000296945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.974{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ae30518206bc7c2023-02-08 09:53:50.974root 11241100x8000000000000000296956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d077190cf04d5f0c2023-02-08 09:53:50.975root 11241100x8000000000000000296955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0cf6fe5ee182bb2023-02-08 09:53:50.975root 11241100x8000000000000000296954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e3ec92379474ef2023-02-08 09:53:50.975root 11241100x8000000000000000296953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b5f0be206f9fe22023-02-08 09:53:50.975root 11241100x8000000000000000296952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20a055cb8ffb35f2023-02-08 09:53:50.975root 11241100x8000000000000000296951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856c39553b5cd9242023-02-08 09:53:50.975root 11241100x8000000000000000296950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035dfe9e2859acca2023-02-08 09:53:50.975root 11241100x8000000000000000296949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.975{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f3aa2e3a26accd2023-02-08 09:53:50.975root 11241100x8000000000000000296959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.976{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60ae0bbe2ec16212023-02-08 09:53:50.976root 11241100x8000000000000000296958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.976{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0492a5005df728b42023-02-08 09:53:50.976root 11241100x8000000000000000296957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.976{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe965198e0d7caf72023-02-08 09:53:50.976root 11241100x8000000000000000296966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7138b1767e2e1fd2023-02-08 09:53:50.977root 11241100x8000000000000000296965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720a1f65f98ab4e82023-02-08 09:53:50.977root 11241100x8000000000000000296964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79770c02011e0342023-02-08 09:53:50.977root 11241100x8000000000000000296963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089e1c95fc6b97ff2023-02-08 09:53:50.977root 11241100x8000000000000000296962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a00eb1baa9af7a12023-02-08 09:53:50.977root 11241100x8000000000000000296961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a0b0e8e9b13892023-02-08 09:53:50.977root 11241100x8000000000000000296960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.977{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbac03915c308c22023-02-08 09:53:50.977root 11241100x8000000000000000296972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35df7b09f0986572023-02-08 09:53:50.978root 11241100x8000000000000000296971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bd83fbaa445e3a2023-02-08 09:53:50.978root 11241100x8000000000000000296970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de20650a0c76ea082023-02-08 09:53:50.978root 11241100x8000000000000000296969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512886800921323d2023-02-08 09:53:50.978root 11241100x8000000000000000296968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35c4e87ba3ebbbf2023-02-08 09:53:50.978root 11241100x8000000000000000296967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.978{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89524da897eca2462023-02-08 09:53:50.978root 11241100x8000000000000000296981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe4002a82bfe0a2023-02-08 09:53:50.979root 11241100x8000000000000000296980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ddd395fc89660d2023-02-08 09:53:50.979root 11241100x8000000000000000296979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603b382aae7077f2023-02-08 09:53:50.979root 11241100x8000000000000000296978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e04d58964308ac2023-02-08 09:53:50.979root 11241100x8000000000000000296977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e879b7702e2c267f2023-02-08 09:53:50.979root 11241100x8000000000000000296976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc17fe30820a2982023-02-08 09:53:50.979root 11241100x8000000000000000296975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02181715621ac7732023-02-08 09:53:50.979root 11241100x8000000000000000296974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149dd7032e6623572023-02-08 09:53:50.979root 11241100x8000000000000000296973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.979{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7f38e6392b5d1f2023-02-08 09:53:50.979root 11241100x8000000000000000296989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737d10030b291242023-02-08 09:53:50.980root 11241100x8000000000000000296988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3b24c40c0098c92023-02-08 09:53:50.980root 11241100x8000000000000000296987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5a3f5ed06d77f32023-02-08 09:53:50.980root 11241100x8000000000000000296986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc8037093d592bb2023-02-08 09:53:50.980root 11241100x8000000000000000296985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3016d98becdcb0692023-02-08 09:53:50.980root 11241100x8000000000000000296984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebfb6c960abddb92023-02-08 09:53:50.980root 11241100x8000000000000000296983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe7debc52d2b7b22023-02-08 09:53:50.980root 11241100x8000000000000000296982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.980{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e205c07a90eceec2023-02-08 09:53:50.980root 11241100x8000000000000000296991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b6b479710163bd2023-02-08 09:53:50.981root 11241100x8000000000000000296990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.981{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123594d63d525eb22023-02-08 09:53:50.981root 11241100x8000000000000000296997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45fb8b70281cf092023-02-08 09:53:50.982root 11241100x8000000000000000296996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fca05a27e77cc82023-02-08 09:53:50.982root 11241100x8000000000000000296995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a079dce2291e4acf2023-02-08 09:53:50.982root 11241100x8000000000000000296994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2171f3b1edb4572023-02-08 09:53:50.982root 11241100x8000000000000000296993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c221c1b28dbcde0c2023-02-08 09:53:50.982root 11241100x8000000000000000296992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.982{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f38d3d7a3930402023-02-08 09:53:50.982root 11241100x8000000000000000296999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b3da30daebabec2023-02-08 09:53:50.983root 11241100x8000000000000000296998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.983{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61980d61cd67ab042023-02-08 09:53:50.983root 11241100x8000000000000000297012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227b2236384c8782023-02-08 09:53:50.984root 11241100x8000000000000000297011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b003a49cdc90315b2023-02-08 09:53:50.984root 11241100x8000000000000000297010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143f367c1125b7d12023-02-08 09:53:50.984root 11241100x8000000000000000297009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ea019d1d7ed4502023-02-08 09:53:50.984root 11241100x8000000000000000297008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715009f28abac9632023-02-08 09:53:50.984root 11241100x8000000000000000297007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d81d39d7e9fc1152023-02-08 09:53:50.984root 11241100x8000000000000000297006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d002bf929e1ddb002023-02-08 09:53:50.984root 11241100x8000000000000000297005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beb7110024293d12023-02-08 09:53:50.984root 11241100x8000000000000000297004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d9d8c995e978372023-02-08 09:53:50.984root 11241100x8000000000000000297003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bf88b2e7894c302023-02-08 09:53:50.984root 11241100x8000000000000000297002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5476e39875b127592023-02-08 09:53:50.984root 11241100x8000000000000000297001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d1a0dfd29ef4fa2023-02-08 09:53:50.984root 11241100x8000000000000000297000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.984{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1233c6d984328ac52023-02-08 09:53:50.984root 11241100x8000000000000000297025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfae6357e0394002023-02-08 09:53:50.985root 11241100x8000000000000000297024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221b893fd89f8e32023-02-08 09:53:50.985root 11241100x8000000000000000297023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8e12761d3cfd0a2023-02-08 09:53:50.985root 11241100x8000000000000000297022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fd552dd6a158a42023-02-08 09:53:50.985root 11241100x8000000000000000297021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99bdb83afaa9952f2023-02-08 09:53:50.985root 11241100x8000000000000000297020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad02eafa068d6f742023-02-08 09:53:50.985root 11241100x8000000000000000297019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb0781a746ac79b2023-02-08 09:53:50.985root 11241100x8000000000000000297018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0704e9d8327f2e62023-02-08 09:53:50.985root 11241100x8000000000000000297017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02249ad29260c082023-02-08 09:53:50.985root 11241100x8000000000000000297016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120f470b4fd566102023-02-08 09:53:50.985root 11241100x8000000000000000297015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc17f44d5964e92023-02-08 09:53:50.985root 11241100x8000000000000000297014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2ef5f0d2c01c62023-02-08 09:53:50.985root 11241100x8000000000000000297013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.985{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1c06c448d7d74e2023-02-08 09:53:50.985root 11241100x8000000000000000297038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f9cdb78122b7f2023-02-08 09:53:50.986root 11241100x8000000000000000297037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e230ea0608e7ebf2023-02-08 09:53:50.986root 11241100x8000000000000000297036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f955f699404cc222023-02-08 09:53:50.986root 11241100x8000000000000000297035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf694b010e9b07a2023-02-08 09:53:50.986root 11241100x8000000000000000297034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f19b8d8d9a5624d2023-02-08 09:53:50.986root 11241100x8000000000000000297033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680148def109dc52023-02-08 09:53:50.986root 11241100x8000000000000000297032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04085c0ed239055d2023-02-08 09:53:50.986root 11241100x8000000000000000297031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4928e43eaa062ce12023-02-08 09:53:50.986root 11241100x8000000000000000297030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f86351adb4cfe9f2023-02-08 09:53:50.986root 11241100x8000000000000000297029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7da4243eaadc2f2023-02-08 09:53:50.986root 11241100x8000000000000000297028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a180b6f4adb6ab1c2023-02-08 09:53:50.986root 11241100x8000000000000000297027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade294310c63247d2023-02-08 09:53:50.986root 11241100x8000000000000000297026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.986{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848f7f72b092eb032023-02-08 09:53:50.986root 11241100x8000000000000000297054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38d99911f946f0b2023-02-08 09:53:50.987root 11241100x8000000000000000297053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca88980d0eeba4e22023-02-08 09:53:50.987root 11241100x8000000000000000297052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab632438db17e7df2023-02-08 09:53:50.987root 11241100x8000000000000000297051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032734a168f86f872023-02-08 09:53:50.987root 11241100x8000000000000000297050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce7a0b1b6730c612023-02-08 09:53:50.987root 11241100x8000000000000000297049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5fa3bd8f84a1032023-02-08 09:53:50.987root 11241100x8000000000000000297048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58108513c12f5c242023-02-08 09:53:50.987root 11241100x8000000000000000297047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af30c3db1046cd2d2023-02-08 09:53:50.987root 11241100x8000000000000000297046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0868c6447afcd0d62023-02-08 09:53:50.987root 11241100x8000000000000000297045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b12073fce3b81e92023-02-08 09:53:50.987root 11241100x8000000000000000297044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd811a7ea82abdc22023-02-08 09:53:50.987root 11241100x8000000000000000297043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b41eae57e04de2023-02-08 09:53:50.987root 11241100x8000000000000000297042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4c3f714559bb692023-02-08 09:53:50.987root 11241100x8000000000000000297041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278d5ee7d2c6b42f2023-02-08 09:53:50.987root 11241100x8000000000000000297040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92f710077c89ae42023-02-08 09:53:50.987root 11241100x8000000000000000297039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.987{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ffae7c432139f82023-02-08 09:53:50.987root 11241100x8000000000000000297060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7073e2ae9098eadd2023-02-08 09:53:50.988root 11241100x8000000000000000297059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0c50c4316825872023-02-08 09:53:50.988root 11241100x8000000000000000297058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd88a818c73c7b3b2023-02-08 09:53:50.988root 11241100x8000000000000000297057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6d533ae9532a62023-02-08 09:53:50.988root 11241100x8000000000000000297056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083c7dbaacdf0c042023-02-08 09:53:50.988root 11241100x8000000000000000297055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:50.988{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf22f95289bb632023-02-08 09:53:50.988root 11241100x8000000000000000297064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.693{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a945fc777b2b392023-02-08 09:53:51.693root 11241100x8000000000000000297063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.693{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387e1342d1aea5502023-02-08 09:53:51.693root 11241100x8000000000000000297062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.693{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9997974827b4c49e2023-02-08 09:53:51.693root 11241100x8000000000000000297061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.693{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f22490a2a7a8b2023-02-08 09:53:51.693root 11241100x8000000000000000297080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a9524e698f08b72023-02-08 09:53:51.694root 11241100x8000000000000000297079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff06b3f6ac6f8362023-02-08 09:53:51.694root 11241100x8000000000000000297078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92dd0bd1ca874942023-02-08 09:53:51.694root 11241100x8000000000000000297077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0301818ab424511b2023-02-08 09:53:51.694root 11241100x8000000000000000297076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab31d6b754c0064a2023-02-08 09:53:51.694root 11241100x8000000000000000297075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb4311d4cfbcdfb2023-02-08 09:53:51.694root 11241100x8000000000000000297074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297f2922389ee6422023-02-08 09:53:51.694root 11241100x8000000000000000297073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fd853ccf5c9e3d2023-02-08 09:53:51.694root 11241100x8000000000000000297072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e80a468fd13d582023-02-08 09:53:51.694root 11241100x8000000000000000297071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffe41773cc81e952023-02-08 09:53:51.694root 11241100x8000000000000000297070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb29fe68e1851a32023-02-08 09:53:51.694root 11241100x8000000000000000297069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d077a1de07f692023-02-08 09:53:51.694root 11241100x8000000000000000297068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1faf6a95f9e54762023-02-08 09:53:51.694root 11241100x8000000000000000297067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c768d72cc1f0df252023-02-08 09:53:51.694root 11241100x8000000000000000297066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a928b343c302f822023-02-08 09:53:51.694root 11241100x8000000000000000297065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.694{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38015c174563b4b22023-02-08 09:53:51.694root 11241100x8000000000000000297087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825a2477c1c156142023-02-08 09:53:51.695root 11241100x8000000000000000297086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499c93c6374059fb2023-02-08 09:53:51.695root 11241100x8000000000000000297085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c4d7efc9db0f902023-02-08 09:53:51.695root 11241100x8000000000000000297084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a1d4eb57c7e4382023-02-08 09:53:51.695root 11241100x8000000000000000297083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62831f56830aef42023-02-08 09:53:51.695root 11241100x8000000000000000297082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac440c15ff86cc632023-02-08 09:53:51.695root 11241100x8000000000000000297081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.695{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e37a4dcdcd6f9e32023-02-08 09:53:51.695root 11241100x8000000000000000297101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba20c4eaf2059e482023-02-08 09:53:51.696root 11241100x8000000000000000297100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc06b67087cc9ddd2023-02-08 09:53:51.696root 11241100x8000000000000000297099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff23274b767614542023-02-08 09:53:51.696root 11241100x8000000000000000297098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52f353a0e95a6aa2023-02-08 09:53:51.696root 11241100x8000000000000000297097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4936ea2c888fc8e22023-02-08 09:53:51.696root 11241100x8000000000000000297096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf60415051161eee2023-02-08 09:53:51.696root 11241100x8000000000000000297095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787cdcd0a7127ef72023-02-08 09:53:51.696root 11241100x8000000000000000297094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228bec7397f03a6e2023-02-08 09:53:51.696root 11241100x8000000000000000297093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff87e6ee4a9e5ac32023-02-08 09:53:51.696root 11241100x8000000000000000297092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f54b7e4a101c62023-02-08 09:53:51.696root 11241100x8000000000000000297091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69056c4a853bd09f2023-02-08 09:53:51.696root 11241100x8000000000000000297090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bc700f64cd0c4f2023-02-08 09:53:51.696root 11241100x8000000000000000297089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19a8773a273ca032023-02-08 09:53:51.696root 11241100x8000000000000000297088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.696{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3ef6cfc391cbe42023-02-08 09:53:51.696root 11241100x8000000000000000297111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba5d8fbf662f49d2023-02-08 09:53:51.697root 11241100x8000000000000000297110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3da94528d6c46762023-02-08 09:53:51.697root 11241100x8000000000000000297109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a410ffd37085b61b2023-02-08 09:53:51.697root 11241100x8000000000000000297108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a18e19c332fe1b2023-02-08 09:53:51.697root 11241100x8000000000000000297107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da733a0674dae4d62023-02-08 09:53:51.697root 11241100x8000000000000000297106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75340335f2b92562023-02-08 09:53:51.697root 11241100x8000000000000000297105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b948de0a1322672023-02-08 09:53:51.697root 11241100x8000000000000000297104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4537ae65728b1f92023-02-08 09:53:51.697root 11241100x8000000000000000297103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586913298c0db3022023-02-08 09:53:51.697root 11241100x8000000000000000297102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.697{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca794d6c3d0f83642023-02-08 09:53:51.697root 11241100x8000000000000000297120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65253e338aa9c2b92023-02-08 09:53:51.698root 11241100x8000000000000000297119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371648852c081b4a2023-02-08 09:53:51.698root 11241100x8000000000000000297118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeff81fab6aecb42023-02-08 09:53:51.698root 11241100x8000000000000000297117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ee143e8eb130aa2023-02-08 09:53:51.698root 11241100x8000000000000000297116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64eed23e0e9dfac2023-02-08 09:53:51.698root 11241100x8000000000000000297115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be760616a00cd7232023-02-08 09:53:51.698root 11241100x8000000000000000297114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f2e72b6189bd912023-02-08 09:53:51.698root 11241100x8000000000000000297113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee912d5418f8a4e2023-02-08 09:53:51.698root 11241100x8000000000000000297112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.698{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36ab776e9271782023-02-08 09:53:51.698root 11241100x8000000000000000297127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b574f98820dd29872023-02-08 09:53:51.699root 11241100x8000000000000000297126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433887480415441f2023-02-08 09:53:51.699root 11241100x8000000000000000297125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62b1d2836b0d2122023-02-08 09:53:51.699root 11241100x8000000000000000297124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0d408cf2b11d0d2023-02-08 09:53:51.699root 11241100x8000000000000000297123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347269ee4e7dec002023-02-08 09:53:51.699root 11241100x8000000000000000297122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fda64be8f61ec1c2023-02-08 09:53:51.699root 11241100x8000000000000000297121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.699{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcab78f591862f72023-02-08 09:53:51.699root 11241100x8000000000000000297132Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.700{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5647eecc4f160f9f2023-02-08 09:53:51.700root 11241100x8000000000000000297131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.700{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb9d670dce3b272023-02-08 09:53:51.700root 11241100x8000000000000000297130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.700{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7778c14cc3371d92023-02-08 09:53:51.700root 11241100x8000000000000000297129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.700{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e699696881bd5b72023-02-08 09:53:51.700root 11241100x8000000000000000297128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.700{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102fd341d44190a82023-02-08 09:53:51.700root 11241100x8000000000000000297140Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f8138c56970ca2023-02-08 09:53:51.701root 11241100x8000000000000000297139Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783ea79a1a0138632023-02-08 09:53:51.701root 11241100x8000000000000000297138Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2500104f484aec2023-02-08 09:53:51.701root 11241100x8000000000000000297137Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274265856e05e4142023-02-08 09:53:51.701root 11241100x8000000000000000297136Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07b3fcd28d3a7f22023-02-08 09:53:51.701root 11241100x8000000000000000297135Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd57810c713e3b52023-02-08 09:53:51.701root 11241100x8000000000000000297134Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9859cdf0fdf399e02023-02-08 09:53:51.701root 11241100x8000000000000000297133Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.701{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f9abbabba20fa92023-02-08 09:53:51.701root 11241100x8000000000000000297147Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4a31aebce96a62023-02-08 09:53:51.702root 11241100x8000000000000000297146Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31152c8a7b4bae0b2023-02-08 09:53:51.702root 11241100x8000000000000000297145Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff3beb7a77119f2023-02-08 09:53:51.702root 11241100x8000000000000000297144Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a162d6672a67edb12023-02-08 09:53:51.702root 11241100x8000000000000000297143Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75cdafb87885afe2023-02-08 09:53:51.702root 11241100x8000000000000000297142Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b68f4d60bc68e3a2023-02-08 09:53:51.702root 11241100x8000000000000000297141Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.702{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3133822c5b00f8c32023-02-08 09:53:51.702root 11241100x8000000000000000297153Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d36a22e7d2a88e72023-02-08 09:53:51.703root 11241100x8000000000000000297152Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c593a73acdaa72023-02-08 09:53:51.703root 11241100x8000000000000000297151Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0891a3f898495e92023-02-08 09:53:51.703root 11241100x8000000000000000297150Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503f8786d5c6ffd22023-02-08 09:53:51.703root 11241100x8000000000000000297149Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc7306eb74e86b72023-02-08 09:53:51.703root 11241100x8000000000000000297148Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.703{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3392fd2d194322392023-02-08 09:53:51.703root 11241100x8000000000000000297160Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b44ae2b9becee3a2023-02-08 09:53:51.704root 11241100x8000000000000000297159Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d38c2f5f732cb2d2023-02-08 09:53:51.704root 11241100x8000000000000000297158Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176581bd9d2fd9d82023-02-08 09:53:51.704root 11241100x8000000000000000297157Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea630bb8cdbb34872023-02-08 09:53:51.704root 11241100x8000000000000000297156Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38daf9b5d4a1cfdf2023-02-08 09:53:51.704root 11241100x8000000000000000297155Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933c6409a2886f1d2023-02-08 09:53:51.704root 11241100x8000000000000000297154Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.704{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3ab4703ba051c52023-02-08 09:53:51.704root 11241100x8000000000000000297168Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137881efefd12aec2023-02-08 09:53:51.705root 11241100x8000000000000000297167Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99ee30f5f0c1fce2023-02-08 09:53:51.705root 11241100x8000000000000000297166Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149336ad3fd033812023-02-08 09:53:51.705root 11241100x8000000000000000297165Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7b361b287722592023-02-08 09:53:51.705root 11241100x8000000000000000297164Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67a23f4195071912023-02-08 09:53:51.705root 11241100x8000000000000000297163Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7db6c91f9945c22023-02-08 09:53:51.705root 11241100x8000000000000000297162Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a7d55682ecabe02023-02-08 09:53:51.705root 11241100x8000000000000000297161Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.705{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437a0683f2e959e32023-02-08 09:53:51.705root 11241100x8000000000000000297177Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd2c37cf729b1252023-02-08 09:53:51.706root 11241100x8000000000000000297176Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4140e93078e12fb2023-02-08 09:53:51.706root 11241100x8000000000000000297175Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e2c0dddd301acc2023-02-08 09:53:51.706root 11241100x8000000000000000297174Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a258eeaaaf0626b2023-02-08 09:53:51.706root 11241100x8000000000000000297173Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238e202fb03ad2a32023-02-08 09:53:51.706root 11241100x8000000000000000297172Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff47c96d22fdb9eb2023-02-08 09:53:51.706root 11241100x8000000000000000297171Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6227f1857ca4d32023-02-08 09:53:51.706root 11241100x8000000000000000297170Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff5aaa36f607c1f2023-02-08 09:53:51.706root 11241100x8000000000000000297169Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.706{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14af5f176c6bc5c2023-02-08 09:53:51.706root 11241100x8000000000000000297183Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a2c55c2b29e6ae2023-02-08 09:53:51.707root 11241100x8000000000000000297182Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ad53503e3351d22023-02-08 09:53:51.707root 11241100x8000000000000000297181Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36172454785aa2312023-02-08 09:53:51.707root 11241100x8000000000000000297180Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ad5ff736c1686d2023-02-08 09:53:51.707root 11241100x8000000000000000297179Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9293b3c97715b882023-02-08 09:53:51.707root 11241100x8000000000000000297178Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.707{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9a4c4a3bbc3c082023-02-08 09:53:51.707root 11241100x8000000000000000297185Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.708{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9480356a987a40b32023-02-08 09:53:51.708root 11241100x8000000000000000297184Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:51.708{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a9a014501c90e2023-02-08 09:53:51.708root 11241100x8000000000000000297186Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.196{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb92148604a7fc2023-02-08 09:53:52.196root 11241100x8000000000000000297189Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.197{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8703ecbd795552023-02-08 09:53:52.197root 11241100x8000000000000000297188Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.197{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29acbf1cc6bf34f92023-02-08 09:53:52.197root 11241100x8000000000000000297187Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.197{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4634bc30d452250e2023-02-08 09:53:52.197root 11241100x8000000000000000297197Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114da7d83e73e3062023-02-08 09:53:52.198root 11241100x8000000000000000297196Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3028c88b4a508d2023-02-08 09:53:52.198root 11241100x8000000000000000297195Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49bf327fa23a66f2023-02-08 09:53:52.198root 11241100x8000000000000000297194Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9de55437d0edc52023-02-08 09:53:52.198root 11241100x8000000000000000297193Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd83adcf6b6ab252023-02-08 09:53:52.198root 11241100x8000000000000000297192Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e8c63505dcdfba2023-02-08 09:53:52.198root 11241100x8000000000000000297191Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf53f0d93fcad82a2023-02-08 09:53:52.198root 11241100x8000000000000000297190Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.198{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32bcde674c233ac2023-02-08 09:53:52.198root 11241100x8000000000000000297203Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ad9aeb4a6d206f2023-02-08 09:53:52.199root 11241100x8000000000000000297202Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f42fdadc09fdd2023-02-08 09:53:52.199root 11241100x8000000000000000297201Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b279c443c62f4d2023-02-08 09:53:52.199root 11241100x8000000000000000297200Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a87df396fe2582023-02-08 09:53:52.199root 11241100x8000000000000000297199Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f830f7039fe565282023-02-08 09:53:52.199root 11241100x8000000000000000297198Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.199{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f9b55d25fb12842023-02-08 09:53:52.199root 11241100x8000000000000000297210Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73c121699de5fd62023-02-08 09:53:52.200root 11241100x8000000000000000297209Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c18c2eaa58fbc662023-02-08 09:53:52.200root 11241100x8000000000000000297208Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27785e8d040db9082023-02-08 09:53:52.200root 11241100x8000000000000000297207Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af062eee2ac79cd2023-02-08 09:53:52.200root 11241100x8000000000000000297206Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb32af4c43ff442a2023-02-08 09:53:52.200root 11241100x8000000000000000297205Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5778c95796f918b22023-02-08 09:53:52.200root 11241100x8000000000000000297204Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.200{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858a7e0b5e38fa902023-02-08 09:53:52.200root 11241100x8000000000000000297214Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.201{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df249cbe507c2922023-02-08 09:53:52.201root 11241100x8000000000000000297213Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.201{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2180c49fc60cdd4f2023-02-08 09:53:52.201root 11241100x8000000000000000297212Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.201{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e221052ef040842023-02-08 09:53:52.201root 11241100x8000000000000000297211Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.201{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da4d48dcc40dce32023-02-08 09:53:52.201root 11241100x8000000000000000297218Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.202{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af6837a2eab537f2023-02-08 09:53:52.202root 11241100x8000000000000000297217Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.202{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f520728e374e936e2023-02-08 09:53:52.202root 11241100x8000000000000000297216Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.202{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c5aa74c0319ba22023-02-08 09:53:52.202root 11241100x8000000000000000297215Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.202{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcde0eafd806ae962023-02-08 09:53:52.202root 11241100x8000000000000000297222Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.203{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d929a74236219a02023-02-08 09:53:52.203root 11241100x8000000000000000297221Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.203{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e737ae966498b6b12023-02-08 09:53:52.203root 11241100x8000000000000000297220Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.203{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a617cc97f6a889e2023-02-08 09:53:52.203root 11241100x8000000000000000297219Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.203{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20af9f14e17950822023-02-08 09:53:52.203root 11241100x8000000000000000297226Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.204{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9a460b05dad9f2023-02-08 09:53:52.204root 11241100x8000000000000000297225Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.204{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5f9b7a6badceab2023-02-08 09:53:52.204root 11241100x8000000000000000297224Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.204{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06515bfc48761462023-02-08 09:53:52.204root 11241100x8000000000000000297223Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.204{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314529e24126768d2023-02-08 09:53:52.204root 11241100x8000000000000000297231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.205{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b62bfdaf8bf0f92023-02-08 09:53:52.205root 11241100x8000000000000000297230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.205{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e45ab8585a5c062023-02-08 09:53:52.205root 11241100x8000000000000000297229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.205{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3a2609416d54db2023-02-08 09:53:52.205root 11241100x8000000000000000297228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.205{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337d69a3e7455742023-02-08 09:53:52.205root 11241100x8000000000000000297227Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.205{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124bb05a32b46a4d2023-02-08 09:53:52.205root 11241100x8000000000000000297236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.206{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41088bb3bbe4fb182023-02-08 09:53:52.206root 11241100x8000000000000000297235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.206{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e61d4910853cc12023-02-08 09:53:52.206root 11241100x8000000000000000297234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.206{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f53831a10e24dc2023-02-08 09:53:52.206root 11241100x8000000000000000297233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.206{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3e236e785f57c22023-02-08 09:53:52.206root 11241100x8000000000000000297232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.206{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b0c065f1e165fb2023-02-08 09:53:52.206root 11241100x8000000000000000297244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babc768b3f8a7f762023-02-08 09:53:52.207root 11241100x8000000000000000297243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc02bb1134e43422023-02-08 09:53:52.207root 11241100x8000000000000000297242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05384e49ba85509c2023-02-08 09:53:52.207root 11241100x8000000000000000297241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5cffa92a17c55a2023-02-08 09:53:52.207root 11241100x8000000000000000297240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c825f6afde4921f22023-02-08 09:53:52.207root 11241100x8000000000000000297239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1a0049ba8278ab2023-02-08 09:53:52.207root 11241100x8000000000000000297238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f462c4af2278d39c2023-02-08 09:53:52.207root 11241100x8000000000000000297237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.207{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49b56e147abb4d2023-02-08 09:53:52.207root 11241100x8000000000000000297249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.208{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4c97c7c42953b2023-02-08 09:53:52.208root 11241100x8000000000000000297248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.208{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bff354def2be0d2023-02-08 09:53:52.208root 11241100x8000000000000000297247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.208{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b33b4e22ac9fc402023-02-08 09:53:52.208root 11241100x8000000000000000297246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.208{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a774605456321b2023-02-08 09:53:52.208root 11241100x8000000000000000297245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.208{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a94e3704f522b72023-02-08 09:53:52.208root 11241100x8000000000000000297254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.432{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3003bf92630259792023-02-08 09:53:52.432root 11241100x8000000000000000297253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.432{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ecd423b822296e2023-02-08 09:53:52.432root 11241100x8000000000000000297252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.432{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e51592660141a102023-02-08 09:53:52.432root 11241100x8000000000000000297251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.432{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b603b2c92cb386a32023-02-08 09:53:52.432root 11241100x8000000000000000297250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.432{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f49b017fa176ca12023-02-08 09:53:52.432root 11241100x8000000000000000297260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291baad0c3a13dd92023-02-08 09:53:52.433root 11241100x8000000000000000297259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b1b98a7c56c6192023-02-08 09:53:52.433root 11241100x8000000000000000297258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf35522e82dff4e2023-02-08 09:53:52.433root 11241100x8000000000000000297257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9293056a5b21142023-02-08 09:53:52.433root 11241100x8000000000000000297256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed4e863f934f79f2023-02-08 09:53:52.433root 11241100x8000000000000000297255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.433{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc7527125adb8912023-02-08 09:53:52.433root 11241100x8000000000000000297264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.434{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3a2e9b8cd19c8e2023-02-08 09:53:52.434root 11241100x8000000000000000297263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.434{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c388ab6223b3f02023-02-08 09:53:52.434root 11241100x8000000000000000297262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.434{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aae4e7d0c85c2022023-02-08 09:53:52.434root 11241100x8000000000000000297261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.434{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a19f801585ee4222023-02-08 09:53:52.434root 11241100x8000000000000000297267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.435{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3cbb70a872ed22023-02-08 09:53:52.435root 11241100x8000000000000000297266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.435{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc5b3441e1115a72023-02-08 09:53:52.435root 11241100x8000000000000000297265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.435{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a2e88f47969b972023-02-08 09:53:52.435root 11241100x8000000000000000297270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.436{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd907bf3dd1ee92023-02-08 09:53:52.436root 11241100x8000000000000000297269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.436{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8aeade666025582023-02-08 09:53:52.436root 11241100x8000000000000000297268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.436{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0b89bec423db6c2023-02-08 09:53:52.436root 11241100x8000000000000000297273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.437{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc502b1883c63d8f2023-02-08 09:53:52.437root 11241100x8000000000000000297272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.437{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e06a40ee6f386b2023-02-08 09:53:52.437root 11241100x8000000000000000297271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.437{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1175850c4be39cf82023-02-08 09:53:52.437root 11241100x8000000000000000297277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.438{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a45776cd10c7582023-02-08 09:53:52.438root 11241100x8000000000000000297276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.438{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268faf57f16f71822023-02-08 09:53:52.438root 11241100x8000000000000000297275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.438{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16a0e367c4ce0272023-02-08 09:53:52.438root 11241100x8000000000000000297274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.438{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093a8133dd3d914a2023-02-08 09:53:52.438root 11241100x8000000000000000297282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.439{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4ea442d1a482312023-02-08 09:53:52.439root 11241100x8000000000000000297281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.439{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe1cb7f443be3102023-02-08 09:53:52.439root 11241100x8000000000000000297280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.439{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e397668ce0c4daed2023-02-08 09:53:52.439root 11241100x8000000000000000297279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.439{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9168f52287b8829f2023-02-08 09:53:52.439root 11241100x8000000000000000297278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.439{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01e16555f34f5c82023-02-08 09:53:52.439root 11241100x8000000000000000297288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d92247f3097402023-02-08 09:53:52.440root 11241100x8000000000000000297287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e212cd5b437b113d2023-02-08 09:53:52.440root 11241100x8000000000000000297286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf230384a7f2da6f2023-02-08 09:53:52.440root 11241100x8000000000000000297285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99493c99f03c9542023-02-08 09:53:52.440root 11241100x8000000000000000297284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dff2cccb5f486622023-02-08 09:53:52.440root 11241100x8000000000000000297283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.440{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657d91d3092ecc772023-02-08 09:53:52.440root 11241100x8000000000000000297295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a1b8918de0b20d2023-02-08 09:53:52.441root 11241100x8000000000000000297294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe45a0d84a816102023-02-08 09:53:52.441root 11241100x8000000000000000297293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ff8ba4c16a947e2023-02-08 09:53:52.441root 11241100x8000000000000000297292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89226323a58e6512023-02-08 09:53:52.441root 11241100x8000000000000000297291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27eeca0c3dbec52023-02-08 09:53:52.441root 11241100x8000000000000000297290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125d5a5335ae8fc2023-02-08 09:53:52.441root 11241100x8000000000000000297289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.441{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b6a5d2567abef42023-02-08 09:53:52.441root 11241100x8000000000000000297301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778dcdcc399b7012023-02-08 09:53:52.442root 11241100x8000000000000000297300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9f546327a065452023-02-08 09:53:52.442root 11241100x8000000000000000297299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7553a12b8aa4f81d2023-02-08 09:53:52.442root 11241100x8000000000000000297298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e385f5972dba79e92023-02-08 09:53:52.442root 11241100x8000000000000000297297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e628c4f4980a07742023-02-08 09:53:52.442root 11241100x8000000000000000297296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.442{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2b267460acbd12023-02-08 09:53:52.442root 11241100x8000000000000000297306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.443{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bd7e8c01fde3c92023-02-08 09:53:52.443root 11241100x8000000000000000297305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.443{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3e4cc59fdfa3e52023-02-08 09:53:52.443root 11241100x8000000000000000297304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.443{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb60abbd34e4d6ea2023-02-08 09:53:52.443root 11241100x8000000000000000297303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.443{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0321e458a4e3fc2023-02-08 09:53:52.443root 11241100x8000000000000000297302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.443{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf4e069ab52b40a2023-02-08 09:53:52.443root 11241100x8000000000000000297313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c5dec9297ca0592023-02-08 09:53:52.444root 11241100x8000000000000000297312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c453c296c82de5a2023-02-08 09:53:52.444root 11241100x8000000000000000297311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7845ba77738e73552023-02-08 09:53:52.444root 11241100x8000000000000000297310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dfabfe8aea82482023-02-08 09:53:52.444root 11241100x8000000000000000297309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8870e211122a660b2023-02-08 09:53:52.444root 11241100x8000000000000000297308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6134363e4b8bf02023-02-08 09:53:52.444root 11241100x8000000000000000297307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.444{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d07d9e3ae38ef62023-02-08 09:53:52.444root 11241100x8000000000000000297317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.445{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d18cfae3f120c912023-02-08 09:53:52.445root 11241100x8000000000000000297316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.445{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb4364d4cf1cc472023-02-08 09:53:52.445root 11241100x8000000000000000297315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.445{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e8389a7148758f2023-02-08 09:53:52.445root 11241100x8000000000000000297314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.445{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ee9e8059335512023-02-08 09:53:52.445root 11241100x8000000000000000297323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937589a35f81fd932023-02-08 09:53:52.446root 11241100x8000000000000000297322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f07391b3d707cf2023-02-08 09:53:52.446root 11241100x8000000000000000297321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5def5cfdc19caa2023-02-08 09:53:52.446root 11241100x8000000000000000297320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f853459a380c392023-02-08 09:53:52.446root 11241100x8000000000000000297319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb0cb906ca596612023-02-08 09:53:52.446root 11241100x8000000000000000297318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.446{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f47431c09cc54a2023-02-08 09:53:52.446root 11241100x8000000000000000297329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf56d10549fd65102023-02-08 09:53:52.447root 11241100x8000000000000000297328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d719636cbb6d1d62023-02-08 09:53:52.447root 11241100x8000000000000000297327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fc7a85a99562d42023-02-08 09:53:52.447root 11241100x8000000000000000297326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5269ffc973a9ee2023-02-08 09:53:52.447root 11241100x8000000000000000297325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6100a00297b90ee32023-02-08 09:53:52.447root 11241100x8000000000000000297324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.447{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fbd33256513d952023-02-08 09:53:52.447root 11241100x8000000000000000297336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dcad317d066abf2023-02-08 09:53:52.448root 11241100x8000000000000000297335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8f97802eb2a3372023-02-08 09:53:52.448root 11241100x8000000000000000297334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6061f03ed18161f02023-02-08 09:53:52.448root 11241100x8000000000000000297333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a746f7afff33d2023-02-08 09:53:52.448root 11241100x8000000000000000297332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f50a87c73b3e0c2023-02-08 09:53:52.448root 11241100x8000000000000000297331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452a226be2a7e2dc2023-02-08 09:53:52.448root 11241100x8000000000000000297330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.448{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebadeca093a206c2023-02-08 09:53:52.448root 11241100x8000000000000000297341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.449{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b7f13ba5b96792023-02-08 09:53:52.449root 11241100x8000000000000000297340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.449{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d20db79546036d2023-02-08 09:53:52.449root 11241100x8000000000000000297339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.449{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d043bd74a556b202023-02-08 09:53:52.449root 11241100x8000000000000000297338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.449{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb91de3385aa6902023-02-08 09:53:52.449root 11241100x8000000000000000297337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.449{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab99d8a0bdfc0a32023-02-08 09:53:52.449root 11241100x8000000000000000297347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630e3ca4f48496852023-02-08 09:53:52.450root 11241100x8000000000000000297346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d112b2b1926560ce2023-02-08 09:53:52.450root 11241100x8000000000000000297345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155e0829d4b2b032023-02-08 09:53:52.450root 11241100x8000000000000000297344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72a4c13cc0072542023-02-08 09:53:52.450root 11241100x8000000000000000297343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1436a1aec9a06e12023-02-08 09:53:52.450root 11241100x8000000000000000297342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.450{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0aeddb0846b82aa2023-02-08 09:53:52.450root 11241100x8000000000000000297352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.451{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f281c424700b1f852023-02-08 09:53:52.451root 11241100x8000000000000000297351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.451{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1544edae6ff84d5b2023-02-08 09:53:52.451root 11241100x8000000000000000297350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.451{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180d7fe4ca021b0b2023-02-08 09:53:52.451root 11241100x8000000000000000297349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.451{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24800bf911380b22023-02-08 09:53:52.451root 11241100x8000000000000000297348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.451{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc8eb529488568c2023-02-08 09:53:52.451root 11241100x8000000000000000297360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afb9bf9178f93932023-02-08 09:53:52.452root 11241100x8000000000000000297359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3bfce4bf32a3bc2023-02-08 09:53:52.452root 11241100x8000000000000000297358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ee5cb52c1c45322023-02-08 09:53:52.452root 11241100x8000000000000000297357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3f50be8752428c2023-02-08 09:53:52.452root 11241100x8000000000000000297356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c624368a9527d9732023-02-08 09:53:52.452root 11241100x8000000000000000297355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6117aa645eb7e2142023-02-08 09:53:52.452root 11241100x8000000000000000297354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c3b436518941d52023-02-08 09:53:52.452root 11241100x8000000000000000297353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.452{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddee1cb4381dbc92023-02-08 09:53:52.452root 11241100x8000000000000000297366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d2118e750c0472023-02-08 09:53:52.453root 11241100x8000000000000000297365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da15b7c82a1c69b2023-02-08 09:53:52.453root 11241100x8000000000000000297364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ded27242be065f2023-02-08 09:53:52.453root 11241100x8000000000000000297363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77b91362eaf6d9e2023-02-08 09:53:52.453root 11241100x8000000000000000297362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2716a4aa2b1fb2023-02-08 09:53:52.453root 11241100x8000000000000000297361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.453{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2b8e539fe7a33d2023-02-08 09:53:52.453root 11241100x8000000000000000297370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.454{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752140a1c920b482023-02-08 09:53:52.454root 11241100x8000000000000000297369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.454{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47f6cfa8bf5602c2023-02-08 09:53:52.454root 11241100x8000000000000000297368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.454{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4d7e5b6d8b367d2023-02-08 09:53:52.454root 11241100x8000000000000000297367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.454{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a9f719b5ef9ce92023-02-08 09:53:52.454root 11241100x8000000000000000297373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.455{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2cb57f0717f9872023-02-08 09:53:52.455root 11241100x8000000000000000297372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.455{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b1913b674e3d22023-02-08 09:53:52.455root 11241100x8000000000000000297371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.455{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bca6fd5794347a62023-02-08 09:53:52.455root 11241100x8000000000000000297380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa768d24e19dfa8a2023-02-08 09:53:52.456root 11241100x8000000000000000297379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a896d73c6de6022023-02-08 09:53:52.456root 11241100x8000000000000000297378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70b06ebe5bfd07f2023-02-08 09:53:52.456root 11241100x8000000000000000297377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e00491386f7ab52023-02-08 09:53:52.456root 11241100x8000000000000000297376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a997bd5ae001462023-02-08 09:53:52.456root 11241100x8000000000000000297375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38eb38253707132023-02-08 09:53:52.456root 11241100x8000000000000000297374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.456{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30c06bda2d4322d2023-02-08 09:53:52.456root 11241100x8000000000000000297387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b1a4a24eeb24a2023-02-08 09:53:52.457root 11241100x8000000000000000297386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c4fe8881b4c51b2023-02-08 09:53:52.457root 11241100x8000000000000000297385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972fc10b348413a62023-02-08 09:53:52.457root 11241100x8000000000000000297384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b760248a08b145d2023-02-08 09:53:52.457root 11241100x8000000000000000297383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c281c19162592cc2023-02-08 09:53:52.457root 11241100x8000000000000000297382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a31f2d3b287eff42023-02-08 09:53:52.457root 11241100x8000000000000000297381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.457{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80a77bf9b91fe3d2023-02-08 09:53:52.457root 11241100x8000000000000000297393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f240e32d286cc32023-02-08 09:53:52.458root 11241100x8000000000000000297392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cd677d0bc0ec262023-02-08 09:53:52.458root 11241100x8000000000000000297391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f4902e966b84d22023-02-08 09:53:52.458root 11241100x8000000000000000297390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82f2e13830d8c02023-02-08 09:53:52.458root 11241100x8000000000000000297389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a721e56992b4ce92023-02-08 09:53:52.458root 11241100x8000000000000000297388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.458{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99628aff2aeaac42023-02-08 09:53:52.458root 11241100x8000000000000000297400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bb666746beb0cb2023-02-08 09:53:52.459root 11241100x8000000000000000297399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dc7e8dd782a6482023-02-08 09:53:52.459root 11241100x8000000000000000297398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c81485ae16501a62023-02-08 09:53:52.459root 11241100x8000000000000000297397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4684178dd17e06b32023-02-08 09:53:52.459root 11241100x8000000000000000297396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09919ebea7ac1b92023-02-08 09:53:52.459root 11241100x8000000000000000297395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce67226d16ea08a72023-02-08 09:53:52.459root 11241100x8000000000000000297394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.459{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b735f579c79ec162023-02-08 09:53:52.459root 11241100x8000000000000000297408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f495126a8b6c9c2023-02-08 09:53:52.460root 11241100x8000000000000000297407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac889a4f16c45c42023-02-08 09:53:52.460root 11241100x8000000000000000297406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1978e1e8a77e1e2023-02-08 09:53:52.460root 11241100x8000000000000000297405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1b31df0a3039a72023-02-08 09:53:52.460root 11241100x8000000000000000297404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f0cae606fdf9562023-02-08 09:53:52.460root 11241100x8000000000000000297403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e621e900ecb4892023-02-08 09:53:52.460root 11241100x8000000000000000297402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4644244c31fd832023-02-08 09:53:52.460root 11241100x8000000000000000297401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.460{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c964f6a0866ec7ca2023-02-08 09:53:52.460root 11241100x8000000000000000297417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78da84d724a67fdd2023-02-08 09:53:52.461root 11241100x8000000000000000297416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b843189a90e668a2023-02-08 09:53:52.461root 11241100x8000000000000000297415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f556b5a9380b00842023-02-08 09:53:52.461root 11241100x8000000000000000297414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d97de7987bb30862023-02-08 09:53:52.461root 11241100x8000000000000000297413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15e096a4766d7232023-02-08 09:53:52.461root 11241100x8000000000000000297412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d2a4c65331d9102023-02-08 09:53:52.461root 11241100x8000000000000000297411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3495519157c4fa172023-02-08 09:53:52.461root 11241100x8000000000000000297410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b57117064fe1e32023-02-08 09:53:52.461root 11241100x8000000000000000297409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.461{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad018a7f7eb56e12023-02-08 09:53:52.461root 11241100x8000000000000000297426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ef088a59a06f162023-02-08 09:53:52.462root 11241100x8000000000000000297425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c9421f06235ec2023-02-08 09:53:52.462root 11241100x8000000000000000297424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f242735b6b87a42023-02-08 09:53:52.462root 11241100x8000000000000000297423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9382ec6cdbdcdedb2023-02-08 09:53:52.462root 11241100x8000000000000000297422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073be7ff1506e71b2023-02-08 09:53:52.462root 11241100x8000000000000000297421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed40d3743bd430102023-02-08 09:53:52.462root 11241100x8000000000000000297420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc701db1ac09542023-02-08 09:53:52.462root 11241100x8000000000000000297419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359df217e9b31c342023-02-08 09:53:52.462root 11241100x8000000000000000297418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.462{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767da21779110a92023-02-08 09:53:52.462root 11241100x8000000000000000297435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa938c380d31ed02023-02-08 09:53:52.463root 11241100x8000000000000000297434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf74e402c37885192023-02-08 09:53:52.463root 11241100x8000000000000000297433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0440ed2e798641182023-02-08 09:53:52.463root 11241100x8000000000000000297432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f083e80cedda469e2023-02-08 09:53:52.463root 11241100x8000000000000000297431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15d8868289997f32023-02-08 09:53:52.463root 11241100x8000000000000000297430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba25eed59bc0d592023-02-08 09:53:52.463root 11241100x8000000000000000297429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7f5c6e2b0fead82023-02-08 09:53:52.463root 11241100x8000000000000000297428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2502f4b01ace2fef2023-02-08 09:53:52.463root 11241100x8000000000000000297427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.463{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a492aa072e03f802023-02-08 09:53:52.463root 11241100x8000000000000000297440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.948{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d7f441d494c62d2023-02-08 09:53:52.948root 11241100x8000000000000000297439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.948{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14569d61996414212023-02-08 09:53:52.948root 11241100x8000000000000000297438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.948{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ba2528a4a733bf2023-02-08 09:53:52.948root 11241100x8000000000000000297437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.948{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076cfef1530233ed2023-02-08 09:53:52.948root 11241100x8000000000000000297436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:52.948{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d34100b7b01d8112023-02-08 09:53:52.948root 11241100x8000000000000000297442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.170{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb33bc82810a71a2023-02-08 09:53:53.170root 11241100x8000000000000000297441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.170{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb86dc0fb8427ff82023-02-08 09:53:53.170root 11241100x8000000000000000297452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a7c3789da15e4d2023-02-08 09:53:53.171root 11241100x8000000000000000297451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deef21c19d2525142023-02-08 09:53:53.171root 11241100x8000000000000000297450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6298c33bcfa5442023-02-08 09:53:53.171root 11241100x8000000000000000297449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d702076c0f10b1a2023-02-08 09:53:53.171root 11241100x8000000000000000297448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7984e74f108c59bf2023-02-08 09:53:53.171root 11241100x8000000000000000297447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167f5ada20e12f972023-02-08 09:53:53.171root 11241100x8000000000000000297446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22275ac6789aa6172023-02-08 09:53:53.171root 11241100x8000000000000000297445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5e81ebeef1116e2023-02-08 09:53:53.171root 11241100x8000000000000000297444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d103647133d90c442023-02-08 09:53:53.171root 11241100x8000000000000000297443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.171{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b3b84016b8f6c92023-02-08 09:53:53.171root 11241100x8000000000000000297462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0651207290a9bb572023-02-08 09:53:53.172root 11241100x8000000000000000297461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb1a9dad1d4fc942023-02-08 09:53:53.172root 11241100x8000000000000000297460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358a7b1c77e2ad232023-02-08 09:53:53.172root 11241100x8000000000000000297459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41778c616b1115422023-02-08 09:53:53.172root 11241100x8000000000000000297458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773a05341ea2ac502023-02-08 09:53:53.172root 11241100x8000000000000000297457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eeaead9ff4c7d2f2023-02-08 09:53:53.172root 11241100x8000000000000000297456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513540ca7a036ed22023-02-08 09:53:53.172root 11241100x8000000000000000297455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02da303214880d02023-02-08 09:53:53.172root 11241100x8000000000000000297454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0da0a455786e832023-02-08 09:53:53.172root 11241100x8000000000000000297453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.172{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6c42feecde128e2023-02-08 09:53:53.172root 11241100x8000000000000000297471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6882c9e47d176ad2023-02-08 09:53:53.173root 11241100x8000000000000000297470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32f3dba8f4f02c72023-02-08 09:53:53.173root 11241100x8000000000000000297469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ec2392467154b82023-02-08 09:53:53.173root 11241100x8000000000000000297468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f948d7d9334f4562023-02-08 09:53:53.173root 11241100x8000000000000000297467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e4a8a6c52d047b2023-02-08 09:53:53.173root 11241100x8000000000000000297466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c5a6e34831d14a2023-02-08 09:53:53.173root 11241100x8000000000000000297465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ed9922aaaa47582023-02-08 09:53:53.173root 11241100x8000000000000000297464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e2056e2bdbed7b2023-02-08 09:53:53.173root 11241100x8000000000000000297463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.173{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa23c5d18215f5362023-02-08 09:53:53.173root 11241100x8000000000000000297479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec7104e0ba4e4fa2023-02-08 09:53:53.174root 11241100x8000000000000000297478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b84343c565f9272023-02-08 09:53:53.174root 11241100x8000000000000000297477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a398e614d37ffa2023-02-08 09:53:53.174root 11241100x8000000000000000297476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384ecfb0bee168472023-02-08 09:53:53.174root 11241100x8000000000000000297475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7c6db914c0f5642023-02-08 09:53:53.174root 11241100x8000000000000000297474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1cae1fc1ad61812023-02-08 09:53:53.174root 11241100x8000000000000000297473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123e1e6aa752f6092023-02-08 09:53:53.174root 11241100x8000000000000000297472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.174{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b949c61b3358e30d2023-02-08 09:53:53.174root 11241100x8000000000000000297488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfc139bc5f4e9d12023-02-08 09:53:53.175root 11241100x8000000000000000297487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a7dd678cc93c0b12023-02-08 09:53:53.175root 11241100x8000000000000000297486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6de7433db3a04e2023-02-08 09:53:53.175root 11241100x8000000000000000297485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f5a418c04944582023-02-08 09:53:53.175root 11241100x8000000000000000297484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85933f8cdcd45802023-02-08 09:53:53.175root 11241100x8000000000000000297483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bffc8226ab32e42023-02-08 09:53:53.175root 11241100x8000000000000000297482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca8584ec0700672023-02-08 09:53:53.175root 11241100x8000000000000000297481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba0f561ba9bbb2a2023-02-08 09:53:53.175root 11241100x8000000000000000297480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.175{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0740836d1b1d382023-02-08 09:53:53.175root 11241100x8000000000000000297498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2bb90cfa727f32023-02-08 09:53:53.176root 11241100x8000000000000000297497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db547affc11d85442023-02-08 09:53:53.176root 11241100x8000000000000000297496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0283bb1e76ae89482023-02-08 09:53:53.176root 11241100x8000000000000000297495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4481ea836f5682062023-02-08 09:53:53.176root 11241100x8000000000000000297494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a0b774b4e17582023-02-08 09:53:53.176root 11241100x8000000000000000297493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f9139979862fd52023-02-08 09:53:53.176root 11241100x8000000000000000297492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2582f1f00f1610f22023-02-08 09:53:53.176root 11241100x8000000000000000297491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7794e2bc0b669b4d2023-02-08 09:53:53.176root 11241100x8000000000000000297490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b11f0829ff31212023-02-08 09:53:53.176root 11241100x8000000000000000297489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.176{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e964026ec1d56b2023-02-08 09:53:53.176root 11241100x8000000000000000297507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59eaf182d8994b62023-02-08 09:53:53.177root 11241100x8000000000000000297506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb75ea921af092a22023-02-08 09:53:53.177root 11241100x8000000000000000297505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d239ea8185f052023-02-08 09:53:53.177root 11241100x8000000000000000297504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fbe029ebc6f23e82023-02-08 09:53:53.177root 11241100x8000000000000000297503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345393852d8891b22023-02-08 09:53:53.177root 11241100x8000000000000000297502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93a38d491804eeb2023-02-08 09:53:53.177root 11241100x8000000000000000297501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060cf89c0bb545fe2023-02-08 09:53:53.177root 11241100x8000000000000000297500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee1354c4d52941c2023-02-08 09:53:53.177root 11241100x8000000000000000297499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.177{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df311932dde04ae32023-02-08 09:53:53.177root 11241100x8000000000000000297511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.178{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aac68d081af65f2023-02-08 09:53:53.178root 11241100x8000000000000000297510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.178{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d1e8b0ee0c08c2023-02-08 09:53:53.178root 11241100x8000000000000000297509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.178{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d985f5e5816859b2023-02-08 09:53:53.178root 11241100x8000000000000000297508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.178{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec3af4724d57f822023-02-08 09:53:53.178root 11241100x8000000000000000297513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03b45899d6cd73c2023-02-08 09:53:53.386root 354300x8000000000000000297512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.386{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-41976-false10.0.1.20-8089- 11241100x8000000000000000297524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2b53e230ec341b2023-02-08 09:53:53.387root 11241100x8000000000000000297523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe2e3428f9042f62023-02-08 09:53:53.387root 11241100x8000000000000000297522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfa16b4be7a29932023-02-08 09:53:53.387root 11241100x8000000000000000297521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced0497357e225552023-02-08 09:53:53.387root 11241100x8000000000000000297520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d312a4afd82f89e2023-02-08 09:53:53.387root 11241100x8000000000000000297519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3295b2f3eb451bfb2023-02-08 09:53:53.387root 11241100x8000000000000000297518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c61bda7dff33ca02023-02-08 09:53:53.387root 11241100x8000000000000000297517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c757d925117053af2023-02-08 09:53:53.387root 11241100x8000000000000000297516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c614e680f89512e2023-02-08 09:53:53.387root 11241100x8000000000000000297515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b336da38872ca3522023-02-08 09:53:53.387root 11241100x8000000000000000297514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bec49c7536b7152023-02-08 09:53:53.387root 11241100x8000000000000000297537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407e57d20ba497df2023-02-08 09:53:53.388root 11241100x8000000000000000297536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef36769f2161ba02023-02-08 09:53:53.388root 11241100x8000000000000000297535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b4977c2f555822023-02-08 09:53:53.388root 11241100x8000000000000000297534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f04bf2081913a312023-02-08 09:53:53.388root 11241100x8000000000000000297533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780456b18426c8d32023-02-08 09:53:53.388root 11241100x8000000000000000297532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3b30fb1c8b15b32023-02-08 09:53:53.388root 11241100x8000000000000000297531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bc38e70fac55502023-02-08 09:53:53.388root 11241100x8000000000000000297530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ad70a426c08c8b2023-02-08 09:53:53.388root 11241100x8000000000000000297529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cb8cb9ecc7a0e92023-02-08 09:53:53.388root 11241100x8000000000000000297528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4227163b7d3b43842023-02-08 09:53:53.388root 11241100x8000000000000000297527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fbf9143ebf96df2023-02-08 09:53:53.388root 11241100x8000000000000000297526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e32ffdde8ddfeb2023-02-08 09:53:53.388root 11241100x8000000000000000297525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57c7129b9225ca32023-02-08 09:53:53.388root 11241100x8000000000000000297543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab14103c48242c722023-02-08 09:53:53.389root 11241100x8000000000000000297542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e253330aeaf5104f2023-02-08 09:53:53.389root 11241100x8000000000000000297541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5309046e6cf050c2023-02-08 09:53:53.389root 11241100x8000000000000000297540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2190b5994a49f42023-02-08 09:53:53.389root 11241100x8000000000000000297539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0ae412060353162023-02-08 09:53:53.389root 11241100x8000000000000000297538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bc26b5160c5cce2023-02-08 09:53:53.389root 11241100x8000000000000000297548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6c60493388bb9c2023-02-08 09:53:53.390root 11241100x8000000000000000297547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbbc835dbef25712023-02-08 09:53:53.390root 11241100x8000000000000000297546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372fb126b9af55832023-02-08 09:53:53.390root 11241100x8000000000000000297545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7e3c2b01370c802023-02-08 09:53:53.390root 11241100x8000000000000000297544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef287f4942b7c522023-02-08 09:53:53.390root 11241100x8000000000000000297549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1170f5ac7f875a562023-02-08 09:53:53.391root 11241100x8000000000000000297559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d7e243f217f7672023-02-08 09:53:53.392root 11241100x8000000000000000297558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7121d8c94affc9022023-02-08 09:53:53.392root 11241100x8000000000000000297557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44185c45a91fb9f92023-02-08 09:53:53.392root 11241100x8000000000000000297556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44305fab01f4e5a32023-02-08 09:53:53.392root 11241100x8000000000000000297555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1454ea93c338b2d22023-02-08 09:53:53.392root 11241100x8000000000000000297554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f94992314e5516d2023-02-08 09:53:53.392root 11241100x8000000000000000297553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5351e8e0fcb815732023-02-08 09:53:53.392root 11241100x8000000000000000297552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea185ebda209947b2023-02-08 09:53:53.392root 11241100x8000000000000000297551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d467f88ca59d592023-02-08 09:53:53.392root 11241100x8000000000000000297550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3afc028c5a4aaec2023-02-08 09:53:53.392root 11241100x8000000000000000297568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733c3d611b5a234a2023-02-08 09:53:53.393root 11241100x8000000000000000297567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93da8d3c1e2f88592023-02-08 09:53:53.393root 11241100x8000000000000000297566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ac4a3b044176c42023-02-08 09:53:53.393root 11241100x8000000000000000297565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b00ddf50300f9a02023-02-08 09:53:53.393root 11241100x8000000000000000297564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e52c91c15955592023-02-08 09:53:53.393root 11241100x8000000000000000297563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8788fe559399622023-02-08 09:53:53.393root 11241100x8000000000000000297562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b0d8aeb479b5562023-02-08 09:53:53.393root 11241100x8000000000000000297561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff60de71f0c944192023-02-08 09:53:53.393root 11241100x8000000000000000297560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb5924bc500dcdc2023-02-08 09:53:53.393root 11241100x8000000000000000297575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceecda51431c7d8d2023-02-08 09:53:53.394root 11241100x8000000000000000297574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55b14c8e7dfe7072023-02-08 09:53:53.394root 11241100x8000000000000000297573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b41da977179a32023-02-08 09:53:53.394root 11241100x8000000000000000297572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0f9cbd1326a1fd2023-02-08 09:53:53.394root 11241100x8000000000000000297571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510276ae02fa6fb02023-02-08 09:53:53.394root 11241100x8000000000000000297570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d8d0c7db27daf2023-02-08 09:53:53.394root 11241100x8000000000000000297569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972a78348ba049242023-02-08 09:53:53.394root 11241100x8000000000000000297577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.395{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2319f433b0dc15102023-02-08 09:53:53.395root 11241100x8000000000000000297576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.395{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972a54b4c8fdb8922023-02-08 09:53:53.395root 11241100x8000000000000000297580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7994e87650f2abff2023-02-08 09:53:53.397root 11241100x8000000000000000297579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60b1d9df8df686c2023-02-08 09:53:53.397root 11241100x8000000000000000297578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2550eb78f27847462023-02-08 09:53:53.397root 11241100x8000000000000000297581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.398{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a372ecb7700dee72023-02-08 09:53:53.398root 11241100x8000000000000000297593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0719467fff40e2c72023-02-08 09:53:53.399root 11241100x8000000000000000297592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99f62e76f1a1bc72023-02-08 09:53:53.399root 11241100x8000000000000000297591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d2b665553bfeac2023-02-08 09:53:53.399root 11241100x8000000000000000297590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50deae69d39e7f762023-02-08 09:53:53.399root 11241100x8000000000000000297589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8ab7b82bec75c12023-02-08 09:53:53.399root 11241100x8000000000000000297588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1fad4864110fa62023-02-08 09:53:53.399root 11241100x8000000000000000297587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e3d1ed6d2fe9cf2023-02-08 09:53:53.399root 11241100x8000000000000000297586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850b1e13371c2c552023-02-08 09:53:53.399root 11241100x8000000000000000297585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd075018fdd97f62023-02-08 09:53:53.399root 11241100x8000000000000000297584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e490dbc7f56b5f2023-02-08 09:53:53.399root 11241100x8000000000000000297583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69c1496b39aa612023-02-08 09:53:53.399root 11241100x8000000000000000297582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa98712acf7338c2023-02-08 09:53:53.399root 11241100x8000000000000000297602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4977785e3644440e2023-02-08 09:53:53.400root 11241100x8000000000000000297601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d2384cc4ed82f42023-02-08 09:53:53.400root 11241100x8000000000000000297600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8db1a3ad002d2c2023-02-08 09:53:53.400root 11241100x8000000000000000297599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0595eb4e5eecac52023-02-08 09:53:53.400root 11241100x8000000000000000297598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a964eced52e816d2023-02-08 09:53:53.400root 11241100x8000000000000000297597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd7059e51647f742023-02-08 09:53:53.400root 11241100x8000000000000000297596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a2939af17ee8bc2023-02-08 09:53:53.400root 11241100x8000000000000000297595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b21d7a62a9c7002023-02-08 09:53:53.400root 11241100x8000000000000000297594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92558ba6f85cc982023-02-08 09:53:53.400root 11241100x8000000000000000297614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8536d7cbf82233132023-02-08 09:53:53.401root 11241100x8000000000000000297613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0705a92bee75812023-02-08 09:53:53.401root 11241100x8000000000000000297612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ad4bc78136bcd32023-02-08 09:53:53.401root 11241100x8000000000000000297611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2418708ae3bf7dd82023-02-08 09:53:53.401root 11241100x8000000000000000297610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaccbd21f1d171fd2023-02-08 09:53:53.401root 11241100x8000000000000000297609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531c1363807bcf5d2023-02-08 09:53:53.401root 11241100x8000000000000000297608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9570f4bcf31692012023-02-08 09:53:53.401root 11241100x8000000000000000297607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fe9c4a81516bef2023-02-08 09:53:53.401root 11241100x8000000000000000297606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ef8576bda368172023-02-08 09:53:53.401root 11241100x8000000000000000297605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b39f0630ebabfd2023-02-08 09:53:53.401root 11241100x8000000000000000297604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcc2c34bc42d74f2023-02-08 09:53:53.401root 11241100x8000000000000000297603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc731794d9ff5cf2023-02-08 09:53:53.401root 11241100x8000000000000000297628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7260656cfb3acc2023-02-08 09:53:53.402root 11241100x8000000000000000297627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adb36da2fff02982023-02-08 09:53:53.402root 11241100x8000000000000000297626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8740ca94ec97831b2023-02-08 09:53:53.402root 11241100x8000000000000000297625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52d914d7ab5f5102023-02-08 09:53:53.402root 11241100x8000000000000000297624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa0fb0f340d48272023-02-08 09:53:53.402root 11241100x8000000000000000297623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a5f7caac34e0a62023-02-08 09:53:53.402root 11241100x8000000000000000297622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c8fee5a6ac97862023-02-08 09:53:53.402root 11241100x8000000000000000297621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6db37936583a0632023-02-08 09:53:53.402root 11241100x8000000000000000297620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645ad52cb2597ebd2023-02-08 09:53:53.402root 11241100x8000000000000000297619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537bcc9a93726c582023-02-08 09:53:53.402root 11241100x8000000000000000297618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df6b5714c19997e2023-02-08 09:53:53.402root 11241100x8000000000000000297617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da82de825d80b01f2023-02-08 09:53:53.402root 11241100x8000000000000000297616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78ca3c3d1a4dd822023-02-08 09:53:53.402root 11241100x8000000000000000297615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b24704185c0f47d2023-02-08 09:53:53.402root 11241100x8000000000000000297630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.403{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44b1df3cc7fe7792023-02-08 09:53:53.403root 11241100x8000000000000000297629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.403{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4036388ac75ff1412023-02-08 09:53:53.403root 11241100x8000000000000000297631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.908{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a69c3e0f900d3f2023-02-08 09:53:53.908root 11241100x8000000000000000297636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.909{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfe632349e605902023-02-08 09:53:53.909root 11241100x8000000000000000297635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.909{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5b93426a00e7942023-02-08 09:53:53.909root 11241100x8000000000000000297634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.909{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d9b22a40ac2a042023-02-08 09:53:53.909root 11241100x8000000000000000297633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.909{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb02cc8c5de140f2023-02-08 09:53:53.909root 11241100x8000000000000000297632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.909{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9c8b7c0e66cc9e2023-02-08 09:53:53.909root 11241100x8000000000000000297643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bc703f4afa56952023-02-08 09:53:53.910root 11241100x8000000000000000297642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42878f8b22c28212023-02-08 09:53:53.910root 11241100x8000000000000000297641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa8b8a2477850372023-02-08 09:53:53.910root 11241100x8000000000000000297640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe10c5a40fdcf2732023-02-08 09:53:53.910root 11241100x8000000000000000297639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f99aef685201c22023-02-08 09:53:53.910root 11241100x8000000000000000297638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe481249791c3c62023-02-08 09:53:53.910root 11241100x8000000000000000297637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.910{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dee6ffa5e8947a72023-02-08 09:53:53.910root 11241100x8000000000000000297650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17c30908fe8cfea2023-02-08 09:53:53.911root 11241100x8000000000000000297649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73aa17f06f212a712023-02-08 09:53:53.911root 11241100x8000000000000000297648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d076465511160062023-02-08 09:53:53.911root 11241100x8000000000000000297647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a30ad75a39d1412023-02-08 09:53:53.911root 11241100x8000000000000000297646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bfda31845d79132023-02-08 09:53:53.911root 11241100x8000000000000000297645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a0d01953148fd72023-02-08 09:53:53.911root 11241100x8000000000000000297644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.911{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f40f44510e2d332023-02-08 09:53:53.911root 11241100x8000000000000000297658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a091f98d41cf0762023-02-08 09:53:53.912root 11241100x8000000000000000297657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0377c165006ed93f2023-02-08 09:53:53.912root 11241100x8000000000000000297656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a870d401a45a1c582023-02-08 09:53:53.912root 11241100x8000000000000000297655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9d155a62cdef2e2023-02-08 09:53:53.912root 11241100x8000000000000000297654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ffe2dce046d11f2023-02-08 09:53:53.912root 11241100x8000000000000000297653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d76328c237cd302023-02-08 09:53:53.912root 11241100x8000000000000000297652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6603fc7a834b4242023-02-08 09:53:53.912root 11241100x8000000000000000297651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437a6601a8a927e12023-02-08 09:53:53.912root 11241100x8000000000000000297665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfd78685eaf98572023-02-08 09:53:53.913root 11241100x8000000000000000297664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609e48c682492a452023-02-08 09:53:53.913root 11241100x8000000000000000297663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65d51f2da1aed092023-02-08 09:53:53.913root 11241100x8000000000000000297662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7e4feffffd1b782023-02-08 09:53:53.913root 11241100x8000000000000000297661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8580a67862f5a82023-02-08 09:53:53.913root 11241100x8000000000000000297660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d31869404f66642023-02-08 09:53:53.913root 11241100x8000000000000000297659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d0ce2e25f00be22023-02-08 09:53:53.913root 11241100x8000000000000000297672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecda030c7af612ce2023-02-08 09:53:53.914root 11241100x8000000000000000297671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0362a7f8d415f0c52023-02-08 09:53:53.914root 11241100x8000000000000000297670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b6d657a2543f32023-02-08 09:53:53.914root 11241100x8000000000000000297669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61079a53f0ddd4772023-02-08 09:53:53.914root 11241100x8000000000000000297668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1607b976ce7d0d1b2023-02-08 09:53:53.914root 11241100x8000000000000000297667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f948789951eac432023-02-08 09:53:53.914root 11241100x8000000000000000297666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a7adb5a6c053a32023-02-08 09:53:53.914root 11241100x8000000000000000297678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42533887b32e56d72023-02-08 09:53:53.915root 11241100x8000000000000000297677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8bd8c521563542023-02-08 09:53:53.915root 11241100x8000000000000000297676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ecfc4caed4f482023-02-08 09:53:53.915root 11241100x8000000000000000297675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38486d1a5858c992023-02-08 09:53:53.915root 11241100x8000000000000000297674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fce50941ee8ea72023-02-08 09:53:53.915root 11241100x8000000000000000297673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bfe26dd364c17d2023-02-08 09:53:53.915root 11241100x8000000000000000297686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a45a14f0c7b98f2023-02-08 09:53:53.916root 11241100x8000000000000000297685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a49fd0ef25ec872023-02-08 09:53:53.916root 11241100x8000000000000000297684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d7aefbc30d9e682023-02-08 09:53:53.916root 11241100x8000000000000000297683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be6073e2fd50d742023-02-08 09:53:53.916root 11241100x8000000000000000297682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4321a216f1e6c22023-02-08 09:53:53.916root 11241100x8000000000000000297681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953f1b8cae914f582023-02-08 09:53:53.916root 11241100x8000000000000000297680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1797d4066c5f70d02023-02-08 09:53:53.916root 11241100x8000000000000000297679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004a07940fb85522023-02-08 09:53:53.916root 11241100x8000000000000000297693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e882676b1b296cae2023-02-08 09:53:53.917root 11241100x8000000000000000297692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3113073c76a2e5b2023-02-08 09:53:53.917root 11241100x8000000000000000297691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6f0dcc6982d0a2023-02-08 09:53:53.917root 11241100x8000000000000000297690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832279abdc965bd12023-02-08 09:53:53.917root 11241100x8000000000000000297689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1413ba061387c7c92023-02-08 09:53:53.917root 11241100x8000000000000000297688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed291dabc9aa5e682023-02-08 09:53:53.917root 11241100x8000000000000000297687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc6479f130de0982023-02-08 09:53:53.917root 11241100x8000000000000000297700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcaa86d9058a25f2023-02-08 09:53:53.918root 11241100x8000000000000000297699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1b7a2a0ee56252023-02-08 09:53:53.918root 11241100x8000000000000000297698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51736da6539d2d282023-02-08 09:53:53.918root 11241100x8000000000000000297697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbe1aba08f34a632023-02-08 09:53:53.918root 11241100x8000000000000000297696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90b0197bc82e8ed2023-02-08 09:53:53.918root 11241100x8000000000000000297695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01083d68d05e28002023-02-08 09:53:53.918root 11241100x8000000000000000297694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.918{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7636e2fb2ca778872023-02-08 09:53:53.918root 11241100x8000000000000000297708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d6e47fed8a535c2023-02-08 09:53:53.919root 11241100x8000000000000000297707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58186f4ad8bdee0b2023-02-08 09:53:53.919root 11241100x8000000000000000297706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a6ac610c313bb12023-02-08 09:53:53.919root 11241100x8000000000000000297705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17d079c8a6b04062023-02-08 09:53:53.919root 11241100x8000000000000000297704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b31c53676aaab2023-02-08 09:53:53.919root 11241100x8000000000000000297703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fa0ae03c690a612023-02-08 09:53:53.919root 11241100x8000000000000000297702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0cb6fbac5903512023-02-08 09:53:53.919root 11241100x8000000000000000297701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba24f6c1738fed0c2023-02-08 09:53:53.919root 11241100x8000000000000000297716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af56459cd0977a02023-02-08 09:53:53.920root 11241100x8000000000000000297715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaac14b9c935dcc62023-02-08 09:53:53.920root 11241100x8000000000000000297714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60ec5b1d41741732023-02-08 09:53:53.920root 11241100x8000000000000000297713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a891ee20e678792023-02-08 09:53:53.920root 11241100x8000000000000000297712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0cd781ca931e4f2023-02-08 09:53:53.920root 11241100x8000000000000000297711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44700406e4c4183e2023-02-08 09:53:53.920root 11241100x8000000000000000297710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415e903863b698842023-02-08 09:53:53.920root 11241100x8000000000000000297709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.920{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b1223ca402559f2023-02-08 09:53:53.920root 11241100x8000000000000000297724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd8ddf08aa4c022023-02-08 09:53:53.921root 11241100x8000000000000000297723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a204fcf571652bbc2023-02-08 09:53:53.921root 11241100x8000000000000000297722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea00e2bcdff5c852023-02-08 09:53:53.921root 11241100x8000000000000000297721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a346fd15192dfe82023-02-08 09:53:53.921root 11241100x8000000000000000297720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfea3bddca865292023-02-08 09:53:53.921root 11241100x8000000000000000297719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232036c85de011c2023-02-08 09:53:53.921root 11241100x8000000000000000297718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d835e12ee5beed752023-02-08 09:53:53.921root 11241100x8000000000000000297717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.921{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bc06caf75fa8cb2023-02-08 09:53:53.921root 11241100x8000000000000000297732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20275d4290aeb102023-02-08 09:53:53.922root 11241100x8000000000000000297731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b77634ba6d2c392023-02-08 09:53:53.922root 11241100x8000000000000000297730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a631bc26f84c01222023-02-08 09:53:53.922root 11241100x8000000000000000297729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5981141d86944d2023-02-08 09:53:53.922root 11241100x8000000000000000297728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4012d3564f9262023-02-08 09:53:53.922root 11241100x8000000000000000297727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839a77d45df115f72023-02-08 09:53:53.922root 11241100x8000000000000000297726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1d7828d084edc32023-02-08 09:53:53.922root 11241100x8000000000000000297725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.922{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3326020d24aeee2023-02-08 09:53:53.922root 11241100x8000000000000000297742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1329eeba9003cdd2023-02-08 09:53:53.923root 11241100x8000000000000000297741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd7d2f3e48ec3432023-02-08 09:53:53.923root 11241100x8000000000000000297740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252a22a4e8ea42592023-02-08 09:53:53.923root 11241100x8000000000000000297739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a38ed45b2844f72023-02-08 09:53:53.923root 11241100x8000000000000000297738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6a3ca7a634d332023-02-08 09:53:53.923root 11241100x8000000000000000297737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90646aa81af6d6d02023-02-08 09:53:53.923root 11241100x8000000000000000297736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcaf2c1aa4e4a412023-02-08 09:53:53.923root 11241100x8000000000000000297735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4930eed16a921c32023-02-08 09:53:53.923root 11241100x8000000000000000297734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5e5b86dca853dc2023-02-08 09:53:53.923root 11241100x8000000000000000297733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.923{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55d8436c87ae79d2023-02-08 09:53:53.923root 11241100x8000000000000000297750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e53ed40b19d83a42023-02-08 09:53:53.924root 11241100x8000000000000000297749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e095cb994bcab72023-02-08 09:53:53.924root 11241100x8000000000000000297748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679f82137317e2d72023-02-08 09:53:53.924root 11241100x8000000000000000297747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485ced58f6ba64d2023-02-08 09:53:53.924root 11241100x8000000000000000297746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e1915de390d4e22023-02-08 09:53:53.924root 11241100x8000000000000000297745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955f2acfea133bff2023-02-08 09:53:53.924root 11241100x8000000000000000297744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2e00f8603ca6c32023-02-08 09:53:53.924root 11241100x8000000000000000297743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.924{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507c105f97c1e6332023-02-08 09:53:53.924root 11241100x8000000000000000297758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8939ee1a9160f9542023-02-08 09:53:53.925root 11241100x8000000000000000297757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f2ddbe34a2e672023-02-08 09:53:53.925root 11241100x8000000000000000297756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad87ea5ac94fa512023-02-08 09:53:53.925root 11241100x8000000000000000297755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080eb8fef620c4e72023-02-08 09:53:53.925root 11241100x8000000000000000297754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1afc598abfdcc902023-02-08 09:53:53.925root 11241100x8000000000000000297753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d74cc94064240d82023-02-08 09:53:53.925root 11241100x8000000000000000297752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab66d4115ccd36d2023-02-08 09:53:53.925root 11241100x8000000000000000297751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.925{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ae80e953f50182023-02-08 09:53:53.925root 11241100x8000000000000000297766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05beed3700219a72023-02-08 09:53:53.926root 11241100x8000000000000000297765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd835404dd9111912023-02-08 09:53:53.926root 11241100x8000000000000000297764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cf1c3ace4dfb1d2023-02-08 09:53:53.926root 11241100x8000000000000000297763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606323b8ef0726fe2023-02-08 09:53:53.926root 11241100x8000000000000000297762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0255030fd37a9d22023-02-08 09:53:53.926root 11241100x8000000000000000297761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899c318ae0a441272023-02-08 09:53:53.926root 11241100x8000000000000000297760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f2f09e05b312932023-02-08 09:53:53.926root 11241100x8000000000000000297759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.926{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325e5c378b4854132023-02-08 09:53:53.926root 11241100x8000000000000000297779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adcb6dc82bb3c212023-02-08 09:53:53.927root 11241100x8000000000000000297778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a5a8a8ee43a4432023-02-08 09:53:53.927root 11241100x8000000000000000297777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a9651943ba7dd2023-02-08 09:53:53.927root 11241100x8000000000000000297776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a925bc368cfb51752023-02-08 09:53:53.927root 11241100x8000000000000000297775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213ddc373f503a9f2023-02-08 09:53:53.927root 11241100x8000000000000000297774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4989c3769f90ac702023-02-08 09:53:53.927root 11241100x8000000000000000297773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc80d3eba91d9532023-02-08 09:53:53.927root 11241100x8000000000000000297772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce83bca321450a52023-02-08 09:53:53.927root 11241100x8000000000000000297771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8e7e60b6cb5442023-02-08 09:53:53.927root 11241100x8000000000000000297770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac1dafc667b1fc82023-02-08 09:53:53.927root 11241100x8000000000000000297769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a751c2c1b240d12023-02-08 09:53:53.927root 11241100x8000000000000000297768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cecd8db325588d02023-02-08 09:53:53.927root 11241100x8000000000000000297767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.927{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082fbabbd7fc7a592023-02-08 09:53:53.927root 11241100x8000000000000000297794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18955f8d071b10d42023-02-08 09:53:53.928root 11241100x8000000000000000297793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0d7bf53671a4fe2023-02-08 09:53:53.928root 11241100x8000000000000000297792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d62b30bfe0b41a82023-02-08 09:53:53.928root 11241100x8000000000000000297791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04689e4d4a211e0f2023-02-08 09:53:53.928root 11241100x8000000000000000297790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f25e040006fac442023-02-08 09:53:53.928root 11241100x8000000000000000297789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c17786817d1c0d2023-02-08 09:53:53.928root 11241100x8000000000000000297788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e379d368dd75de992023-02-08 09:53:53.928root 11241100x8000000000000000297787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1984814a2cd1201f2023-02-08 09:53:53.928root 11241100x8000000000000000297786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c082a10f5b71d52023-02-08 09:53:53.928root 11241100x8000000000000000297785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9668de4857b1e42023-02-08 09:53:53.928root 11241100x8000000000000000297784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd80b4b7500a8142023-02-08 09:53:53.928root 11241100x8000000000000000297783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb024b78856a8f42023-02-08 09:53:53.928root 11241100x8000000000000000297782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5241263ef7fc169b2023-02-08 09:53:53.928root 11241100x8000000000000000297781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffdb5872acc3f962023-02-08 09:53:53.928root 11241100x8000000000000000297780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.928{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd7041250e82c492023-02-08 09:53:53.928root 11241100x8000000000000000297806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9450613158a3ae552023-02-08 09:53:53.929root 11241100x8000000000000000297805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72996ba90e771862023-02-08 09:53:53.929root 11241100x8000000000000000297804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc335d24be392e2023-02-08 09:53:53.929root 11241100x8000000000000000297803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4cc83bcc9d23692023-02-08 09:53:53.929root 11241100x8000000000000000297802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf170b72eae46ba2023-02-08 09:53:53.929root 11241100x8000000000000000297801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f097d20eb585d2b2023-02-08 09:53:53.929root 11241100x8000000000000000297800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d285ca089f3ba22023-02-08 09:53:53.929root 11241100x8000000000000000297799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634e6569702b3d6e2023-02-08 09:53:53.929root 11241100x8000000000000000297798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab489be76ff99bc2023-02-08 09:53:53.929root 11241100x8000000000000000297797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedd6d9fc05de5b82023-02-08 09:53:53.929root 11241100x8000000000000000297796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d17890d6ea0ba2023-02-08 09:53:53.929root 11241100x8000000000000000297795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.929{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975cb2bb0554f4402023-02-08 09:53:53.929root 11241100x8000000000000000297810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.930{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307aae9fdc3fc35b2023-02-08 09:53:53.930root 11241100x8000000000000000297809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.930{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b738c263e046ed272023-02-08 09:53:53.930root 11241100x8000000000000000297808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.930{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b463199c4809572023-02-08 09:53:53.930root 11241100x8000000000000000297807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:53.930{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729cd0de030359302023-02-08 09:53:53.930root 11241100x8000000000000000297820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f00d71bce853402023-02-08 09:53:54.410root 11241100x8000000000000000297819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eefb73cea0200752023-02-08 09:53:54.410root 11241100x8000000000000000297818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1d919637bfe05f2023-02-08 09:53:54.410root 11241100x8000000000000000297817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443b17257df6ac12023-02-08 09:53:54.410root 11241100x8000000000000000297816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aa286dbffc6a2c2023-02-08 09:53:54.410root 11241100x8000000000000000297815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c150ed181e88162023-02-08 09:53:54.410root 11241100x8000000000000000297814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4b467c8a6554a2023-02-08 09:53:54.410root 11241100x8000000000000000297813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544035a8b5bad7582023-02-08 09:53:54.410root 11241100x8000000000000000297812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9088f21443e7d62023-02-08 09:53:54.410root 11241100x8000000000000000297811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf1ff7074851342023-02-08 09:53:54.410root 534500x8000000000000000297821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.438{ec2a0601-7114-63e3-0000-000000000000}613-root 23542300x8000000000000000297822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.439{ec2a0601-7113-63e3-c8ea-60bf5b550000}459root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:14055--- 23542300x8000000000000000297823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.440{ec2a0601-710b-63e3-5859-f4e22c560000}1root/lib/systemd/systemd/run/systemd/units/invocation:systemd-fsckd.service--- 11241100x8000000000000000297824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.514{ec2a0601-7113-63e3-2840-faaee3550000}512/lib/systemd/systemd-udevd/run/udev/queue2023-02-08 09:53:54.514root 534500x8000000000000000297831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{00000000-0000-0000-0000-000000000000}1751<unknown process>root 534500x8000000000000000297830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{00000000-0000-0000-0000-000000000000}1748<unknown process>root 534500x8000000000000000297829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{00000000-0000-0000-0000-000000000000}1747<unknown process>root 534500x8000000000000000297828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{00000000-0000-0000-0000-000000000000}1750<unknown process>root 534500x8000000000000000297827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{00000000-0000-0000-0000-000000000000}1752<unknown process>root 534500x8000000000000000297826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{ec2a0601-7132-63e3-0000-000000000000}1753-root 23542300x8000000000000000297825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.519{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000297832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.520{00000000-0000-0000-0000-000000000000}1749<unknown process>root 11241100x8000000000000000297833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.645{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9b44524cd5beca2023-02-08 09:53:54.645root 11241100x8000000000000000297848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1fae9ad49a80122023-02-08 09:53:54.646root 11241100x8000000000000000297847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cfbb97755eb68f2023-02-08 09:53:54.646root 11241100x8000000000000000297846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0893af5c770d903d2023-02-08 09:53:54.646root 11241100x8000000000000000297845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1ab77c33e8b9422023-02-08 09:53:54.646root 11241100x8000000000000000297844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b367e450117ec702023-02-08 09:53:54.646root 11241100x8000000000000000297843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8457ae92315824472023-02-08 09:53:54.646root 11241100x8000000000000000297842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdd7335cda6806c2023-02-08 09:53:54.646root 11241100x8000000000000000297841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0b9345dabfc5a02023-02-08 09:53:54.646root 11241100x8000000000000000297840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3fd0f0b86f23752023-02-08 09:53:54.646root 11241100x8000000000000000297839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fa01e50a4125202023-02-08 09:53:54.646root 11241100x8000000000000000297838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcf93d27dc374cb2023-02-08 09:53:54.646root 11241100x8000000000000000297837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e569da652fdad5f2023-02-08 09:53:54.646root 11241100x8000000000000000297836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607881d0cd9885f62023-02-08 09:53:54.646root 11241100x8000000000000000297835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e69a5e3b3ec95d2023-02-08 09:53:54.646root 11241100x8000000000000000297834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.646{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6206d44cbd850ba2023-02-08 09:53:54.646root 11241100x8000000000000000297864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4110a2865f5742023-02-08 09:53:54.647root 11241100x8000000000000000297863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d7b9911783f04b2023-02-08 09:53:54.647root 11241100x8000000000000000297862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e474c76a84da3d2e2023-02-08 09:53:54.647root 11241100x8000000000000000297861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6e76b59bf2ed3d2023-02-08 09:53:54.647root 11241100x8000000000000000297860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf8ff66c1aa5d9e2023-02-08 09:53:54.647root 11241100x8000000000000000297859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128cf06e343aa7dc2023-02-08 09:53:54.647root 11241100x8000000000000000297858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc955cef8ee16c2023-02-08 09:53:54.647root 11241100x8000000000000000297857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d768e13f7b45494c2023-02-08 09:53:54.647root 11241100x8000000000000000297856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed34760818225872023-02-08 09:53:54.647root 11241100x8000000000000000297855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293652fda2ec7b662023-02-08 09:53:54.647root 11241100x8000000000000000297854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287a79b6af7eab322023-02-08 09:53:54.647root 11241100x8000000000000000297853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3147be9e64bd9132023-02-08 09:53:54.647root 11241100x8000000000000000297852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe3d2f007c7eada2023-02-08 09:53:54.647root 11241100x8000000000000000297851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ba07447ecb21f22023-02-08 09:53:54.647root 11241100x8000000000000000297850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3220a9dfec0e4452023-02-08 09:53:54.647root 11241100x8000000000000000297849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.647{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddebddab91560232023-02-08 09:53:54.647root 11241100x8000000000000000297880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f420403499fa7fa2023-02-08 09:53:54.648root 11241100x8000000000000000297879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e743ce664c152f482023-02-08 09:53:54.648root 11241100x8000000000000000297878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bf6c7536bfb0a72023-02-08 09:53:54.648root 11241100x8000000000000000297877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ac77890f5889272023-02-08 09:53:54.648root 11241100x8000000000000000297876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a3b38383091822023-02-08 09:53:54.648root 11241100x8000000000000000297875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d43696ffccad372023-02-08 09:53:54.648root 11241100x8000000000000000297874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0835dbcab832d0a2023-02-08 09:53:54.648root 11241100x8000000000000000297873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b95b14d3ec907962023-02-08 09:53:54.648root 11241100x8000000000000000297872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50595edaed76a4ad2023-02-08 09:53:54.648root 11241100x8000000000000000297871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdee0d4be31d2402023-02-08 09:53:54.648root 11241100x8000000000000000297870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b21b681436572e2023-02-08 09:53:54.648root 11241100x8000000000000000297869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a120315a8af7982023-02-08 09:53:54.648root 11241100x8000000000000000297868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8065f7c02e2bd4022023-02-08 09:53:54.648root 11241100x8000000000000000297867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e608b791ff65bfd62023-02-08 09:53:54.648root 11241100x8000000000000000297866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba74f2731eda5d842023-02-08 09:53:54.648root 11241100x8000000000000000297865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.648{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a855e62ba211b2023-02-08 09:53:54.648root 11241100x8000000000000000297895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9209f3caa699e1162023-02-08 09:53:54.649root 11241100x8000000000000000297894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c1eb99e8f82a8b2023-02-08 09:53:54.649root 11241100x8000000000000000297893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbffbc395465eac92023-02-08 09:53:54.649root 11241100x8000000000000000297892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dea3cb8ca6ddb1e2023-02-08 09:53:54.649root 11241100x8000000000000000297891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c7b45acba8c9a2023-02-08 09:53:54.649root 11241100x8000000000000000297890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316e5a6a5fa829b72023-02-08 09:53:54.649root 11241100x8000000000000000297889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ccb51204a8b8862023-02-08 09:53:54.649root 11241100x8000000000000000297888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9925a32c13a532023-02-08 09:53:54.649root 11241100x8000000000000000297887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e2a961541092552023-02-08 09:53:54.649root 11241100x8000000000000000297886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6f6573c8328c0e2023-02-08 09:53:54.649root 11241100x8000000000000000297885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd6457c1271ecd62023-02-08 09:53:54.649root 11241100x8000000000000000297884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1dfcd255e213dd2023-02-08 09:53:54.649root 11241100x8000000000000000297883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d14198e6225be22023-02-08 09:53:54.649root 11241100x8000000000000000297882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a000804d46601602023-02-08 09:53:54.649root 11241100x8000000000000000297881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.649{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc475063ac98da92023-02-08 09:53:54.649root 11241100x8000000000000000297912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637fa25d7f5e6ff32023-02-08 09:53:54.650root 11241100x8000000000000000297911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d790bda935a91a82023-02-08 09:53:54.650root 11241100x8000000000000000297910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245d85d9d0dd0d242023-02-08 09:53:54.650root 11241100x8000000000000000297909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e0ff663142e63d2023-02-08 09:53:54.650root 11241100x8000000000000000297908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400525d1e5eb86502023-02-08 09:53:54.650root 11241100x8000000000000000297907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790bd2fff10066512023-02-08 09:53:54.650root 11241100x8000000000000000297906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc5b8c459637a0f2023-02-08 09:53:54.650root 11241100x8000000000000000297905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21731c6dc439e9892023-02-08 09:53:54.650root 11241100x8000000000000000297904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f00473bac79d3b82023-02-08 09:53:54.650root 11241100x8000000000000000297903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f0f07c6a7fdc012023-02-08 09:53:54.650root 11241100x8000000000000000297902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0d6b86d0918c352023-02-08 09:53:54.650root 11241100x8000000000000000297901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8155c69e911c962023-02-08 09:53:54.650root 11241100x8000000000000000297900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89017d84f957ec972023-02-08 09:53:54.650root 11241100x8000000000000000297899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d538793999e7e8522023-02-08 09:53:54.650root 11241100x8000000000000000297898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a829cbff39c2172023-02-08 09:53:54.650root 11241100x8000000000000000297897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890de3bae3f4cba32023-02-08 09:53:54.650root 11241100x8000000000000000297896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.650{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce3209bf57573bf2023-02-08 09:53:54.650root 11241100x8000000000000000297919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a97ccc4e0ea42f22023-02-08 09:53:54.651root 11241100x8000000000000000297918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846d7323f2f0f312023-02-08 09:53:54.651root 11241100x8000000000000000297917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e176b39c092592e42023-02-08 09:53:54.651root 11241100x8000000000000000297916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100c0eb3a3969f9c2023-02-08 09:53:54.651root 11241100x8000000000000000297915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51eec0c346f8d82023-02-08 09:53:54.651root 11241100x8000000000000000297914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830d3f99b2f336272023-02-08 09:53:54.651root 11241100x8000000000000000297913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.651{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b83bed618f285442023-02-08 09:53:54.651root 11241100x8000000000000000297931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b2959751e87fac2023-02-08 09:53:54.652root 11241100x8000000000000000297930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5e42eac71f8c042023-02-08 09:53:54.652root 11241100x8000000000000000297929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e09df6698200902023-02-08 09:53:54.652root 11241100x8000000000000000297928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6e30272243c1d42023-02-08 09:53:54.652root 11241100x8000000000000000297927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70774c4448b9bc3c2023-02-08 09:53:54.652root 11241100x8000000000000000297926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d084c421126aa8712023-02-08 09:53:54.652root 11241100x8000000000000000297925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f108bbdb460d9512023-02-08 09:53:54.652root 11241100x8000000000000000297924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d57cab97f53acd2023-02-08 09:53:54.652root 11241100x8000000000000000297923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6439d85849e323db2023-02-08 09:53:54.652root 11241100x8000000000000000297922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841fd7d0143cbc02023-02-08 09:53:54.652root 11241100x8000000000000000297921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc4fa268222e68c2023-02-08 09:53:54.652root 11241100x8000000000000000297920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.652{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a85d89250ab04fc2023-02-08 09:53:54.652root 11241100x8000000000000000297944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1532dd8dde7d496c2023-02-08 09:53:54.653root 11241100x8000000000000000297943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd24167a70ebe9812023-02-08 09:53:54.653root 11241100x8000000000000000297942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea77b597776dee52023-02-08 09:53:54.653root 11241100x8000000000000000297941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0b8daf53bea2ef2023-02-08 09:53:54.653root 11241100x8000000000000000297940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb8e249eea58e502023-02-08 09:53:54.653root 11241100x8000000000000000297939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468d75325ef69fd52023-02-08 09:53:54.653root 11241100x8000000000000000297938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0f87f31be19a9b2023-02-08 09:53:54.653root 11241100x8000000000000000297937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1400c734d84d91c82023-02-08 09:53:54.653root 11241100x8000000000000000297936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fbef1ac9c990822023-02-08 09:53:54.653root 11241100x8000000000000000297935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c1bc7677191f062023-02-08 09:53:54.653root 11241100x8000000000000000297934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607704e754171a372023-02-08 09:53:54.653root 11241100x8000000000000000297933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98faf40e568a8702023-02-08 09:53:54.653root 11241100x8000000000000000297932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.653{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886c8d2ed28040662023-02-08 09:53:54.653root 11241100x8000000000000000297950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2cb044b8507e7a2023-02-08 09:53:54.654root 11241100x8000000000000000297949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f915a1f8fbdf98bc2023-02-08 09:53:54.654root 11241100x8000000000000000297948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b066246ab72de612023-02-08 09:53:54.654root 11241100x8000000000000000297947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f42a963c38513c92023-02-08 09:53:54.654root 11241100x8000000000000000297946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b826916337c900032023-02-08 09:53:54.654root 11241100x8000000000000000297945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.654{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3526646e8d5070fb2023-02-08 09:53:54.654root 11241100x8000000000000000297964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1155c6a2303991f12023-02-08 09:53:54.655root 11241100x8000000000000000297963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e33222724442622023-02-08 09:53:54.655root 11241100x8000000000000000297962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd1d3c7a19308282023-02-08 09:53:54.655root 11241100x8000000000000000297961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9345c21061231c532023-02-08 09:53:54.655root 11241100x8000000000000000297960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8801a3bfd6abf3722023-02-08 09:53:54.655root 11241100x8000000000000000297959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31613b53c4d33b02023-02-08 09:53:54.655root 11241100x8000000000000000297958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c196ec90868c70e52023-02-08 09:53:54.655root 11241100x8000000000000000297957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2238abf9a7745e2023-02-08 09:53:54.655root 11241100x8000000000000000297956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6707614110dc9f9a2023-02-08 09:53:54.655root 11241100x8000000000000000297955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a66646f5d378e82023-02-08 09:53:54.655root 11241100x8000000000000000297954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd97581e0403762023-02-08 09:53:54.655root 11241100x8000000000000000297953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a17d6060969f9b2023-02-08 09:53:54.655root 11241100x8000000000000000297952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d386c1047d3b73a2023-02-08 09:53:54.655root 11241100x8000000000000000297951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.655{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ff1ab5d3f9d5fb2023-02-08 09:53:54.655root 11241100x8000000000000000297976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e83bafd2fbe477c2023-02-08 09:53:54.656root 11241100x8000000000000000297975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f42ed6631f8102023-02-08 09:53:54.656root 11241100x8000000000000000297974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe08cef7855b6f62023-02-08 09:53:54.656root 11241100x8000000000000000297973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee12092e500f172023-02-08 09:53:54.656root 11241100x8000000000000000297972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e6628b712fe0d2023-02-08 09:53:54.656root 11241100x8000000000000000297971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca597aff7e07f0f32023-02-08 09:53:54.656root 11241100x8000000000000000297970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d28a4b2bd567952023-02-08 09:53:54.656root 11241100x8000000000000000297969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b5767cd2ac1a442023-02-08 09:53:54.656root 11241100x8000000000000000297968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b142e408ebe9e2023-02-08 09:53:54.656root 11241100x8000000000000000297967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e6dcef81355bd82023-02-08 09:53:54.656root 11241100x8000000000000000297966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfaf1286bea0cd42023-02-08 09:53:54.656root 11241100x8000000000000000297965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.656{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60cc4cf95a62cea2023-02-08 09:53:54.656root 11241100x8000000000000000297983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8080f9a097332e2023-02-08 09:53:54.912root 11241100x8000000000000000297982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d899562d1da382023-02-08 09:53:54.912root 11241100x8000000000000000297981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74bb7b0ec82d03d2023-02-08 09:53:54.912root 11241100x8000000000000000297980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4612054103a1072023-02-08 09:53:54.912root 11241100x8000000000000000297979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bef084409112b12023-02-08 09:53:54.912root 11241100x8000000000000000297978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35337eff1c015162023-02-08 09:53:54.912root 11241100x8000000000000000297977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.912{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1639aab7bcea35232023-02-08 09:53:54.912root 11241100x8000000000000000297990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303e54cffb6e03052023-02-08 09:53:54.913root 11241100x8000000000000000297989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53329347efbb9fbc2023-02-08 09:53:54.913root 11241100x8000000000000000297988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db40fc4df1d2bd182023-02-08 09:53:54.913root 11241100x8000000000000000297987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6461edfcbd585e192023-02-08 09:53:54.913root 11241100x8000000000000000297986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563e5a95c0ad92cb2023-02-08 09:53:54.913root 11241100x8000000000000000297985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7b168e492d68ae2023-02-08 09:53:54.913root 11241100x8000000000000000297984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.913{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5dfe13ca886d792023-02-08 09:53:54.913root 11241100x8000000000000000298001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89488680af85050c2023-02-08 09:53:54.914root 11241100x8000000000000000298000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92858a006d1bbaa2023-02-08 09:53:54.914root 11241100x8000000000000000297999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd97f5c8a8f13912023-02-08 09:53:54.914root 11241100x8000000000000000297998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c21ec217ef95ee2023-02-08 09:53:54.914root 11241100x8000000000000000297997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84aa9c25a1eeda462023-02-08 09:53:54.914root 11241100x8000000000000000297996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c9c1f7e46ee8462023-02-08 09:53:54.914root 11241100x8000000000000000297995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df5d1229f1b0cf22023-02-08 09:53:54.914root 11241100x8000000000000000297994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7cae84476df782023-02-08 09:53:54.914root 11241100x8000000000000000297993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d580308767b4d172023-02-08 09:53:54.914root 11241100x8000000000000000297992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fefe3997663647b2023-02-08 09:53:54.914root 11241100x8000000000000000297991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.914{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fc5b0563efc5432023-02-08 09:53:54.914root 11241100x8000000000000000298011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70612f18a7931faa2023-02-08 09:53:54.915root 11241100x8000000000000000298010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb68cea8402f4052023-02-08 09:53:54.915root 11241100x8000000000000000298009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e98a94c6eb89562023-02-08 09:53:54.915root 11241100x8000000000000000298008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ee36a2f6c54cf82023-02-08 09:53:54.915root 11241100x8000000000000000298007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61cd42e035034012023-02-08 09:53:54.915root 11241100x8000000000000000298006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e110c20fcc66262023-02-08 09:53:54.915root 11241100x8000000000000000298005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ab06f7e3621a3c2023-02-08 09:53:54.915root 11241100x8000000000000000298004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb840517ce59e02023-02-08 09:53:54.915root 11241100x8000000000000000298003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7db74b3510d32b2023-02-08 09:53:54.915root 11241100x8000000000000000298002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.915{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c1267859c13fec2023-02-08 09:53:54.915root 11241100x8000000000000000298018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad96342e43d54f712023-02-08 09:53:54.916root 11241100x8000000000000000298017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbbd12e5b9955ae2023-02-08 09:53:54.916root 11241100x8000000000000000298016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727cc8a22fc7acb02023-02-08 09:53:54.916root 11241100x8000000000000000298015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab3ef913ef114e32023-02-08 09:53:54.916root 11241100x8000000000000000298014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8949372008c4caf2023-02-08 09:53:54.916root 11241100x8000000000000000298013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e12fdcd471c4572023-02-08 09:53:54.916root 11241100x8000000000000000298012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.916{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983527d096f744812023-02-08 09:53:54.916root 11241100x8000000000000000298023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c540bc9aa1abba2023-02-08 09:53:54.917root 11241100x8000000000000000298022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca11fac33b1ae432023-02-08 09:53:54.917root 11241100x8000000000000000298021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c52ecefc219c812023-02-08 09:53:54.917root 11241100x8000000000000000298020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25fa99d87f9f2d32023-02-08 09:53:54.917root 11241100x8000000000000000298019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.917{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9c5913bf6a03292023-02-08 09:53:54.917root 11241100x8000000000000000298026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942c0421f5bc99642023-02-08 09:53:54.919root 11241100x8000000000000000298025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf919620880c90232023-02-08 09:53:54.919root 11241100x8000000000000000298024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:54.919{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe0d3e6c76d93e62023-02-08 09:53:54.919root 11241100x8000000000000000298027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.383{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c29ba9d8e27a1072023-02-08 09:53:55.383root 11241100x8000000000000000298031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.384{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38470d44909ad392023-02-08 09:53:55.384root 11241100x8000000000000000298030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.384{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ef762f2e0d64eb2023-02-08 09:53:55.384root 11241100x8000000000000000298029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.384{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c87a095183646f2023-02-08 09:53:55.384root 11241100x8000000000000000298028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.384{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8755a31c60292652023-02-08 09:53:55.384root 11241100x8000000000000000298036Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.385{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795c9083afe65db12023-02-08 09:53:55.385root 11241100x8000000000000000298035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.385{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b68bd58558696042023-02-08 09:53:55.385root 11241100x8000000000000000298034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.385{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df152cbd0d7c4ad2023-02-08 09:53:55.385root 11241100x8000000000000000298033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.385{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a01dad956d0c2d2023-02-08 09:53:55.385root 11241100x8000000000000000298032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.385{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf2c21add5513ce2023-02-08 09:53:55.385root 11241100x8000000000000000298042Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0943baddfdf3cbb72023-02-08 09:53:55.386root 11241100x8000000000000000298041Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b52ba51bf40b602023-02-08 09:53:55.386root 11241100x8000000000000000298040Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858dafaa5d01bc6f2023-02-08 09:53:55.386root 11241100x8000000000000000298039Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac99bfb7a0c43552023-02-08 09:53:55.386root 11241100x8000000000000000298038Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5ba551700f86132023-02-08 09:53:55.386root 11241100x8000000000000000298037Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.386{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed220b8e67322f2023-02-08 09:53:55.386root 11241100x8000000000000000298046Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bafa51b553378d42023-02-08 09:53:55.387root 11241100x8000000000000000298045Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6da8394362388f2023-02-08 09:53:55.387root 11241100x8000000000000000298044Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9683888cd21c92023-02-08 09:53:55.387root 11241100x8000000000000000298043Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.387{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bf12d7f0cd13182023-02-08 09:53:55.387root 11241100x8000000000000000298051Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e4d5ead1a5f04d2023-02-08 09:53:55.388root 11241100x8000000000000000298050Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815e09799e506a412023-02-08 09:53:55.388root 11241100x8000000000000000298049Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e8793f641d19412023-02-08 09:53:55.388root 11241100x8000000000000000298048Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9116e255971ca32023-02-08 09:53:55.388root 11241100x8000000000000000298047Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.388{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e1aa825dd706312023-02-08 09:53:55.388root 11241100x8000000000000000298055Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4efd9547295e52023-02-08 09:53:55.389root 11241100x8000000000000000298054Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab629feb548588e2023-02-08 09:53:55.389root 11241100x8000000000000000298053Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c5845f09f714c22023-02-08 09:53:55.389root 11241100x8000000000000000298052Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.389{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74149f93ab7ab692023-02-08 09:53:55.389root 11241100x8000000000000000298058Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510e6759693d3df22023-02-08 09:53:55.390root 11241100x8000000000000000298057Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1763e9450096c02023-02-08 09:53:55.390root 11241100x8000000000000000298056Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.390{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae74df2dfee10dbe2023-02-08 09:53:55.390root 11241100x8000000000000000298064Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b92bbf4eef776c2023-02-08 09:53:55.391root 11241100x8000000000000000298063Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffa871a513157bb2023-02-08 09:53:55.391root 11241100x8000000000000000298062Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8accb976268f42023-02-08 09:53:55.391root 11241100x8000000000000000298061Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b1eec7baee68a42023-02-08 09:53:55.391root 11241100x8000000000000000298060Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acca0350b74182822023-02-08 09:53:55.391root 11241100x8000000000000000298059Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.391{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307004f127bd94422023-02-08 09:53:55.391root 11241100x8000000000000000298067Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbc56699934df562023-02-08 09:53:55.392root 11241100x8000000000000000298066Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588126bd1d235ed32023-02-08 09:53:55.392root 11241100x8000000000000000298065Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.392{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643356191b5f395f2023-02-08 09:53:55.392root 11241100x8000000000000000298070Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a388b2a9bd3d8612023-02-08 09:53:55.393root 11241100x8000000000000000298069Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d2ca0c83ab5f232023-02-08 09:53:55.393root 11241100x8000000000000000298068Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.393{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e584fa8de715cd192023-02-08 09:53:55.393root 11241100x8000000000000000298073Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbef0e6a7ea27d02023-02-08 09:53:55.394root 11241100x8000000000000000298072Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f41c8c02237376d2023-02-08 09:53:55.394root 11241100x8000000000000000298071Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.394{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717fc74c289ba7c92023-02-08 09:53:55.394root 11241100x8000000000000000298076Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.395{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c63a49041062e822023-02-08 09:53:55.395root 11241100x8000000000000000298075Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.395{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea8ed179bd33c332023-02-08 09:53:55.395root 11241100x8000000000000000298074Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.395{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2d878c8e05d69d2023-02-08 09:53:55.395root 11241100x8000000000000000298079Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.396{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6a802d5a7fe1762023-02-08 09:53:55.396root 11241100x8000000000000000298078Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.396{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3349e24315d2c4c22023-02-08 09:53:55.396root 11241100x8000000000000000298077Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.396{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb02ed398fe5c22023-02-08 09:53:55.396root 11241100x8000000000000000298082Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0243337fe5717142023-02-08 09:53:55.397root 11241100x8000000000000000298081Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69d462c53d3a8862023-02-08 09:53:55.397root 11241100x8000000000000000298080Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.397{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1505c473b7a6d912023-02-08 09:53:55.397root 11241100x8000000000000000298085Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.398{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b01f0c25faef3942023-02-08 09:53:55.398root 11241100x8000000000000000298084Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.398{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283ab1ead24462c82023-02-08 09:53:55.398root 11241100x8000000000000000298083Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.398{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28317435ae612b832023-02-08 09:53:55.398root 11241100x8000000000000000298088Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002f0a3449f2de892023-02-08 09:53:55.399root 11241100x8000000000000000298087Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0688f3b7e2c2942023-02-08 09:53:55.399root 11241100x8000000000000000298086Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.399{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d98206af7d800c2023-02-08 09:53:55.399root 11241100x8000000000000000298091Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b31a7b8d14225ac2023-02-08 09:53:55.400root 11241100x8000000000000000298090Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e205c9cfccc53c272023-02-08 09:53:55.400root 11241100x8000000000000000298089Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.400{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36ed9656b6854312023-02-08 09:53:55.400root 11241100x8000000000000000298094Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c624374727a84c7c2023-02-08 09:53:55.401root 11241100x8000000000000000298093Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01adb6f27b41e2f32023-02-08 09:53:55.401root 11241100x8000000000000000298092Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.401{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb8183c46d4f52c2023-02-08 09:53:55.401root 11241100x8000000000000000298097Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3097a03102c27f42023-02-08 09:53:55.402root 11241100x8000000000000000298096Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb52e327f24cbdf82023-02-08 09:53:55.402root 11241100x8000000000000000298095Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.402{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8b6ddd9c2be7622023-02-08 09:53:55.402root 11241100x8000000000000000298099Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.403{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c96883efd91c3122023-02-08 09:53:55.403root 11241100x8000000000000000298098Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.403{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c0e3f513ff02a2023-02-08 09:53:55.403root 11241100x8000000000000000298103Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.404{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a1637c2f3cc0f32023-02-08 09:53:55.404root 11241100x8000000000000000298102Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.404{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9f3a7f13da57992023-02-08 09:53:55.404root 11241100x8000000000000000298101Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.404{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e9882d89d9c1d2023-02-08 09:53:55.404root 11241100x8000000000000000298100Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.404{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adb46ff71d6a6542023-02-08 09:53:55.404root 11241100x8000000000000000298105Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.405{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea5ee36538e97cd2023-02-08 09:53:55.405root 11241100x8000000000000000298104Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.405{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331132372345e4d22023-02-08 09:53:55.405root 11241100x8000000000000000298108Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.406{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd4c0b05c59fe302023-02-08 09:53:55.406root 11241100x8000000000000000298107Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.406{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39df5725ab0956902023-02-08 09:53:55.406root 11241100x8000000000000000298106Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.406{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e41137507e34f02023-02-08 09:53:55.406root 11241100x8000000000000000298111Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.407{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd58287add6e29092023-02-08 09:53:55.407root 11241100x8000000000000000298110Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.407{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2806292fd34fb042023-02-08 09:53:55.407root 11241100x8000000000000000298109Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.407{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9e202202d66f842023-02-08 09:53:55.407root 11241100x8000000000000000298115Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.408{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90966e297e2a987c2023-02-08 09:53:55.408root 11241100x8000000000000000298114Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.408{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926c045ddd72501b2023-02-08 09:53:55.408root 11241100x8000000000000000298113Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.408{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604e2879ceb974c12023-02-08 09:53:55.408root 11241100x8000000000000000298112Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.408{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894c9a42aaad28842023-02-08 09:53:55.408root 11241100x8000000000000000298118Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.409{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5664b92f228d7142023-02-08 09:53:55.409root 11241100x8000000000000000298117Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.409{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62bd4d473575ce72023-02-08 09:53:55.409root 11241100x8000000000000000298116Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.409{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c482619e53ac0e6d2023-02-08 09:53:55.409root 11241100x8000000000000000298122Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d411aab5d5b6f86e2023-02-08 09:53:55.410root 11241100x8000000000000000298121Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5640e7b543d8d64c2023-02-08 09:53:55.410root 11241100x8000000000000000298120Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9eae4f693628b12023-02-08 09:53:55.410root 11241100x8000000000000000298119Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.410{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d5ceec3a8821172023-02-08 09:53:55.410root 11241100x8000000000000000298126Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.411{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ebd21d526382de2023-02-08 09:53:55.411root 11241100x8000000000000000298125Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.411{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f9f9dd0a3ca5c92023-02-08 09:53:55.411root 11241100x8000000000000000298124Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.411{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845e1f32eec97e482023-02-08 09:53:55.411root 11241100x8000000000000000298123Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.411{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750602251496bd342023-02-08 09:53:55.411root 11241100x8000000000000000298129Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.412{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13446d648ef4f9152023-02-08 09:53:55.412root 11241100x8000000000000000298128Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.412{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b914d83d1e4ce992023-02-08 09:53:55.412root 11241100x8000000000000000298127Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.412{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99660a4c3c915b322023-02-08 09:53:55.412root 11241100x8000000000000000298131Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.413{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf155358e1669a52023-02-08 09:53:55.413root 11241100x8000000000000000298130Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:53:55.413{ec2a0601-7121-63e3-600c-b92a45560000}1724/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f98e367985d3f882023-02-08 09:53:55.413root 354300x8000000000000000298228Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:00.093{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-46152-false10.0.1.20-8089- 534500x8000000000000000298229Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.902{ec2a0601-711a-63e3-0000-000000000000}1391-root 23542300x8000000000000000298230Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.903{ec2a0601-7113-63e3-c8ea-60bf5b550000}459root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:21214--- 23542300x8000000000000000298231Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.904{ec2a0601-710b-63e3-5859-f4e22c560000}1root/lib/systemd/systemd/run/systemd/units/invocation:systemd-timedated.service--- 534500x8000000000000000298233Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.906{ec2a0601-710b-63e3-5859-f4e22c560000}1/lib/systemd/systemdroot 534500x8000000000000000298232Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.906{ec2a0601-710b-63e3-5859-f4e22c560000}1/lib/systemd/systemdroot 23542300x8000000000000000298234Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.964{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298239Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.965{ec2a0601-7139-63e3-0000-000000000000}1772-root 534500x8000000000000000298238Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.965{00000000-0000-0000-0000-000000000000}1776<unknown process>root 534500x8000000000000000298237Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.965{ec2a0601-7139-63e3-0000-000000000000}1771-root 534500x8000000000000000298236Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.965{ec2a0601-7139-63e3-0000-000000000000}1770-root 534500x8000000000000000298235Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.965{ec2a0601-7139-63e3-0000-000000000000}1777-root 534500x8000000000000000298242Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.966{ec2a0601-7139-63e3-0000-000000000000}1775-root 534500x8000000000000000298241Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.966{00000000-0000-0000-0000-000000000000}1774<unknown process>root 534500x8000000000000000298240Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:01.966{00000000-0000-0000-0000-000000000000}1773<unknown process>root 354300x8000000000000000298243Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:03.117{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-57944-false10.0.1.12-8000- 354300x8000000000000000298244Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:05.464{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-49420-false10.0.1.20-8089- 23542300x8000000000000000298245Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:07.588{ec2a0601-711b-63e3-606c-3fcabc550000}1545root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000298246Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:08.147{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46078-false10.0.1.12-8000- 354300x8000000000000000298247Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:09.914{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-52766-false10.0.1.20-8089- 354300x8000000000000000298248Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:13.777{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-55932-false10.0.1.20-8089- 354300x8000000000000000298249Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:14.001{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-44240-false10.0.1.12-8089- 354300x8000000000000000298250Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:14.006{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-44252-false10.0.1.12-8089- 354300x8000000000000000298251Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:14.121{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-46090-false10.0.1.12-8000- 354300x8000000000000000298252Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:15.983{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-57376-false10.0.1.20-8089- 354300x8000000000000000298253Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:17.686{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-58520-false10.0.1.20-8089- 354300x8000000000000000298254Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:19.133{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59078-false10.0.1.12-8000- 354300x8000000000000000298255Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:20.513{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-60346-false10.0.1.20-8089- 354300x8000000000000000298256Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:21.874{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-33208-false10.0.1.20-8089- 354300x8000000000000000298257Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:23.848{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-34664-false10.0.1.20-8089- 354300x8000000000000000298258Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:24.180{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-59088-false10.0.1.12-8000- 354300x8000000000000000298259Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:25.966{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-35992-false10.0.1.20-8089- 354300x8000000000000000298260Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:28.566{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-37550-false10.0.1.20-8089- 354300x8000000000000000298261Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:28.874{ec2a0601-7114-63e3-7036-840df7550000}656/lib/systemd/systemd-timesyncdsystemd-timesyncudptruefalse10.0.1.20-34083-false169.254.169.123-123- 354300x8000000000000000298262Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:29.235{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42886-false10.0.1.12-8000- 354300x8000000000000000298263Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:31.331{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-39088-false10.0.1.20-8089- 154100x8000000000000000298264Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:32.815{ec2a0601-7158-63e3-68e4-c5c5f0550000}1779/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1046--- 534500x8000000000000000298265Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:32.827{ec2a0601-7158-63e3-68e4-c5c5f0550000}1779/bin/psroot 354300x8000000000000000298266Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:34.182{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkdroottcpfalsefalse107.155.55.108-40700-false10.0.1.20-8089- 354300x8000000000000000298267Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:35.233{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-42894-false10.0.1.12-8000- 23542300x8000000000000000298268Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:37.528{ec2a0601-711b-63e3-606c-3fcabc550000}1545root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000298269Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:41.156{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43920-false10.0.1.12-8000- 354300x8000000000000000298270Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:46.177{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43934-false10.0.1.12-8000- 354300x8000000000000000298271Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:51.226{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-43398-false10.0.1.12-8000- 354300x8000000000000000298272Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:54:57.089{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56464-false10.0.1.12-8000- 354300x8000000000000000298273Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:03.068{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56478-false10.0.1.12-8000- 23542300x8000000000000000298274Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:07.620{ec2a0601-711b-63e3-606c-3fcabc550000}1545root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000298275Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:08.085{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41616-false10.0.1.12-8000- 354300x8000000000000000298276Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:14.061{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-41628-false10.0.1.12-8000- 354300x8000000000000000298277Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.691{ec2a0601-7118-63e3-e0e7-906d2d560000}1084/usr/sbin/sshd-tcpfalsefalse212.187.221.34-50888-false10.0.1.20-22- 154100x8000000000000000298278Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.692{ec2a0601-7187-63e3-e007-046404560000}1780/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1084--- 534500x8000000000000000298283Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.697{00000000-0000-0000-0000-000000000000}1786<unknown process>root 534500x8000000000000000298282Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.697{00000000-0000-0000-0000-000000000000}1782<unknown process>root 534500x8000000000000000298281Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.697{00000000-0000-0000-0000-000000000000}1784<unknown process>root 534500x8000000000000000298280Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.697{ec2a0601-7139-63e3-0000-000000000000}1785-root 23542300x8000000000000000298279Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.697{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298285Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.698{ec2a0601-7139-63e3-0000-000000000000}1781-root 534500x8000000000000000298284Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.698{00000000-0000-0000-0000-000000000000}1783<unknown process>root 534500x8000000000000000298287Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.701{ec2a0601-7139-63e3-0000-000000000000}1788-root 23542300x8000000000000000298286Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:19.701{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 354300x8000000000000000298288Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.060{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56414-false10.0.1.12-8000- 534500x8000000000000000298290Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.269{ec2a0601-7188-63e3-0000-000000000000}1789-root 23542300x8000000000000000298289Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.269{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298291Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.502{ec2a0601-7187-63e3-0000-000000000000}1787-sshd 534500x8000000000000000298293Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.503{00000000-0000-0000-0000-000000000000}1790<unknown process>root 23542300x8000000000000000298292Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.503{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 154100x8000000000000000298294Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.527{ec2a0601-7188-63e3-5809-89b788550000}1791/lib/systemd/systemd-----/lib/systemd/systemd --user/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}1--- 23542300x8000000000000000298295Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.542{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298302Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{00000000-0000-0000-0000-000000000000}1794<unknown process>root 534500x8000000000000000298301Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{ec2a0601-7188-63e3-0000-000000000000}1792-root 534500x8000000000000000298300Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{00000000-0000-0000-0000-000000000000}1798<unknown process>root 534500x8000000000000000298299Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{00000000-0000-0000-0000-000000000000}1799<unknown process>root 534500x8000000000000000298298Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{00000000-0000-0000-0000-000000000000}1795<unknown process>root 534500x8000000000000000298297Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{ec2a0601-7188-63e3-0000-000000000000}1800-root 534500x8000000000000000298296Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.543{ec2a0601-7188-63e3-0000-000000000000}1793-root 534500x8000000000000000298305Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.544{00000000-0000-0000-0000-000000000000}1801<unknown process>root 534500x8000000000000000298304Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.544{ec2a0601-7188-63e3-0000-000000000000}1796-root 534500x8000000000000000298303Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.544{00000000-0000-0000-0000-000000000000}1797<unknown process>root 154100x8000000000000000298306Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.545{ec2a0601-7188-63e3-d002-b0c375550000}1806/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator-----/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}1803--- 534500x8000000000000000298309Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.550{00000000-0000-0000-0000-000000000000}1808<unknown process>root 534500x8000000000000000298308Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.550{ec2a0601-7188-63e3-d002-b0c375550000}1806/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generatorubuntu 23542300x8000000000000000298307Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.550{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 154100x8000000000000000298313Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.551{ec2a0601-7188-63e3-48d4-d2178e550000}1809/bin/bash-----/bin/bash /usr/lib/systemd/user-environment-generators/90gpg-agent/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}1803--- 534500x8000000000000000298312Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.551{00000000-0000-0000-0000-000000000000}1807<unknown process>root 534500x8000000000000000298311Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.551{ec2a0601-7188-63e3-0000-000000000000}1804-root 534500x8000000000000000298310Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.551{ec2a0601-7188-63e3-0000-000000000000}1805-root 154100x8000000000000000298314Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.553{ec2a0601-7188-63e3-b08f-1d9202560000}1810/usr/bin/gpgconf-----gpgconf --list-dirs agent-socket/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{ec2a0601-7188-63e3-48d4-d2178e550000}1809/bin/bash/bin/bashubuntu 23542300x8000000000000000298315Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.555{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298317Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.556{ec2a0601-7188-63e3-0000-000000000000}1811-root 534500x8000000000000000298316Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.556{ec2a0601-7188-63e3-0000-000000000000}1812-root 534500x8000000000000000298318Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.558{ec2a0601-7188-63e3-b08f-1d9202560000}1810/usr/bin/gpgconfubuntu 154100x8000000000000000298320Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.559{ec2a0601-7188-63e3-f01c-0ff558550000}1815/usr/bin/gawk-----awk -F: /^enable-ssh-support:/{ print $10 }/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}1813--- 154100x8000000000000000298319Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.559{ec2a0601-7188-63e3-b01f-ed184e560000}1814/usr/bin/gpgconf-----gpgconf --list-options gpg-agent/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{00000000-0000-0000-0000-000000000000}1813--- 154100x8000000000000000298321Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.560{ec2a0601-7188-63e3-c855-61c8eb550000}1816/usr/bin/gpg-agent-----gpg-agent --gpgconf-list/ubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{ec2a0601-7188-63e3-b01f-ed184e560000}1814/usr/bin/gpgconfgpgconfubuntu 534500x8000000000000000298322Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.568{ec2a0601-7188-63e3-c855-61c8eb550000}1816/usr/bin/gpg-agentubuntu 534500x8000000000000000298325Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.569{ec2a0601-7188-63e3-0000-000000000000}1813-ubuntu 534500x8000000000000000298324Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.569{ec2a0601-7188-63e3-f01c-0ff558550000}1815/usr/bin/gawkubuntu 534500x8000000000000000298323Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.569{ec2a0601-7188-63e3-b01f-ed184e560000}1814/usr/bin/gpgconfubuntu 534500x8000000000000000298327Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.570{00000000-0000-0000-0000-000000000000}1803<unknown process>ubuntu 534500x8000000000000000298326Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.570{ec2a0601-7188-63e3-48d4-d2178e550000}1809/bin/bashubuntu 534500x8000000000000000298328Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.571{00000000-0000-0000-0000-000000000000}1817<unknown process>ubuntu 154100x8000000000000000298329Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.592{ec2a0601-7188-63e3-d0bc-6c80ec550000}1818/bin/systemctl-----/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus/home/ubuntuubuntu{ec2a0601-0000-0000-e803-000000000000}10002no level-{ec2a0601-7188-63e3-5809-89b788550000}1791/lib/systemd/systemd/lib/systemd/systemdubuntu 534500x8000000000000000298330Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.598{ec2a0601-7188-63e3-d0bc-6c80ec550000}1818/bin/systemctlubuntu 154100x8000000000000000298333Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.600{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-6892-fd7722560000}1819/bin/dashshroot 154100x8000000000000000298332Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.600{ec2a0601-7188-63e3-781c-fd76d6550000}1820/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-6892-fd7722560000}1819/bin/dashshroot 154100x8000000000000000298331Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.600{ec2a0601-7188-63e3-6892-fd7722560000}1819/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7187-63e3-e007-046404560000}1780/usr/sbin/sshd/usr/sbin/sshdroot 154100x8000000000000000298334Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.603{ec2a0601-7188-63e3-68d2-61c1e9550000}1821/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298337Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.605{ec2a0601-7188-63e3-80de-3f91ed550000}1823/bin/uname-----uname -r/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-68d2-61c1e9550000}1821/bin/dash/bin/shroot 534500x8000000000000000298336Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.605{ec2a0601-7188-63e3-803e-cf5327560000}1822/bin/unameroot 154100x8000000000000000298335Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.605{ec2a0601-7188-63e3-803e-cf5327560000}1822/bin/uname-----uname -o/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-68d2-61c1e9550000}1821/bin/dash/bin/shroot 534500x8000000000000000298338Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.606{ec2a0601-7188-63e3-80de-3f91ed550000}1823/bin/unameroot 534500x8000000000000000298341Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.607{ec2a0601-7188-63e3-68d2-61c1e9550000}1821/bin/dashroot 534500x8000000000000000298340Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.607{ec2a0601-7188-63e3-805e-7eb009560000}1824/bin/unameroot 154100x8000000000000000298339Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.607{ec2a0601-7188-63e3-805e-7eb009560000}1824/bin/uname-----uname -m/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-68d2-61c1e9550000}1821/bin/dash/bin/shroot 534500x8000000000000000298343Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.608{ec2a0601-7188-63e3-6892-637470550000}1825/bin/dashroot 154100x8000000000000000298342Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.608{ec2a0601-7188-63e3-6892-637470550000}1825/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298344Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.609{ec2a0601-7188-63e3-6872-27fddf550000}1826/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298345Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.610{ec2a0601-7188-63e3-50bc-772fe9550000}1827/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-6872-27fddf550000}1826/bin/dash/bin/shroot 154100x8000000000000000298348Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.611{ec2a0601-7188-63e3-985f-66e871550000}1830/usr/bin/bc-----bc/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1828--- 154100x8000000000000000298347Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.611{ec2a0601-7188-63e3-b850-44ce7e550000}1831/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1829--- 534500x8000000000000000298346Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.611{ec2a0601-7188-63e3-50bc-772fe9550000}1827/bin/greproot 534500x8000000000000000298350Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.613{ec2a0601-7188-63e3-0000-000000000000}1829-root 534500x8000000000000000298349Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.613{ec2a0601-7188-63e3-b850-44ce7e550000}1831/usr/bin/cutroot 154100x8000000000000000298354Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.614{ec2a0601-7188-63e3-08af-711fee550000}1832/bin/date-----/bin/date/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-6872-27fddf550000}1826/bin/dash/bin/shroot 534500x8000000000000000298352Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.614{ec2a0601-7188-63e3-0000-000000000000}1828-root 534500x8000000000000000298351Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.614{ec2a0601-7188-63e3-985f-66e871550000}1830/usr/bin/bcroot 23542300x8000000000000000298353Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.615{ec2a0601-7113-63e3-c8ea-60bf5b550000}459root/lib/systemd/systemd-journald/run/systemd/journal/streams/9:25074--- 154100x8000000000000000298356Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.617{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-6872-27fddf550000}1826/bin/dash/bin/shroot 534500x8000000000000000298355Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.617{ec2a0601-7188-63e3-08af-711fee550000}1832/bin/dateroot 154100x8000000000000000298358Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.790{ec2a0601-7188-63e3-b881-5492387f0000}1834/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000298357Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.790{ec2a0601-7188-63e3-68f2-85d584550000}1834/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000298359Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.792{ec2a0601-7188-63e3-b881-5492387f0000}1834/sbin/ldconfig.realroot 154100x8000000000000000298361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.838{ec2a0601-7188-63e3-b871-5c5d427f0000}1835/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000298360Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.838{ec2a0601-7188-63e3-68b2-b3896b550000}1835/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000298362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:20.839{ec2a0601-7188-63e3-b871-5c5d427f0000}1835/sbin/ldconfig.realroot 534500x8000000000000000298363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.032{00000000-0000-0000-0000-000000000000}1836<unknown process>root 154100x8000000000000000298364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.080{ec2a0601-7189-63e3-f0a3-9f0047560000}1837/usr/bin/who-----who -q/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000298365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.085{ec2a0601-7189-63e3-f0a3-9f0047560000}1837/usr/bin/whoroot 154100x8000000000000000298368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.147{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.147{ec2a0601-7188-63e3-6872-27fddf550000}1826/bin/dashroot 534500x8000000000000000298366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.147{ec2a0601-7188-63e3-2030-7b0000000000}1833/usr/bin/python3.6root 154100x8000000000000000298373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.149{ec2a0601-7189-63e3-78d2-8fc76d550000}1840/usr/bin/head-----head -n 10/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dash/bin/shroot 534500x8000000000000000298372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.149{ec2a0601-7189-63e3-d0f9-5045bf550000}1839/bin/catroot 154100x8000000000000000298371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.149{ec2a0601-7189-63e3-b870-884204560000}1842/usr/bin/cut-----cut -c -80/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dash/bin/shroot 154100x8000000000000000298370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.149{ec2a0601-7189-63e3-e085-327c51560000}1841/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dash/bin/shroot 154100x8000000000000000298369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.149{ec2a0601-7189-63e3-d0f9-5045bf550000}1839/bin/cat-----cat /var/cache/motd-news/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dash/bin/shroot 534500x8000000000000000298374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.150{ec2a0601-7189-63e3-78d2-8fc76d550000}1840/usr/bin/headroot 154100x8000000000000000298378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.151{ec2a0601-7189-63e3-68f2-42d91f560000}1843/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.151{ec2a0601-7189-63e3-6832-2654fc550000}1838/bin/dashroot 534500x8000000000000000298376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.151{ec2a0601-7189-63e3-b870-884204560000}1842/usr/bin/cutroot 534500x8000000000000000298375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.151{ec2a0601-7189-63e3-e085-327c51560000}1841/usr/bin/trroot 154100x8000000000000000298380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.152{ec2a0601-7189-63e3-68c2-c8094d560000}1844/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.152{ec2a0601-7189-63e3-68f2-42d91f560000}1843/bin/dashroot 154100x8000000000000000298381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.153{ec2a0601-7189-63e3-d019-24c2f2550000}1845/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-68c2-c8094d560000}1844/bin/dash/bin/shroot 154100x8000000000000000298384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.155{ec2a0601-7189-63e3-6852-88d520560000}1846/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.155{ec2a0601-7189-63e3-68c2-c8094d560000}1844/bin/dashroot 534500x8000000000000000298382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.155{ec2a0601-7189-63e3-d019-24c2f2550000}1845/bin/catroot 154100x8000000000000000298392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.156{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dash-----/bin/sh -e /usr/lib/ubuntu-release-upgrader/release-upgrade-motd/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.156{ec2a0601-7189-63e3-68b2-b87b11560000}1847/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.156{ec2a0601-7189-63e3-6852-88d520560000}1846/bin/dashroot 154100x8000000000000000298388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.157{ec2a0601-7189-63e3-2030-7b0000000000}1849/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1848--- 154100x8000000000000000298387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.157{ec2a0601-7189-63e3-b8c0-cd6c59550000}1850/usr/bin/cut-----cut -d -f4/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1848--- 534500x8000000000000000298391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.217{00000000-0000-0000-0000-000000000000}1848<unknown process>root 534500x8000000000000000298390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.217{ec2a0601-7189-63e3-b8c0-cd6c59550000}1850/usr/bin/cutroot 534500x8000000000000000298389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.217{ec2a0601-7189-63e3-2030-7b0000000000}1849/usr/bin/python3.6root 154100x8000000000000000298393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.219{ec2a0601-7189-63e3-08df-3b01e6550000}1851/bin/date-----date +%s/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dash/bin/shroot 154100x8000000000000000298395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.220{ec2a0601-7189-63e3-8824-24d1f9550000}1852/usr/bin/stat-----stat -c %Y /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dash/bin/shroot 534500x8000000000000000298394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.220{ec2a0601-7189-63e3-08df-3b01e6550000}1851/bin/dateroot 154100x8000000000000000298397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.222{ec2a0601-7189-63e3-9845-9e1913560000}1853/usr/bin/expr-----expr 1675844674 + 86400/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dash/bin/shroot 534500x8000000000000000298396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.222{ec2a0601-7189-63e3-8824-24d1f9550000}1852/usr/bin/statroot 534500x8000000000000000298398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.224{ec2a0601-7189-63e3-9845-9e1913560000}1853/usr/bin/exprroot 154100x8000000000000000298399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.225{ec2a0601-7189-63e3-d089-56282e560000}1854/bin/cat-----cat /var/lib/ubuntu-release-upgrader/release-upgrade-available/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dash/bin/shroot 154100x8000000000000000298403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.226{ec2a0601-7189-63e3-68a2-ebb6a6550000}1855/bin/dash-----/bin/sh /usr/share/unattended-upgrades/update-motd-unattended-upgrades/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.226{ec2a0601-7189-63e3-6872-fa6200560000}1855/bin/dash-----/bin/sh /etc/update-motd.d/92-unattended-upgrades/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.226{ec2a0601-7189-63e3-68f2-f11ce6550000}1847/bin/dashroot 534500x8000000000000000298400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.226{ec2a0601-7189-63e3-d089-56282e560000}1854/bin/catroot 154100x8000000000000000298406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.229{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.229{ec2a0601-7189-63e3-6882-fe69c7550000}1856/bin/dash-----/bin/sh /etc/update-motd.d/95-hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.229{ec2a0601-7189-63e3-68a2-ebb6a6550000}1855/bin/dashroot 154100x8000000000000000298407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.231{ec2a0601-7189-63e3-73e4-d6ba8b550000}1857/usr/bin/apt-config-----apt-config shell StateDir Dir::State/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 154100x8000000000000000298408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.242{ec2a0601-7189-63e3-70c1-8d28ff550000}1858/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-73e4-d6ba8b550000}1857/usr/bin/apt-configapt-configroot 154100x8000000000000000298411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.248{ec2a0601-7189-63e3-7384-4028aa550000}1859/usr/bin/apt-config-----apt-config shell ListDir Dir::State::Lists/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.248{ec2a0601-7189-63e3-73e4-d6ba8b550000}1857/usr/bin/apt-configroot 534500x8000000000000000298409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.248{ec2a0601-7189-63e3-70c1-8d28ff550000}1858/usr/bin/dpkgroot 154100x8000000000000000298412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.253{ec2a0601-7189-63e3-70a1-0d4c94550000}1860/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-7384-4028aa550000}1859/usr/bin/apt-configapt-configroot 534500x8000000000000000298413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.255{ec2a0601-7189-63e3-70a1-0d4c94550000}1860/usr/bin/dpkgroot 154100x8000000000000000298415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.256{ec2a0601-7189-63e3-7374-65b832560000}1861/usr/bin/apt-config-----apt-config shell DpkgStatus Dir::State::status/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.256{ec2a0601-7189-63e3-7384-4028aa550000}1859/usr/bin/apt-configroot 154100x8000000000000000298416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.260{ec2a0601-7189-63e3-70c1-3ec379550000}1862/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-7374-65b832560000}1861/usr/bin/apt-configapt-configroot 534500x8000000000000000298417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.262{ec2a0601-7189-63e3-70c1-3ec379550000}1862/usr/bin/dpkgroot 154100x8000000000000000298419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.263{ec2a0601-7189-63e3-73a4-2b5d9d550000}1863/usr/bin/apt-config-----apt-config shell EtcDir Dir::Etc/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.263{ec2a0601-7189-63e3-7374-65b832560000}1861/usr/bin/apt-configroot 154100x8000000000000000298420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.267{ec2a0601-7189-63e3-7091-c21613560000}1864/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-73a4-2b5d9d550000}1863/usr/bin/apt-configapt-configroot 154100x8000000000000000298423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.269{ec2a0601-7189-63e3-7324-afac76550000}1865/usr/bin/apt-config-----apt-config shell SourceList Dir::Etc::sourcelist/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.269{ec2a0601-7189-63e3-73a4-2b5d9d550000}1863/usr/bin/apt-configroot 534500x8000000000000000298421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.269{ec2a0601-7189-63e3-7091-c21613560000}1864/usr/bin/dpkgroot 154100x8000000000000000298424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.273{ec2a0601-7189-63e3-7021-bb9809560000}1866/usr/bin/dpkg-----/usr/bin/dpkg --print-foreign-architectures/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-7324-afac76550000}1865/usr/bin/apt-configapt-configroot 534500x8000000000000000298425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.275{ec2a0601-7189-63e3-7021-bb9809560000}1866/usr/bin/dpkgroot 154100x8000000000000000298427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.276{ec2a0601-7189-63e3-90d0-ad7d4f560000}1867/usr/bin/find-----find /var/lib/apt/lists/ /etc/apt/sources.list //var/lib/dpkg/status -type f -newer /var/lib/update-notifier/hwe-eol -print -quit/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.276{ec2a0601-7189-63e3-7324-afac76550000}1865/usr/bin/apt-configroot 154100x8000000000000000298434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.282{ec2a0601-7189-63e3-a8b0-88c02c560000}1870/bin/mktemp-----mktemp -p /var/lib/update-notifier/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 154100x8000000000000000298432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.282{ec2a0601-7189-63e3-e808-aaf603560000}1871/usr/bin/dirname-----dirname /var/lib/update-notifier/hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1870--- 534500x8000000000000000298430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.282{ec2a0601-7189-63e3-0000-000000000000}1869-root 23542300x8000000000000000298429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.282{ec2a0601-7113-63e3-2840-faaee3550000}512root/lib/systemd/systemd-udevd/run/udev/queue--- 534500x8000000000000000298428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.282{ec2a0601-7189-63e3-90d0-ad7d4f560000}1867/usr/bin/findroot 534500x8000000000000000298433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.283{ec2a0601-7189-63e3-e808-aaf603560000}1871/usr/bin/dirnameroot 534500x8000000000000000298431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.283{ec2a0601-7189-63e3-0000-000000000000}1868-root 154100x8000000000000000298436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.284{ec2a0601-7189-63e3-d0e9-d13fde550000}1872/bin/cat-----cat /var/lib/update-notifier/hwe-eol/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.284{ec2a0601-7189-63e3-a8b0-88c02c560000}1870/bin/mktemproot 154100x8000000000000000298438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.285{ec2a0601-7189-63e3-7023-ee6001560000}1873/bin/rm-----rm -f /var/lib/update-notifier/tmp.Z1fB4p9Xqa/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dash/bin/shroot 534500x8000000000000000298437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.285{ec2a0601-7189-63e3-d0e9-d13fde550000}1872/bin/catroot 154100x8000000000000000298442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.286{ec2a0601-7189-63e3-68c2-25b568550000}1874/bin/dash-----/bin/sh /etc/update-motd.d/97-overlayroot/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.286{ec2a0601-7189-63e3-6832-e8c062550000}1856/bin/dashroot 534500x8000000000000000298440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.286{ec2a0601-7189-63e3-7023-ee6001560000}1873/bin/rmroot 23542300x8000000000000000298439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.286{ec2a0601-7189-63e3-7023-ee6001560000}1873root/bin/rm/var/lib/update-notifier/tmp.Z1fB4p9Xqa--- 154100x8000000000000000298446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.287{ec2a0601-7189-63e3-18ca-abe931560000}1877/usr/bin/sort-----sort -r/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1875--- 154100x8000000000000000298444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.287{ec2a0601-7189-63e3-50cc-5f33d5550000}1876/bin/grep-----grep -E overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1875--- 154100x8000000000000000298443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.287{ec2a0601-7189-63e3-6802-a0f567550000}1876/bin/dash-----/bin/sh /bin/egrep overlayroot|/media/root-ro|/media/root-rw /proc/mounts/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1875--- 534500x8000000000000000298445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.289{ec2a0601-7189-63e3-50cc-5f33d5550000}1876/bin/greproot 154100x8000000000000000298451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.291{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash-----/bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 154100x8000000000000000298450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.291{ec2a0601-7189-63e3-68d2-86c27e550000}1878/bin/dash-----/bin/sh /etc/update-motd.d/98-fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.291{00000000-0000-0000-0000-000000000000}1875<unknown process>root 534500x8000000000000000298448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.291{ec2a0601-7189-63e3-68c2-25b568550000}1874/bin/dashroot 534500x8000000000000000298447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.291{ec2a0601-7189-63e3-18ca-abe931560000}1877/usr/bin/sortroot 154100x8000000000000000298452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.293{ec2a0601-7189-63e3-88c4-82d955550000}1879/usr/bin/stat-----stat -c %Y /var/lib/update-notifier/fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 154100x8000000000000000298456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.294{ec2a0601-7189-63e3-083f-23eb46560000}1880/bin/date-----date -d now - 125.78 seconds +%s/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 534500x8000000000000000298453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.294{ec2a0601-7189-63e3-88c4-82d955550000}1879/usr/bin/statroot 154100x8000000000000000298454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.295{ec2a0601-7189-63e3-f0ac-882745560000}1881/usr/bin/gawk-----awk {print $1} /proc/uptime/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1880--- 534500x8000000000000000298455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.296{ec2a0601-7189-63e3-f0ac-882745560000}1881/usr/bin/gawkroot 154100x8000000000000000298458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.297{ec2a0601-7189-63e3-084f-b175a3550000}1882/bin/date-----date +%s/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 534500x8000000000000000298457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.297{ec2a0601-7189-63e3-083f-23eb46560000}1880/bin/dateroot 154100x8000000000000000298461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.298{ec2a0601-7189-63e3-f0cc-3f0890550000}1885/usr/bin/gawk-----awk $5 ~ /^ext(2|3|4)$/ { print $1 }/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1883--- 154100x8000000000000000298460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.298{ec2a0601-7189-63e3-a8b2-8ed0e1550000}1884/bin/mount-----mount/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1883--- 534500x8000000000000000298459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.298{ec2a0601-7189-63e3-084f-b175a3550000}1882/bin/dateroot 534500x8000000000000000298462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.300{ec2a0601-7189-63e3-a8b2-8ed0e1550000}1884/bin/mountroot 154100x8000000000000000298465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.301{ec2a0601-7189-63e3-68be-d1ceb1550000}1886/sbin/dumpe2fs-----dumpe2fs -h /dev/nvme0n1p1/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 534500x8000000000000000298464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.301{00000000-0000-0000-0000-000000000000}1883<unknown process>root 534500x8000000000000000298463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.301{ec2a0601-7189-63e3-f0cc-3f0890550000}1885/usr/bin/gawkroot 534500x8000000000000000298467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.303{ec2a0601-7189-63e3-68be-d1ceb1550000}1886/sbin/dumpe2fsroot 924900x8000000000000000298466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.303{ec2a0601-7189-63e3-68be-d1ceb1550000}1886/sbin/dumpe2fs/dev/nvme0n1p1root 154100x8000000000000000298472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.304{ec2a0601-7189-63e3-b890-fea346560000}1890/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1887--- 154100x8000000000000000298469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.304{ec2a0601-7189-63e3-500c-d8fe85550000}1889/bin/grep-----grep ^Mount count:/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1887--- 534500x8000000000000000298468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.304{00000000-0000-0000-0000-000000000000}1888<unknown process>root 534500x8000000000000000298477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.305{00000000-0000-0000-0000-000000000000}1887<unknown process>root 154100x8000000000000000298474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.305{ec2a0601-7189-63e3-502c-34de79550000}1893/bin/grep-----grep ^Maximum mount count:/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1891--- 534500x8000000000000000298473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.305{00000000-0000-0000-0000-000000000000}1892<unknown process>root 534500x8000000000000000298471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.305{00000000-0000-0000-0000-000000000000}1890<unknown process>root 534500x8000000000000000298470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.305{ec2a0601-7189-63e3-500c-d8fe85550000}1889/bin/greproot 154100x8000000000000000298478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.306{ec2a0601-7189-63e3-b8b0-0a0e0b560000}1894/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1891--- 534500x8000000000000000298479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.307{00000000-0000-0000-0000-000000000000}1891<unknown process>root 534500x8000000000000000298476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.307{00000000-0000-0000-0000-000000000000}1894<unknown process>root 534500x8000000000000000298475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.307{ec2a0601-7189-63e3-502c-34de79550000}1893/bin/greproot 154100x8000000000000000298487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.308{ec2a0601-7189-63e3-b890-5612c7550000}1899/usr/bin/cut-----cut -d( -f 1/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1895--- 154100x8000000000000000298483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.308{ec2a0601-7189-63e3-503c-5e1aa2550000}1897/bin/grep-----grep ^Check interval:/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1895--- 534500x8000000000000000298482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.308{00000000-0000-0000-0000-000000000000}1896<unknown process>root 154100x8000000000000000298480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.308{ec2a0601-7189-63e3-b8a0-4d7454560000}1898/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1895--- 154100x8000000000000000298496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{ec2a0601-7189-63e3-b8f0-ddce2d560000}1903/usr/bin/cut-----cut -d: -f 2-/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1900--- 154100x8000000000000000298489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{ec2a0601-7189-63e3-50cc-aa4203560000}1902/bin/grep-----grep ^Next check after:/root{ec2a0601-0000-0000-0000-000000000000}01no level-{00000000-0000-0000-0000-000000000000}1900--- 534500x8000000000000000298488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{00000000-0000-0000-0000-000000000000}1901<unknown process>root 534500x8000000000000000298486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{00000000-0000-0000-0000-000000000000}1899<unknown process>root 534500x8000000000000000298485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{ec2a0601-7189-63e3-b8a0-4d7454560000}1898/usr/bin/cutroot 534500x8000000000000000298484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{ec2a0601-7189-63e3-503c-5e1aa2550000}1897/bin/greproot 534500x8000000000000000298481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.309{00000000-0000-0000-0000-000000000000}1895<unknown process>root 154100x8000000000000000298497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.310{ec2a0601-7189-63e3-08ef-b69590550000}1904/bin/date-----date -d +%s/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 534500x8000000000000000298492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.310{00000000-0000-0000-0000-000000000000}1900<unknown process>root 534500x8000000000000000298491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.310{00000000-0000-0000-0000-000000000000}1903<unknown process>root 534500x8000000000000000298490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.310{ec2a0601-7189-63e3-50cc-aa4203560000}1902/bin/greproot 534500x8000000000000000298498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.311{ec2a0601-7189-63e3-08ef-b69590550000}1904/bin/dateroot 154100x8000000000000000298493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.311{ec2a0601-7189-63e3-d0f9-e6fb8d550000}1905/bin/cat-----cat /var/lib/update-notifier/fsck-at-reboot/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dash/bin/shroot 154100x8000000000000000298501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.312{ec2a0601-7189-63e3-68c2-2fd6f7550000}1906/bin/dash-----/bin/sh -e /usr/lib/update-notifier/update-motd-reboot-required/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.312{ec2a0601-7189-63e3-6882-cb4492550000}1878/bin/dashroot 154100x8000000000000000298495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.312{ec2a0601-7189-63e3-6892-c0e6e0550000}1906/bin/dash-----/bin/sh /etc/update-motd.d/98-reboot-required/root{ec2a0601-0000-0000-0000-000000000000}01no level-{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsrun-partsroot 534500x8000000000000000298494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.312{ec2a0601-7189-63e3-d0f9-e6fb8d550000}1905/bin/catroot 534500x8000000000000000298502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.313{ec2a0601-7189-63e3-68c2-2fd6f7550000}1906/bin/dashroot 534500x8000000000000000298503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.314{ec2a0601-7188-63e3-383a-b617db550000}1820/bin/run-partsroot 534500x8000000000000000298500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.314{ec2a0601-7188-63e3-6892-fd7722560000}1819/bin/dashroot 154100x8000000000000000298504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.751{ec2a0601-7189-63e3-4884-9ce140560000}1908/bin/bash------bash/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}1907--- 154100x8000000000000000298505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.757{ec2a0601-7189-63e3-885e-d1edc9550000}1910/usr/bin/locale-check-----/usr/bin/locale-check C.UTF-8/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}1909--- 534500x8000000000000000298507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.759{ec2a0601-7189-63e3-0000-000000000000}1909-ubuntu 534500x8000000000000000298506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.759{ec2a0601-7189-63e3-885e-d1edc9550000}1910/usr/bin/locale-checkubuntu 154100x8000000000000000298508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.761{ec2a0601-7189-63e3-3070-8c3531560000}1911/usr/bin/locale-----locale/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{ec2a0601-7189-63e3-4884-9ce140560000}1908/bin/bash-bashubuntu 534500x8000000000000000298509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.764{ec2a0601-7189-63e3-3070-8c3531560000}1911/usr/bin/localeubuntu 534500x8000000000000000298510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.766{00000000-0000-0000-0000-000000000000}1912<unknown process>ubuntu 154100x8000000000000000298511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.792{ec2a0601-7189-63e3-6822-1dcb9e550000}1914/bin/dash-----/bin/sh /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}1913--- 154100x8000000000000000298512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.794{ec2a0601-7189-63e3-e8cb-de834e560000}1915/usr/bin/basename-----basename /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{ec2a0601-7189-63e3-6822-1dcb9e550000}1914/bin/dash/bin/shubuntu 154100x8000000000000000298514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.796{ec2a0601-7189-63e3-e868-82e7c5550000}1917/usr/bin/dirname-----dirname /usr/bin/lesspipe/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}1916--- 534500x8000000000000000298513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.796{ec2a0601-7189-63e3-e8cb-de834e560000}1915/usr/bin/basenameubuntu 534500x8000000000000000298515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.797{ec2a0601-7189-63e3-e868-82e7c5550000}1917/usr/bin/dirnameubuntu 534500x8000000000000000298518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.798{00000000-0000-0000-0000-000000000000}1913<unknown process>ubuntu 534500x8000000000000000298517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.798{ec2a0601-7189-63e3-6822-1dcb9e550000}1914/bin/dashubuntu 534500x8000000000000000298516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.798{ec2a0601-7189-63e3-0000-000000000000}1916-ubuntu 154100x8000000000000000298519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.799{ec2a0601-7189-63e3-4809-a6b388550000}1919/usr/bin/dircolors-----dircolors -b/home/ubuntuubuntu{ec2a0601-7188-63e3-e803-000000000000}10001no level-{00000000-0000-0000-0000-000000000000}1918--- 534500x8000000000000000298520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.801{ec2a0601-7189-63e3-4809-a6b388550000}1919/usr/bin/dircolorsubuntu 534500x8000000000000000298521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:21.802{ec2a0601-7189-63e3-0000-000000000000}1918-ubuntu 354300x8000000000000000298522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:22.592{ec2a0601-711b-63e3-606c-3fcabc550000}1545/opt/splunkforwarder/bin/splunkd-tcptruefalse10.0.1.20-47262-false10.0.1.12-8089- 354300x8000000000000000298523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:26.051{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-56416-false10.0.1.12-8000- 354300x8000000000000000298524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:32.046{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-47608-false10.0.1.12-8000- 354300x8000000000000000298525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:33.124{ec2a0601-7114-63e3-7036-840df7550000}656/lib/systemd/systemd-timesyncdsystemd-timesyncudptruefalse10.0.1.20-56300-false169.254.169.123-123- 154100x8000000000000000298526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:33.888{ec2a0601-7195-63e3-68b4-4d5427560000}1924/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/6312root{ec2a0601-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1046--- 534500x8000000000000000298527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:33.911{ec2a0601-7195-63e3-68b4-4d5427560000}1924/bin/psroot 354300x8000000000000000298528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:37.080{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52860-false10.0.1.12-8000- 23542300x8000000000000000298529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:37.613{ec2a0601-711b-63e3-606c-3fcabc550000}1545root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x8000000000000000298530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:43.037{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52870-false10.0.1.12-8000- 354300x8000000000000000298531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:49.016{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52954-false10.0.1.12-8000- 354300x8000000000000000298532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:55:54.255{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-52960-false10.0.1.12-8000- 354300x8000000000000000298533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:56:00.014{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38740-false10.0.1.12-8000- 354300x8000000000000000298534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:56:05.234{ec2a0601-7123-63e3-d9ff-4d0400000000}1729/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-38750-false10.0.1.12-8000- 23542300x8000000000000000298535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-8383-2023-02-08 09:56:07.614{ec2a0601-711b-63e3-606c-3fcabc550000}1545root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log---